Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/tNPOKaMQ6EiL6LlRlBai3J2LfKU.roa
File:                     tNPOKaMQ6EiL6LlRlBai3J2LfKU.roa (raw, json)
Hash identifier:          IxMWbSKTwyBg1NII8g1Ui272g9grIhm+NcA8hhKrDpo=
Subject key identifier:   B4:D3:CE:29:A3:10:E8:48:8B:E8:B9:51:94:16:A2:DC:9D:8B:7C:A5
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC79421AEA9CF3F953CA3544B962C91CD
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/tNPOKaMQ6EiL6LlRlBai3J2LfKU.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205026
IP address blocks:        188.130.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:21:ae:a9:cf:3f:95:3c:a3:54:4b:96:2c:91:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4d3ce29a310e8488be8b9519416a2dc9d8b7ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e8:3a:be:47:56:36:6c:d7:e1:4a:8e:d6:59:
                    24:ee:23:96:a8:90:03:a6:32:fb:7a:04:dd:85:d2:
                    8e:b1:d4:9c:ce:57:d6:8a:69:89:74:37:46:dc:38:
                    f5:0b:18:45:4c:7f:a1:19:da:e2:fc:48:fd:d4:8c:
                    2c:e6:e5:13:c2:32:89:f9:8f:ca:b1:55:6e:52:d3:
                    64:c2:c1:07:3c:22:52:fc:8c:0e:23:e8:2b:fe:2f:
                    07:ca:7d:17:5b:e1:09:cb:d9:c5:83:dc:da:83:c3:
                    96:71:70:24:0e:9c:5e:02:d6:50:de:2f:1e:0f:52:
                    5c:27:3d:91:79:86:93:d7:aa:f6:33:34:a2:e8:53:
                    dc:f7:d7:ad:57:7d:aa:04:f3:6f:ce:ac:d6:6c:18:
                    97:0b:09:29:c3:57:9f:9c:34:8f:9e:b7:ea:f3:16:
                    ca:a3:55:8b:7e:42:7b:a2:9f:71:16:ae:94:9b:f3:
                    69:92:af:21:8e:f5:8e:46:10:c7:d4:34:24:e4:fa:
                    d4:9f:34:ab:e9:2d:31:ea:b8:be:0f:1d:b2:6e:21:
                    3e:1a:27:4f:bd:c9:4d:aa:6b:23:dd:08:d4:3f:dd:
                    05:a3:3d:86:eb:10:f6:38:ed:e9:04:89:e2:f6:db:
                    c7:4b:c6:da:86:ab:ec:1c:b4:33:4a:92:0b:9a:53:
                    73:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D3:CE:29:A3:10:E8:48:8B:E8:B9:51:94:16:A2:DC:9D:8B:7C:A5
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/tNPOKaMQ6EiL6LlRlBai3J2LfKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:dd:4b:0b:3c:65:70:cc:9a:5f:4c:3e:f8:65:69:51:58:ba:
         3f:59:5d:7e:26:7b:42:7f:98:b5:fb:e9:34:0c:54:13:84:93:
         78:8e:8c:d9:2d:43:ea:3b:64:98:3c:8e:c4:6d:a0:79:81:d5:
         be:72:a4:e7:25:e1:92:1b:02:91:f4:b1:d8:46:c1:ec:20:67:
         be:14:5e:b1:1c:4a:6c:d0:49:b3:e3:32:2d:a0:08:b0:cc:6f:
         bf:20:11:3f:c4:69:e1:5e:13:64:3a:6a:a9:b0:d8:0f:37:87:
         64:5c:58:ac:c5:90:f4:78:23:8f:f4:49:a1:55:f7:86:e9:f2:
         72:93:c0:cd:ee:8d:c9:a9:97:a2:f0:50:c1:72:4b:e0:2f:57:
         a3:3a:9d:b7:ba:02:f4:16:13:9a:c7:d1:9d:0e:0b:81:46:44:
         8f:09:5c:36:e1:78:1f:8e:c0:f8:94:e2:23:52:a7:7b:b2:d4:
         62:bb:3c:f7:91:3c:19:a8:61:39:06:dd:47:b9:61:ed:b0:ba:
         59:a6:0e:ac:80:91:d8:96:6b:26:14:ab:46:7b:4d:9a:0f:f0:
         f2:27:5c:d0:6d:b1:8d:4f:0f:08:b2:6f:37:30:12:8e:d8:a9:
         02:81:bb:6e:00:5e:81:b4:cb:ce:38:8c:19:72:31:26:2c:86:
         1d:4f:f2:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCGuqc8/lTyjVEuWLJHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQzY2UyOWEzMTBlODQ4OGJlOGI5NTE5NDE2YTJkYzlkOGI3Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eg6vkdWNmzX4UqO1lkk7iOWqJAD
pjL7egTdhdKOsdSczlfWimmJdDdG3Dj1CxhFTH+hGdri/Ej91Iws5uUTwjKJ+Y/K
sVVuUtNkwsEHPCJS/IwOI+gr/i8Hyn0XW+EJy9nFg9zag8OWcXAkDpxeAtZQ3i8e
D1JcJz2ReYaT16r2MzSi6FPc99etV32qBPNvzqzWbBiXCwkpw1efnDSPnrfq8xbK
o1WLfkJ7op9xFq6Um/Npkq8hjvWORhDH1DQk5PrUnzSr6S0x6ri+Dx2ybiE+GidP
vclNqmsj3QjUP90Foz2G6xD2OO3pBIni9tvHS8bahqvsHLQzSpILmlNzjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTTzimjEOhIi+i5UZQWotydi3ylMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvdE5QT0thTVE2RWlMNkxsUmxCYWkzSjJMZktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvIKMMA0G
CSqGSIb3DQEBCwUAA4IBAQBl3UsLPGVwzJpfTD74ZWlRWLo/WV1+JntCf5i1++k0
DFQThJN4jozZLUPqO2SYPI7EbaB5gdW+cqTnJeGSGwKR9LHYRsHsIGe+FF6xHEps
0Emz4zItoAiwzG+/IBE/xGnhXhNkOmqpsNgPN4dkXFisxZD0eCOP9EmhVfeG6fJy
k8DN7o3JqZei8FDBckvgL1ejOp23ugL0FhOax9GdDguBRkSPCVw24XgfjsD4lOIj
Uqd7stRiuzz3kTwZqGE5Bt1HuWHtsLpZpg6sgJHYlmsmFKtGe02aD/DyJ1zQbbGN
Tw8Ism83MBKO2KkCgbtuAF6BtMvOOIwZcjEmLIYdT/Iv
-----END CERTIFICATE-----