Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/rmXMVph1KJHjt7j6nfgJeaIrqG4.roa
File:                     rmXMVph1KJHjt7j6nfgJeaIrqG4.roa (raw, json)
Hash identifier:          VeW0dm5qxK9BINXbRQLTzjZ5m5HgGxWdtFD2KrHIg6M=
Subject key identifier:   AE:65:CC:56:98:75:28:91:E3:B7:B8:FA:9D:F8:09:79:A2:2B:A8:6E
Certificate issuer:       /CN=8a08c28be15516290b9da5135e58f55fbb80ffb4
Certificate serial:       018CC8714736903E7F78472DD754CEBA856B
Authority key identifier: 8A:08:C2:8B:E1:55:16:29:0B:9D:A5:13:5E:58:F5:5F:BB:80:FF:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/rmXMVph1KJHjt7j6nfgJeaIrqG4.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25091
IP address blocks:        160.53.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:47:36:90:3e:7f:78:47:2d:d7:54:ce:ba:85:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a08c28be15516290b9da5135e58f55fbb80ffb4
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae65cc5698752891e3b7b8fa9df80979a22ba86e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a0:fe:70:da:f1:bc:0d:ae:e4:39:5b:39:cf:
                    b2:11:1a:17:df:99:ee:1a:b8:5a:d2:02:56:0d:6f:
                    d6:19:50:2f:48:2d:5a:a3:0b:e5:c4:77:cf:6c:67:
                    27:cd:a1:ff:7f:b3:65:d0:31:d8:08:11:0a:ef:27:
                    61:51:83:7f:7b:be:64:52:46:77:c8:b1:a9:7a:2d:
                    d8:92:16:69:40:fb:3f:65:9d:bd:b4:b1:1c:61:94:
                    c0:c7:87:b9:cc:21:7c:58:87:3c:7c:e4:a5:c6:cd:
                    c4:25:73:82:07:f4:93:94:7d:5a:fe:0d:b8:40:0e:
                    62:86:6a:aa:8d:c4:53:b4:83:d2:57:a1:3f:cf:be:
                    2a:fd:d2:8f:a3:e5:94:0e:27:84:82:f7:e1:96:aa:
                    1a:6c:76:04:dc:63:1a:a8:25:40:f5:8c:52:50:24:
                    8d:ee:2b:c8:36:4a:af:ba:b1:b3:3b:9d:6e:4a:65:
                    9a:01:0f:8b:d9:38:e8:a4:a0:c3:be:c8:69:a7:0b:
                    f3:a2:4d:a5:9e:c5:4a:75:3e:8c:3a:9a:24:18:b9:
                    ca:60:e4:48:27:e8:cc:82:37:87:ca:ca:59:4d:2f:
                    06:3e:d8:cd:ea:19:77:31:02:2a:2a:e9:95:1e:f7:
                    f1:c3:e1:ef:23:bd:89:d7:86:1e:ca:1f:2f:db:dc:
                    8f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:65:CC:56:98:75:28:91:E3:B7:B8:FA:9D:F8:09:79:A2:2B:A8:6E
            X509v3 Authority Key Identifier:
                keyid:8A:08:C2:8B:E1:55:16:29:0B:9D:A5:13:5E:58:F5:5F:BB:80:FF:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igjCi-FVFikLnaUTXlj1X7uA_7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/rmXMVph1KJHjt7j6nfgJeaIrqG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/672af8-3348-4213-b47c-0618c9a8cac4/1/igjCi-FVFikLnaUTXlj1X7uA_7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.53.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:07:01:a4:f6:30:7a:ae:74:c6:ae:3f:09:d9:99:d9:2a:b0:
         74:27:5f:cb:ca:e4:13:b7:9b:64:4d:a8:08:49:cf:ad:b8:70:
         11:87:e4:13:17:ec:24:3a:55:5f:a0:86:c2:76:c5:f8:d6:be:
         cb:1a:8c:a1:36:e4:21:b6:fe:1d:9b:cb:87:56:65:22:05:12:
         40:b7:68:bf:3e:87:25:a9:56:5d:5d:c3:8d:43:19:a9:29:c8:
         04:00:08:00:4e:0d:78:38:c6:d4:e0:01:1b:db:81:9d:37:f3:
         eb:a9:15:4c:0a:35:3f:3a:02:2e:66:50:ea:8c:4d:05:37:dc:
         1b:a4:22:cd:e4:7c:30:f7:cf:9c:db:20:0a:9c:09:05:84:40:
         84:ea:75:b6:75:ac:12:94:09:6e:90:81:93:5a:88:76:6c:2e:
         35:65:77:91:f5:95:0c:69:3e:96:e7:72:54:0f:b3:c8:02:1b:
         a9:57:9b:82:15:c4:c5:9d:0e:92:b4:00:93:bc:17:1f:06:a4:
         13:24:9e:4d:1e:14:71:ff:d3:d3:c6:eb:35:2e:b8:18:c5:78:
         14:bf:2f:6b:68:14:9b:38:91:a3:e4:ce:4f:ff:50:62:2d:64:
         17:d5:b0:fc:e1:80:bb:20:27:2c:dc:d6:15:7a:a5:d4:69:f9:
         98:f3:46:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcUc2kD5/eEct11TOuoVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDhjMjhiZTE1NTE2MjkwYjlkYTUxMzVlNThmNTVmYmI4
MGZmYjQwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTY1Y2M1Njk4NzUyODkxZTNiN2I4ZmE5ZGY4MDk3OWEyMmJhODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6D+cNrxvA2u5DlbOc+yERoX35nu
Grha0gJWDW/WGVAvSC1aowvlxHfPbGcnzaH/f7Nl0DHYCBEK7ydhUYN/e75kUkZ3
yLGpei3YkhZpQPs/ZZ29tLEcYZTAx4e5zCF8WIc8fOSlxs3EJXOCB/STlH1a/g24
QA5ihmqqjcRTtIPSV6E/z74q/dKPo+WUDieEgvfhlqoabHYE3GMaqCVA9YxSUCSN
7ivINkqvurGzO51uSmWaAQ+L2TjopKDDvshppwvzok2lnsVKdT6MOpokGLnKYORI
J+jMgjeHyspZTS8GPtjN6hl3MQIqKumVHvfxw+HvI72J14Yeyh8v29yPJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5lzFaYdSiR47e4+p34CXmiK6huMB8GA1UdIwQY
MBaAFIoIwovhVRYpC52lE15Y9V+7gP+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdqQ2ktRlZGaWtMbmFVVFhsajFYN3VBXzdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82NzJhZjgtMzM0OC00MjEzLWI0N2Mt
MDYxOGM5YThjYWM0LzEvcm1YTVZwaDFLSkhqdDdqNm5mZ0plYUlycUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82NzJhZjgtMzM0OC00MjEzLWI0N2MtMDYxOGM5YThjYWM0
LzEvaWdqQ2ktRlZGaWtMbmFVVFhsajFYN3VBXzdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoDXyMA0G
CSqGSIb3DQEBCwUAA4IBAQC0BwGk9jB6rnTGrj8J2ZnZKrB0J1/LyuQTt5tkTagI
Sc+tuHARh+QTF+wkOlVfoIbCdsX41r7LGoyhNuQhtv4dm8uHVmUiBRJAt2i/Pocl
qVZdXcONQxmpKcgEAAgATg14OMbU4AEb24GdN/PrqRVMCjU/OgIuZlDqjE0FN9wb
pCLN5Hww98+c2yAKnAkFhECE6nW2dawSlAlukIGTWoh2bC41ZXeR9ZUMaT6W53JU
D7PIAhupV5uCFcTFnQ6StACTvBcfBqQTJJ5NHhRx/9PTxus1LrgYxXgUvy9raBSb
OJGj5M5P/1BiLWQX1bD84YC7ICcs3NYVeqXUafmY80ZP
-----END CERTIFICATE-----