Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/f0006f-5670-42a6-85a9-31b2c666b2dc/1/iJE119uQwwnyVEJLda-K7TohuWw.roa
File:                     iJE119uQwwnyVEJLda-K7TohuWw.roa (raw, json)
Hash identifier:          /o0LqsiS4rfh/g2fZXhYdCBYO7bwG4Wv7kxI5B1cvZw=
Subject key identifier:   88:91:35:D7:DB:90:C3:09:F2:54:42:4B:75:AF:8A:ED:3A:21:B9:6C
Certificate issuer:       /CN=e06c8ad28538ede0b4c7e1a71e9ca989a9f03f10
Certificate serial:       018CC5DC81455F11A42549ECFA8AAA1C0937
Authority key identifier: E0:6C:8A:D2:85:38:ED:E0:B4:C7:E1:A7:1E:9C:A9:89:A9:F0:3F:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4GyK0oU47eC0x-GnHpypianwPxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/f0006f-5670-42a6-85a9-31b2c666b2dc/1/iJE119uQwwnyVEJLda-K7TohuWw.roa
Signing time:             Mon 01 Jan 2024 16:30:11 +0000
ROA not before:           Mon 01 Jan 2024 16:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198526
IP address blocks:        194.50.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/f0006f-5670-42a6-85a9-31b2c666b2dc/1/4GyK0oU47eC0x-GnHpypianwPxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/f0006f-5670-42a6-85a9-31b2c666b2dc/1/4GyK0oU47eC0x-GnHpypianwPxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4GyK0oU47eC0x-GnHpypianwPxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:81:45:5f:11:a4:25:49:ec:fa:8a:aa:1c:09:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e06c8ad28538ede0b4c7e1a71e9ca989a9f03f10
        Validity
            Not Before: Jan  1 16:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=889135d7db90c309f254424b75af8aed3a21b96c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d5:ad:8d:40:eb:5f:07:a2:a1:6f:09:d9:c7:
                    45:9a:b7:df:63:8d:5e:3d:ae:bd:9b:ac:ca:ad:da:
                    d9:08:0c:f1:25:b7:50:12:19:52:23:a7:fc:f0:b9:
                    20:4e:83:0a:a4:4a:b7:67:4a:f3:78:90:c5:d1:2a:
                    63:76:be:60:0c:3f:c8:31:d3:00:76:59:ee:be:c1:
                    88:9c:e2:d0:f5:44:23:a1:b1:ac:a5:b9:ae:a8:85:
                    82:43:8e:c5:05:73:1a:27:ca:38:92:47:99:30:0c:
                    0a:14:a8:4b:af:66:e3:e4:43:40:76:cc:75:39:6b:
                    7a:95:30:d5:37:ed:3d:bd:57:7e:27:86:c9:d0:f1:
                    9f:fd:dc:00:9b:36:01:ea:83:d6:6e:f8:30:1e:33:
                    7f:74:18:4b:a6:85:7a:a1:9e:f1:c0:42:bd:23:67:
                    d6:53:b5:82:26:2c:2a:3b:74:8d:13:ca:c3:96:ae:
                    ac:a1:1d:9d:2c:6b:9d:43:3f:09:b7:a7:ba:e6:3e:
                    e9:9f:85:43:06:5e:8e:c3:d6:19:58:7d:62:56:b1:
                    4c:08:74:53:36:d9:0c:db:1c:6d:a5:0a:6e:67:9e:
                    70:b6:30:52:2c:57:f0:9e:ae:1f:81:34:b3:34:b5:
                    6f:52:84:6f:ee:7b:d8:e5:1f:f2:d4:6c:0f:e4:4a:
                    c3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:91:35:D7:DB:90:C3:09:F2:54:42:4B:75:AF:8A:ED:3A:21:B9:6C
            X509v3 Authority Key Identifier:
                keyid:E0:6C:8A:D2:85:38:ED:E0:B4:C7:E1:A7:1E:9C:A9:89:A9:F0:3F:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4GyK0oU47eC0x-GnHpypianwPxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/f0006f-5670-42a6-85a9-31b2c666b2dc/1/iJE119uQwwnyVEJLda-K7TohuWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/f0006f-5670-42a6-85a9-31b2c666b2dc/1/4GyK0oU47eC0x-GnHpypianwPxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:12:3e:94:8a:11:73:7a:ea:de:af:87:70:6c:a6:d7:ac:08:
         2a:36:9b:3e:ec:18:5a:2e:1e:9b:9d:b5:8f:e8:45:f9:fa:3c:
         98:ff:36:68:d4:30:cc:0b:46:25:d5:f1:05:4a:26:08:34:de:
         e6:b7:e2:b9:ba:fa:53:0f:8d:21:71:6c:86:b6:89:ab:8b:7a:
         5d:5d:8b:d6:ea:48:58:4b:82:02:9a:ef:f6:68:af:5a:0b:d0:
         2c:eb:bc:1a:bd:54:84:58:90:6a:aa:12:64:39:85:74:28:70:
         f6:fa:c4:73:e7:8a:2f:cf:6a:ad:70:8c:6c:1b:ad:73:0d:c7:
         a0:93:7c:2e:00:9d:ca:38:75:67:de:74:b7:d6:21:d2:86:bd:
         1e:dc:7f:7e:23:b4:a0:7c:c4:66:1e:0d:70:48:d1:04:25:32:
         03:e5:61:b9:2d:fd:d5:9b:82:19:aa:09:98:0c:27:c1:d1:74:
         2c:3c:a3:16:e7:67:4d:33:bc:20:36:ea:44:6a:34:81:2b:91:
         bd:70:3b:1e:06:81:24:fa:57:ee:ce:df:3b:9f:a2:55:7d:bf:
         ae:2d:46:73:40:6b:92:36:ff:16:2f:0b:09:25:23:98:9c:1d:
         0f:cf:50:3f:dc:55:c3:f3:96:2f:2a:bd:4a:78:4d:56:24:84:
         4e:db:56:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3IFFXxGkJUns+oqqHAk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNmM4YWQyODUzOGVkZTBiNGM3ZTFhNzFlOWNhOTg5YTlm
MDNmMTAwHhcNMjQwMTAxMTYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODkxMzVkN2RiOTBjMzA5ZjI1NDQyNGI3NWFmOGFlZDNhMjFiOTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtWtjUDrXweioW8J2cdFmrffY41e
Pa69m6zKrdrZCAzxJbdQEhlSI6f88LkgToMKpEq3Z0rzeJDF0Spjdr5gDD/IMdMA
dlnuvsGInOLQ9UQjobGspbmuqIWCQ47FBXMaJ8o4kkeZMAwKFKhLr2bj5ENAdsx1
OWt6lTDVN+09vVd+J4bJ0PGf/dwAmzYB6oPWbvgwHjN/dBhLpoV6oZ7xwEK9I2fW
U7WCJiwqO3SNE8rDlq6soR2dLGudQz8Jt6e65j7pn4VDBl6Ow9YZWH1iVrFMCHRT
NtkM2xxtpQpuZ55wtjBSLFfwnq4fgTSzNLVvUoRv7nvY5R/y1GwP5ErDewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiRNdfbkMMJ8lRCS3Wviu06IblsMB8GA1UdIwQY
MBaAFOBsitKFOO3gtMfhpx6cqYmp8D8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEd5SzBvVTQ3ZUMweC1HbkhweXBpYW53UHhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9mMDAwNmYtNTY3MC00MmE2LTg1YTkt
MzFiMmM2NjZiMmRjLzEvaUpFMTE5dVF3d255VkVKTGRhLUs3VG9odVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9mMDAwNmYtNTY3MC00MmE2LTg1YTktMzFiMmM2NjZiMmRj
LzEvNEd5SzBvVTQ3ZUMweC1HbkhweXBpYW53UHhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKYMA0G
CSqGSIb3DQEBCwUAA4IBAQBfEj6UihFzeurer4dwbKbXrAgqNps+7BhaLh6bnbWP
6EX5+jyY/zZo1DDMC0Yl1fEFSiYINN7mt+K5uvpTD40hcWyGtomri3pdXYvW6khY
S4ICmu/2aK9aC9As67wavVSEWJBqqhJkOYV0KHD2+sRz54ovz2qtcIxsG61zDceg
k3wuAJ3KOHVn3nS31iHShr0e3H9+I7SgfMRmHg1wSNEEJTID5WG5Lf3Vm4IZqgmY
DCfB0XQsPKMW52dNM7wgNupEajSBK5G9cDseBoEk+lfuzt87n6JVfb+uLUZzQGuS
Nv8WLwsJJSOYnB0Pz1A/3FXD85YvKr1KeE1WJIRO21Zu
-----END CERTIFICATE-----