Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/ni4xfX6s-ugdl8AfXKCicCLBjb4.roa
File:                     ni4xfX6s-ugdl8AfXKCicCLBjb4.roa (raw, json)
Hash identifier:          XAXiVLCeEuWtTv3FMgXcGPnFPRAPCviwLQ1cp7o+FvY=
Subject key identifier:   9E:2E:31:7D:7E:AC:FA:E8:1D:97:C0:1F:5C:A0:A2:70:22:C1:8D:BE
Certificate issuer:       /CN=38a8550659bb68e770d8b0126b7261fb87d8240b
Certificate serial:       018CCA2BD819FE1E4E6394807CF621313066
Authority key identifier: 38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/ni4xfX6s-ugdl8AfXKCicCLBjb4.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44277
IP address blocks:        86.107.180.0/24 maxlen: 24
                          188.213.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d8:19:fe:1e:4e:63:94:80:7c:f6:21:31:30:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a8550659bb68e770d8b0126b7261fb87d8240b
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e2e317d7eacfae81d97c01f5ca0a27022c18dbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a0:dc:d2:12:e7:2c:c2:03:88:0a:b5:ec:c2:
                    58:25:fd:8e:49:80:63:92:4c:f7:cf:1f:a0:76:e8:
                    73:83:62:b5:fb:52:d6:f4:ce:0c:72:5c:33:5b:1a:
                    0d:36:2f:c6:bb:b5:d8:0f:d1:f3:6b:45:03:59:b3:
                    40:50:41:2c:c9:a7:7f:c1:db:29:24:0f:f2:84:44:
                    30:69:ea:43:23:4c:fc:b2:ba:10:fa:ea:90:e0:3f:
                    4c:dc:1a:45:1f:63:ea:90:66:52:b0:01:36:1c:c6:
                    aa:64:7f:9d:98:c1:bf:ed:71:55:e7:dc:6b:d1:5f:
                    61:be:c9:ae:5f:18:9e:be:19:5b:6a:cc:8d:cd:33:
                    a7:65:41:ea:02:0f:78:f1:01:e4:2e:e7:59:2e:4a:
                    1b:cb:3a:ce:4c:0d:e8:76:ca:f4:af:8e:d1:54:b8:
                    d7:20:8a:31:98:86:9a:b2:76:0b:23:57:56:73:d0:
                    53:8d:89:57:3c:91:fb:93:75:e4:aa:5c:4a:77:c1:
                    35:cc:bb:29:0b:a8:53:ce:57:de:77:b3:5c:88:2a:
                    4d:12:26:2c:a3:11:8d:70:82:10:bf:2d:bb:04:66:
                    22:61:be:76:07:83:c8:c6:57:66:3d:e4:64:31:0d:
                    7a:e8:cf:db:90:ed:74:ba:db:4e:16:5f:03:32:82:
                    f0:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:2E:31:7D:7E:AC:FA:E8:1D:97:C0:1F:5C:A0:A2:70:22:C1:8D:BE
            X509v3 Authority Key Identifier:
                keyid:38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/ni4xfX6s-ugdl8AfXKCicCLBjb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.180.0/24
                  188.213.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:4e:ad:31:db:c4:95:bc:3e:c5:d1:81:aa:5d:68:b8:00:c7:
         17:9d:a5:62:38:97:ca:25:1b:9f:58:44:05:cd:41:e8:16:6a:
         ed:07:fa:db:ca:85:2e:94:f1:44:d2:0d:1d:30:b5:09:05:37:
         3c:a2:52:de:b5:75:85:3e:25:9c:a1:b0:e9:d3:29:b8:3b:14:
         ae:38:e3:f8:09:9e:20:59:34:15:e2:1a:e4:14:4c:aa:9d:ca:
         0b:7a:9a:42:1a:43:f7:df:02:e0:7b:74:c7:7b:22:49:de:89:
         62:ee:4b:12:74:71:64:56:2e:b2:0c:d9:6c:d3:75:62:8d:c0:
         c2:18:5e:a1:57:b0:44:df:be:28:40:9e:c5:4a:9f:84:7a:62:
         df:28:90:2b:04:f4:66:3e:66:1e:ad:df:aa:20:9e:78:f8:9a:
         6c:1f:2d:6f:f2:3e:a5:ff:b1:2d:81:03:80:a0:8e:6c:29:a1:
         3a:03:01:5c:b0:2a:dc:b4:58:14:71:40:ba:71:db:40:9e:d6:
         f0:9e:05:bb:7a:93:1c:1c:43:8b:69:aa:f9:b8:ee:93:5d:1c:
         5b:ae:7c:b1:64:40:61:9e:5d:c5:91:c6:c6:8a:f8:4a:ff:c0:
         57:4d:07:69:70:4d:eb:8c:f4:22:43:82:d4:76:13:e5:af:8e:
         5f:db:bd:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK9gZ/h5OY5SAfPYhMTBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTg1NTA2NTliYjY4ZTc3MGQ4YjAxMjZiNzI2MWZiODdk
ODI0MGIwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTJlMzE3ZDdlYWNmYWU4MWQ5N2MwMWY1Y2EwYTI3MDIyYzE4ZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqDc0hLnLMIDiAq17MJYJf2OSYBj
kkz3zx+gduhzg2K1+1LW9M4MclwzWxoNNi/Gu7XYD9Hza0UDWbNAUEEsyad/wdsp
JA/yhEQwaepDI0z8sroQ+uqQ4D9M3BpFH2PqkGZSsAE2HMaqZH+dmMG/7XFV59xr
0V9hvsmuXxievhlbasyNzTOnZUHqAg948QHkLudZLkobyzrOTA3odsr0r47RVLjX
IIoxmIaasnYLI1dWc9BTjYlXPJH7k3XkqlxKd8E1zLspC6hTzlfed7NciCpNEiYs
oxGNcIIQvy27BGYiYb52B4PIxldmPeRkMQ166M/bkO10uttOFl8DMoLw/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ4uMX1+rProHZfAH1ygonAiwY2+MB8GA1UdIwQY
MBaAFDioVQZZu2jncNiwEmtyYfuH2CQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEt
MWQ3MDNiNDk2NjM0LzEvbmk0eGZYNnMtdWdkbDhBZlhLQ2ljQ0xCamI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEtMWQ3MDNiNDk2NjM0
LzEvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmu0AwQA
vNUzMA0GCSqGSIb3DQEBCwUAA4IBAQA0Tq0x28SVvD7F0YGqXWi4AMcXnaViOJfK
JRufWEQFzUHoFmrtB/rbyoUulPFE0g0dMLUJBTc8olLetXWFPiWcobDp0ym4OxSu
OOP4CZ4gWTQV4hrkFEyqncoLeppCGkP33wLge3THeyJJ3oli7ksSdHFkVi6yDNls
03VijcDCGF6hV7BE374oQJ7FSp+EemLfKJArBPRmPmYerd+qIJ54+JpsHy1v8j6l
/7EtgQOAoI5sKaE6AwFcsCrctFgUcUC6cdtAntbwngW7epMcHEOLaar5uO6TXRxb
rnyxZEBhnl3FkcbGivhK/8BXTQdpcE3rjPQiQ4LUdhPlr45f273B
-----END CERTIFICATE-----