Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/a7db4c-c9f6-4e0c-aa97-4c8980b58126/1/iku9-Y-CTi9k5beAv-R_KGnUug4.roa
File:                     iku9-Y-CTi9k5beAv-R_KGnUug4.roa (raw, json)
Hash identifier:          OgFUi/fbgTJORj8oofoWo216FbAYhEEq3Qc+yhFjhsA=
Subject key identifier:   8A:4B:BD:F9:8F:82:4E:2F:64:E5:B7:80:BF:E4:7F:28:69:D4:BA:0E
Certificate issuer:       /CN=f53fd9e69d7d1f2ddc267091626190ceaa85cfc2
Certificate serial:       0192E45977BAF60095C8EB6189DAA29293CD
Authority key identifier: F5:3F:D9:E6:9D:7D:1F:2D:DC:26:70:91:62:61:90:CE:AA:85:CF:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9T_Z5p19Hy3cJnCRYmGQzqqFz8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/a7db4c-c9f6-4e0c-aa97-4c8980b58126/1/iku9-Y-CTi9k5beAv-R_KGnUug4.roa
Signing time:             Thu 31 Oct 2024 20:52:01 +0000
ROA not before:           Thu 31 Oct 2024 20:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        185.115.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/a7db4c-c9f6-4e0c-aa97-4c8980b58126/1/9T_Z5p19Hy3cJnCRYmGQzqqFz8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/a7db4c-c9f6-4e0c-aa97-4c8980b58126/1/9T_Z5p19Hy3cJnCRYmGQzqqFz8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9T_Z5p19Hy3cJnCRYmGQzqqFz8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e4:59:77:ba:f6:00:95:c8:eb:61:89:da:a2:92:93:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f53fd9e69d7d1f2ddc267091626190ceaa85cfc2
        Validity
            Not Before: Oct 31 20:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a4bbdf98f824e2f64e5b780bfe47f2869d4ba0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:2a:8f:f6:de:f2:40:50:9e:fc:a0:05:3e:3b:
                    b4:30:04:b1:2f:5f:1d:fd:65:8e:46:2f:e6:85:06:
                    8c:9c:09:39:73:aa:dd:d3:37:8d:ce:e1:f8:72:00:
                    69:81:70:f0:7f:48:8c:f1:bb:a1:5f:e1:52:f2:f5:
                    e8:80:70:dd:df:65:8b:75:33:eb:1d:dc:72:86:8f:
                    79:4d:85:52:91:13:18:e5:67:05:dd:7c:a6:cb:fd:
                    24:ce:4b:32:1a:d6:8e:7f:02:2e:36:e1:77:be:30:
                    26:2c:c7:79:f2:45:52:33:f1:47:ac:c4:c8:5d:80:
                    ed:a9:f5:48:18:cc:1b:64:ba:bb:72:8e:e7:23:86:
                    2b:b7:31:05:a2:03:e2:b1:52:aa:f2:e7:57:cc:9f:
                    64:49:fe:6c:39:f0:97:54:dc:06:3d:c0:e7:9c:af:
                    f7:92:21:03:88:f0:5e:24:60:04:67:4a:b8:ef:90:
                    8f:73:86:af:08:d0:d1:d9:8a:fa:76:4a:93:c5:58:
                    28:9b:1d:89:31:d1:e1:41:42:74:17:67:a1:8c:b3:
                    36:48:ef:c2:82:0f:fc:75:39:18:49:79:aa:b8:9d:
                    3a:37:6b:e0:03:56:6d:98:29:8c:36:3a:b1:a3:eb:
                    02:b0:c8:c4:16:71:6e:e0:e1:83:c6:51:ed:01:88:
                    c7:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:4B:BD:F9:8F:82:4E:2F:64:E5:B7:80:BF:E4:7F:28:69:D4:BA:0E
            X509v3 Authority Key Identifier:
                keyid:F5:3F:D9:E6:9D:7D:1F:2D:DC:26:70:91:62:61:90:CE:AA:85:CF:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9T_Z5p19Hy3cJnCRYmGQzqqFz8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/a7db4c-c9f6-4e0c-aa97-4c8980b58126/1/iku9-Y-CTi9k5beAv-R_KGnUug4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/a7db4c-c9f6-4e0c-aa97-4c8980b58126/1/9T_Z5p19Hy3cJnCRYmGQzqqFz8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:71:69:a5:75:1a:71:b2:ba:94:fa:7b:79:f9:18:49:f3:34:
         1f:2f:b6:d7:5c:76:25:16:b2:f5:3a:2b:6f:89:8a:26:38:a8:
         28:e9:09:b1:6b:2a:c2:fb:12:4f:57:b5:84:1c:38:9c:c3:56:
         27:f9:bd:4a:0f:a6:54:7c:68:01:1e:9b:06:fa:e9:3a:59:96:
         1f:17:16:ba:46:c5:e2:52:e3:ad:7a:c4:95:f8:99:b2:f8:4e:
         0c:e7:7e:3a:31:8b:54:aa:bf:54:f7:66:21:7f:d6:19:b2:a4:
         8c:05:0e:d2:08:b3:b1:e5:30:ff:4f:7a:95:64:cf:c6:1b:4b:
         92:0b:66:f3:83:f7:fe:56:40:36:90:38:51:7d:a3:ae:ee:66:
         05:7b:e5:79:2f:08:2e:6e:c5:fd:ef:d1:cf:56:52:10:42:db:
         e2:91:f4:be:ba:78:8f:2f:8e:50:4e:2a:14:b4:e0:57:7c:27:
         37:7b:56:90:d0:1c:c5:6b:f3:67:f5:83:92:56:e2:56:7d:17:
         4b:ce:4d:88:6c:12:4f:ef:31:c4:5d:21:30:16:31:c9:f1:e9:
         bb:77:a7:59:97:fe:5d:cd:bc:52:25:f0:f4:22:11:38:1d:7e:
         57:ef:79:7b:68:65:bb:21:3f:0c:83:d5:71:24:13:bc:bf:94:
         1f:34:5d:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLkWXe69gCVyOthidqikpPNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1M2ZkOWU2OWQ3ZDFmMmRkYzI2NzA5MTYyNjE5MGNlYWE4
NWNmYzIwHhcNMjQxMDMxMjA1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTRiYmRmOThmODI0ZTJmNjRlNWI3ODBiZmU0N2YyODY5ZDRiYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CqP9t7yQFCe/KAFPju0MASxL18d
/WWORi/mhQaMnAk5c6rd0zeNzuH4cgBpgXDwf0iM8buhX+FS8vXogHDd32WLdTPr
Hdxyho95TYVSkRMY5WcF3Xymy/0kzksyGtaOfwIuNuF3vjAmLMd58kVSM/FHrMTI
XYDtqfVIGMwbZLq7co7nI4YrtzEFogPisVKq8udXzJ9kSf5sOfCXVNwGPcDnnK/3
kiEDiPBeJGAEZ0q475CPc4avCNDR2Yr6dkqTxVgomx2JMdHhQUJ0F2ehjLM2SO/C
gg/8dTkYSXmquJ06N2vgA1ZtmCmMNjqxo+sCsMjEFnFu4OGDxlHtAYjHIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpLvfmPgk4vZOW3gL/kfyhp1LoOMB8GA1UdIwQY
MBaAFPU/2eadfR8t3CZwkWJhkM6qhc/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVRfWjVwMTlIeTNjSm5DUlltR1F6cXFGejhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9hN2RiNGMtYzlmNi00ZTBjLWFhOTct
NGM4OTgwYjU4MTI2LzEvaWt1OS1ZLUNUaTlrNWJlQXYtUl9LR25VdWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9hN2RiNGMtYzlmNi00ZTBjLWFhOTctNGM4OTgwYjU4MTI2
LzEvOVRfWjVwMTlIeTNjSm5DUlltR1F6cXFGejhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOiMA0G
CSqGSIb3DQEBCwUAA4IBAQB6cWmldRpxsrqU+nt5+RhJ8zQfL7bXXHYlFrL1Oitv
iYomOKgo6QmxayrC+xJPV7WEHDicw1Yn+b1KD6ZUfGgBHpsG+uk6WZYfFxa6RsXi
UuOtesSV+Jmy+E4M5346MYtUqr9U92Yhf9YZsqSMBQ7SCLOx5TD/T3qVZM/GG0uS
C2bzg/f+VkA2kDhRfaOu7mYFe+V5LwgubsX979HPVlIQQtvikfS+uniPL45QTioU
tOBXfCc3e1aQ0BzFa/Nn9YOSVuJWfRdLzk2IbBJP7zHEXSEwFjHJ8em7d6dZl/5d
zbxSJfD0IhE4HX5X73l7aGW7IT8Mg9VxJBO8v5QfNF2b
-----END CERTIFICATE-----