Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/G8WextlxghXzAp58wjND-E0JJY0.roa
File:                     G8WextlxghXzAp58wjND-E0JJY0.roa (raw, json)
Hash identifier:          L/CK5Wmz42ildCokJWhII6wbAj4JXQ0vi6bhp8y+vCs=
Subject key identifier:   1B:C5:9E:C6:D9:71:82:15:F3:02:9E:7C:C2:33:43:F8:4D:09:25:8D
Certificate issuer:       /CN=a49d2e50b7738aed0acc1a0ec2fee30080255838
Certificate serial:       018CC3490FE6474E2C8536E7B6DCAF9F35B4
Authority key identifier: A4:9D:2E:50:B7:73:8A:ED:0A:CC:1A:0E:C2:FE:E3:00:80:25:58:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJ0uULdziu0KzBoOwv7jAIAlWDg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/G8WextlxghXzAp58wjND-E0JJY0.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        91.230.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/pJ0uULdziu0KzBoOwv7jAIAlWDg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/pJ0uULdziu0KzBoOwv7jAIAlWDg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJ0uULdziu0KzBoOwv7jAIAlWDg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0f:e6:47:4e:2c:85:36:e7:b6:dc:af:9f:35:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a49d2e50b7738aed0acc1a0ec2fee30080255838
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bc59ec6d9718215f3029e7cc23343f84d09258d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:79:87:36:98:0b:c8:8c:22:cb:05:9d:70:5c:
                    f2:07:5b:b1:ae:d2:66:5d:5e:36:18:49:3c:3d:92:
                    a5:6b:ac:e7:82:35:7d:97:21:6e:59:dc:de:98:22:
                    69:a6:82:52:ab:d0:03:87:85:93:29:5b:86:31:91:
                    d0:a8:d4:f0:84:47:8f:20:69:44:47:91:29:7b:9d:
                    6c:c9:7c:4f:ac:f3:27:a5:74:9a:45:94:3d:2b:c0:
                    72:c6:ed:09:fe:59:2a:45:b5:d1:4f:62:17:eb:bb:
                    3a:85:70:58:92:33:00:cb:cb:bf:74:29:74:4d:8a:
                    7b:27:1f:31:90:6f:c2:b8:32:bd:2f:72:e0:23:47:
                    c3:d7:b4:29:7d:54:13:f1:e8:c2:ca:09:30:7f:97:
                    53:2c:7d:84:7f:cc:9b:d9:be:68:54:60:05:63:cb:
                    b2:a4:da:93:6e:01:08:e6:9e:6e:8c:b4:d9:1d:04:
                    47:dd:b3:18:07:da:94:0e:fa:6e:f5:96:6c:be:15:
                    d0:3b:3a:a7:df:0b:c1:24:8d:0d:e2:25:ad:e6:34:
                    89:b9:84:c5:fb:50:34:0e:c9:b5:ae:0d:4d:f0:b2:
                    34:28:d1:8e:05:2c:a4:14:43:90:21:85:98:1a:61:
                    df:89:ba:36:17:4f:0e:e7:a6:06:19:fd:05:07:91:
                    93:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C5:9E:C6:D9:71:82:15:F3:02:9E:7C:C2:33:43:F8:4D:09:25:8D
            X509v3 Authority Key Identifier:
                keyid:A4:9D:2E:50:B7:73:8A:ED:0A:CC:1A:0E:C2:FE:E3:00:80:25:58:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJ0uULdziu0KzBoOwv7jAIAlWDg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/G8WextlxghXzAp58wjND-E0JJY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/393218-46e5-468b-b58b-7f3352234e21/1/pJ0uULdziu0KzBoOwv7jAIAlWDg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:e3:1d:22:85:54:1c:3d:20:ca:50:e1:a2:1e:58:a0:00:60:
         ad:e2:b7:ae:c7:73:bf:7a:3a:06:64:97:58:d6:47:b3:9b:8c:
         c7:75:78:df:4a:62:b2:b4:d4:05:8a:eb:0d:3f:b4:92:24:0a:
         dc:04:1f:e2:9c:69:be:d5:ce:90:7c:99:bf:c2:60:ab:c9:6e:
         8b:82:92:84:60:60:63:b2:e0:07:53:67:5d:d2:c6:63:58:a3:
         cc:4e:56:ae:86:c2:6a:f7:15:3c:c5:e0:dd:39:22:58:bf:6f:
         9e:73:4f:74:41:76:39:f1:26:b1:71:2b:1e:62:d4:89:9b:ba:
         fd:ea:a0:38:e0:99:7d:69:5d:fc:49:92:46:60:9d:cf:a5:6b:
         eb:ba:b8:8b:d0:7b:36:a1:76:4c:f5:2e:d8:17:4d:36:2c:a8:
         ff:73:fb:16:28:74:c7:89:03:57:50:32:31:9f:8d:fd:af:9a:
         78:49:f3:b5:ef:56:d7:87:63:1e:d6:b6:e6:9b:bd:6d:bc:1e:
         d4:1a:8e:f0:fd:67:f3:72:27:54:3b:44:8d:15:0c:64:bf:ce:
         82:62:92:9e:5c:09:a7:99:2a:2b:76:4a:b2:7f:03:9b:ed:98:
         a2:f1:bc:19:25:69:44:e9:fd:37:95:34:51:2d:2b:84:54:9c:
         63:9b:58:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQ/mR04shTbnttyvnzW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OWQyZTUwYjc3MzhhZWQwYWNjMWEwZWMyZmVlMzAwODAy
NTU4MzgwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmM1OWVjNmQ5NzE4MjE1ZjMwMjllN2NjMjMzNDNmODRkMDkyNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnmHNpgLyIwiywWdcFzyB1uxrtJm
XV42GEk8PZKla6zngjV9lyFuWdzemCJppoJSq9ADh4WTKVuGMZHQqNTwhEePIGlE
R5Epe51syXxPrPMnpXSaRZQ9K8Byxu0J/lkqRbXRT2IX67s6hXBYkjMAy8u/dCl0
TYp7Jx8xkG/CuDK9L3LgI0fD17QpfVQT8ejCygkwf5dTLH2Ef8yb2b5oVGAFY8uy
pNqTbgEI5p5ujLTZHQRH3bMYB9qUDvpu9ZZsvhXQOzqn3wvBJI0N4iWt5jSJuYTF
+1A0Dsm1rg1N8LI0KNGOBSykFEOQIYWYGmHfibo2F08O56YGGf0FB5GTUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvFnsbZcYIV8wKefMIzQ/hNCSWNMB8GA1UdIwQY
MBaAFKSdLlC3c4rtCswaDsL+4wCAJVg4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEowdVVMZHppdTBLekJvT3d2N2pBSUFsV0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zOTMyMTgtNDZlNS00NjhiLWI1OGIt
N2YzMzUyMjM0ZTIxLzEvRzhXZXh0bHhnaFh6QXA1OHdqTkQtRTBKSlkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zOTMyMTgtNDZlNS00NjhiLWI1OGItN2YzMzUyMjM0ZTIx
LzEvcEowdVVMZHppdTBLekJvT3d2N2pBSUFsV0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+YoMA0G
CSqGSIb3DQEBCwUAA4IBAQAU4x0ihVQcPSDKUOGiHligAGCt4reux3O/ejoGZJdY
1kezm4zHdXjfSmKytNQFiusNP7SSJArcBB/inGm+1c6QfJm/wmCryW6LgpKEYGBj
suAHU2dd0sZjWKPMTlauhsJq9xU8xeDdOSJYv2+ec090QXY58SaxcSseYtSJm7r9
6qA44Jl9aV38SZJGYJ3PpWvruriL0Hs2oXZM9S7YF002LKj/c/sWKHTHiQNXUDIx
n439r5p4SfO171bXh2Me1rbmm71tvB7UGo7w/WfzcidUO0SNFQxkv86CYpKeXAmn
mSordkqyfwOb7Zii8bwZJWlE6f03lTRRLSuEVJxjm1ha
-----END CERTIFICATE-----