Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/hL-DNX8MhjJ5G_-jJ4K5LZ__m0Y.roa
File:                     hL-DNX8MhjJ5G_-jJ4K5LZ__m0Y.roa (raw, json)
Hash identifier:          2vdQv3Je9PyCs1V3Ch0k8I4Y2ZvvbwWuBR2VHzNUz54=
Subject key identifier:   84:BF:83:35:7F:0C:86:32:79:1B:FF:A3:27:82:B9:2D:9F:FF:9B:46
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC794189F771373DE0906F1EA9FA94A19
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/hL-DNX8MhjJ5G_-jJ4K5LZ__m0Y.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49181
IP address blocks:        188.130.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:18:9f:77:13:73:de:09:06:f1:ea:9f:a9:4a:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84bf83357f0c8632791bffa32782b92d9fff9b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a7:b6:9f:df:01:24:75:40:54:fb:9e:0b:74:
                    a5:15:2b:4c:45:b4:70:42:93:ff:78:f0:34:41:ae:
                    9f:1c:27:08:7f:3b:d1:0f:f5:aa:58:c8:f7:b6:cd:
                    74:b8:6d:93:6c:93:cb:44:53:fd:9d:72:1f:93:f6:
                    8f:3c:8f:c8:f2:85:a0:5f:11:a7:29:2e:a5:f2:53:
                    49:47:40:e6:bd:c1:49:34:2d:0a:34:78:60:12:f7:
                    ee:09:7a:51:6e:86:19:65:40:ee:68:f4:d0:90:c9:
                    e1:4c:ef:b3:23:cb:fa:6f:32:51:45:74:7b:15:20:
                    49:aa:fa:a3:12:41:aa:74:20:7b:8b:58:ca:cd:01:
                    15:02:b4:1f:e2:c8:f5:a9:7f:7a:6a:d0:b0:3a:52:
                    59:58:4c:87:b2:66:be:df:b3:63:80:9a:24:24:6e:
                    cb:59:73:39:8a:81:1f:69:c9:67:74:9a:15:e3:b5:
                    f1:97:a4:3c:8f:cb:c4:d1:a3:95:27:31:4c:e1:33:
                    0b:76:2d:6b:de:c0:2d:59:6d:13:6d:04:c8:96:36:
                    4b:5a:c0:96:1a:21:8d:34:17:cf:e1:12:74:8c:b7:
                    32:02:29:00:cf:49:1c:dd:4d:fc:72:94:cb:5f:1a:
                    bb:0c:1f:d5:60:d7:a6:9d:ee:4a:57:b1:5f:0d:e4:
                    32:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:BF:83:35:7F:0C:86:32:79:1B:FF:A3:27:82:B9:2D:9F:FF:9B:46
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/hL-DNX8MhjJ5G_-jJ4K5LZ__m0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:80:e5:61:7a:d8:03:00:9c:bf:90:a7:8d:9a:1c:3e:1e:65:
         ec:c4:a0:9f:d7:16:73:00:32:0b:92:9b:f3:df:10:64:80:2f:
         bc:4e:71:1d:b3:9d:dc:de:47:3d:c8:2a:96:dd:d4:b1:b2:ef:
         f9:2e:8f:9b:b0:01:df:62:2e:71:e0:3a:1b:0b:d9:49:6a:20:
         1f:b6:5b:a7:29:9d:3f:60:a3:89:40:0e:24:d3:ed:5f:28:14:
         7e:0c:d2:03:ce:51:39:2d:58:b4:bf:b4:ad:0d:cd:33:61:fc:
         72:0c:ce:63:e5:92:51:57:78:6f:c4:51:44:37:0f:a5:4a:eb:
         c9:a1:df:f6:ac:54:c4:24:b1:4f:5b:38:31:13:50:eb:1c:3d:
         b7:42:ee:da:8b:80:b7:be:45:b1:7e:35:0b:c2:55:67:26:5a:
         0f:1a:5e:21:2d:8a:04:0b:88:02:85:a4:8e:56:94:79:0d:df:
         d3:a5:f3:72:c6:07:e3:c7:a2:01:88:6e:56:9d:2e:c0:21:45:
         c2:1f:80:ce:27:4a:b8:5c:a1:b6:70:82:ac:b8:24:e5:20:c6:
         db:f5:5f:69:45:88:6d:79:1d:2e:8f:c6:d4:fa:d5:11:12:e0:
         62:6b:45:03:43:40:0f:25:aa:5b:85:62:60:8f:a1:5e:42:79:
         9f:9b:e1:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBifdxNz3gkG8eqfqUoZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGJmODMzNTdmMGM4NjMyNzkxYmZmYTMyNzgyYjkyZDlmZmY5YjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmae2n98BJHVAVPueC3SlFStMRbRw
QpP/ePA0Qa6fHCcIfzvRD/WqWMj3ts10uG2TbJPLRFP9nXIfk/aPPI/I8oWgXxGn
KS6l8lNJR0DmvcFJNC0KNHhgEvfuCXpRboYZZUDuaPTQkMnhTO+zI8v6bzJRRXR7
FSBJqvqjEkGqdCB7i1jKzQEVArQf4sj1qX96atCwOlJZWEyHsma+37NjgJokJG7L
WXM5ioEfaclndJoV47Xxl6Q8j8vE0aOVJzFM4TMLdi1r3sAtWW0TbQTIljZLWsCW
GiGNNBfP4RJ0jLcyAikAz0kc3U38cpTLXxq7DB/VYNemne5KV7FfDeQyIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIS/gzV/DIYyeRv/oyeCuS2f/5tGMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvaEwtRE5YOE1oako1R18tako0SzVMWl9fbTBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIL+MA0G
CSqGSIb3DQEBCwUAA4IBAQBpgOVhetgDAJy/kKeNmhw+HmXsxKCf1xZzADILkpvz
3xBkgC+8TnEds53c3kc9yCqW3dSxsu/5Lo+bsAHfYi5x4DobC9lJaiAftlunKZ0/
YKOJQA4k0+1fKBR+DNIDzlE5LVi0v7StDc0zYfxyDM5j5ZJRV3hvxFFENw+lSuvJ
od/2rFTEJLFPWzgxE1DrHD23Qu7ai4C3vkWxfjULwlVnJloPGl4hLYoEC4gChaSO
VpR5Dd/TpfNyxgfjx6IBiG5WnS7AIUXCH4DOJ0q4XKG2cIKsuCTlIMbb9V9pRYht
eR0uj8bU+tUREuBia0UDQ0APJapbhWJgj6FeQnmfm+EV
-----END CERTIFICATE-----