Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c5a848-260d-4ad0-aef3-d7b2c93442d3/1/q8RFEve_6YcOthTwX_JnVyQ3YeE.roa
File:                     q8RFEve_6YcOthTwX_JnVyQ3YeE.roa (raw, json)
Hash identifier:          37zohciagBZ2Q+5XPckfOU3byXHMvbSLxxs8AeXtWz0=
Subject key identifier:   AB:C4:45:12:F7:BF:E9:87:0E:B6:14:F0:5F:F2:67:57:24:37:61:E1
Certificate issuer:       /CN=371fb85d4f808cb1607a2be4f4a798ca3ead3810
Certificate serial:       018CC26D5398C14663A2E50AE3599023A4FB
Authority key identifier: 37:1F:B8:5D:4F:80:8C:B1:60:7A:2B:E4:F4:A7:98:CA:3E:AD:38:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nx-4XU-AjLFgeivk9KeYyj6tOBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/c5a848-260d-4ad0-aef3-d7b2c93442d3/1/q8RFEve_6YcOthTwX_JnVyQ3YeE.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6776
IP address blocks:        193.247.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/c5a848-260d-4ad0-aef3-d7b2c93442d3/1/Nx-4XU-AjLFgeivk9KeYyj6tOBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/c5a848-260d-4ad0-aef3-d7b2c93442d3/1/Nx-4XU-AjLFgeivk9KeYyj6tOBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nx-4XU-AjLFgeivk9KeYyj6tOBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:53:98:c1:46:63:a2:e5:0a:e3:59:90:23:a4:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=371fb85d4f808cb1607a2be4f4a798ca3ead3810
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abc44512f7bfe9870eb614f05ff26757243761e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:70:31:da:86:ce:f4:ce:6d:39:6c:72:8e:79:
                    0d:6f:3f:3a:d1:ac:82:05:49:9d:d9:e7:df:53:2f:
                    1f:16:84:6d:11:65:65:0b:42:9d:c4:4c:ab:88:26:
                    4c:85:99:ae:d9:0e:20:ed:d3:0e:2b:c6:0f:31:f3:
                    4b:a6:34:2a:6e:10:03:9a:7b:1a:1f:14:f9:1d:13:
                    bb:46:55:4b:a1:9c:7a:69:8f:51:f1:4e:95:45:c6:
                    a1:91:83:06:08:92:a0:b3:24:a3:9a:16:d3:63:86:
                    23:30:a0:24:a8:f1:f1:d6:b6:22:fe:94:a5:18:4a:
                    3a:23:1c:3f:8c:e1:58:64:0c:47:e9:ee:97:41:4f:
                    3c:e4:8e:66:43:ba:86:3a:c1:56:df:2d:a6:db:ef:
                    e3:ed:86:58:77:59:6b:13:25:cd:75:7a:37:d2:15:
                    38:45:57:47:51:53:ba:c5:8a:9a:22:f6:d9:e2:01:
                    97:ad:74:62:ca:f4:bd:d3:6e:1e:5f:3a:40:c3:06:
                    47:ad:6e:2e:d2:82:e7:12:67:7d:0c:4a:ca:1b:67:
                    cb:9e:a4:99:e8:27:fb:02:35:01:5e:83:ce:6a:ef:
                    ea:11:9c:95:f1:fa:77:81:82:f2:0b:64:72:4d:3c:
                    27:0a:d6:e2:37:52:8c:23:6c:be:8f:a2:ee:55:09:
                    ac:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C4:45:12:F7:BF:E9:87:0E:B6:14:F0:5F:F2:67:57:24:37:61:E1
            X509v3 Authority Key Identifier:
                keyid:37:1F:B8:5D:4F:80:8C:B1:60:7A:2B:E4:F4:A7:98:CA:3E:AD:38:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nx-4XU-AjLFgeivk9KeYyj6tOBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c5a848-260d-4ad0-aef3-d7b2c93442d3/1/q8RFEve_6YcOthTwX_JnVyQ3YeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c5a848-260d-4ad0-aef3-d7b2c93442d3/1/Nx-4XU-AjLFgeivk9KeYyj6tOBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:8d:df:23:6c:55:e8:6b:1b:2c:d7:c1:ce:18:ff:c7:d2:2c:
         d5:ed:dd:8c:51:65:2c:ee:4b:8e:44:b1:b1:db:58:1b:10:cd:
         db:c8:e4:79:dc:10:c9:69:7b:d7:4e:05:44:64:fa:a4:98:89:
         3f:1e:92:9d:fb:c2:9b:3d:09:9c:0a:39:ae:da:93:06:8b:de:
         12:f1:f0:9e:7d:7e:f2:9d:1e:19:7a:fd:6c:de:10:b7:18:93:
         5f:3f:81:a4:21:67:f3:1c:f5:d9:a3:be:98:0e:ef:08:3e:58:
         23:9f:b7:b1:4a:ce:45:f5:d7:2a:af:d7:79:ab:b9:50:19:95:
         42:17:46:25:e8:60:12:f6:91:58:4c:c7:39:b7:3a:9e:c3:25:
         a9:a2:01:7c:99:f6:b9:1c:65:f2:d3:c9:fb:3a:87:d7:57:15:
         29:5e:ac:58:d1:3c:08:91:55:18:b0:dd:ec:b0:1a:b7:c1:c6:
         93:b9:a7:d5:5c:af:3a:eb:10:5e:7a:b7:a2:3c:58:3f:76:86:
         98:3d:8a:51:0a:b3:43:06:13:e1:12:91:12:a1:a4:9a:ca:c8:
         b9:9e:b1:99:39:c1:ab:a7:9b:20:93:4d:6e:12:b6:c0:5e:0c:
         f9:66:1d:5f:ec:b5:27:65:6a:65:20:01:51:fc:81:d3:02:89:
         e0:f7:31:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVOYwUZjouUK41mQI6T7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MWZiODVkNGY4MDhjYjE2MDdhMmJlNGY0YTc5OGNhM2Vh
ZDM4MTAwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmM0NDUxMmY3YmZlOTg3MGViNjE0ZjA1ZmYyNjc1NzI0Mzc2MWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXAx2obO9M5tOWxyjnkNbz860ayC
BUmd2effUy8fFoRtEWVlC0KdxEyriCZMhZmu2Q4g7dMOK8YPMfNLpjQqbhADmnsa
HxT5HRO7RlVLoZx6aY9R8U6VRcahkYMGCJKgsySjmhbTY4YjMKAkqPHx1rYi/pSl
GEo6Ixw/jOFYZAxH6e6XQU885I5mQ7qGOsFW3y2m2+/j7YZYd1lrEyXNdXo30hU4
RVdHUVO6xYqaIvbZ4gGXrXRiyvS9024eXzpAwwZHrW4u0oLnEmd9DErKG2fLnqSZ
6Cf7AjUBXoPOau/qEZyV8fp3gYLyC2RyTTwnCtbiN1KMI2y+j6LuVQms6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvERRL3v+mHDrYU8F/yZ1ckN2HhMB8GA1UdIwQY
MBaAFDcfuF1PgIyxYHor5PSnmMo+rTgQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTngtNFhVLUFqTEZnZWl2azlLZVl5ajZ0T0JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jNWE4NDgtMjYwZC00YWQwLWFlZjMt
ZDdiMmM5MzQ0MmQzLzEvcThSRkV2ZV82WWNPdGhUd1hfSm5WeVEzWWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jNWE4NDgtMjYwZC00YWQwLWFlZjMtZDdiMmM5MzQ0MmQz
LzEvTngtNFhVLUFqTEZnZWl2azlLZVl5ajZ0T0JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfeWMA0G
CSqGSIb3DQEBCwUAA4IBAQAjjd8jbFXoaxss18HOGP/H0izV7d2MUWUs7kuORLGx
21gbEM3byOR53BDJaXvXTgVEZPqkmIk/HpKd+8KbPQmcCjmu2pMGi94S8fCefX7y
nR4Zev1s3hC3GJNfP4GkIWfzHPXZo76YDu8IPlgjn7exSs5F9dcqr9d5q7lQGZVC
F0Yl6GAS9pFYTMc5tzqewyWpogF8mfa5HGXy08n7OofXVxUpXqxY0TwIkVUYsN3s
sBq3wcaTuafVXK866xBeereiPFg/doaYPYpRCrNDBhPhEpESoaSaysi5nrGZOcGr
p5sgk01uErbAXgz5Zh1f7LUnZWplIAFR/IHTAong9zHZ
-----END CERTIFICATE-----