Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/8gAXPk6OPwsdzuzPkFH-cPOoN-M.roa
File:                     8gAXPk6OPwsdzuzPkFH-cPOoN-M.roa (raw, json)
Hash identifier:          k8CKKJhEQDRa32tw9E3a0TA6WjTO9yR6DUeWsgRV5eY=
Subject key identifier:   F2:00:17:3E:4E:8E:3F:0B:1D:CE:EC:CF:90:51:FE:70:F3:A8:37:E3
Certificate issuer:       /CN=5259e000c991f78f243fde5980cd5cef649409e6
Certificate serial:       018CC94C135547990DF41FFC36E961391F97
Authority key identifier: 52:59:E0:00:C9:91:F7:8F:24:3F:DE:59:80:CD:5C:EF:64:94:09:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UlngAMmR948kP95ZgM1c72SUCeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/8gAXPk6OPwsdzuzPkFH-cPOoN-M.roa
Signing time:             Tue 02 Jan 2024 08:30:55 +0000
ROA not before:           Tue 02 Jan 2024 08:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34549
IP address blocks:        87.239.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/UlngAMmR948kP95ZgM1c72SUCeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/UlngAMmR948kP95ZgM1c72SUCeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UlngAMmR948kP95ZgM1c72SUCeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:13:55:47:99:0d:f4:1f:fc:36:e9:61:39:1f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5259e000c991f78f243fde5980cd5cef649409e6
        Validity
            Not Before: Jan  2 08:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f200173e4e8e3f0b1dceeccf9051fe70f3a837e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ad:f6:9a:13:8a:9c:2f:8c:95:5e:59:b9:d5:
                    3b:57:d1:7d:25:7d:00:3e:a7:c7:c3:4c:01:f8:bb:
                    34:05:22:bf:49:cc:be:73:b4:69:d5:87:d4:cb:83:
                    f5:de:77:6d:7a:55:6c:53:8c:1a:df:6f:5d:58:b1:
                    b1:34:c1:8f:fe:60:e7:b7:f8:0b:07:f9:a8:d4:8e:
                    95:4e:ab:84:cb:68:87:1c:2d:6c:d2:bf:8c:a6:3f:
                    14:6a:2f:96:76:03:78:ab:ce:92:f8:c6:64:f4:aa:
                    13:a7:59:cc:c8:f2:95:23:88:48:91:c9:6f:29:90:
                    d7:3a:c8:b3:29:b6:d7:74:85:09:2b:53:aa:f6:1b:
                    da:0f:d7:9e:f6:d6:af:4f:50:b7:09:7e:a2:8f:d3:
                    7f:dd:1a:1f:55:59:77:6f:60:80:76:33:d4:c7:7a:
                    69:3e:f0:ea:d2:cf:a7:1d:d6:47:12:d7:20:44:27:
                    d0:79:ab:99:a9:fc:79:7e:f4:b0:08:8b:15:9c:03:
                    84:c8:19:67:cb:d3:2c:e0:e9:d3:e5:fd:77:85:6f:
                    ec:a4:ef:21:a8:c7:1d:65:9b:b7:f8:14:07:e4:22:
                    8d:49:7c:10:64:6c:c7:d8:82:27:d3:d5:0a:71:74:
                    48:d3:f5:93:2e:b7:35:d6:2b:8e:f4:af:36:fc:32:
                    35:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:00:17:3E:4E:8E:3F:0B:1D:CE:EC:CF:90:51:FE:70:F3:A8:37:E3
            X509v3 Authority Key Identifier:
                keyid:52:59:E0:00:C9:91:F7:8F:24:3F:DE:59:80:CD:5C:EF:64:94:09:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UlngAMmR948kP95ZgM1c72SUCeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/8gAXPk6OPwsdzuzPkFH-cPOoN-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/ef98e4-01e5-4b88-bbf1-0483d1c01b25/1/UlngAMmR948kP95ZgM1c72SUCeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:0b:5f:7a:e3:dc:09:a1:73:1c:6c:ac:e1:ac:d1:ee:a8:5f:
         32:6b:e2:d5:86:92:78:15:3f:df:62:88:12:fe:ed:ac:1b:ea:
         ce:a5:c7:99:05:84:52:77:d3:13:67:5f:d0:9e:44:be:3d:24:
         bc:bf:9b:6b:0d:89:58:38:61:dd:f6:5b:b2:ca:98:34:c3:2e:
         dc:7c:08:45:ab:c2:bf:2d:b8:0e:e4:e8:c9:01:e2:d7:74:c0:
         81:43:92:10:3a:77:2e:11:e3:8f:dc:bd:a8:06:2e:9f:cc:bf:
         63:d2:40:c5:dc:82:8c:b0:ca:10:74:7d:10:04:8c:22:7d:d7:
         85:c1:62:f3:4e:3e:8c:37:ad:0a:33:b5:07:91:a8:93:d3:cc:
         20:43:3b:08:b3:44:ad:00:c8:f4:7b:dc:6c:cd:c2:84:5a:23:
         b9:9c:c8:27:d0:3a:7d:66:ea:f3:38:67:c1:0b:d0:c6:6d:d6:
         bb:cc:62:88:e1:5a:15:2b:2c:ca:39:6d:74:21:9c:ec:f3:32:
         5b:8d:3d:82:f2:f8:7f:0c:b2:7c:5d:78:a2:af:f1:e0:b5:38:
         e0:12:48:e0:81:b3:00:a2:00:1c:e3:b2:51:df:47:84:df:6d:
         60:ff:8f:aa:b4:ff:a3:6a:e5:11:b9:89:4a:cc:52:1f:62:99:
         a8:8a:d8:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTBNVR5kN9B/8NulhOR+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNTllMDAwYzk5MWY3OGYyNDNmZGU1OTgwY2Q1Y2VmNjQ5
NDA5ZTYwHhcNMjQwMTAyMDgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjAwMTczZTRlOGUzZjBiMWRjZWVjY2Y5MDUxZmU3MGYzYTgzN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAia32mhOKnC+MlV5ZudU7V9F9JX0A
PqfHw0wB+Ls0BSK/Scy+c7Rp1YfUy4P13ndtelVsU4wa329dWLGxNMGP/mDnt/gL
B/mo1I6VTquEy2iHHC1s0r+Mpj8Uai+WdgN4q86S+MZk9KoTp1nMyPKVI4hIkclv
KZDXOsizKbbXdIUJK1Oq9hvaD9ee9tavT1C3CX6ij9N/3RofVVl3b2CAdjPUx3pp
PvDq0s+nHdZHEtcgRCfQeauZqfx5fvSwCIsVnAOEyBlny9Ms4OnT5f13hW/spO8h
qMcdZZu3+BQH5CKNSXwQZGzH2IIn09UKcXRI0/WTLrc11iuO9K82/DI1TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPIAFz5Ojj8LHc7sz5BR/nDzqDfjMB8GA1UdIwQY
MBaAFFJZ4ADJkfePJD/eWYDNXO9klAnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWxuZ0FNbVI5NDhrUDk1WmdNMWM3MlNVQ2VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9lZjk4ZTQtMDFlNS00Yjg4LWJiZjEt
MDQ4M2QxYzAxYjI1LzEvOGdBWFBrNk9Qd3NkenV6UGtGSC1jUE9vTi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9lZjk4ZTQtMDFlNS00Yjg4LWJiZjEtMDQ4M2QxYzAxYjI1
LzEvVWxuZ0FNbVI5NDhrUDk1WmdNMWM3MlNVQ2VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV++PMA0G
CSqGSIb3DQEBCwUAA4IBAQCDC19649wJoXMcbKzhrNHuqF8ya+LVhpJ4FT/fYogS
/u2sG+rOpceZBYRSd9MTZ1/QnkS+PSS8v5trDYlYOGHd9luyypg0wy7cfAhFq8K/
LbgO5OjJAeLXdMCBQ5IQOncuEeOP3L2oBi6fzL9j0kDF3IKMsMoQdH0QBIwifdeF
wWLzTj6MN60KM7UHkaiT08wgQzsIs0StAMj0e9xszcKEWiO5nMgn0Dp9ZurzOGfB
C9DGbda7zGKI4VoVKyzKOW10IZzs8zJbjT2C8vh/DLJ8XXiir/HgtTjgEkjggbMA
ogAc47JR30eE321g/4+qtP+jauURuYlKzFIfYpmoith4
-----END CERTIFICATE-----