Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/b79ee0-d4d1-4869-a62d-fd96ffebcfa1/1/CPJfqU4lkJRj88KNOOi63y-JiyU.roa
File:                     CPJfqU4lkJRj88KNOOi63y-JiyU.roa (raw, json)
Hash identifier:          U/rcR2I/zfjsTqmKX3/MGFA7AYpeGU0ttcXvna5k1OM=
Subject key identifier:   08:F2:5F:A9:4E:25:90:94:63:F3:C2:8D:38:E8:BA:DF:2F:89:8B:25
Certificate issuer:       /CN=31da9e35b770e2e681f756cd7d20812a82e11611
Certificate serial:       018CC794FFF7854985DF4B59AE539FDA1070
Authority key identifier: 31:DA:9E:35:B7:70:E2:E6:81:F7:56:CD:7D:20:81:2A:82:E1:16:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdqeNbdw4uaB91bNfSCBKoLhFhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/b79ee0-d4d1-4869-a62d-fd96ffebcfa1/1/CPJfqU4lkJRj88KNOOi63y-JiyU.roa
Signing time:             Tue 02 Jan 2024 00:31:20 +0000
ROA not before:           Tue 02 Jan 2024 00:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60471
IP address blocks:        185.30.144.0/22 maxlen: 22
                          185.30.144.0/23 maxlen: 24
                          185.30.146.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/b79ee0-d4d1-4869-a62d-fd96ffebcfa1/1/MdqeNbdw4uaB91bNfSCBKoLhFhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/b79ee0-d4d1-4869-a62d-fd96ffebcfa1/1/MdqeNbdw4uaB91bNfSCBKoLhFhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdqeNbdw4uaB91bNfSCBKoLhFhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ff:f7:85:49:85:df:4b:59:ae:53:9f:da:10:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31da9e35b770e2e681f756cd7d20812a82e11611
        Validity
            Not Before: Jan  2 00:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08f25fa94e25909463f3c28d38e8badf2f898b25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:92:89:06:ac:f1:6b:0e:8a:f2:11:86:ce:96:
                    8a:45:3c:8e:cc:7f:c6:a1:ed:c3:6b:98:cd:af:87:
                    fe:3a:a9:13:eb:07:d3:20:ab:35:22:68:f5:da:7c:
                    fb:46:38:76:cd:c7:52:67:20:f0:11:ff:9b:f9:83:
                    e5:3e:1f:e5:44:82:3d:14:13:aa:a1:03:dc:9a:77:
                    5a:3b:b9:f7:f6:21:93:e2:69:2a:a4:ce:25:0b:c6:
                    7c:94:20:b8:38:b7:16:b4:a1:ac:19:7e:14:34:77:
                    86:ea:1a:12:dd:a2:81:87:53:d4:36:8f:b4:57:16:
                    6f:e3:99:64:2e:b1:97:54:8a:cd:20:25:d7:e5:ad:
                    00:97:ae:b2:e3:cd:c7:18:f6:a1:89:16:5c:0c:ba:
                    50:c2:14:20:7f:45:f3:4e:47:80:cc:71:83:da:0a:
                    88:6b:ab:02:66:cc:ca:2c:b0:a5:f8:07:50:37:d1:
                    25:ba:ae:bf:67:88:4b:68:68:67:5f:9f:c8:aa:a3:
                    d7:59:8c:d0:72:86:64:f7:64:9c:a5:94:02:4c:ef:
                    d5:06:d1:7a:d2:36:95:d6:3f:ae:f9:38:5b:31:a8:
                    b5:64:61:e8:43:4f:88:04:1a:ae:9c:10:55:3a:00:
                    77:06:58:bb:40:b2:b1:86:ca:e2:e2:52:55:c3:bc:
                    a5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:F2:5F:A9:4E:25:90:94:63:F3:C2:8D:38:E8:BA:DF:2F:89:8B:25
            X509v3 Authority Key Identifier:
                keyid:31:DA:9E:35:B7:70:E2:E6:81:F7:56:CD:7D:20:81:2A:82:E1:16:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdqeNbdw4uaB91bNfSCBKoLhFhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/b79ee0-d4d1-4869-a62d-fd96ffebcfa1/1/CPJfqU4lkJRj88KNOOi63y-JiyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/b79ee0-d4d1-4869-a62d-fd96ffebcfa1/1/MdqeNbdw4uaB91bNfSCBKoLhFhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:e6:dc:7a:e7:fc:58:ef:db:74:fa:de:c7:4a:87:e1:7d:4f:
         2f:42:ff:8b:a0:93:0d:b1:56:dc:19:5d:42:ef:9b:af:04:ab:
         63:2a:59:29:0b:b0:7e:b0:d2:1a:82:db:2f:67:26:ff:04:bd:
         1e:5d:73:dd:ef:05:ca:66:60:11:b9:fe:32:3a:97:00:ce:84:
         8c:e9:44:8d:71:ef:47:2b:f3:df:e6:4a:d1:d7:28:ff:c8:2e:
         77:21:73:52:46:87:1a:f2:3f:d9:45:84:1f:27:96:0e:5c:ba:
         62:c6:19:35:93:4c:1f:99:cb:01:79:94:19:23:0b:4a:1f:06:
         97:a6:f6:08:b4:ee:8e:5d:b8:c5:0c:3f:2e:58:1b:ff:a8:cf:
         b5:b5:d5:ca:82:76:a5:2a:50:4c:25:56:63:01:f1:6a:b4:03:
         f7:1d:34:5c:66:7e:e1:bd:f6:19:b2:c1:0c:4b:53:58:68:aa:
         b6:1f:bf:a9:77:c0:e1:3f:57:ac:1a:18:cc:cd:2f:68:f5:e6:
         85:84:51:a7:f8:fd:47:e0:45:bc:21:87:cb:8e:36:14:d4:63:
         65:f7:c7:e9:81:7b:cc:27:6a:8f:80:87:21:a1:97:1f:21:b1:
         02:0d:81:73:14:cb:1f:01:4b:48:b6:b4:a6:0a:30:b0:16:0e:
         9b:ce:e4:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlP/3hUmF30tZrlOf2hBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZGE5ZTM1Yjc3MGUyZTY4MWY3NTZjZDdkMjA4MTJhODJl
MTE2MTEwHhcNMjQwMTAyMDAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGYyNWZhOTRlMjU5MDk0NjNmM2MyOGQzOGU4YmFkZjJmODk4YjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZKJBqzxaw6K8hGGzpaKRTyOzH/G
oe3Da5jNr4f+OqkT6wfTIKs1Imj12nz7Rjh2zcdSZyDwEf+b+YPlPh/lRII9FBOq
oQPcmndaO7n39iGT4mkqpM4lC8Z8lCC4OLcWtKGsGX4UNHeG6hoS3aKBh1PUNo+0
VxZv45lkLrGXVIrNICXX5a0Al66y483HGPahiRZcDLpQwhQgf0XzTkeAzHGD2gqI
a6sCZszKLLCl+AdQN9Eluq6/Z4hLaGhnX5/IqqPXWYzQcoZk92ScpZQCTO/VBtF6
0jaV1j+u+ThbMai1ZGHoQ0+IBBqunBBVOgB3Bli7QLKxhsri4lJVw7ylwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjyX6lOJZCUY/PCjTjout8viYslMB8GA1UdIwQY
MBaAFDHanjW3cOLmgfdWzX0ggSqC4RYRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRxZU5iZHc0dWFCOTFiTmZTQ0JLb0xoRmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9iNzllZTAtZDRkMS00ODY5LWE2MmQt
ZmQ5NmZmZWJjZmExLzEvQ1BKZnFVNGxrSlJqODhLTk9PaTYzeS1KaXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9iNzllZTAtZDRkMS00ODY5LWE2MmQtZmQ5NmZmZWJjZmEx
LzEvTWRxZU5iZHc0dWFCOTFiTmZTQ0JLb0xoRmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR6QMA0G
CSqGSIb3DQEBCwUAA4IBAQCA5tx65/xY79t0+t7HSofhfU8vQv+LoJMNsVbcGV1C
75uvBKtjKlkpC7B+sNIagtsvZyb/BL0eXXPd7wXKZmARuf4yOpcAzoSM6USNce9H
K/Pf5krR1yj/yC53IXNSRoca8j/ZRYQfJ5YOXLpixhk1k0wfmcsBeZQZIwtKHwaX
pvYItO6OXbjFDD8uWBv/qM+1tdXKgnalKlBMJVZjAfFqtAP3HTRcZn7hvfYZssEM
S1NYaKq2H7+pd8DhP1esGhjMzS9o9eaFhFGn+P1H4EW8IYfLjjYU1GNl98fpgXvM
J2qPgIchoZcfIbECDYFzFMsfAUtItrSmCjCwFg6bzuR5
-----END CERTIFICATE-----