Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8nxrUN3oQYleNnD8s_1Bwd9-7Dw.roa
File:                     8nxrUN3oQYleNnD8s_1Bwd9-7Dw.roa (raw, json)
Hash identifier:          11IIBlgMRrKQjKs9aYrhijD1L7zZaJiuADdLXqs8MCk=
Subject key identifier:   F2:7C:6B:50:DD:E8:41:89:5E:36:70:FC:B3:FD:41:C1:DF:7E:EC:3C
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7954F4C8C85239D4FE2D60032271E40
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8nxrUN3oQYleNnD8s_1Bwd9-7Dw.roa
Signing time:             Tue 02 Jan 2024 00:31:40 +0000
ROA not before:           Tue 02 Jan 2024 00:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48556
IP address blocks:        188.241.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4f:4c:8c:85:23:9d:4f:e2:d6:00:32:27:1e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f27c6b50dde841895e3670fcb3fd41c1df7eec3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:77:fa:db:8b:ed:cf:9e:f1:bf:e5:31:3c:ad:
                    94:26:49:15:80:1e:09:30:c3:5b:8f:2f:fd:5c:3d:
                    88:ac:de:33:28:c8:87:4b:47:15:c2:89:02:dd:20:
                    14:c2:2b:d4:24:c0:28:9c:e6:90:e2:72:0e:2d:64:
                    5c:d9:3b:36:11:c3:a4:b5:19:87:9f:b5:a5:c2:c5:
                    65:be:fe:aa:1a:47:15:2a:d1:da:a3:86:11:10:f6:
                    b1:f2:54:1a:7f:e3:1f:6a:46:12:ff:e7:be:06:d8:
                    54:33:db:db:8e:17:f0:a5:5c:cd:85:a4:fe:19:2e:
                    9b:ea:e6:04:eb:0e:9c:98:b8:b0:f5:1b:66:05:d6:
                    ae:b5:8a:0e:ce:dd:76:b9:bc:9a:4c:e2:b7:52:19:
                    ec:17:16:3b:c5:10:25:e0:38:c2:5b:5f:bf:18:46:
                    bf:2a:69:5d:2a:93:c7:ce:99:d6:18:dc:5c:4d:eb:
                    80:55:49:24:ea:ff:9c:02:0d:a7:f6:4b:6b:cd:de:
                    e7:54:52:48:57:ab:78:3a:17:10:15:7a:86:de:6e:
                    40:2e:fc:12:97:2d:e1:9d:7f:8b:73:fb:1d:61:cd:
                    35:0c:b3:c7:f1:4b:64:9a:f3:a2:e8:de:d4:31:3e:
                    f8:77:49:fd:63:36:31:70:7c:4c:45:d0:34:88:ec:
                    fb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:7C:6B:50:DD:E8:41:89:5E:36:70:FC:B3:FD:41:C1:DF:7E:EC:3C
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/8nxrUN3oQYleNnD8s_1Bwd9-7Dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:46:45:5e:9b:95:b5:80:48:d3:1e:e7:1d:98:01:ac:fb:03:
         83:70:39:bc:29:53:de:38:97:54:54:23:3d:5e:f1:47:04:c1:
         14:e3:ac:3b:a2:fd:23:6a:28:7c:76:c5:fc:7c:17:76:3a:0d:
         af:81:20:ca:bb:58:3c:8f:be:ca:66:0b:88:56:2b:fb:fb:38:
         70:ae:30:dc:bf:37:1a:b7:5f:1d:69:59:e3:71:82:17:af:28:
         a2:b1:11:2d:c0:f5:74:18:d5:ab:b9:d4:58:fa:fa:e8:cd:70:
         bb:f7:4d:f8:78:06:45:ea:33:48:cc:0f:38:93:b5:2b:0d:78:
         8f:57:68:4f:ef:b6:1a:e1:46:55:14:e5:f6:f2:fd:72:8a:8c:
         b2:e8:db:1b:05:14:ef:f7:7c:81:8f:1d:a7:81:df:15:6d:7c:
         38:e4:cc:d4:5f:8d:7a:5e:68:5f:20:32:0a:bd:54:d5:a1:98:
         47:df:eb:26:cb:52:02:1b:9d:18:e5:3d:06:2f:5f:3b:f5:8e:
         1c:1c:61:31:0d:ae:4c:2b:08:e2:dd:d9:ec:de:9d:93:bb:c0:
         08:47:a0:06:80:3c:46:2e:32:33:f2:e8:0d:d9:4f:98:be:d9:
         b7:82:05:9d:d8:d2:34:ee:27:64:6d:aa:13:93:46:b9:52:ff:
         81:c3:e0:fd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlU9MjIUjnU/i1gAyJx5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjdjNmI1MGRkZTg0MTg5NWUzNjcwZmNiM2ZkNDFjMWRmN2VlYzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnf624vtz57xv+UxPK2UJkkVgB4J
MMNbjy/9XD2IrN4zKMiHS0cVwokC3SAUwivUJMAonOaQ4nIOLWRc2Ts2EcOktRmH
n7WlwsVlvv6qGkcVKtHao4YREPax8lQaf+MfakYS/+e+BthUM9vbjhfwpVzNhaT+
GS6b6uYE6w6cmLiw9RtmBdautYoOzt12ubyaTOK3UhnsFxY7xRAl4DjCW1+/GEa/
KmldKpPHzpnWGNxcTeuAVUkk6v+cAg2n9ktrzd7nVFJIV6t4OhcQFXqG3m5ALvwS
ly3hnX+Lc/sdYc01DLPH8UtkmvOi6N7UMT74d0n9YzYxcHxMRdA0iOz7LwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPJ8a1Dd6EGJXjZw/LP9QcHffuw8MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzhueHJVTjNvUVlsZU5uRDhzXzFCd2Q5LTdEdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC88W0w
DQYJKoZIhvcNAQELBQADggEBAI1GRV6blbWASNMe5x2YAaz7A4NwObwpU944l1RU
Iz1e8UcEwRTjrDui/SNqKHx2xfx8F3Y6Da+BIMq7WDyPvspmC4hWK/v7OHCuMNy/
Nxq3Xx1pWeNxghevKKKxES3A9XQY1au51Fj6+ujNcLv3Tfh4BkXqM0jMDziTtSsN
eI9XaE/vthrhRlUU5fby/XKKjLLo2xsFFO/3fIGPHaeB3xVtfDjkzNRfjXpeaF8g
Mgq9VNWhmEff6ybLUgIbnRjlPQYvXzv1jhwcYTENrkwrCOLd2ezenZO7wAhHoAaA
PEYuMjPy6A3ZT5i+2beCBZ3Y0jTuJ2RtqhOTRrlS/4HD4P0=
-----END CERTIFICATE-----