Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/797390-81d4-4c5d-ab71-7088568c51c0/1/g0hIsyA4evou3K5Zv_WWiVwmJZ4.roa
File:                     g0hIsyA4evou3K5Zv_WWiVwmJZ4.roa (raw, json)
Hash identifier:          ypSslI9M/fGVrNo6enXx4fsuGzo4XxzKWBh20TjAJyw=
Subject key identifier:   83:48:48:B3:20:38:7A:FA:2E:DC:AE:59:BF:F5:96:89:5C:26:25:9E
Certificate issuer:       /CN=8aaf78b69774a55507deabf8c4c96942e9ef0d20
Certificate serial:       018CC42556A98741B803070D5A204AB1B636
Authority key identifier: 8A:AF:78:B6:97:74:A5:55:07:DE:AB:F8:C4:C9:69:42:E9:EF:0D:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iq94tpd0pVUH3qv4xMlpQunvDSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/797390-81d4-4c5d-ab71-7088568c51c0/1/g0hIsyA4evou3K5Zv_WWiVwmJZ4.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8735
IP address blocks:        194.59.45.0/24 maxlen: 24
                          193.227.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/797390-81d4-4c5d-ab71-7088568c51c0/1/iq94tpd0pVUH3qv4xMlpQunvDSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/797390-81d4-4c5d-ab71-7088568c51c0/1/iq94tpd0pVUH3qv4xMlpQunvDSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iq94tpd0pVUH3qv4xMlpQunvDSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:56:a9:87:41:b8:03:07:0d:5a:20:4a:b1:b6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aaf78b69774a55507deabf8c4c96942e9ef0d20
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=834848b320387afa2edcae59bff596895c26259e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:19:1a:a0:41:69:0a:4c:2c:b6:7a:3b:dd:ea:
                    eb:e5:4d:08:9a:ab:e8:9b:2e:65:7b:4f:6a:a2:ac:
                    c2:8d:59:7e:5f:ac:9a:82:e9:f5:87:a5:87:e1:77:
                    01:45:93:a5:96:40:87:08:a0:34:60:50:b0:22:82:
                    a5:37:05:4d:37:e7:28:f3:89:9d:c2:d6:1d:56:3b:
                    ec:a2:ba:57:0f:d5:5f:bf:03:05:ea:67:28:30:91:
                    49:7a:6a:46:84:b9:52:0e:90:1d:36:9b:e1:ae:c2:
                    81:c2:ff:98:68:cd:c4:b3:e0:6f:53:52:99:3c:82:
                    2e:b5:31:82:b9:d7:fa:14:7b:b5:e2:0f:b6:8b:fa:
                    17:3b:b5:87:42:fe:c1:08:d5:e3:06:c1:40:d0:74:
                    01:b9:85:84:7b:6c:b1:12:43:2f:9e:ee:c0:b2:c7:
                    39:0e:60:8d:73:11:f8:00:23:05:3d:05:a3:7a:85:
                    9d:0a:40:4c:6b:a1:b4:34:9e:67:61:33:2b:72:b6:
                    59:b8:f1:b8:4c:05:4c:86:bb:24:61:a7:a6:c6:17:
                    49:b3:8e:7c:e8:ac:e7:3a:4b:d8:03:c6:61:dd:f5:
                    24:1e:0c:9a:41:f1:b9:35:f7:73:a2:6f:d7:c8:a9:
                    b2:94:5a:89:f5:94:f3:28:1d:c2:9b:39:bb:40:d0:
                    02:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:48:48:B3:20:38:7A:FA:2E:DC:AE:59:BF:F5:96:89:5C:26:25:9E
            X509v3 Authority Key Identifier:
                keyid:8A:AF:78:B6:97:74:A5:55:07:DE:AB:F8:C4:C9:69:42:E9:EF:0D:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iq94tpd0pVUH3qv4xMlpQunvDSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/797390-81d4-4c5d-ab71-7088568c51c0/1/g0hIsyA4evou3K5Zv_WWiVwmJZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/797390-81d4-4c5d-ab71-7088568c51c0/1/iq94tpd0pVUH3qv4xMlpQunvDSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.203.0/24
                  194.59.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:54:cd:8b:c2:c5:5a:5d:a6:12:63:d4:5d:81:49:23:40:63:
         51:aa:8f:b8:6f:2e:dd:2b:12:7f:9b:4e:ed:62:62:60:10:37:
         fb:0e:1d:1d:3a:05:7e:ac:cb:eb:72:d1:f9:81:88:00:06:ac:
         dc:f8:f3:81:78:ad:f2:e5:f8:90:c2:9b:d7:fd:7e:2e:c2:40:
         b5:a9:a7:dc:b8:9f:dd:66:f2:e8:e9:33:60:62:30:85:70:77:
         e4:58:d8:37:c9:17:13:f0:84:36:df:bb:31:a5:7b:fe:4b:c0:
         8d:31:b8:25:76:79:3e:b3:de:e0:2d:da:ff:e8:bc:91:83:2d:
         66:49:ae:a5:c1:c0:67:d3:59:9a:3a:ae:d5:71:55:73:eb:6c:
         b5:8f:ab:60:7c:6b:64:37:46:77:2f:b5:fe:d1:2b:90:7c:49:
         f7:4d:46:45:aa:cf:42:17:e4:3e:8d:57:8d:cc:c9:44:30:d3:
         ad:87:c2:b8:78:9e:d0:21:49:8a:fa:d8:dc:7e:b9:9a:f1:3c:
         86:34:3a:e0:6e:b2:ff:2f:29:d8:cd:30:e7:2f:45:4d:e3:f5:
         76:64:d9:fd:57:34:bb:4c:3c:34:17:d8:ff:64:8f:d0:d7:7f:
         37:91:e7:bb:e7:48:7c:39:6a:56:0a:5d:7e:4a:5f:84:6c:9d:
         58:a7:ff:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJVaph0G4AwcNWiBKsbY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWY3OGI2OTc3NGE1NTUwN2RlYWJmOGM0Yzk2OTQyZTll
ZjBkMjAwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ4NDhiMzIwMzg3YWZhMmVkY2FlNTliZmY1OTY4OTVjMjYyNTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBkaoEFpCkwstno73err5U0Imqvo
my5le09qoqzCjVl+X6yagun1h6WH4XcBRZOllkCHCKA0YFCwIoKlNwVNN+co84md
wtYdVjvsorpXD9VfvwMF6mcoMJFJempGhLlSDpAdNpvhrsKBwv+YaM3Es+BvU1KZ
PIIutTGCudf6FHu14g+2i/oXO7WHQv7BCNXjBsFA0HQBuYWEe2yxEkMvnu7Assc5
DmCNcxH4ACMFPQWjeoWdCkBMa6G0NJ5nYTMrcrZZuPG4TAVMhrskYaemxhdJs458
6KznOkvYA8Zh3fUkHgyaQfG5Nfdzom/XyKmylFqJ9ZTzKB3Cmzm7QNACJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFINISLMgOHr6LtyuWb/1lolcJiWeMB8GA1UdIwQY
MBaAFIqveLaXdKVVB96r+MTJaULp7w0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXE5NHRwZDBwVlVIM3F2NHhNbHBRdW52RFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS83OTczOTAtODFkNC00YzVkLWFiNzEt
NzA4ODU2OGM1MWMwLzEvZzBoSXN5QTRldm91M0s1WnZfV1dpVndtSlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS83OTczOTAtODFkNC00YzVkLWFiNzEtNzA4ODU2OGM1MWMw
LzEvaXE5NHRwZDBwVlVIM3F2NHhNbHBRdW52RFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwePLAwQA
wjstMA0GCSqGSIb3DQEBCwUAA4IBAQCGVM2LwsVaXaYSY9RdgUkjQGNRqo+4by7d
KxJ/m07tYmJgEDf7Dh0dOgV+rMvrctH5gYgABqzc+POBeK3y5fiQwpvX/X4uwkC1
qafcuJ/dZvLo6TNgYjCFcHfkWNg3yRcT8IQ237sxpXv+S8CNMbgldnk+s97gLdr/
6LyRgy1mSa6lwcBn01maOq7VcVVz62y1j6tgfGtkN0Z3L7X+0SuQfEn3TUZFqs9C
F+Q+jVeNzMlEMNOth8K4eJ7QIUmK+tjcfrma8TyGNDrgbrL/LynYzTDnL0VN4/V2
ZNn9VzS7TDw0F9j/ZI/Q1383kee750h8OWpWCl1+Sl+EbJ1Yp//u
-----END CERTIFICATE-----