Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/IxKVyOQroKxd-1lLsP1TdsxA1Cc.roa
File:                     IxKVyOQroKxd-1lLsP1TdsxA1Cc.roa (raw, json)
Hash identifier:          ouJnnE6aJD/XZAYk2//sfbCocBqcO51jMPaltk0VzSM=
Subject key identifier:   23:12:95:C8:E4:2B:A0:AC:5D:FB:59:4B:B0:FD:53:76:CC:40:D4:27
Certificate issuer:       /CN=a64fa64bb3c2de4788306312c652de749ec93517
Certificate serial:       01919959283BB2AB1646D9557BB44A143400
Authority key identifier: A6:4F:A6:4B:B3:C2:DE:47:88:30:63:12:C6:52:DE:74:9E:C9:35:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pk-mS7PC3keIMGMSxlLedJ7JNRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/IxKVyOQroKxd-1lLsP1TdsxA1Cc.roa
Signing time:             Wed 28 Aug 2024 14:17:22 +0000
ROA not before:           Wed 28 Aug 2024 14:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212097
IP address blocks:        185.242.100.0/24 maxlen: 24
                          185.242.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/pk-mS7PC3keIMGMSxlLedJ7JNRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/pk-mS7PC3keIMGMSxlLedJ7JNRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pk-mS7PC3keIMGMSxlLedJ7JNRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:99:59:28:3b:b2:ab:16:46:d9:55:7b:b4:4a:14:34:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a64fa64bb3c2de4788306312c652de749ec93517
        Validity
            Not Before: Aug 28 14:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=231295c8e42ba0ac5dfb594bb0fd5376cc40d427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d1:ab:f7:7b:00:96:82:93:55:93:69:ed:50:
                    95:4c:46:d8:bd:bf:48:d8:53:8f:e7:f5:93:fa:f7:
                    b4:47:bb:05:0e:a1:db:b3:a5:09:1e:d4:24:43:af:
                    f7:12:ef:c8:70:0f:6f:61:15:63:b6:35:a8:b6:3e:
                    9b:0c:cc:ab:53:c2:55:48:8b:bf:b7:10:50:63:25:
                    07:e1:31:be:1b:32:21:c7:6e:13:b9:95:cc:67:74:
                    91:f2:9d:c9:25:20:81:51:4b:f2:95:5b:5a:99:a2:
                    a1:2d:4f:d9:25:cb:7e:10:ce:c7:db:c0:bf:cc:cf:
                    55:80:1d:41:64:ea:e3:21:38:2c:27:9b:55:36:ee:
                    a3:e1:15:f5:ee:80:4f:9e:c2:31:c9:0d:e4:4a:d9:
                    e5:4c:79:37:06:c7:9a:ba:9a:88:0f:dd:99:7d:19:
                    bc:e7:cc:4c:a8:28:90:da:f0:ba:be:77:b8:72:85:
                    ca:cc:0e:ca:1c:1e:f2:f5:dc:c9:76:a8:a5:d9:e6:
                    ce:b2:0b:1c:33:b2:2d:50:bd:97:a4:13:64:23:7e:
                    cc:5c:20:b9:27:01:3c:dc:f1:71:8f:79:ff:b8:d6:
                    2d:46:c2:14:29:91:6d:6a:51:b4:f4:c3:d3:29:73:
                    c3:62:06:ab:18:14:f3:35:95:e8:25:85:05:29:73:
                    5a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:12:95:C8:E4:2B:A0:AC:5D:FB:59:4B:B0:FD:53:76:CC:40:D4:27
            X509v3 Authority Key Identifier:
                keyid:A6:4F:A6:4B:B3:C2:DE:47:88:30:63:12:C6:52:DE:74:9E:C9:35:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pk-mS7PC3keIMGMSxlLedJ7JNRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/IxKVyOQroKxd-1lLsP1TdsxA1Cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/427db2-c613-4e84-b38c-90569bc6ca54/1/pk-mS7PC3keIMGMSxlLedJ7JNRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:b3:22:9c:38:2a:61:0c:bc:99:73:ab:89:aa:1a:a4:d4:75:
         09:7b:7a:b3:53:e6:8e:10:17:0b:ea:62:bd:95:94:79:57:50:
         04:f8:c3:ce:b1:4a:c8:e2:53:df:2a:98:df:27:bb:62:b5:83:
         d8:09:f4:17:bb:84:fe:0c:49:d3:27:21:90:2e:84:d3:1d:a3:
         01:19:ae:6d:6e:fb:53:09:a2:61:df:9b:00:fc:80:52:c5:23:
         c0:f4:48:8a:fb:95:83:66:d0:ca:f0:21:cf:38:1b:25:e6:b5:
         56:fc:66:ac:5d:49:ce:57:74:cc:92:0c:35:93:f0:5b:fa:97:
         88:6e:94:82:f3:d2:76:85:98:9b:19:e2:44:1e:8e:a9:8d:20:
         64:bb:d7:79:13:04:b3:77:c5:eb:8a:b4:f5:d3:2b:fa:02:c1:
         9b:fe:d0:19:37:ac:e3:ec:66:b9:61:71:2f:89:b1:30:79:c8:
         a6:57:67:25:f4:09:9d:d5:a0:77:e6:1a:dd:ff:22:bb:b2:38:
         ed:d6:b3:ae:24:63:81:0e:d1:9e:b3:1e:a7:3f:f2:4e:49:48:
         c7:92:15:7d:c4:8a:8a:35:cc:c6:8f:ed:32:33:19:9a:e7:f0:
         65:20:73:4c:84:56:f4:71:9e:d8:b8:c0:e2:c7:47:a4:ad:d3:
         de:9d:ca:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGZWSg7sqsWRtlVe7RKFDQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NGZhNjRiYjNjMmRlNDc4ODMwNjMxMmM2NTJkZTc0OWVj
OTM1MTcwHhcNMjQwODI4MTQxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzEyOTVjOGU0MmJhMGFjNWRmYjU5NGJiMGZkNTM3NmNjNDBkNDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtGr93sAloKTVZNp7VCVTEbYvb9I
2FOP5/WT+ve0R7sFDqHbs6UJHtQkQ6/3Eu/IcA9vYRVjtjWotj6bDMyrU8JVSIu/
txBQYyUH4TG+GzIhx24TuZXMZ3SR8p3JJSCBUUvylVtamaKhLU/ZJct+EM7H28C/
zM9VgB1BZOrjITgsJ5tVNu6j4RX17oBPnsIxyQ3kStnlTHk3BseaupqID92ZfRm8
58xMqCiQ2vC6vne4coXKzA7KHB7y9dzJdqil2ebOsgscM7ItUL2XpBNkI37MXCC5
JwE83PFxj3n/uNYtRsIUKZFtalG09MPTKXPDYgarGBTzNZXoJYUFKXNaHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMSlcjkK6CsXftZS7D9U3bMQNQnMB8GA1UdIwQY
MBaAFKZPpkuzwt5HiDBjEsZS3nSeyTUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGstbVM3UEMza2VJTUdNU3hsTGVkSjdKTlJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80MjdkYjItYzYxMy00ZTg0LWIzOGMt
OTA1NjliYzZjYTU0LzEvSXhLVnlPUXJvS3hkLTFsTHNQMVRkc3hBMUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80MjdkYjItYzYxMy00ZTg0LWIzOGMtOTA1NjliYzZjYTU0
LzEvcGstbVM3UEMza2VJTUdNU3hsTGVkSjdKTlJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufJkMA0G
CSqGSIb3DQEBCwUAA4IBAQCFsyKcOCphDLyZc6uJqhqk1HUJe3qzU+aOEBcL6mK9
lZR5V1AE+MPOsUrI4lPfKpjfJ7titYPYCfQXu4T+DEnTJyGQLoTTHaMBGa5tbvtT
CaJh35sA/IBSxSPA9EiK+5WDZtDK8CHPOBsl5rVW/GasXUnOV3TMkgw1k/Bb+peI
bpSC89J2hZibGeJEHo6pjSBku9d5EwSzd8XrirT10yv6AsGb/tAZN6zj7Ga5YXEv
ibEwecimV2cl9Amd1aB35hrd/yK7sjjt1rOuJGOBDtGesx6nP/JOSUjHkhV9xIqK
NczGj+0yMxma5/BlIHNMhFb0cZ7YuMDix0ekrdPencqW
-----END CERTIFICATE-----