Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/MdKYoKHGPW7uYGALSxk5x-80SVw.roa
File:                     MdKYoKHGPW7uYGALSxk5x-80SVw.roa (raw, json)
Hash identifier:          0EP8F+Dq9bvBn65y9MAnCiyX6vvtZKyhNxJJHNfA6qY=
Subject key identifier:   31:D2:98:A0:A1:C6:3D:6E:EE:60:60:0B:4B:19:39:C7:EF:34:49:5C
Certificate issuer:       /CN=6f3030a4b67f95c2fed902d56657faa2494b5129
Certificate serial:       018CC4931BAA56D21351D9989A74F0F36C98
Authority key identifier: 6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/MdKYoKHGPW7uYGALSxk5x-80SVw.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58
IP address blocks:        93.88.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1b:aa:56:d2:13:51:d9:98:9a:74:f0:f3:6c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f3030a4b67f95c2fed902d56657faa2494b5129
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31d298a0a1c63d6eee60600b4b1939c7ef34495c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b8:46:65:7b:ba:47:7a:b3:b3:35:d1:b4:73:
                    26:aa:50:ec:00:6f:3d:e5:27:0a:4b:b7:3d:4e:4d:
                    9c:43:0e:bc:fb:0d:7f:01:44:54:72:92:c2:b4:04:
                    f1:6f:96:8f:e8:1b:a6:c0:1f:2c:bf:4c:6f:b9:22:
                    95:d4:53:b5:37:95:24:82:c9:47:4e:67:09:af:d1:
                    50:a0:12:46:79:e1:52:7f:ef:a2:c6:26:4f:ca:36:
                    d9:db:93:7d:21:56:56:e1:07:0a:4e:fa:9f:10:42:
                    3f:c7:99:8d:56:43:d5:f6:16:4f:69:ce:35:9a:17:
                    2a:d4:0c:12:64:ab:0a:03:30:76:8d:fd:3d:9b:23:
                    3d:9e:9c:e2:54:51:c5:8f:33:24:ae:61:c0:97:23:
                    02:bc:73:8a:57:3a:61:ca:02:83:46:ba:f0:a8:4e:
                    0e:c5:5f:d8:76:26:77:1c:f4:30:f4:6f:f8:9c:5a:
                    10:de:9f:c3:49:4f:8e:73:03:f2:c8:86:01:92:e3:
                    30:fd:74:80:92:cb:c6:7f:d6:f0:6c:98:2e:f8:47:
                    fd:c9:65:81:5c:0c:88:8d:4d:e2:54:6b:9f:06:37:
                    74:15:f7:3f:63:0b:71:4b:16:72:78:8e:80:f9:98:
                    2f:4e:69:ff:5a:62:51:13:29:60:7b:45:ec:c5:3a:
                    03:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D2:98:A0:A1:C6:3D:6E:EE:60:60:0B:4B:19:39:C7:EF:34:49:5C
            X509v3 Authority Key Identifier:
                keyid:6F:30:30:A4:B6:7F:95:C2:FE:D9:02:D5:66:57:FA:A2:49:4B:51:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bzAwpLZ_lcL-2QLVZlf6oklLUSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/MdKYoKHGPW7uYGALSxk5x-80SVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/2b99a3-dd5f-4ffe-82ef-bf3b21a270f2/1/bzAwpLZ_lcL-2QLVZlf6oklLUSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:5f:02:3d:94:9a:ce:34:74:fe:53:2b:c7:7d:42:dc:f8:32:
         7f:85:d0:cf:96:02:cf:8f:9d:67:b6:51:0b:75:2e:13:cb:d1:
         cc:67:97:7b:78:c2:b5:30:e3:cc:cf:c9:1d:50:3c:8b:fb:ec:
         21:6f:d3:6c:22:62:bd:bf:7b:53:41:62:2a:8a:c0:9a:81:18:
         81:22:3e:39:95:ff:cf:e3:2b:b0:15:0e:ac:b8:9a:21:3c:79:
         c7:40:9a:e8:45:4b:70:6c:2b:7d:73:42:45:41:83:fc:02:04:
         a9:8c:92:93:5a:85:40:c9:9c:8c:0f:72:aa:75:44:5a:2b:11:
         ce:9d:65:d7:61:ef:da:38:8f:6a:e4:55:d7:70:9a:1c:b3:31:
         e9:de:6c:5e:f4:de:c0:6f:f6:72:1b:cd:6d:26:62:af:44:36:
         7a:6d:a9:d4:e6:c0:b2:3b:6c:b1:dc:5c:26:24:88:c9:83:d8:
         78:59:43:6e:a3:c4:f0:ab:4c:6c:1a:e6:6b:0d:d3:8c:7b:3f:
         a9:10:8a:02:cf:fb:8e:1a:24:a3:72:d1:89:de:58:5e:b1:ea:
         83:d6:75:93:a2:b2:c2:2e:5e:f0:ea:82:74:cc:35:ff:e5:e4:
         aa:c6:f0:53:89:77:68:a8:b9:ef:f3:2b:bc:ef:a4:ae:97:d2:
         34:9c:41:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxuqVtITUdmYmnTw82yYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMzAzMGE0YjY3Zjk1YzJmZWQ5MDJkNTY2NTdmYWEyNDk0
YjUxMjkwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQyOThhMGExYzYzZDZlZWU2MDYwMGI0YjE5MzljN2VmMzQ0OTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLhGZXu6R3qzszXRtHMmqlDsAG89
5ScKS7c9Tk2cQw68+w1/AURUcpLCtATxb5aP6BumwB8sv0xvuSKV1FO1N5UkgslH
TmcJr9FQoBJGeeFSf++ixiZPyjbZ25N9IVZW4QcKTvqfEEI/x5mNVkPV9hZPac41
mhcq1AwSZKsKAzB2jf09myM9npziVFHFjzMkrmHAlyMCvHOKVzphygKDRrrwqE4O
xV/YdiZ3HPQw9G/4nFoQ3p/DSU+OcwPyyIYBkuMw/XSAksvGf9bwbJgu+Ef9yWWB
XAyIjU3iVGufBjd0Ffc/YwtxSxZyeI6A+ZgvTmn/WmJREylge0XsxToDawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHSmKChxj1u7mBgC0sZOcfvNElcMB8GA1UdIwQY
MBaAFG8wMKS2f5XC/tkC1WZX+qJJS1EpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYt
YmYzYjIxYTI3MGYyLzEvTWRLWW9LSEdQVzd1WUdBTFN4azV4LTgwU1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yYjk5YTMtZGQ1Zi00ZmZlLTgyZWYtYmYzYjIxYTI3MGYy
LzEvYnpBd3BMWl9sY0wtMlFMVlpsZjZva2xMVVNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXVhIMA0G
CSqGSIb3DQEBCwUAA4IBAQCaXwI9lJrONHT+UyvHfULc+DJ/hdDPlgLPj51ntlEL
dS4Ty9HMZ5d7eMK1MOPMz8kdUDyL++whb9NsImK9v3tTQWIqisCagRiBIj45lf/P
4yuwFQ6suJohPHnHQJroRUtwbCt9c0JFQYP8AgSpjJKTWoVAyZyMD3KqdURaKxHO
nWXXYe/aOI9q5FXXcJocszHp3mxe9N7Ab/ZyG81tJmKvRDZ6banU5sCyO2yx3Fwm
JIjJg9h4WUNuo8Twq0xsGuZrDdOMez+pEIoCz/uOGiSjctGJ3lheseqD1nWTorLC
Ll7w6oJ0zDX/5eSqxvBTiXdoqLnv8yu876Sul9I0nEHw
-----END CERTIFICATE-----