Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/89bb71-3fe9-42d2-a73b-13ae98aa7d33/1/iv1X5_oDya1PShhaqe7eVpxAedQ.roa
File:                     iv1X5_oDya1PShhaqe7eVpxAedQ.roa (raw, json)
Hash identifier:          WFFNaEIdoqyKNntAnMIeqd6urftS0Xj65824vTaquVU=
Subject key identifier:   8A:FD:57:E7:FA:03:C9:AD:4F:4A:18:5A:A9:EE:DE:56:9C:40:79:D4
Certificate issuer:       /CN=8b8801543812040477d4744229466c8537d45171
Certificate serial:       018CC8DF8DC51C7B2DC09C3301D60B633E25
Authority key identifier: 8B:88:01:54:38:12:04:04:77:D4:74:42:29:46:6C:85:37:D4:51:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4gBVDgSBAR31HRCKUZshTfUUXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/89bb71-3fe9-42d2-a73b-13ae98aa7d33/1/iv1X5_oDya1PShhaqe7eVpxAedQ.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212885
IP address blocks:        193.163.122.0/24 maxlen: 24
                          193.163.122.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/89bb71-3fe9-42d2-a73b-13ae98aa7d33/1/i4gBVDgSBAR31HRCKUZshTfUUXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/89bb71-3fe9-42d2-a73b-13ae98aa7d33/1/i4gBVDgSBAR31HRCKUZshTfUUXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4gBVDgSBAR31HRCKUZshTfUUXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8d:c5:1c:7b:2d:c0:9c:33:01:d6:0b:63:3e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b8801543812040477d4744229466c8537d45171
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8afd57e7fa03c9ad4f4a185aa9eede569c4079d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5e:a6:89:e0:01:5b:f4:02:f2:ce:30:c3:a2:
                    53:c8:2f:83:1f:ff:e1:ac:8f:f5:6e:fd:d5:df:09:
                    ff:c5:75:4f:87:17:63:2f:fb:e5:2e:e0:16:f2:d1:
                    d4:52:ee:43:32:f9:f9:89:60:ef:8d:a2:67:f3:2e:
                    a8:09:86:73:dd:fa:16:d0:6a:9a:0f:a8:6a:1c:cc:
                    7b:9c:1f:23:bb:89:cd:4d:61:9a:ca:a1:f7:a5:78:
                    2f:81:35:04:c9:dd:db:ec:87:10:62:4e:81:ad:f3:
                    8c:c6:18:71:cc:73:c4:ee:60:ee:90:ca:7e:b9:07:
                    72:32:4c:09:c3:5b:65:43:61:8c:12:aa:3c:f3:a6:
                    ae:e6:ed:3b:82:62:ba:63:75:98:dd:ec:ea:10:f3:
                    d7:b2:99:1b:22:80:9c:bf:13:35:42:5e:a9:c9:c8:
                    65:c9:c2:cd:98:3a:1d:59:a2:94:36:24:0a:40:9a:
                    67:39:77:46:dd:a8:08:2d:f5:63:11:03:64:62:d2:
                    a4:8d:00:58:84:cc:2b:81:ed:a1:b2:18:d9:1f:c2:
                    c7:e9:9b:35:91:c2:26:49:cb:4c:13:4d:d0:de:45:
                    73:3c:3e:21:87:b7:c8:f5:4f:22:0a:ab:dd:e0:5a:
                    d8:f2:59:39:18:29:1d:a5:87:0f:28:6b:24:f8:73:
                    0d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:FD:57:E7:FA:03:C9:AD:4F:4A:18:5A:A9:EE:DE:56:9C:40:79:D4
            X509v3 Authority Key Identifier:
                keyid:8B:88:01:54:38:12:04:04:77:D4:74:42:29:46:6C:85:37:D4:51:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4gBVDgSBAR31HRCKUZshTfUUXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/89bb71-3fe9-42d2-a73b-13ae98aa7d33/1/iv1X5_oDya1PShhaqe7eVpxAedQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/89bb71-3fe9-42d2-a73b-13ae98aa7d33/1/i4gBVDgSBAR31HRCKUZshTfUUXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:cd:f0:8b:06:28:af:65:e4:0c:cc:db:79:69:b9:8c:82:08:
         db:e2:12:80:f7:18:24:a6:fd:27:27:e8:7e:fa:89:12:ab:7c:
         18:d0:c8:f6:01:36:64:52:c4:aa:fa:6f:71:09:97:df:2d:65:
         00:73:26:46:c1:34:08:3c:00:a6:cd:78:a0:cd:7a:cf:ff:0a:
         95:08:e2:21:30:5c:cd:6c:78:7a:37:ef:13:0a:d6:c0:bd:e1:
         6b:ef:d2:81:dc:a9:6b:38:36:e7:c2:1f:4a:2a:03:a6:27:47:
         0c:1f:14:01:f8:59:6e:d5:fe:69:a2:cc:0e:9c:c4:b3:d8:62:
         9f:db:08:d3:e7:cb:65:0b:2a:b9:f5:fb:f7:2b:0d:2d:35:31:
         44:0a:1e:0c:d8:5e:0b:2b:14:f0:f6:44:30:47:13:64:67:31:
         b0:af:c0:8f:ee:83:a6:f7:57:33:3f:2b:a9:e0:df:b5:a4:88:
         bb:da:29:fc:77:c9:e3:ea:ff:57:ea:5a:27:ab:66:6f:1f:cd:
         2d:24:6f:77:76:ed:7d:4d:a8:2f:b1:07:e0:e5:eb:f8:81:a3:
         16:67:ca:c1:e1:79:a6:b9:30:7d:51:ca:5a:2f:b1:e0:23:64:
         22:ae:90:60:23:1a:c9:40:b4:ea:7b:49:eb:a4:5d:4d:e2:b1:
         6d:dc:9c:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI343FHHstwJwzAdYLYz4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODgwMTU0MzgxMjA0MDQ3N2Q0NzQ0MjI5NDY2Yzg1Mzdk
NDUxNzEwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWZkNTdlN2ZhMDNjOWFkNGY0YTE4NWFhOWVlZGU1NjljNDA3OWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul6mieABW/QC8s4ww6JTyC+DH//h
rI/1bv3V3wn/xXVPhxdjL/vlLuAW8tHUUu5DMvn5iWDvjaJn8y6oCYZz3foW0Gqa
D6hqHMx7nB8ju4nNTWGayqH3pXgvgTUEyd3b7IcQYk6BrfOMxhhxzHPE7mDukMp+
uQdyMkwJw1tlQ2GMEqo886au5u07gmK6Y3WY3ezqEPPXspkbIoCcvxM1Ql6pychl
ycLNmDodWaKUNiQKQJpnOXdG3agILfVjEQNkYtKkjQBYhMwrge2hshjZH8LH6Zs1
kcImSctME03Q3kVzPD4hh7fI9U8iCqvd4FrY8lk5GCkdpYcPKGsk+HMNYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIr9V+f6A8mtT0oYWqnu3lacQHnUMB8GA1UdIwQY
MBaAFIuIAVQ4EgQEd9R0QilGbIU31FFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRnQlZEZ1NCQVIzMUhSQ0tVWnNoVGZVVVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS84OWJiNzEtM2ZlOS00MmQyLWE3M2It
MTNhZTk4YWE3ZDMzLzEvaXYxWDVfb0R5YTFQU2hoYXFlN2VWcHhBZWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS84OWJiNzEtM2ZlOS00MmQyLWE3M2ItMTNhZTk4YWE3ZDMz
LzEvaTRnQlZEZ1NCQVIzMUhSQ0tVWnNoVGZVVVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwaN6MA0G
CSqGSIb3DQEBCwUAA4IBAQA8zfCLBiivZeQMzNt5abmMggjb4hKA9xgkpv0nJ+h+
+okSq3wY0Mj2ATZkUsSq+m9xCZffLWUAcyZGwTQIPACmzXigzXrP/wqVCOIhMFzN
bHh6N+8TCtbAveFr79KB3KlrODbnwh9KKgOmJ0cMHxQB+Flu1f5poswOnMSz2GKf
2wjT58tlCyq59fv3Kw0tNTFECh4M2F4LKxTw9kQwRxNkZzGwr8CP7oOm91czPyup
4N+1pIi72in8d8nj6v9X6lonq2ZvH80tJG93du19TagvsQfg5ev4gaMWZ8rB4Xmm
uTB9UcpaL7HgI2QirpBgIxrJQLTqe0nrpF1N4rFt3JxT
-----END CERTIFICATE-----