Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7utx7wvebnMkO2sby41-w4ACK68.roa
File:                     7utx7wvebnMkO2sby41-w4ACK68.roa (raw, json)
Hash identifier:          zQIFN2o7c1ybHlTaZ+9L/PXbm7V5uP1krG86OXlwYJc=
Subject key identifier:   EE:EB:71:EF:0B:DE:6E:73:24:3B:6B:1B:CB:8D:7E:C3:80:02:2B:AF
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79543CB004679B704B8DE55184A2A0C
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7utx7wvebnMkO2sby41-w4ACK68.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25097
IP address blocks:        188.210.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:43:cb:00:46:79:b7:04:b8:de:55:18:4a:2a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeeb71ef0bde6e73243b6b1bcb8d7ec380022baf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a8:11:6d:00:69:fe:8b:b1:2e:f7:c2:80:fa:
                    74:b4:11:cb:a8:9f:f6:d8:a0:94:c6:2a:bf:ef:2a:
                    b3:3b:ea:c0:b8:26:0c:d1:2e:d7:bf:6d:79:12:ee:
                    85:bb:51:6c:be:75:f1:1a:9e:51:47:a2:72:ca:29:
                    58:ef:ac:7d:e8:ea:d3:53:28:a9:36:54:f8:6b:07:
                    a6:d0:88:6d:13:7e:10:79:59:4e:00:98:9a:dc:b3:
                    56:72:7b:83:a0:d7:3c:6f:77:77:9f:1e:46:02:ba:
                    af:d1:f8:fc:e7:20:3a:94:77:01:84:a0:99:81:f2:
                    41:f8:e2:e5:05:6a:ba:f5:f6:d2:b2:f5:5b:58:e2:
                    d8:52:53:d7:47:8b:5b:6f:a2:3b:3f:a8:be:57:db:
                    a9:90:fb:e9:82:b1:dd:3d:5c:18:e5:7d:c7:d1:d4:
                    6b:ee:66:1e:8a:62:1d:d5:d0:78:7d:1d:d7:fc:25:
                    c2:7d:b5:38:8d:d8:3a:05:22:01:9c:66:e9:be:95:
                    65:45:c6:56:12:8b:cb:17:f4:5e:24:61:5e:65:9a:
                    8c:2a:1b:50:f3:ec:4f:fa:1c:10:91:80:75:34:b5:
                    a8:0c:89:8f:14:f5:be:e2:ca:09:40:f6:9b:c5:af:
                    af:94:6a:16:92:8c:3a:6f:08:4b:06:9a:48:d4:f2:
                    33:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:EB:71:EF:0B:DE:6E:73:24:3B:6B:1B:CB:8D:7E:C3:80:02:2B:AF
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7utx7wvebnMkO2sby41-w4ACK68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.210.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:d6:3d:16:ee:9d:06:16:0d:34:7b:83:26:ae:11:61:c4:2e:
         1d:5d:60:6b:81:7d:06:f3:a5:95:31:e3:d9:42:75:df:76:43:
         8a:f9:03:bd:c3:79:20:53:0a:b6:3d:6f:bc:51:42:c5:30:f5:
         2f:a6:5f:f1:36:4c:fa:68:96:8c:2f:b6:78:8f:13:e8:64:d5:
         bf:fd:7e:1b:19:e2:f9:2b:de:34:5a:a9:94:c1:c1:aa:95:89:
         e7:3e:16:dd:2e:20:de:46:a4:de:f1:f3:8a:6a:f3:95:f8:92:
         f2:30:d3:b3:8d:07:52:84:6f:56:39:ac:26:02:91:11:4a:f6:
         fb:e1:41:2c:19:7b:06:13:d6:c4:20:d7:88:8e:89:2a:9e:c3:
         04:42:d3:ba:25:af:f2:f7:29:00:7a:0e:c3:88:50:8d:9f:ff:
         0e:53:b7:51:56:1b:8b:bc:ad:9f:36:5d:b2:8f:89:cc:8d:c8:
         d7:80:a9:d5:e8:44:a7:6d:4d:e5:b6:47:e7:c7:b7:3c:27:5e:
         7a:43:3f:a5:14:00:58:01:8e:95:ab:3e:d9:98:9a:e6:d8:05:
         dc:10:0e:9c:50:9e:a8:66:b8:63:c8:c7:72:c9:5f:e3:73:1d:
         ae:22:b1:3d:1e:32:5e:bc:8e:a7:72:11:fc:a1:73:ef:e4:c3:
         b7:25:49:4f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlUPLAEZ5twS43lUYSioMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWViNzFlZjBiZGU2ZTczMjQzYjZiMWJjYjhkN2VjMzgwMDIyYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6gRbQBp/ouxLvfCgPp0tBHLqJ/2
2KCUxiq/7yqzO+rAuCYM0S7Xv215Eu6Fu1FsvnXxGp5RR6JyyilY76x96OrTUyip
NlT4awem0IhtE34QeVlOAJia3LNWcnuDoNc8b3d3nx5GArqv0fj85yA6lHcBhKCZ
gfJB+OLlBWq69fbSsvVbWOLYUlPXR4tbb6I7P6i+V9upkPvpgrHdPVwY5X3H0dRr
7mYeimId1dB4fR3X/CXCfbU4jdg6BSIBnGbpvpVlRcZWEovLF/ReJGFeZZqMKhtQ
8+xP+hwQkYB1NLWoDImPFPW+4soJQPabxa+vlGoWkow6bwhLBppI1PIz3QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFO7rce8L3m5zJDtrG8uNfsOAAiuvMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzd1dHg3d3ZlYm5Na08yc2J5NDEtdzRBQ0s2OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC80u4w
DQYJKoZIhvcNAQELBQADggEBADjWPRbunQYWDTR7gyauEWHELh1dYGuBfQbzpZUx
49lCdd92Q4r5A73DeSBTCrY9b7xRQsUw9S+mX/E2TPpolowvtniPE+hk1b/9fhsZ
4vkr3jRaqZTBwaqViec+Ft0uIN5GpN7x84pq85X4kvIw07ONB1KEb1Y5rCYCkRFK
9vvhQSwZewYT1sQg14iOiSqewwRC07olr/L3KQB6DsOIUI2f/w5Tt1FWG4u8rZ82
XbKPicyNyNeAqdXoRKdtTeW2R+fHtzwnXnpDP6UUAFgBjpWrPtmYmubYBdwQDpxQ
nqhmuGPIx3LJX+NzHa4isT0eMl68jqdyEfyhc+/kw7clSU8=
-----END CERTIFICATE-----