Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/eL1KnVL1ziXbJy5k8UG0zGtmPaw.roa
File:                     eL1KnVL1ziXbJy5k8UG0zGtmPaw.roa (raw, json)
Hash identifier:          raTb0qslurmwLm7ZRcJXOM7nD+SzszhxXzGl29RfFng=
Subject key identifier:   78:BD:4A:9D:52:F5:CE:25:DB:27:2E:64:F1:41:B4:CC:6B:66:3D:AC
Certificate issuer:       /CN=5a955ca458468c5776b8d9936dfe9b0b2668731c
Certificate serial:       018CC8DD8EAFE62E2A0235E39D3D09C3D61C
Authority key identifier: 5A:95:5C:A4:58:46:8C:57:76:B8:D9:93:6D:FE:9B:0B:26:68:73:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/eL1KnVL1ziXbJy5k8UG0zGtmPaw.roa
Signing time:             Tue 02 Jan 2024 06:30:12 +0000
ROA not before:           Tue 02 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        87.247.231.0/24 maxlen: 24
                          87.247.230.0/23 maxlen: 23
                          87.247.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:8e:af:e6:2e:2a:02:35:e3:9d:3d:09:c3:d6:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a955ca458468c5776b8d9936dfe9b0b2668731c
        Validity
            Not Before: Jan  2 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78bd4a9d52f5ce25db272e64f141b4cc6b663dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:01:f0:5e:df:9e:0d:e9:21:04:67:2a:e6:7c:
                    3a:b1:1b:cd:7d:99:84:28:2f:91:47:a7:44:ac:28:
                    80:8e:2f:32:b2:48:97:6d:ee:69:e4:c4:62:d0:30:
                    86:38:a5:3e:ac:f1:10:d2:aa:9b:c5:76:e5:8d:6e:
                    72:bc:f3:41:5f:7a:f9:6b:37:9e:8b:c3:5f:1e:87:
                    69:14:39:ef:69:c6:8a:ae:3d:a4:a2:51:f4:47:be:
                    f5:9b:0b:03:b3:ce:97:e2:1a:56:7e:42:ba:24:1e:
                    2e:a7:1b:9f:3a:fe:06:f1:61:e6:7e:21:e0:44:ae:
                    b3:78:b0:27:bd:09:3a:8f:15:9e:5e:34:61:0d:87:
                    20:47:d7:e3:ed:7e:d7:cd:72:10:61:09:3a:c3:3a:
                    e9:25:23:a4:84:1c:2b:f6:5f:38:95:f2:fd:87:d6:
                    37:72:e0:c2:28:87:77:13:bf:24:26:de:73:30:93:
                    a2:f5:80:09:29:29:d6:a2:8c:08:4e:dc:49:66:d3:
                    7d:c9:6c:d7:e8:32:90:1f:87:de:d7:d2:26:6c:cd:
                    92:f1:2b:eb:9e:11:e5:a2:2f:35:86:de:8a:e8:d5:
                    a7:e0:c5:a2:89:11:ad:65:81:10:ee:14:5d:4a:d9:
                    73:88:74:ce:95:c0:76:10:11:d1:5f:4e:51:98:46:
                    b3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:BD:4A:9D:52:F5:CE:25:DB:27:2E:64:F1:41:B4:CC:6B:66:3D:AC
            X509v3 Authority Key Identifier:
                keyid:5A:95:5C:A4:58:46:8C:57:76:B8:D9:93:6D:FE:9B:0B:26:68:73:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpVcpFhGjFd2uNmTbf6bCyZocxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/eL1KnVL1ziXbJy5k8UG0zGtmPaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/be9a00-e0b1-4541-9c0f-13858da85f53/1/WpVcpFhGjFd2uNmTbf6bCyZocxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:c7:ff:93:e5:8f:06:3c:56:28:27:71:6d:e5:03:9e:ea:ef:
         a0:df:65:8f:da:23:a2:0c:2b:e5:9d:2e:f3:81:ac:53:5c:26:
         ef:92:47:e0:99:d6:9b:99:55:a3:00:75:4f:e3:db:f6:36:30:
         32:58:91:25:a9:b3:98:fd:e3:59:4a:15:b1:7f:01:b4:20:8e:
         c7:37:f5:23:55:19:80:f4:0f:81:a4:80:b8:2d:bf:3c:a4:09:
         bf:0e:fb:f5:74:ae:98:dc:72:03:ef:92:9a:37:fb:8d:34:7f:
         93:96:04:8e:d5:91:cc:60:63:39:fa:b3:15:91:db:6a:ef:ee:
         55:a0:84:07:4d:dd:0f:b6:83:6c:fa:2b:3a:8e:b1:5e:56:63:
         c4:8b:2f:5d:8d:67:7b:48:70:a4:bf:5a:f7:3d:99:7a:10:09:
         de:c8:78:d1:a9:f3:72:14:7f:5a:a8:e0:53:f0:d5:85:6b:0f:
         19:60:7f:b4:de:45:02:30:2f:e3:73:c3:50:4e:57:79:e1:6a:
         bd:c8:d0:26:6d:97:7f:d1:94:5c:3b:22:38:2b:99:16:4a:b2:
         ce:1d:8a:10:d7:b5:22:17:64:f0:0f:ad:82:bd:d2:6b:6b:91:
         36:61:3b:b6:95:d4:24:36:0b:b8:df:82:cf:6f:3e:e0:ed:44:
         07:e1:54:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Y6v5i4qAjXjnT0Jw9YcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTU1Y2E0NTg0NjhjNTc3NmI4ZDk5MzZkZmU5YjBiMjY2
ODczMWMwHhcNMjQwMTAyMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGJkNGE5ZDUyZjVjZTI1ZGIyNzJlNjRmMTQxYjRjYzZiNjYzZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQHwXt+eDekhBGcq5nw6sRvNfZmE
KC+RR6dErCiAji8yskiXbe5p5MRi0DCGOKU+rPEQ0qqbxXbljW5yvPNBX3r5azee
i8NfHodpFDnvacaKrj2kolH0R771mwsDs86X4hpWfkK6JB4upxufOv4G8WHmfiHg
RK6zeLAnvQk6jxWeXjRhDYcgR9fj7X7XzXIQYQk6wzrpJSOkhBwr9l84lfL9h9Y3
cuDCKId3E78kJt5zMJOi9YAJKSnWoowITtxJZtN9yWzX6DKQH4fe19ImbM2S8Svr
nhHloi81ht6K6NWn4MWiiRGtZYEQ7hRdStlziHTOlcB2EBHRX05RmEaz7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHi9Sp1S9c4l2ycuZPFBtMxrZj2sMB8GA1UdIwQY
MBaAFFqVXKRYRoxXdrjZk23+mwsmaHMcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BWY3BGaEdqRmQydU5tVGJmNmJDeVpvY3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iZTlhMDAtZTBiMS00NTQxLTljMGYt
MTM4NThkYTg1ZjUzLzEvZUwxS25WTDF6aVhiSnk1azhVRzB6R3RtUGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iZTlhMDAtZTBiMS00NTQxLTljMGYtMTM4NThkYTg1ZjUz
LzEvV3BWY3BGaEdqRmQydU5tVGJmNmJDeVpvY3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBV/fmMA0G
CSqGSIb3DQEBCwUAA4IBAQAgx/+T5Y8GPFYoJ3Ft5QOe6u+g32WP2iOiDCvlnS7z
gaxTXCbvkkfgmdabmVWjAHVP49v2NjAyWJElqbOY/eNZShWxfwG0II7HN/UjVRmA
9A+BpIC4Lb88pAm/Dvv1dK6Y3HID75KaN/uNNH+TlgSO1ZHMYGM5+rMVkdtq7+5V
oIQHTd0PtoNs+is6jrFeVmPEiy9djWd7SHCkv1r3PZl6EAneyHjRqfNyFH9aqOBT
8NWFaw8ZYH+03kUCMC/jc8NQTld54Wq9yNAmbZd/0ZRcOyI4K5kWSrLOHYoQ17Ui
F2TwD62CvdJra5E2YTu2ldQkNgu434LPbz7g7UQH4VRX
-----END CERTIFICATE-----