Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/mI9KUc4tNw3miunmIH6tSmg8jOQ.roa
File:                     mI9KUc4tNw3miunmIH6tSmg8jOQ.roa (raw, json)
Hash identifier:          kExQXnEDfotbqIuCLesjPjwShpvpT6MEgmMRLMJiv84=
Subject key identifier:   98:8F:4A:51:CE:2D:37:0D:E6:8A:E9:E6:20:7E:AD:4A:68:3C:8C:E4
Certificate issuer:       /CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
Certificate serial:       018CC49361032119B40B53D4CCAD7E857C00
Authority key identifier: B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/mI9KUc4tNw3miunmIH6tSmg8jOQ.roa
Signing time:             Mon 01 Jan 2024 10:30:42 +0000
ROA not before:           Mon 01 Jan 2024 10:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9030
IP address blocks:        212.8.192.0/19 maxlen: 24
                          212.15.192.0/19 maxlen: 24
                          2001:ae0::/30 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:61:03:21:19:b4:0b:53:d4:cc:ad:7e:85:7c:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
        Validity
            Not Before: Jan  1 10:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=988f4a51ce2d370de68ae9e6207ead4a683c8ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:70:f9:7d:27:9b:60:1f:4b:30:04:ab:07:db:
                    b9:11:d7:b0:30:f5:59:19:3f:28:24:37:cb:1f:c6:
                    be:91:82:50:f2:7b:49:a9:5c:5f:ac:e3:ae:58:cc:
                    f3:d3:d5:91:e5:f8:13:57:ab:1f:0b:8c:8f:b2:2f:
                    35:05:83:91:40:18:2a:a0:0d:cf:03:2a:ca:15:ca:
                    ac:f3:d8:04:3c:85:c3:83:f0:fb:4b:de:6c:14:e9:
                    59:e7:1b:0c:c1:f7:99:dd:c6:7b:c1:37:f6:9d:55:
                    53:32:c4:99:9c:67:91:2c:aa:db:31:57:6c:00:2d:
                    2f:3a:6f:a4:c2:23:9d:fa:e0:a7:72:3e:ac:0f:36:
                    e9:e0:15:89:f7:7c:f4:7a:9c:33:10:0d:a2:02:a1:
                    a4:57:06:01:d8:7a:35:9e:b9:4f:83:3a:77:c4:a1:
                    36:ce:51:fd:40:d0:9b:07:01:05:53:05:8d:d7:fc:
                    76:26:3b:fc:60:ba:a1:b7:30:0d:87:c3:00:80:75:
                    ce:03:b0:75:d6:31:7b:04:e6:97:b2:03:e5:13:d0:
                    54:8c:f3:ac:3d:78:9d:38:7c:87:56:a9:74:7b:79:
                    c8:56:ca:ae:4e:86:ee:91:e5:d4:53:d9:d9:97:9f:
                    a3:50:8a:6c:4c:6f:3d:4d:b2:c5:17:28:4b:0c:dc:
                    05:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8F:4A:51:CE:2D:37:0D:E6:8A:E9:E6:20:7E:AD:4A:68:3C:8C:E4
            X509v3 Authority Key Identifier:
                keyid:B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/mI9KUc4tNw3miunmIH6tSmg8jOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.8.192.0/19
                  212.15.192.0/19
                IPv6:
                  2001:ae0::/30

    Signature Algorithm: sha256WithRSAEncryption
         18:c6:ce:36:d0:f4:30:60:44:c0:e0:b2:22:9e:bd:0c:f8:a9:
         8c:cb:5e:c3:d5:75:a1:bd:78:8c:37:d4:3c:32:c1:e7:bd:5a:
         dd:5d:6b:47:13:98:9c:6c:5b:fa:a0:6f:1c:e3:3d:b2:a9:25:
         23:27:ae:24:61:71:7c:4a:42:60:10:40:72:0b:fc:52:eb:74:
         5b:a2:f3:8d:ee:66:d0:56:08:6d:fc:f6:a7:6a:71:6a:db:7e:
         40:9f:a1:ed:e0:29:ba:6a:33:ba:91:2d:3a:ea:f6:bc:7f:9e:
         3a:3d:01:ce:f5:b4:cb:16:f5:f9:cf:06:0e:f1:1c:03:80:fb:
         53:c9:d8:38:1a:d3:4b:96:1c:54:ee:fb:13:11:04:f0:c2:20:
         c5:5a:9a:37:cb:b1:21:16:1d:df:49:ac:d0:69:7c:53:31:2a:
         ce:f2:d1:b4:44:03:ae:aa:b7:d4:2d:f9:38:02:b7:d2:d3:c8:
         c5:81:fa:2f:d2:6b:7c:d1:e6:5c:6d:de:f8:32:9e:47:c8:c8:
         9e:67:af:52:70:ad:66:1c:35:db:d0:6b:25:af:87:29:d1:df:
         81:f2:3e:5d:3e:33:00:bf:03:db:c9:6e:b2:a0:1e:4a:5d:32:
         c5:bb:b7:3a:c3:ae:58:66:c3:dd:c9:80:60:94:56:11:5d:d5:
         37:83:fc:47
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk2EDIRm0C1PUzK1+hXwAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwY2M5NWZjNDJmM2Q4MTkyMGY0NjRiMGYyMGM4YTUyMDNm
MjFlMzAwHhcNMjQwMTAxMTAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhmNGE1MWNlMmQzNzBkZTY4YWU5ZTYyMDdlYWQ0YTY4M2M4Y2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XD5fSebYB9LMASrB9u5EdewMPVZ
GT8oJDfLH8a+kYJQ8ntJqVxfrOOuWMzz09WR5fgTV6sfC4yPsi81BYORQBgqoA3P
AyrKFcqs89gEPIXDg/D7S95sFOlZ5xsMwfeZ3cZ7wTf2nVVTMsSZnGeRLKrbMVds
AC0vOm+kwiOd+uCncj6sDzbp4BWJ93z0epwzEA2iAqGkVwYB2Ho1nrlPgzp3xKE2
zlH9QNCbBwEFUwWN1/x2Jjv8YLqhtzANh8MAgHXOA7B11jF7BOaXsgPlE9BUjPOs
PXidOHyHVql0e3nIVsquTobukeXUU9nZl5+jUIpsTG89TbLFFyhLDNwFIQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJiPSlHOLTcN5orp5iB+rUpoPIzkMB8GA1UdIwQY
MBaAFLDMlfxC89gZIPRksPIMilID8h4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEt
ODQ1M2MwZjEzNWQ2LzEvbUk5S1VjNHROdzNtaXVubUlINnRTbWc4ak9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEtODQ1M2MwZjEzNWQ2
LzEvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQF1AjAAwQF
1A/AMA0EAgACMAcDBQIgAQrgMA0GCSqGSIb3DQEBCwUAA4IBAQAYxs420PQwYETA
4LIinr0M+KmMy17D1XWhvXiMN9Q8MsHnvVrdXWtHE5icbFv6oG8c4z2yqSUjJ64k
YXF8SkJgEEByC/xS63RbovON7mbQVght/PananFq235An6Ht4Cm6ajO6kS066va8
f546PQHO9bTLFvX5zwYO8RwDgPtTydg4GtNLlhxU7vsTEQTwwiDFWpo3y7EhFh3f
SazQaXxTMSrO8tG0RAOuqrfULfk4ArfS08jFgfov0mt80eZcbd74Mp5HyMieZ69S
cK1mHDXb0Gslr4cp0d+B8j5dPjMAvwPbyW6yoB5KXTLFu7c6w65YZsPdyYBglFYR
XdU3g/xH
-----END CERTIFICATE-----