Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/MB3J6oAeOZYFq8iEdbsNYXJF_z8.roa
File:                     MB3J6oAeOZYFq8iEdbsNYXJF_z8.roa (raw, json)
Hash identifier:          3wMEg1aFxJ8PIBZ9KsOXoOH0Y7VjgRtRmoRwW6PClq4=
Subject key identifier:   30:1D:C9:EA:80:1E:39:96:05:AB:C8:84:75:BB:0D:61:72:45:FF:3F
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       018CC64B6858B77B288B47FEFA1DC5C7C58A
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/MB3J6oAeOZYFq8iEdbsNYXJF_z8.roa
Signing time:             Mon 01 Jan 2024 18:31:19 +0000
ROA not before:           Mon 01 Jan 2024 18:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        195.222.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Oct 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:68:58:b7:7b:28:8b:47:fe:fa:1d:c5:c7:c5:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Jan  1 18:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=301dc9ea801e399605abc88475bb0d617245ff3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:68:2a:bc:3b:08:5b:3f:d6:77:6b:d7:4f:ea:
                    6f:df:9b:2b:5c:0a:db:96:d4:c2:2e:28:0c:27:3d:
                    ff:3c:db:45:83:b2:4b:28:b8:52:3e:5c:77:6a:23:
                    bc:68:31:af:10:91:aa:da:06:ff:6f:c5:dd:47:95:
                    8d:46:7f:34:a7:41:b7:72:88:fe:09:20:cb:2d:44:
                    23:fb:aa:f3:9e:5d:4f:99:33:e8:67:fd:08:f8:cb:
                    ea:f0:6b:1f:df:2f:01:60:d9:31:da:90:2f:be:63:
                    2e:5c:35:a0:d9:c7:1d:36:3b:50:37:91:2c:41:88:
                    eb:51:7a:fe:b7:84:bf:fc:b8:7d:de:79:11:d7:7f:
                    fc:cb:ec:e5:a1:60:42:c8:ad:a0:4a:ad:05:f7:16:
                    e6:82:cf:22:d7:20:3c:8c:7a:f5:40:ca:0c:f1:a7:
                    5b:34:aa:d8:6a:5f:fd:a2:7b:26:8d:7c:7d:7f:44:
                    48:02:21:7e:eb:5d:0a:a9:a5:2d:cb:bc:19:e1:a0:
                    49:e3:7a:58:7e:37:a7:15:21:e2:fa:4d:82:d2:0b:
                    5e:0f:88:21:d3:c8:c8:26:9d:9f:35:ce:47:e2:ea:
                    c1:ba:23:89:1e:77:61:cf:32:f6:8d:eb:94:bc:db:
                    d1:80:93:01:c7:6c:4c:d2:a4:e0:be:da:87:74:a0:
                    d4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1D:C9:EA:80:1E:39:96:05:AB:C8:84:75:BB:0D:61:72:45:FF:3F
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/MB3J6oAeOZYFq8iEdbsNYXJF_z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.222.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:cf:d8:a4:52:9f:75:4e:90:d2:62:0a:06:47:f0:d5:30:05:
         36:5c:07:c1:d3:f3:0b:fc:d1:a9:08:aa:d2:95:43:e3:84:67:
         6a:49:21:0f:7b:b3:35:7a:ad:13:2c:d1:df:b1:64:91:7d:0a:
         40:3b:5a:be:2e:c3:30:ae:7d:ce:50:47:df:31:0a:01:6d:e0:
         1f:fc:47:ae:d5:86:de:d2:7e:19:15:cb:98:11:30:25:37:d4:
         24:44:ac:b9:24:cf:19:f4:a5:8c:a2:a0:68:a9:42:de:dc:6e:
         91:da:31:9b:38:6d:81:1c:d5:04:4a:f9:d6:fb:71:e3:94:60:
         d1:19:43:b6:b2:10:62:35:01:c3:ec:18:28:32:d2:e7:f6:19:
         5c:15:da:c1:92:96:09:d3:a7:cc:bf:ae:2f:34:2e:bd:d9:90:
         09:07:21:11:00:25:2f:61:5c:d8:8d:ec:d3:0f:61:1a:74:81:
         d1:17:43:1a:b3:50:27:6f:cb:33:d4:13:25:6f:5a:cb:f2:36:
         30:2b:c9:a0:79:cc:c4:31:0f:87:4f:e6:52:ea:0d:23:39:13:
         26:c4:9d:bd:f9:60:3b:6a:6f:4b:76:72:58:6c:f2:f6:5d:e1:
         d1:8e:17:82:da:44:2a:b9:95:9e:82:1b:c4:25:37:ea:88:b5:
         dc:28:28:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS2hYt3soi0f++h3Fx8WKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjQwMTAxMTgzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFkYzllYTgwMWUzOTk2MDVhYmM4ODQ3NWJiMGQ2MTcyNDVmZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGgqvDsIWz/Wd2vXT+pv35srXArb
ltTCLigMJz3/PNtFg7JLKLhSPlx3aiO8aDGvEJGq2gb/b8XdR5WNRn80p0G3coj+
CSDLLUQj+6rznl1PmTPoZ/0I+Mvq8Gsf3y8BYNkx2pAvvmMuXDWg2ccdNjtQN5Es
QYjrUXr+t4S//Lh93nkR13/8y+zloWBCyK2gSq0F9xbmgs8i1yA8jHr1QMoM8adb
NKrYal/9onsmjXx9f0RIAiF+610KqaUty7wZ4aBJ43pYfjenFSHi+k2C0gteD4gh
08jIJp2fNc5H4urBuiOJHndhzzL2jeuUvNvRgJMBx2xM0qTgvtqHdKDUAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAdyeqAHjmWBavIhHW7DWFyRf8/MB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvTUIzSjZvQWVPWllGcThpRWRic05ZWEpGX3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw95/MA0G
CSqGSIb3DQEBCwUAA4IBAQCSz9ikUp91TpDSYgoGR/DVMAU2XAfB0/ML/NGpCKrS
lUPjhGdqSSEPe7M1eq0TLNHfsWSRfQpAO1q+LsMwrn3OUEffMQoBbeAf/Eeu1Ybe
0n4ZFcuYETAlN9QkRKy5JM8Z9KWMoqBoqULe3G6R2jGbOG2BHNUESvnW+3HjlGDR
GUO2shBiNQHD7BgoMtLn9hlcFdrBkpYJ06fMv64vNC692ZAJByERACUvYVzYjezT
D2EadIHRF0Mas1Anb8sz1BMlb1rL8jYwK8mgeczEMQ+HT+ZS6g0jORMmxJ29+WA7
am9LdnJYbPL2XeHRjheC2kQquZWeghvEJTfqiLXcKCjB
-----END CERTIFICATE-----