Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/aMNS4bnuWA1CluRFCf3p0LeDDSU.roa
File:                     aMNS4bnuWA1CluRFCf3p0LeDDSU.roa (raw, json)
Hash identifier:          IJEae5crASMNV3VhjEKoR/fbouhknZ0Ofpb1PCs2f9E=
Subject key identifier:   68:C3:52:E1:B9:EE:58:0D:42:96:E4:45:09:FD:E9:D0:B7:83:0D:25
Certificate issuer:       /CN=b23eb849e0b6940e4ff547de0b41b003f9e1105c
Certificate serial:       018CC8015D00E0F7F1FBF8DF7701203CF126
Authority key identifier: B2:3E:B8:49:E0:B6:94:0E:4F:F5:47:DE:0B:41:B0:03:F9:E1:10:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sj64SeC2lA5P9UfeC0GwA_nhEFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/aMNS4bnuWA1CluRFCf3p0LeDDSU.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20911
IP address blocks:        195.230.29.0/24 maxlen: 24
                          195.230.28.0/24 maxlen: 24
                          195.230.28.0/23 maxlen: 23
                          195.230.31.0/24 maxlen: 24
                          195.230.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/sj64SeC2lA5P9UfeC0GwA_nhEFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/sj64SeC2lA5P9UfeC0GwA_nhEFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sj64SeC2lA5P9UfeC0GwA_nhEFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 18:45:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5d:00:e0:f7:f1:fb:f8:df:77:01:20:3c:f1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b23eb849e0b6940e4ff547de0b41b003f9e1105c
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68c352e1b9ee580d4296e44509fde9d0b7830d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ed:4e:6a:a0:34:f6:78:a5:fb:d0:6b:09:8f:
                    b6:1f:80:93:33:84:86:4b:f7:6b:70:85:6d:e1:d8:
                    3e:57:b2:6a:1e:35:c0:45:5f:db:87:12:df:df:fd:
                    1a:7c:8c:92:d3:ea:56:17:8a:b6:72:60:8c:37:22:
                    67:c7:4c:90:54:91:a7:81:80:01:c4:25:cf:84:6f:
                    14:e8:5e:78:7b:74:95:c8:55:db:d0:1b:d7:b0:cb:
                    0c:8e:8a:90:75:10:2d:70:68:8d:c1:76:75:56:90:
                    26:bc:54:d6:78:3d:86:bb:8a:44:3e:c2:b2:04:5c:
                    8d:92:e1:84:d4:3d:dc:1a:0f:66:5e:89:5b:dc:18:
                    18:71:7d:07:d7:67:0b:8f:68:9d:45:6f:54:78:e0:
                    ac:be:d9:64:88:7d:07:3e:d7:94:1e:70:ab:14:b2:
                    a4:6c:84:4f:04:6d:97:85:23:8d:63:d6:57:a0:ca:
                    4d:96:40:0e:fe:ef:1a:6c:ee:d4:dd:47:23:fb:aa:
                    6a:2a:5f:a8:c9:b3:b5:55:fb:6d:ea:b2:94:f2:ca:
                    b4:c5:15:47:b9:49:3d:33:ba:9b:cb:b1:eb:ac:44:
                    95:b8:c8:28:a8:ca:79:de:60:71:ea:dd:cb:53:91:
                    0e:c1:dd:b9:80:90:3c:1d:75:6a:cb:2e:48:87:23:
                    65:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C3:52:E1:B9:EE:58:0D:42:96:E4:45:09:FD:E9:D0:B7:83:0D:25
            X509v3 Authority Key Identifier:
                keyid:B2:3E:B8:49:E0:B6:94:0E:4F:F5:47:DE:0B:41:B0:03:F9:E1:10:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sj64SeC2lA5P9UfeC0GwA_nhEFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/aMNS4bnuWA1CluRFCf3p0LeDDSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/11bf2e-b58a-4a31-89c0-155f42dcaa73/1/sj64SeC2lA5P9UfeC0GwA_nhEFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:36:d4:88:fe:6b:0a:46:ca:5b:27:df:ad:01:5e:99:e0:6a:
         39:71:df:6e:dc:41:3c:6a:b2:23:35:38:a9:6a:37:2a:cd:f5:
         7a:97:bc:8a:93:2b:b3:e0:d9:e3:c7:a4:de:51:74:f9:c4:45:
         27:cf:c6:eb:fb:35:94:f5:8c:23:2e:f9:78:62:fb:86:a5:3e:
         96:dc:11:51:69:81:e2:1e:5a:bc:29:c3:76:e6:75:9e:a5:a9:
         c2:6f:42:8d:07:f1:ee:12:34:74:8e:09:6f:be:9c:ac:13:b5:
         d0:46:9e:f3:a8:42:b8:30:a6:90:20:fe:81:b0:0f:ca:6e:ff:
         e3:26:04:f4:ab:3f:92:78:f0:64:2d:d2:21:0b:12:48:b5:39:
         00:26:f4:d0:3a:2d:78:03:08:fb:40:dd:a1:23:74:95:19:12:
         18:f9:ae:c4:96:31:50:e8:70:82:7c:05:f8:58:ac:e2:35:83:
         e8:4f:03:d4:fa:dc:70:a9:06:f5:af:f4:d8:02:92:18:90:a2:
         4d:bd:71:5f:9b:aa:5f:c2:27:92:32:fa:7c:60:37:59:2e:51:
         e6:3a:a2:7f:8f:04:bf:1a:1f:11:51:38:d5:3d:53:de:1a:41:
         76:b7:b4:a5:ec:e1:ab:b1:86:a1:08:1c:cb:52:91:68:e0:ff:
         bd:d2:fb:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAV0A4Pfx+/jfdwEgPPEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyM2ViODQ5ZTBiNjk0MGU0ZmY1NDdkZTBiNDFiMDAzZjll
MTEwNWMwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGMzNTJlMWI5ZWU1ODBkNDI5NmU0NDUwOWZkZTlkMGI3ODMwZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+1OaqA09nil+9BrCY+2H4CTM4SG
S/drcIVt4dg+V7JqHjXARV/bhxLf3/0afIyS0+pWF4q2cmCMNyJnx0yQVJGngYAB
xCXPhG8U6F54e3SVyFXb0BvXsMsMjoqQdRAtcGiNwXZ1VpAmvFTWeD2Gu4pEPsKy
BFyNkuGE1D3cGg9mXolb3BgYcX0H12cLj2idRW9UeOCsvtlkiH0HPteUHnCrFLKk
bIRPBG2XhSONY9ZXoMpNlkAO/u8abO7U3Ucj+6pqKl+oybO1Vftt6rKU8sq0xRVH
uUk9M7qby7HrrESVuMgoqMp53mBx6t3LU5EOwd25gJA8HXVqyy5IhyNlWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjDUuG57lgNQpbkRQn96dC3gw0lMB8GA1UdIwQY
MBaAFLI+uEngtpQOT/VH3gtBsAP54RBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2o2NFNlQzJsQTVQOVVmZUMwR3dBX25oRUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8xMWJmMmUtYjU4YS00YTMxLTg5YzAt
MTU1ZjQyZGNhYTczLzEvYU1OUzRibnVXQTFDbHVSRkNmM3AwTGVERFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8xMWJmMmUtYjU4YS00YTMxLTg5YzAtMTU1ZjQyZGNhYTcz
LzEvc2o2NFNlQzJsQTVQOVVmZUMwR3dBX25oRUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+YcMA0G
CSqGSIb3DQEBCwUAA4IBAQBrNtSI/msKRspbJ9+tAV6Z4Go5cd9u3EE8arIjNTip
ajcqzfV6l7yKkyuz4Nnjx6TeUXT5xEUnz8br+zWU9YwjLvl4YvuGpT6W3BFRaYHi
Hlq8KcN25nWepanCb0KNB/HuEjR0jglvvpysE7XQRp7zqEK4MKaQIP6BsA/Kbv/j
JgT0qz+SePBkLdIhCxJItTkAJvTQOi14Awj7QN2hI3SVGRIY+a7EljFQ6HCCfAX4
WKziNYPoTwPU+txwqQb1r/TYApIYkKJNvXFfm6pfwieSMvp8YDdZLlHmOqJ/jwS/
Gh8RUTjVPVPeGkF2t7Sl7OGrsYahCBzLUpFo4P+90vtM
-----END CERTIFICATE-----