Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/IepAJsLMlpwlQHPIYSoC0pu4rBs.roa
File:                     IepAJsLMlpwlQHPIYSoC0pu4rBs.roa (raw, json)
Hash identifier:          JdYCdZvmfXxhA4c+676WJ+x3vO/T88ic0oa9ZPgbwdU=
Subject key identifier:   21:EA:40:26:C2:CC:96:9C:25:40:73:C8:61:2A:02:D2:9B:B8:AC:1B
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018FA93DE893BFE896CBE72819003FBDD4E8
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/IepAJsLMlpwlQHPIYSoC0pu4rBs.roa
Signing time:             Fri 24 May 2024 06:15:57 +0000
ROA not before:           Fri 24 May 2024 06:15:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        195.180.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:3d:e8:93:bf:e8:96:cb:e7:28:19:00:3f:bd:d4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: May 24 06:15:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21ea4026c2cc969c254073c8612a02d29bb8ac1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:50:71:86:e2:b2:b3:3e:0a:6f:1b:58:14:ff:
                    24:4a:a9:4b:66:b6:e9:f3:50:8e:ef:d7:e1:4a:01:
                    6a:61:c1:11:56:72:af:e6:08:99:4a:ff:5f:a2:47:
                    ea:74:c2:0b:13:0c:5d:65:e9:77:65:25:41:f2:30:
                    3a:3e:9a:99:15:aa:ad:43:68:82:03:26:11:77:97:
                    55:35:3a:13:77:30:d8:ba:c1:6d:14:d8:2a:47:43:
                    24:fb:62:69:a8:15:48:9f:bb:61:48:e9:8c:e7:31:
                    d2:e8:32:1f:93:4b:9e:4a:60:8c:a7:5a:35:c3:19:
                    89:c9:7b:fd:a5:22:19:c8:cd:99:ca:93:16:3a:be:
                    16:52:45:63:45:70:fd:d7:ea:1f:26:80:80:76:48:
                    0a:bc:18:9f:7c:87:93:f1:45:c4:08:6d:26:31:92:
                    c2:ff:3d:ad:95:e6:9d:3a:56:cf:02:6a:94:28:97:
                    9a:4f:8f:fc:26:30:f1:fa:fb:3e:7a:b9:db:22:1c:
                    ca:bc:6d:59:97:4b:3b:a6:d0:8e:2f:13:11:8f:75:
                    b0:1c:41:8f:c6:53:d6:ec:5d:d9:f6:ec:4e:21:f0:
                    69:be:52:dc:df:3c:3f:69:e5:c8:6a:83:27:98:19:
                    71:c1:e2:4c:2b:0b:4b:cf:c8:cd:d8:d0:b7:15:ef:
                    a2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:EA:40:26:C2:CC:96:9C:25:40:73:C8:61:2A:02:D2:9B:B8:AC:1B
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/IepAJsLMlpwlQHPIYSoC0pu4rBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.180.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:96:21:c2:82:86:46:2c:51:0d:4b:75:a0:4a:53:f7:85:74:
         b7:25:77:92:a1:d9:e3:25:9c:f9:02:7d:44:e3:3a:32:66:73:
         58:09:70:08:ee:b5:ad:21:97:01:66:76:bd:03:54:46:4f:0f:
         33:00:f3:ad:c2:5e:6b:5d:3d:4b:7c:6c:0c:8d:50:ae:63:55:
         ae:d0:a7:e4:dd:fb:ef:c5:0b:61:08:ad:45:e3:8d:fa:f3:e6:
         c4:64:95:d3:c1:84:51:45:88:85:ac:c4:42:bb:6c:6d:24:86:
         94:68:23:33:4e:ce:63:d8:12:a7:bb:3b:e8:d2:df:f7:74:e5:
         1d:75:8c:60:3e:75:6e:e0:5a:60:12:6b:53:90:e6:bb:87:a5:
         08:43:0d:92:06:45:87:0c:34:43:cf:4e:d9:f9:77:d7:b0:87:
         00:3b:5d:8d:37:13:e3:d4:e4:9c:9f:59:77:25:7e:af:a2:ff:
         5b:fd:17:5e:19:01:59:bf:33:4e:e1:21:b5:b2:26:12:c2:60:
         28:1b:b7:af:d0:9b:dd:e8:5f:d4:79:6c:49:8f:5c:a2:1c:9f:
         1f:fe:43:e9:5d:f8:78:1e:49:9f:ee:6f:43:1f:ef:f2:5f:9b:
         02:a9:30:ab:51:11:6d:87:b9:fb:ac:f8:bf:5f:9c:59:32:d3:
         a8:19:0d:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+pPeiTv+iWy+coGQA/vdToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwNTI0MDYxNTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWVhNDAyNmMyY2M5NjljMjU0MDczYzg2MTJhMDJkMjliYjhhYzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVBxhuKysz4KbxtYFP8kSqlLZrbp
81CO79fhSgFqYcERVnKv5giZSv9fokfqdMILEwxdZel3ZSVB8jA6PpqZFaqtQ2iC
AyYRd5dVNToTdzDYusFtFNgqR0Mk+2JpqBVIn7thSOmM5zHS6DIfk0ueSmCMp1o1
wxmJyXv9pSIZyM2ZypMWOr4WUkVjRXD91+ofJoCAdkgKvBiffIeT8UXECG0mMZLC
/z2tleadOlbPAmqUKJeaT4/8JjDx+vs+ernbIhzKvG1Zl0s7ptCOLxMRj3WwHEGP
xlPW7F3Z9uxOIfBpvlLc3zw/aeXIaoMnmBlxweJMKwtLz8jN2NC3Fe+i6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHqQCbCzJacJUBzyGEqAtKbuKwbMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvSWVwQUpzTE1scHdsUUhQSVlTb0MwcHU0ckJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw7ScMA0G
CSqGSIb3DQEBCwUAA4IBAQC2liHCgoZGLFENS3WgSlP3hXS3JXeSodnjJZz5An1E
4zoyZnNYCXAI7rWtIZcBZna9A1RGTw8zAPOtwl5rXT1LfGwMjVCuY1Wu0Kfk3fvv
xQthCK1F44368+bEZJXTwYRRRYiFrMRCu2xtJIaUaCMzTs5j2BKnuzvo0t/3dOUd
dYxgPnVu4FpgEmtTkOa7h6UIQw2SBkWHDDRDz07Z+XfXsIcAO12NNxPj1OScn1l3
JX6vov9b/RdeGQFZvzNO4SG1siYSwmAoG7ev0Jvd6F/UeWxJj1yiHJ8f/kPpXfh4
Hkmf7m9DH+/yX5sCqTCrURFth7n7rPi/X5xZMtOoGQ22
-----END CERTIFICATE-----