Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/98b35b-945e-40c5-bb95-9eadd351fc79/1/Iptt3UOEZZ-5C0qxOjSPOaux4nY.roa
File:                     Iptt3UOEZZ-5C0qxOjSPOaux4nY.roa (raw, json)
Hash identifier:          0ccZ7o6hC36PAyvtC+kHb+vPCqfewuQZNO/as6G4Jus=
Subject key identifier:   22:9B:6D:DD:43:84:65:9F:B9:0B:4A:B1:3A:34:8F:39:AB:B1:E2:76
Certificate issuer:       /CN=ad8dd17a768e3b6fbfa7a7009a7007ebe65b45c8
Certificate serial:       018CC8DE1785842BF942757F0730F30EC366
Authority key identifier: AD:8D:D1:7A:76:8E:3B:6F:BF:A7:A7:00:9A:70:07:EB:E6:5B:45:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rY3RenaOO2-_p6cAmnAH6-ZbRcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/98b35b-945e-40c5-bb95-9eadd351fc79/1/Iptt3UOEZZ-5C0qxOjSPOaux4nY.roa
Signing time:             Tue 02 Jan 2024 06:30:47 +0000
ROA not before:           Tue 02 Jan 2024 06:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211385
IP address blocks:        192.109.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/98b35b-945e-40c5-bb95-9eadd351fc79/1/rY3RenaOO2-_p6cAmnAH6-ZbRcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/98b35b-945e-40c5-bb95-9eadd351fc79/1/rY3RenaOO2-_p6cAmnAH6-ZbRcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rY3RenaOO2-_p6cAmnAH6-ZbRcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:17:85:84:2b:f9:42:75:7f:07:30:f3:0e:c3:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad8dd17a768e3b6fbfa7a7009a7007ebe65b45c8
        Validity
            Not Before: Jan  2 06:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=229b6ddd4384659fb90b4ab13a348f39abb1e276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b7:c8:92:22:aa:6e:c5:2c:fe:49:70:67:1a:
                    6a:c3:17:6f:28:92:08:8d:9e:3a:3c:47:fe:10:6a:
                    fb:42:56:59:98:70:a5:d3:c2:bb:c7:7a:5c:73:b2:
                    07:b9:f4:f1:32:dd:c9:f2:7f:d7:04:c7:1a:b9:75:
                    5b:f6:c3:03:31:08:bf:52:e1:19:cd:96:13:29:06:
                    6a:00:10:24:7a:78:1e:ba:f4:78:8b:5d:4f:25:6d:
                    ca:c7:9b:63:38:31:c5:bf:9d:f1:ad:8a:a8:99:27:
                    b2:b1:cc:df:bc:cb:57:7c:a5:ea:e3:74:ae:5b:e7:
                    13:95:f1:83:73:c1:16:b8:8f:1d:9b:a5:eb:f3:b0:
                    2b:23:07:ab:4c:fd:6f:1c:22:18:76:22:6a:a9:2a:
                    72:2e:09:65:83:87:c3:e6:55:56:26:1d:fd:c8:54:
                    da:26:88:8a:72:01:7d:61:4c:d5:5f:96:e6:65:06:
                    15:7e:87:c5:f8:b3:d9:c0:04:fc:39:48:e1:2f:62:
                    42:35:1e:18:31:03:ad:fe:f6:40:f1:0f:51:76:7b:
                    8d:37:e5:ec:fd:97:c6:ed:be:65:1e:33:08:dc:72:
                    3e:88:4a:77:7e:f6:02:1b:b9:88:df:93:4c:95:77:
                    44:c3:80:e1:dc:0f:6d:0c:9c:9a:1e:4e:71:e0:3c:
                    0a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9B:6D:DD:43:84:65:9F:B9:0B:4A:B1:3A:34:8F:39:AB:B1:E2:76
            X509v3 Authority Key Identifier:
                keyid:AD:8D:D1:7A:76:8E:3B:6F:BF:A7:A7:00:9A:70:07:EB:E6:5B:45:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rY3RenaOO2-_p6cAmnAH6-ZbRcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/98b35b-945e-40c5-bb95-9eadd351fc79/1/Iptt3UOEZZ-5C0qxOjSPOaux4nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/98b35b-945e-40c5-bb95-9eadd351fc79/1/rY3RenaOO2-_p6cAmnAH6-ZbRcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:af:35:4c:79:e0:67:2d:07:3b:e1:80:bf:c7:bd:0e:a4:c1:
         bd:47:59:e5:e4:4d:1d:42:a3:10:c9:b4:83:fa:39:7d:9e:ac:
         29:48:9d:45:cb:0d:6f:61:f5:b6:96:12:fe:61:9f:ac:89:af:
         a1:64:da:c1:a3:31:04:10:2d:32:5d:0f:fb:b3:4b:66:96:b7:
         09:7c:dc:5f:86:4c:8b:84:e2:64:5f:98:ca:49:c5:8b:6c:2b:
         0f:ed:11:76:39:ff:60:25:fe:df:a5:cc:52:28:8f:16:4d:87:
         f6:10:3c:8d:da:8c:ee:2c:d8:47:bc:59:4f:48:82:58:e8:80:
         29:93:53:e7:4f:ff:cd:9c:a1:67:86:6c:1f:b7:dd:f7:e5:78:
         bb:ed:89:5d:a2:6b:92:7d:ca:e8:c8:21:fb:68:67:7b:f6:ff:
         2a:c6:4d:48:04:86:57:8f:36:ef:9e:19:dc:0d:ae:96:83:ec:
         77:b3:f6:70:f9:12:4d:bf:3c:48:a2:d1:88:a8:88:7a:cc:ba:
         08:9a:42:e4:10:56:e3:58:c0:5e:78:a3:18:ee:dc:92:9e:e8:
         5d:78:23:f0:1d:95:e9:36:f4:0c:bd:1e:31:6c:a1:2f:47:a3:
         f6:51:48:b4:50:68:b0:72:57:78:e3:7c:eb:14:a0:13:d4:c3:
         fd:97:87:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3heFhCv5QnV/BzDzDsNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOGRkMTdhNzY4ZTNiNmZiZmE3YTcwMDlhNzAwN2ViZTY1
YjQ1YzgwHhcNMjQwMTAyMDYzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjliNmRkZDQzODQ2NTlmYjkwYjRhYjEzYTM0OGYzOWFiYjFlMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7fIkiKqbsUs/klwZxpqwxdvKJII
jZ46PEf+EGr7QlZZmHCl08K7x3pcc7IHufTxMt3J8n/XBMcauXVb9sMDMQi/UuEZ
zZYTKQZqABAkengeuvR4i11PJW3Kx5tjODHFv53xrYqomSeysczfvMtXfKXq43Su
W+cTlfGDc8EWuI8dm6Xr87ArIwerTP1vHCIYdiJqqSpyLgllg4fD5lVWJh39yFTa
JoiKcgF9YUzVX5bmZQYVfofF+LPZwAT8OUjhL2JCNR4YMQOt/vZA8Q9RdnuNN+Xs
/ZfG7b5lHjMI3HI+iEp3fvYCG7mI35NMlXdEw4Dh3A9tDJyaHk5x4DwKlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKbbd1DhGWfuQtKsTo0jzmrseJ2MB8GA1UdIwQY
MBaAFK2N0Xp2jjtvv6enAJpwB+vmW0XIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclkzUmVuYU9PMi1fcDZjQW1uQUg2LVpiUmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy85OGIzNWItOTQ1ZS00MGM1LWJiOTUt
OWVhZGQzNTFmYzc5LzEvSXB0dDNVT0VaWi01QzBxeE9qU1BPYXV4NG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy85OGIzNWItOTQ1ZS00MGM1LWJiOTUtOWVhZGQzNTFmYzc5
LzEvclkzUmVuYU9PMi1fcDZjQW1uQUg2LVpiUmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3bMA0G
CSqGSIb3DQEBCwUAA4IBAQCErzVMeeBnLQc74YC/x70OpMG9R1nl5E0dQqMQybSD
+jl9nqwpSJ1Fyw1vYfW2lhL+YZ+sia+hZNrBozEEEC0yXQ/7s0tmlrcJfNxfhkyL
hOJkX5jKScWLbCsP7RF2Of9gJf7fpcxSKI8WTYf2EDyN2ozuLNhHvFlPSIJY6IAp
k1PnT//NnKFnhmwft9335Xi77YldomuSfcroyCH7aGd79v8qxk1IBIZXjzbvnhnc
Da6Wg+x3s/Zw+RJNvzxIotGIqIh6zLoImkLkEFbjWMBeeKMY7tySnuhdeCPwHZXp
NvQMvR4xbKEvR6P2UUi0UGiwcld443zrFKAT1MP9l4dI
-----END CERTIFICATE-----