Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/I8G_eh-rVpx2oZHpNhQiXlPUS4I.roa
File:                     I8G_eh-rVpx2oZHpNhQiXlPUS4I.roa (raw, json)
Hash identifier:          iZLWupNZlFmxZVH6DAs8FckGutkB39c7rh7iVjxodnE=
Subject key identifier:   23:C1:BF:7A:1F:AB:56:9C:76:A1:91:E9:36:14:22:5E:53:D4:4B:82
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018CC9BC6B25FAAECBC91EE6C6713222B9A7
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/I8G_eh-rVpx2oZHpNhQiXlPUS4I.roa
Signing time:             Tue 02 Jan 2024 10:33:37 +0000
ROA not before:           Tue 02 Jan 2024 10:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42745
IP address blocks:        185.160.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6b:25:fa:ae:cb:c9:1e:e6:c6:71:32:22:b9:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jan  2 10:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23c1bf7a1fab569c76a191e93614225e53d44b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:09:c4:c4:09:9c:f3:e5:2d:66:a8:fd:99:27:
                    85:45:f0:88:e3:2a:b7:bf:53:71:1e:48:18:b8:53:
                    ff:24:29:e7:12:fc:c3:fc:00:60:0f:79:10:b8:aa:
                    67:69:c7:f5:5e:1e:eb:a5:12:59:67:17:88:dc:0d:
                    13:ac:84:8e:07:19:84:15:6e:8f:3d:83:63:69:79:
                    6c:72:bf:33:06:92:b7:1f:df:67:40:02:c1:9a:79:
                    ac:c9:1e:5f:df:f3:43:c6:04:9b:5c:0e:87:53:b1:
                    94:90:a3:7e:11:42:21:19:21:1a:6d:87:13:55:a1:
                    65:af:7b:8f:b8:5f:44:cb:e8:58:23:15:59:1a:e8:
                    80:e7:36:71:f2:c5:93:5c:e5:1e:f0:54:f6:49:72:
                    a6:d0:cb:61:89:12:5d:5a:52:dc:26:7a:d3:bb:34:
                    d7:85:b8:7d:c7:97:86:ab:67:46:62:51:42:1e:4b:
                    7d:6c:13:35:dc:b4:8e:03:d9:c0:85:e8:d3:2b:94:
                    ba:fd:ae:28:cd:34:d1:05:f1:bd:ad:df:8a:f7:d4:
                    2e:2a:ce:e9:66:55:15:fb:54:e1:a7:6f:d6:23:c7:
                    fd:e6:ae:c5:45:2d:e1:98:c5:e5:67:31:18:3d:0f:
                    9b:2c:e0:2f:1b:6a:7b:ac:bb:3d:17:c5:ee:89:db:
                    27:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C1:BF:7A:1F:AB:56:9C:76:A1:91:E9:36:14:22:5E:53:D4:4B:82
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/I8G_eh-rVpx2oZHpNhQiXlPUS4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:f6:e0:3b:c3:3b:47:76:02:dd:52:ed:01:24:13:7a:9e:55:
         91:4a:3a:07:48:ef:c9:bb:69:c3:18:00:ce:14:14:20:e1:3e:
         13:4f:3d:56:37:fa:a8:a7:af:d4:f9:40:5f:4a:90:50:55:38:
         73:ce:ca:55:c1:69:87:16:50:3b:bd:79:c7:c0:ab:66:ef:0b:
         bd:bd:63:4c:7d:4e:0c:b0:8e:8c:ba:58:bb:49:6f:f8:81:91:
         b4:12:90:67:9f:8a:72:08:11:67:f1:11:91:5e:37:7f:e2:29:
         b1:4e:fa:e6:a7:f3:91:63:ba:b7:9a:a0:0f:8d:b9:7d:c2:80:
         af:8c:90:da:13:a4:11:68:cc:97:f3:2e:e1:a2:98:f0:5c:03:
         f8:34:d3:51:ce:e5:92:78:77:87:d2:69:54:44:95:88:a2:35:
         5a:b4:2e:b6:21:f3:ab:e2:9a:78:d5:b8:91:fa:d7:fa:10:b5:
         d1:b1:7b:bc:1b:17:71:7f:c3:aa:39:f1:94:c7:e3:45:44:40:
         75:4f:04:28:20:ae:88:22:0e:c7:00:bb:c1:8c:58:0f:50:67:
         0c:34:14:47:ec:35:26:3c:b4:4f:ba:9b:f8:69:5e:af:c2:36:
         5d:bc:f2:68:d7:be:90:dd:ad:7a:95:2e:6f:3e:54:2d:b8:5f:
         a9:3d:4d:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGsl+q7LyR7mxnEyIrmnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwMTAyMTAzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2MxYmY3YTFmYWI1NjljNzZhMTkxZTkzNjE0MjI1ZTUzZDQ0YjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QnExAmc8+UtZqj9mSeFRfCI4yq3
v1NxHkgYuFP/JCnnEvzD/ABgD3kQuKpnacf1Xh7rpRJZZxeI3A0TrISOBxmEFW6P
PYNjaXlscr8zBpK3H99nQALBmnmsyR5f3/NDxgSbXA6HU7GUkKN+EUIhGSEabYcT
VaFlr3uPuF9Ey+hYIxVZGuiA5zZx8sWTXOUe8FT2SXKm0MthiRJdWlLcJnrTuzTX
hbh9x5eGq2dGYlFCHkt9bBM13LSOA9nAhejTK5S6/a4ozTTRBfG9rd+K99QuKs7p
ZlUV+1Thp2/WI8f95q7FRS3hmMXlZzEYPQ+bLOAvG2p7rLs9F8XuidsnYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPBv3ofq1acdqGR6TYUIl5T1EuCMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvSThHX2VoLXJWcHgyb1pIcE5oUWlYbFBVUzRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDAMA0G
CSqGSIb3DQEBCwUAA4IBAQCF9uA7wztHdgLdUu0BJBN6nlWRSjoHSO/Ju2nDGADO
FBQg4T4TTz1WN/qop6/U+UBfSpBQVThzzspVwWmHFlA7vXnHwKtm7wu9vWNMfU4M
sI6Muli7SW/4gZG0EpBnn4pyCBFn8RGRXjd/4imxTvrmp/ORY7q3mqAPjbl9woCv
jJDaE6QRaMyX8y7hopjwXAP4NNNRzuWSeHeH0mlURJWIojVatC62IfOr4pp41biR
+tf6ELXRsXu8Gxdxf8OqOfGUx+NFREB1TwQoIK6IIg7HALvBjFgPUGcMNBRH7DUm
PLRPupv4aV6vwjZdvPJo176Q3a16lS5vPlQtuF+pPU3J
-----END CERTIFICATE-----