Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/4a80e6-1d04-4647-a8d4-2481106f8b25/1/sH0bVCt_KEopOFK1_ko4OVEj69Y.roa
File:                     sH0bVCt_KEopOFK1_ko4OVEj69Y.roa (raw, json)
Hash identifier:          pg0Q8ae7EiblAzxpVUwY2bLfb7dLg4I7mElaUbnn1AA=
Subject key identifier:   B0:7D:1B:54:2B:7F:28:4A:29:38:52:B5:FE:4A:38:39:51:23:EB:D6
Certificate issuer:       /CN=58667131d760b5db1de98ea20c0f82fc01c9f1d9
Certificate serial:       018CC26D2BF26467B0B02614D4D499C7459A
Authority key identifier: 58:66:71:31:D7:60:B5:DB:1D:E9:8E:A2:0C:0F:82:FC:01:C9:F1:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGZxMddgtdsd6Y6iDA-C_AHJ8dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/4a80e6-1d04-4647-a8d4-2481106f8b25/1/sH0bVCt_KEopOFK1_ko4OVEj69Y.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8315
IP address blocks:        87.237.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/4a80e6-1d04-4647-a8d4-2481106f8b25/1/WGZxMddgtdsd6Y6iDA-C_AHJ8dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/4a80e6-1d04-4647-a8d4-2481106f8b25/1/WGZxMddgtdsd6Y6iDA-C_AHJ8dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGZxMddgtdsd6Y6iDA-C_AHJ8dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:f2:64:67:b0:b0:26:14:d4:d4:99:c7:45:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58667131d760b5db1de98ea20c0f82fc01c9f1d9
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b07d1b542b7f284a293852b5fe4a38395123ebd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d5:a9:9b:3f:6a:e5:59:ea:d2:c7:04:63:16:
                    d5:4a:ff:65:4c:60:fc:0e:27:4f:ed:2f:3d:d5:81:
                    b7:20:98:99:1c:ff:01:04:b4:68:7b:a3:4c:1c:80:
                    30:ee:b9:9b:c2:a7:80:5a:df:12:a2:3f:48:fa:33:
                    4b:94:e9:e9:3b:32:a6:9e:fe:b2:12:3d:fd:9b:0b:
                    9e:d3:72:36:4a:5f:c8:6f:b5:12:6c:5e:87:ed:49:
                    a1:ce:6d:7b:31:13:11:e0:d4:31:c6:89:56:9d:1a:
                    01:ba:c1:3b:77:7c:59:91:72:50:df:bd:2a:72:fd:
                    10:1c:56:57:2a:94:bb:66:ab:ff:67:40:8c:5a:90:
                    b6:e1:62:b2:c4:da:9f:42:eb:91:ab:ec:5d:63:73:
                    3b:9a:94:c9:1e:45:db:24:23:45:61:b8:5e:58:34:
                    4a:d3:e1:7a:fb:bb:de:0d:10:8c:39:0c:f3:4e:c1:
                    07:c3:6c:45:7f:e7:1f:22:25:b6:d6:f2:0a:a3:16:
                    74:ff:81:a8:65:24:11:d0:99:50:35:fb:00:2c:d9:
                    1c:12:b0:b2:7d:44:c3:ad:c5:37:39:24:2d:ad:ab:
                    f8:d2:75:20:3c:f7:a1:af:93:6c:2d:4a:f1:92:f9:
                    9f:2c:9a:54:ce:3a:72:17:c3:4a:db:d8:d7:43:50:
                    6d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:7D:1B:54:2B:7F:28:4A:29:38:52:B5:FE:4A:38:39:51:23:EB:D6
            X509v3 Authority Key Identifier:
                keyid:58:66:71:31:D7:60:B5:DB:1D:E9:8E:A2:0C:0F:82:FC:01:C9:F1:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGZxMddgtdsd6Y6iDA-C_AHJ8dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/4a80e6-1d04-4647-a8d4-2481106f8b25/1/sH0bVCt_KEopOFK1_ko4OVEj69Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/4a80e6-1d04-4647-a8d4-2481106f8b25/1/WGZxMddgtdsd6Y6iDA-C_AHJ8dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.237.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:6a:d9:3a:81:5a:66:04:a6:53:ad:1e:d9:c8:2e:bf:3f:5c:
         2a:dd:8f:3c:f3:66:26:41:b0:83:90:02:90:ff:cd:6f:a6:df:
         df:f6:85:e1:4d:b7:ed:23:7f:31:53:d4:1e:4e:48:53:d9:f2:
         b4:b9:fc:64:c2:52:0e:a2:40:de:10:df:0b:6b:1c:f2:9b:82:
         dd:47:a0:65:f1:62:be:d5:75:15:fe:ca:15:8c:9a:34:9e:0d:
         5e:43:dd:90:2d:46:99:3b:d9:23:d4:97:f6:9d:48:99:ea:bf:
         6f:8b:e7:ac:5d:86:eb:63:f8:e0:38:dd:2e:96:68:3b:09:73:
         01:b5:08:f2:5e:51:f4:8a:29:70:96:9d:d1:8f:d4:f4:c1:9a:
         ed:5b:a0:81:9d:c6:7f:4a:6f:33:e3:59:a0:8e:69:c6:fd:61:
         dc:df:1a:74:33:0c:fa:98:f7:4c:bf:0e:1e:8a:55:5c:b9:bd:
         dc:f7:f7:82:27:09:89:d0:4b:bb:40:f9:7a:e3:73:46:47:0c:
         36:34:a6:47:11:0b:01:69:f6:ac:6f:fc:ee:0e:96:05:ab:2e:
         d4:ef:32:90:e2:57:93:c8:4c:fc:b5:52:86:91:07:cc:27:4a:
         0b:cb:e3:18:54:7c:3b:65:f3:19:87:e0:05:85:06:b7:0d:ec:
         e3:7d:a7:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSvyZGewsCYU1NSZx0WaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjY3MTMxZDc2MGI1ZGIxZGU5OGVhMjBjMGY4MmZjMDFj
OWYxZDkwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDdkMWI1NDJiN2YyODRhMjkzODUyYjVmZTRhMzgzOTUxMjNlYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtWpmz9q5Vnq0scEYxbVSv9lTGD8
DidP7S891YG3IJiZHP8BBLRoe6NMHIAw7rmbwqeAWt8Soj9I+jNLlOnpOzKmnv6y
Ej39mwue03I2Sl/Ib7USbF6H7Umhzm17MRMR4NQxxolWnRoBusE7d3xZkXJQ370q
cv0QHFZXKpS7Zqv/Z0CMWpC24WKyxNqfQuuRq+xdY3M7mpTJHkXbJCNFYbheWDRK
0+F6+7veDRCMOQzzTsEHw2xFf+cfIiW21vIKoxZ0/4GoZSQR0JlQNfsALNkcErCy
fUTDrcU3OSQtrav40nUgPPehr5NsLUrxkvmfLJpUzjpyF8NK29jXQ1BtzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLB9G1QrfyhKKThStf5KODlRI+vWMB8GA1UdIwQY
MBaAFFhmcTHXYLXbHemOogwPgvwByfHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0daeE1kZGd0ZHNkNlk2aURBLUNfQUhKOGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS80YTgwZTYtMWQwNC00NjQ3LWE4ZDQt
MjQ4MTEwNmY4YjI1LzEvc0gwYlZDdF9LRW9wT0ZLMV9rbzRPVkVqNjlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS80YTgwZTYtMWQwNC00NjQ3LWE4ZDQtMjQ4MTEwNmY4YjI1
LzEvV0daeE1kZGd0ZHNkNlk2aURBLUNfQUhKOGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+1jMA0G
CSqGSIb3DQEBCwUAA4IBAQACatk6gVpmBKZTrR7ZyC6/P1wq3Y8882YmQbCDkAKQ
/81vpt/f9oXhTbftI38xU9QeTkhT2fK0ufxkwlIOokDeEN8Laxzym4LdR6Bl8WK+
1XUV/soVjJo0ng1eQ92QLUaZO9kj1Jf2nUiZ6r9vi+esXYbrY/jgON0ulmg7CXMB
tQjyXlH0iilwlp3Rj9T0wZrtW6CBncZ/Sm8z41mgjmnG/WHc3xp0Mwz6mPdMvw4e
ilVcub3c9/eCJwmJ0Eu7QPl643NGRww2NKZHEQsBafasb/zuDpYFqy7U7zKQ4leT
yEz8tVKGkQfMJ0oLy+MYVHw7ZfMZh+AFhQa3DezjfadE
-----END CERTIFICATE-----