Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/0v8NLHevbjUS320CRBF6MDLKZ1M.roa
File:                     0v8NLHevbjUS320CRBF6MDLKZ1M.roa (raw, json)
Hash identifier:          gS2QobexCN8mYaQB8g8mgWYsBXk/YdHG0oRZKrRdYJE=
Subject key identifier:   D2:FF:0D:2C:77:AF:6E:35:12:DF:6D:02:44:11:7A:30:32:CA:67:53
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       018CC5DC8DFFCC5FA377CE7B5CA7D19B7925
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/0v8NLHevbjUS320CRBF6MDLKZ1M.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16278
IP address blocks:        89.30.224.0/22 maxlen: 24
                          2a02:20b2::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:8d:ff:cc:5f:a3:77:ce:7b:5c:a7:d1:9b:79:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2ff0d2c77af6e3512df6d0244117a3032ca6753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:10:05:ba:42:6f:df:a3:29:67:97:2a:79:7f:
                    33:70:8d:7d:60:dc:b6:6a:67:41:00:a1:86:ed:7d:
                    07:f5:28:00:ea:25:f5:f9:41:74:79:d8:2c:3f:41:
                    ee:08:a0:24:b5:35:31:4d:71:cb:3c:df:6b:d7:1a:
                    a8:bb:25:33:7e:84:59:5f:20:92:68:25:37:26:19:
                    e7:8a:6f:51:e9:21:21:dd:1f:14:3d:72:3e:f2:47:
                    c4:45:09:79:ab:fb:0a:d6:f5:54:3e:5c:9f:a1:a4:
                    34:db:44:84:62:f1:d1:0b:e1:c9:67:9c:6b:67:7a:
                    3e:27:b3:65:5e:a0:64:7d:cd:9b:b4:50:3c:dd:d3:
                    0f:b5:ad:05:d7:2e:8b:68:ab:27:20:a8:41:85:cd:
                    50:53:49:9d:04:fe:e5:47:69:5d:01:e6:9f:32:01:
                    46:db:52:ed:0c:56:a1:f0:39:74:d7:91:e2:2f:9e:
                    58:62:6d:d0:1d:5a:8d:04:7f:f7:1b:c0:32:dd:4d:
                    20:57:73:93:42:17:60:82:77:30:6c:09:a4:10:b2:
                    d8:22:39:fa:e8:ac:32:d3:5a:29:3a:93:13:12:75:
                    61:d0:d3:81:1e:61:f8:ab:b9:0b:23:ed:09:07:c2:
                    b0:5d:95:b5:13:e4:94:25:0e:b4:91:3e:50:09:df:
                    da:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:FF:0D:2C:77:AF:6E:35:12:DF:6D:02:44:11:7A:30:32:CA:67:53
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/0v8NLHevbjUS320CRBF6MDLKZ1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.30.224.0/22
                IPv6:
                  2a02:20b2::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:41:46:c6:27:fa:b1:7b:2b:d0:f6:68:de:44:14:75:9f:8f:
         cf:22:7b:fa:79:1c:d4:31:67:67:3b:a2:47:9e:2a:c6:45:94:
         04:1a:d3:7c:3e:9c:f2:f6:7f:e4:98:3a:67:25:7d:45:ef:06:
         da:60:c3:cc:e7:cf:e0:51:72:a2:97:48:23:ff:33:3f:6f:54:
         a3:4e:77:33:26:39:07:fa:95:46:b5:02:7f:67:5d:b7:81:98:
         68:0f:f1:1a:6c:62:83:6a:c6:1f:2a:ce:63:3b:19:71:c8:92:
         07:ee:c6:88:24:96:67:f7:8a:1d:0d:a7:71:3f:7f:38:2a:55:
         5b:8b:05:ea:a9:ff:2d:b3:d5:1d:75:6a:f6:ee:7e:d3:9e:89:
         ab:00:96:19:f1:47:44:6d:a6:87:86:38:96:a4:b3:c9:d7:7d:
         de:f8:be:84:39:4a:33:d3:7d:9a:ed:82:87:23:68:f1:72:50:
         0a:90:6f:28:f3:c3:4e:46:a8:4e:6e:21:ac:81:c5:ff:8d:73:
         76:b3:86:c4:00:2d:d8:8e:4c:0b:e2:9d:35:92:09:47:89:21:
         97:ab:b1:8d:e8:82:fc:ff:9d:66:14:f5:51:92:3a:51:b5:ca:
         bf:06:11:af:ef:c4:29:c1:75:73:b2:d2:b7:a1:5b:a6:36:12:
         3a:92:de:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3I3/zF+jd857XKfRm3klMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZmMGQyYzc3YWY2ZTM1MTJkZjZkMDI0NDExN2EzMDMyY2E2NzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhAFukJv36MpZ5cqeX8zcI19YNy2
amdBAKGG7X0H9SgA6iX1+UF0edgsP0HuCKAktTUxTXHLPN9r1xqouyUzfoRZXyCS
aCU3Jhnnim9R6SEh3R8UPXI+8kfERQl5q/sK1vVUPlyfoaQ020SEYvHRC+HJZ5xr
Z3o+J7NlXqBkfc2btFA83dMPta0F1y6LaKsnIKhBhc1QU0mdBP7lR2ldAeafMgFG
21LtDFah8Dl015HiL55YYm3QHVqNBH/3G8Ay3U0gV3OTQhdggncwbAmkELLYIjn6
6Kwy01opOpMTEnVh0NOBHmH4q7kLI+0JB8KwXZW1E+SUJQ60kT5QCd/a2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNL/DSx3r241Et9tAkQRejAyymdTMB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvMHY4TkxIZXZialVTMzIwQ1JCRjZNRExLWjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCWR7gMA0E
AgACMAcDBQAqAiCyMA0GCSqGSIb3DQEBCwUAA4IBAQCDQUbGJ/qxeyvQ9mjeRBR1
n4/PInv6eRzUMWdnO6JHnirGRZQEGtN8Ppzy9n/kmDpnJX1F7wbaYMPM58/gUXKi
l0gj/zM/b1SjTnczJjkH+pVGtQJ/Z123gZhoD/EabGKDasYfKs5jOxlxyJIH7saI
JJZn94odDadxP384KlVbiwXqqf8ts9UddWr27n7TnomrAJYZ8UdEbaaHhjiWpLPJ
133e+L6EOUoz032a7YKHI2jxclAKkG8o88NORqhObiGsgcX/jXN2s4bEAC3YjkwL
4p01kglHiSGXq7GN6IL8/51mFPVRkjpRtcq/BhGv78QpwXVzstK3oVumNhI6kt5p
-----END CERTIFICATE-----