Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/vobfUXfGMZZ0n9d9Ad2Eli3pLc4.roa
File:                     vobfUXfGMZZ0n9d9Ad2Eli3pLc4.roa (raw, json)
Hash identifier:          k6/9BDXygnyI4bcicArS5QIC8rWfGwWCmHpqFvmHezc=
Subject key identifier:   BE:86:DF:51:77:C6:31:96:74:9F:D7:7D:01:DD:84:96:2D:E9:2D:CE
Certificate issuer:       /CN=38a8550659bb68e770d8b0126b7261fb87d8240b
Certificate serial:       018CCA2BD8C859E310D71749288D8405226B
Authority key identifier: 38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/vobfUXfGMZZ0n9d9Ad2Eli3pLc4.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199652
IP address blocks:        188.214.151.0/24 maxlen: 24
                          94.177.148.0/23 maxlen: 23
                          188.241.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d8:c8:59:e3:10:d7:17:49:28:8d:84:05:22:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a8550659bb68e770d8b0126b7261fb87d8240b
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be86df5177c63196749fd77d01dd84962de92dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2a:c7:cb:58:5b:f3:ef:ac:54:d7:85:a3:9b:
                    65:24:67:fc:d1:ec:5c:41:b3:7a:68:26:94:07:4b:
                    4b:93:31:db:f8:ca:19:dc:e0:3b:c1:71:35:41:e9:
                    80:da:81:18:41:eb:40:ae:d2:b9:88:3d:8b:8a:c6:
                    5a:12:95:80:5c:2f:d6:8d:20:cb:36:f5:9e:70:d3:
                    4b:bf:8c:9b:30:62:63:d6:ea:49:d5:57:f5:f6:fd:
                    8b:52:f8:fe:22:5a:8d:81:b6:9f:48:57:57:35:f5:
                    9b:f0:6b:ed:1b:34:7b:6d:fd:0d:1f:d8:cf:72:7f:
                    51:07:a7:8a:ca:6f:8e:6f:49:c1:68:17:16:e1:01:
                    c2:6e:ee:68:96:f4:fc:b7:1a:1f:8a:8f:4e:3c:57:
                    0a:c3:87:ce:55:c3:d8:37:3b:c1:57:f5:7d:f6:17:
                    a7:90:aa:90:5d:c7:bd:c6:74:be:2b:f6:f8:08:bc:
                    0d:d7:9c:34:e7:c1:a6:99:98:2e:68:7f:e7:e6:8a:
                    90:bf:d8:f6:91:57:cc:bf:48:70:b7:fa:11:8d:50:
                    e0:be:e5:3e:3a:f3:ed:dc:2f:cc:ae:61:52:bb:4f:
                    0d:cc:c9:21:23:06:97:4b:75:e2:98:08:e6:11:a1:
                    77:fe:93:ab:dd:82:c5:c3:ce:5e:e8:61:6a:40:91:
                    6b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:86:DF:51:77:C6:31:96:74:9F:D7:7D:01:DD:84:96:2D:E9:2D:CE
            X509v3 Authority Key Identifier:
                keyid:38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/vobfUXfGMZZ0n9d9Ad2Eli3pLc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.148.0/23
                  188.214.151.0/24
                  188.241.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:5b:d5:0f:4d:c2:da:9e:4d:d1:43:87:87:c4:55:b1:f5:06:
         a3:85:d0:e1:70:3c:22:ab:f4:c9:96:dd:ec:b3:03:cd:57:57:
         c8:55:d0:c7:10:01:e3:a8:fc:07:80:79:78:70:ba:86:b4:99:
         df:e2:66:4f:cd:d9:85:50:b0:d4:aa:6f:39:5b:06:46:f8:ac:
         bf:fc:40:69:1c:6e:43:24:4c:d5:cb:fc:c6:1b:a1:14:43:be:
         e1:02:e1:06:65:8f:8f:5c:b7:6b:d0:c3:1e:e8:ed:ac:6c:15:
         e2:a2:c5:0b:ff:d8:44:8e:c5:98:dc:eb:18:ff:86:2b:1c:1b:
         4d:86:de:d6:fe:7f:f7:15:41:fa:01:f8:2c:cb:02:b2:1e:d8:
         e2:b9:86:45:ca:2e:03:f6:62:16:04:5a:02:f0:0f:0c:67:34:
         31:51:db:a7:4c:c4:eb:00:d6:fa:71:ca:18:7e:1c:9e:c4:2f:
         ad:23:34:e2:cb:21:90:4a:88:0f:20:91:9a:11:c0:06:df:25:
         33:eb:bb:bf:65:1e:f9:b3:5d:7a:9c:a9:cd:8b:79:ed:56:1d:
         7c:12:0e:2d:20:b4:9f:78:93:13:4d:04:ec:b2:f5:52:7d:09:
         65:ed:c5:4f:45:bd:a7:cf:20:09:02:57:ba:bf:a7:72:eb:cd:
         21:3b:81:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKK9jIWeMQ1xdJKI2EBSJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTg1NTA2NTliYjY4ZTc3MGQ4YjAxMjZiNzI2MWZiODdk
ODI0MGIwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTg2ZGY1MTc3YzYzMTk2NzQ5ZmQ3N2QwMWRkODQ5NjJkZTkyZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSrHy1hb8++sVNeFo5tlJGf80exc
QbN6aCaUB0tLkzHb+MoZ3OA7wXE1QemA2oEYQetArtK5iD2LisZaEpWAXC/WjSDL
NvWecNNLv4ybMGJj1upJ1Vf19v2LUvj+IlqNgbafSFdXNfWb8GvtGzR7bf0NH9jP
cn9RB6eKym+Ob0nBaBcW4QHCbu5olvT8txofio9OPFcKw4fOVcPYNzvBV/V99hen
kKqQXce9xnS+K/b4CLwN15w058GmmZguaH/n5oqQv9j2kVfMv0hwt/oRjVDgvuU+
OvPt3C/MrmFSu08NzMkhIwaXS3XimAjmEaF3/pOr3YLFw85e6GFqQJFr7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL6G31F3xjGWdJ/XfQHdhJYt6S3OMB8GA1UdIwQY
MBaAFDioVQZZu2jncNiwEmtyYfuH2CQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEt
MWQ3MDNiNDk2NjM0LzEvdm9iZlVYZkdNWlowbjlkOUFkMkVsaTNwTGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEtMWQ3MDNiNDk2NjM0
LzEvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBXrGUAwQA
vNaXAwQAvPFFMA0GCSqGSIb3DQEBCwUAA4IBAQAxW9UPTcLank3RQ4eHxFWx9Qaj
hdDhcDwiq/TJlt3sswPNV1fIVdDHEAHjqPwHgHl4cLqGtJnf4mZPzdmFULDUqm85
WwZG+Ky//EBpHG5DJEzVy/zGG6EUQ77hAuEGZY+PXLdr0MMe6O2sbBXiosUL/9hE
jsWY3OsY/4YrHBtNht7W/n/3FUH6AfgsywKyHtjiuYZFyi4D9mIWBFoC8A8MZzQx
UdunTMTrANb6ccoYfhyexC+tIzTiyyGQSogPIJGaEcAG3yUz67u/ZR75s116nKnN
i3ntVh18Eg4tILSfeJMTTQTssvVSfQll7cVPRb2nzyAJAle6v6dy680hO4GG
-----END CERTIFICATE-----