Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e14ebe-45dd-44db-b9b7-1a1f936454ec/1/nIVJ0OGN-0OdPCKW3kjOtCvQ3VQ.roa
File:                     nIVJ0OGN-0OdPCKW3kjOtCvQ3VQ.roa (raw, json)
Hash identifier:          0T2YBWBb5+mCS6xVHckEjXBiM0tHc/Wdf5Bc3SQZwNM=
Subject key identifier:   9C:85:49:D0:E1:8D:FB:43:9D:3C:22:96:DE:48:CE:B4:2B:D0:DD:54
Certificate issuer:       /CN=bfd786b24b4b30275bcc8d5244e34ee00481d790
Certificate serial:       018CC7267DCB2122B0FA285CF4F1DE5FA4BD
Authority key identifier: BF:D7:86:B2:4B:4B:30:27:5B:CC:8D:52:44:E3:4E:E0:04:81:D7:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9eGsktLMCdbzI1SRONO4ASB15A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e14ebe-45dd-44db-b9b7-1a1f936454ec/1/nIVJ0OGN-0OdPCKW3kjOtCvQ3VQ.roa
Signing time:             Mon 01 Jan 2024 22:30:37 +0000
ROA not before:           Mon 01 Jan 2024 22:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6831
IP address blocks:        188.94.190.0/24 maxlen: 24
                          195.178.28.0/23 maxlen: 24
                          193.238.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e14ebe-45dd-44db-b9b7-1a1f936454ec/1/v9eGsktLMCdbzI1SRONO4ASB15A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e14ebe-45dd-44db-b9b7-1a1f936454ec/1/v9eGsktLMCdbzI1SRONO4ASB15A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9eGsktLMCdbzI1SRONO4ASB15A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:7d:cb:21:22:b0:fa:28:5c:f4:f1:de:5f:a4:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd786b24b4b30275bcc8d5244e34ee00481d790
        Validity
            Not Before: Jan  1 22:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c8549d0e18dfb439d3c2296de48ceb42bd0dd54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2f:b1:4a:a2:9f:b5:38:a0:87:f7:0b:ab:91:
                    d6:c3:2e:cc:6d:b0:c1:0c:d7:f4:5b:96:63:54:4e:
                    df:58:48:4f:49:0a:ff:45:c0:41:f6:f2:f2:fa:ff:
                    eb:28:0d:74:73:7f:ce:09:19:e2:2b:4e:32:33:a3:
                    da:4f:5b:04:ed:67:f7:87:b5:d4:3c:98:2b:bf:eb:
                    8b:47:e0:1e:c0:85:75:f6:4e:09:60:7b:94:6b:d4:
                    41:f8:fe:62:64:ae:a9:a7:95:4b:5b:81:2b:91:ba:
                    6e:be:0e:2b:87:3f:b0:02:16:98:5f:0c:9c:37:99:
                    1d:b7:f7:6a:ad:eb:bc:6c:50:bc:d6:34:0d:10:32:
                    8b:7d:bc:77:e1:ea:c4:32:18:ab:2c:72:24:70:99:
                    01:17:04:a0:f2:ff:c3:58:6c:86:59:83:b8:d0:35:
                    1d:14:e4:f6:f3:06:99:75:db:f0:d1:c3:06:03:98:
                    cf:5e:ee:e6:60:19:4c:5e:42:2c:10:b3:70:a7:e9:
                    34:e5:27:d3:21:a7:cf:1e:db:7f:3d:f5:e2:a2:e9:
                    09:97:2a:4f:6e:00:f9:6c:d5:f7:a8:36:c1:b6:57:
                    88:5e:b4:72:81:20:19:7b:ae:bd:7a:a4:4a:44:28:
                    bc:bd:04:9b:4d:91:53:09:3f:e4:d5:f0:0f:9d:0e:
                    c6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:85:49:D0:E1:8D:FB:43:9D:3C:22:96:DE:48:CE:B4:2B:D0:DD:54
            X509v3 Authority Key Identifier:
                keyid:BF:D7:86:B2:4B:4B:30:27:5B:CC:8D:52:44:E3:4E:E0:04:81:D7:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9eGsktLMCdbzI1SRONO4ASB15A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e14ebe-45dd-44db-b9b7-1a1f936454ec/1/nIVJ0OGN-0OdPCKW3kjOtCvQ3VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e14ebe-45dd-44db-b9b7-1a1f936454ec/1/v9eGsktLMCdbzI1SRONO4ASB15A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.94.190.0/24
                  193.238.100.0/22
                  195.178.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:aa:45:ee:81:a9:e5:ab:e9:03:c5:e2:5c:71:87:7a:8a:7f:
         77:cf:e1:b0:99:4c:6c:64:cf:e4:43:fb:41:9f:70:35:63:69:
         02:18:26:ac:0e:3e:cb:4e:04:a2:61:20:c8:ee:4b:4e:9a:20:
         fb:83:ad:9c:ed:65:85:da:0e:58:17:43:44:ef:72:64:f0:a5:
         4c:a0:cc:00:b4:b9:d6:b6:50:50:bd:74:f2:f9:89:48:e6:cd:
         6f:88:aa:78:48:43:b5:10:49:5a:fc:4c:00:35:13:6b:9f:f1:
         88:e9:c6:41:5f:6c:56:08:17:c8:5e:b7:e6:0e:ed:c1:21:38:
         d3:2f:8c:2c:8c:95:c0:d1:77:84:90:83:ab:f8:ad:54:d4:ba:
         7f:c7:7a:7e:d4:a2:ce:e8:0d:01:19:81:8b:46:06:e0:62:d6:
         9f:1a:85:82:ca:5a:e1:af:84:cd:1c:5d:44:b6:67:df:fa:49:
         53:54:86:85:c2:eb:40:16:7d:37:1a:b0:c9:f3:d8:26:c6:7a:
         b1:5f:98:bc:81:2e:24:ce:ff:69:80:6c:8e:35:95:f5:e5:41:
         c6:19:ab:ed:dd:05:65:d1:55:d2:fc:ee:14:3d:30:7f:45:f1:
         70:78:78:91:96:a1:b0:2b:87:e6:3b:59:5e:10:7f:48:e5:f8:
         3f:a3:bb:2f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJn3LISKw+ihc9PHeX6S9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDc4NmIyNGI0YjMwMjc1YmNjOGQ1MjQ0ZTM0ZWUwMDQ4
MWQ3OTAwHhcNMjQwMTAxMjIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzg1NDlkMGUxOGRmYjQzOWQzYzIyOTZkZTQ4Y2ViNDJiZDBkZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuC+xSqKftTigh/cLq5HWwy7MbbDB
DNf0W5ZjVE7fWEhPSQr/RcBB9vLy+v/rKA10c3/OCRniK04yM6PaT1sE7Wf3h7XU
PJgrv+uLR+AewIV19k4JYHuUa9RB+P5iZK6pp5VLW4Erkbpuvg4rhz+wAhaYXwyc
N5kdt/dqreu8bFC81jQNEDKLfbx34erEMhirLHIkcJkBFwSg8v/DWGyGWYO40DUd
FOT28waZddvw0cMGA5jPXu7mYBlMXkIsELNwp+k05SfTIafPHtt/PfXioukJlypP
bgD5bNX3qDbBtleIXrRygSAZe669eqRKRCi8vQSbTZFTCT/k1fAPnQ7GtQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJyFSdDhjftDnTwilt5IzrQr0N1UMB8GA1UdIwQY
MBaAFL/XhrJLSzAnW8yNUkTjTuAEgdeQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjllR3NrdExNQ2RiekkxU1JPTk80QVNCMTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lMTRlYmUtNDVkZC00NGRiLWI5Yjct
MWExZjkzNjQ1NGVjLzEvbklWSjBPR04tME9kUENLVzNrak90Q3ZRM1ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lMTRlYmUtNDVkZC00NGRiLWI5YjctMWExZjkzNjQ1NGVj
LzEvdjllR3NrdExNQ2RiekkxU1JPTk80QVNCMTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvF6+AwQC
we5kAwQBw7IcMA0GCSqGSIb3DQEBCwUAA4IBAQAGqkXuganlq+kDxeJccYd6in93
z+GwmUxsZM/kQ/tBn3A1Y2kCGCasDj7LTgSiYSDI7ktOmiD7g62c7WWF2g5YF0NE
73Jk8KVMoMwAtLnWtlBQvXTy+YlI5s1viKp4SEO1EEla/EwANRNrn/GI6cZBX2xW
CBfIXrfmDu3BITjTL4wsjJXA0XeEkIOr+K1U1Lp/x3p+1KLO6A0BGYGLRgbgYtaf
GoWCylrhr4TNHF1Etmff+klTVIaFwutAFn03GrDJ89gmxnqxX5i8gS4kzv9pgGyO
NZX15UHGGavt3QVl0VXS/O4UPTB/RfFweHiRlqGwK4fmO1leEH9I5fg/o7sv
-----END CERTIFICATE-----