Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/iBU5SHfJ9vMCGd-rfp6b8rXDUw0.roa
File:                     iBU5SHfJ9vMCGd-rfp6b8rXDUw0.roa (raw, json)
Hash identifier:          ojQFqlxIxie+R/s5Rst0cDmL1srooPZj0wWBtNU/cow=
Subject key identifier:   88:15:39:48:77:C9:F6:F3:02:19:DF:AB:7E:9E:9B:F2:B5:C3:53:0D
Certificate issuer:       /CN=dce1b25fd91b5fbc1ffb1218c67ed558ae778c04
Certificate serial:       018CC348CBF6E9817CA232688C112B9AE78A
Authority key identifier: DC:E1:B2:5F:D9:1B:5F:BC:1F:FB:12:18:C6:7E:D5:58:AE:77:8C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/iBU5SHfJ9vMCGd-rfp6b8rXDUw0.roa
Signing time:             Mon 01 Jan 2024 04:29:37 +0000
ROA not before:           Mon 01 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47773
IP address blocks:        193.162.105.0/24 maxlen: 27
                          2a10:8dc0::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cb:f6:e9:81:7c:a2:32:68:8c:11:2b:9a:e7:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dce1b25fd91b5fbc1ffb1218c67ed558ae778c04
        Validity
            Not Before: Jan  1 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8815394877c9f6f30219dfab7e9e9bf2b5c3530d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5b:0e:9a:35:db:7f:0a:50:0a:3b:6d:32:5a:
                    d5:ad:91:66:ed:c7:84:b6:38:32:17:99:d0:91:cc:
                    5d:f0:e2:aa:66:45:9f:83:5f:e9:92:b8:72:70:67:
                    77:dc:49:1f:e0:d1:0b:51:f5:3f:e4:db:ca:b9:14:
                    ed:c8:65:5d:f3:95:e5:1a:41:15:41:a0:e0:fd:b9:
                    69:d4:02:24:36:1c:be:8a:d2:ad:9c:35:fc:2a:76:
                    b5:71:3c:83:f0:b3:1b:ce:8d:d1:bb:1b:a7:24:df:
                    81:d4:d5:c0:b5:78:b0:a1:b8:9a:fd:e6:78:17:b4:
                    f4:c8:75:9c:db:a3:42:35:2e:25:60:5f:bc:12:6b:
                    ac:ea:98:e3:02:52:97:cf:d8:3b:0d:cb:3f:2d:b5:
                    02:9b:1f:17:c8:bd:15:03:7e:73:f1:4a:5a:2a:cd:
                    db:a9:40:6e:c2:e8:39:9c:93:7e:3c:ee:72:08:d9:
                    80:3d:33:8c:27:1d:18:a4:b9:a3:12:51:6c:a0:4d:
                    78:74:97:20:88:12:65:87:bb:bb:c0:03:e0:ed:c2:
                    03:c4:d7:2d:d2:70:64:7c:64:ab:49:0f:c0:63:90:
                    07:dc:a0:09:eb:dc:db:03:f8:a3:14:44:5c:c8:7e:
                    1a:b1:53:d1:68:e6:c6:78:8e:11:d4:cf:fb:c8:c0:
                    1d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:15:39:48:77:C9:F6:F3:02:19:DF:AB:7E:9E:9B:F2:B5:C3:53:0D
            X509v3 Authority Key Identifier:
                keyid:DC:E1:B2:5F:D9:1B:5F:BC:1F:FB:12:18:C6:7E:D5:58:AE:77:8C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OGyX9kbX7wf-xIYxn7VWK53jAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/iBU5SHfJ9vMCGd-rfp6b8rXDUw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/3252c0-5725-449f-92a1-643bb27f7fbf/1/3OGyX9kbX7wf-xIYxn7VWK53jAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.105.0/24
                IPv6:
                  2a10:8dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:19:4c:fd:4e:c7:50:7d:da:53:36:f7:01:3f:22:a8:0d:48:
         b5:03:cc:47:59:33:b3:0d:7c:85:8e:f5:30:c2:46:3b:49:87:
         ee:4a:95:94:22:c1:f9:54:5f:d0:fb:e6:1b:9f:b9:50:ff:86:
         64:ed:7d:df:45:8b:bb:2e:2d:62:f4:2a:3c:92:e5:f8:56:e8:
         83:0f:bc:fc:b4:c6:2d:aa:91:7a:cb:cf:4b:d6:c6:3a:95:ba:
         ac:d8:85:35:f0:42:80:de:ea:fd:10:42:07:77:cb:35:4f:4b:
         fe:b4:cc:e8:80:9e:fa:fa:e0:29:a5:e3:d3:f0:db:cd:3b:16:
         4d:85:ca:de:e5:13:ae:b2:80:d8:ba:c4:3a:a8:fb:88:a2:2f:
         bf:31:0b:d3:28:66:19:c9:c3:27:bb:07:61:d9:2d:24:21:95:
         bf:73:78:e7:62:76:25:64:7d:b6:48:0e:9c:6b:07:af:a4:54:
         a5:13:ff:4f:d0:73:0f:10:50:77:97:75:3e:7e:2c:4e:f7:bd:
         8c:05:cc:84:06:f8:ba:e0:fd:be:94:41:ed:18:d4:fd:24:50:
         9f:9f:24:45:d2:29:ed:a4:94:d2:a8:db:50:cd:4d:0b:4d:c0:
         06:e3:f7:7c:07:32:a8:24:bc:1b:78:7a:7c:26:7a:f8:b5:28:
         e0:1d:73:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSMv26YF8ojJojBErmueKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTFiMjVmZDkxYjVmYmMxZmZiMTIxOGM2N2VkNTU4YWU3
NzhjMDQwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODE1Mzk0ODc3YzlmNmYzMDIxOWRmYWI3ZTllOWJmMmI1YzM1MzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlsOmjXbfwpQCjttMlrVrZFm7ceE
tjgyF5nQkcxd8OKqZkWfg1/pkrhycGd33Ekf4NELUfU/5NvKuRTtyGVd85XlGkEV
QaDg/blp1AIkNhy+itKtnDX8Kna1cTyD8LMbzo3RuxunJN+B1NXAtXiwobia/eZ4
F7T0yHWc26NCNS4lYF+8Emus6pjjAlKXz9g7Dcs/LbUCmx8XyL0VA35z8UpaKs3b
qUBuwug5nJN+PO5yCNmAPTOMJx0YpLmjElFsoE14dJcgiBJlh7u7wAPg7cIDxNct
0nBkfGSrSQ/AY5AH3KAJ69zbA/ijFERcyH4asVPRaObGeI4R1M/7yMAdDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIgVOUh3yfbzAhnfq36em/K1w1MNMB8GA1UdIwQY
MBaAFNzhsl/ZG1+8H/sSGMZ+1Viud4wEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09HeVg5a2JYN3dmLXhJWXhuN1ZXSzUzakFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8zMjUyYzAtNTcyNS00NDlmLTkyYTEt
NjQzYmIyN2Y3ZmJmLzEvaUJVNVNIZko5dk1DR2QtcmZwNmI4clhEVXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8zMjUyYzAtNTcyNS00NDlmLTkyYTEtNjQzYmIyN2Y3ZmJm
LzEvM09HeVg5a2JYN3dmLXhJWXhuN1ZXSzUzakFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaJpMA0E
AgACMAcDBQAqEI3AMA0GCSqGSIb3DQEBCwUAA4IBAQB9GUz9TsdQfdpTNvcBPyKo
DUi1A8xHWTOzDXyFjvUwwkY7SYfuSpWUIsH5VF/Q++Ybn7lQ/4Zk7X3fRYu7Li1i
9Co8kuX4VuiDD7z8tMYtqpF6y89L1sY6lbqs2IU18EKA3ur9EEIHd8s1T0v+tMzo
gJ76+uAppePT8NvNOxZNhcre5ROusoDYusQ6qPuIoi+/MQvTKGYZycMnuwdh2S0k
IZW/c3jnYnYlZH22SA6cawevpFSlE/9P0HMPEFB3l3U+fixO972MBcyEBvi64P2+
lEHtGNT9JFCfnyRF0intpJTSqNtQzU0LTcAG4/d8BzKoJLwbeHp8Jnr4tSjgHXPM
-----END CERTIFICATE-----