Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/IuAyeBKxDgoEvS9cMlV0trydcBM.roa
File:                     IuAyeBKxDgoEvS9cMlV0trydcBM.roa (raw, json)
Hash identifier:          GK843I0vIM9FnU8wxTd9s810cKx8FSQsgzBrqJ4x/OU=
Subject key identifier:   22:E0:32:78:12:B1:0E:0A:04:BD:2F:5C:32:55:74:B6:BC:9D:70:13
Certificate issuer:       /CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
Certificate serial:       018CC727705346A5AB86557131547D520ED9
Authority key identifier: 1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/IuAyeBKxDgoEvS9cMlV0trydcBM.roa
Signing time:             Mon 01 Jan 2024 22:31:39 +0000
ROA not before:           Mon 01 Jan 2024 22:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142113
IP address blocks:        185.48.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 22:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:70:53:46:a5:ab:86:55:71:31:54:7d:52:0e:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b982883e1dfbf4633e08c0b58c85e89ffc32101
        Validity
            Not Before: Jan  1 22:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22e0327812b10e0a04bd2f5c325574b6bc9d7013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:82:87:31:f2:3b:ef:2f:d4:2a:16:8a:99:10:
                    9a:16:13:43:a4:f1:8b:af:1d:a8:fb:ed:1c:a0:a0:
                    7b:d0:e6:ce:05:e4:30:2b:f9:db:9b:25:9b:c7:f9:
                    70:3b:e3:0b:02:cb:80:08:19:d3:5c:cd:c5:7f:a2:
                    3b:0c:08:a5:22:aa:61:88:68:d9:c2:f5:c4:78:4a:
                    22:b0:b6:94:3f:60:87:d2:db:f5:9e:0d:e0:77:1c:
                    2f:59:65:6a:de:88:c3:a8:32:ca:2a:c7:10:01:eb:
                    bd:06:43:e6:43:dd:26:22:f5:80:85:ad:d3:37:5e:
                    db:f8:b6:cd:11:f2:12:60:36:aa:6f:be:9a:91:5d:
                    3d:75:7c:3e:f8:f5:57:cd:84:af:8c:2c:be:0a:fe:
                    6b:ee:d9:99:41:02:56:04:3d:3c:99:bf:34:69:7e:
                    ce:79:9c:ed:80:b9:39:cc:d0:fc:4f:d5:b4:cd:5d:
                    5c:bc:07:b6:db:94:be:75:cd:1d:af:06:6f:60:97:
                    49:68:42:e3:2e:0d:6c:6f:0c:8e:01:c7:a0:82:a1:
                    e2:07:cb:32:3b:14:17:f9:68:0a:76:11:fc:80:11:
                    86:ae:4b:f6:6e:d4:93:21:69:7c:87:d6:ab:f2:3a:
                    a0:9d:bc:73:28:84:5b:7f:d6:32:84:a4:6f:d1:af:
                    1b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E0:32:78:12:B1:0E:0A:04:BD:2F:5C:32:55:74:B6:BC:9D:70:13
            X509v3 Authority Key Identifier:
                keyid:1B:98:28:83:E1:DF:BF:46:33:E0:8C:0B:58:C8:5E:89:FF:C3:21:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G5gog-Hfv0Yz4IwLWMheif_DIQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/IuAyeBKxDgoEvS9cMlV0trydcBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57860a-dd5e-46e8-9ecb-d078eec82b2a/1/G5gog-Hfv0Yz4IwLWMheif_DIQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:bf:23:29:bf:f0:53:f8:48:6e:c5:f2:e3:96:1b:d0:c4:10:
         30:cd:11:93:2a:1f:93:c3:31:ae:7c:e5:bf:c3:b4:cd:a9:d1:
         a9:65:1c:81:4c:00:31:09:14:2b:88:e7:58:0f:a9:c6:43:b4:
         7c:9f:fc:2f:dd:4b:fa:cb:9e:3c:09:f1:fb:80:34:a1:35:4b:
         5f:97:8e:d7:55:79:a7:f3:02:70:93:7c:7b:ab:61:1c:14:60:
         b1:3e:4e:8e:7f:7c:e2:c9:5f:bd:7e:b6:48:a1:57:fa:9a:b9:
         4b:97:11:cb:30:ee:e4:dd:31:a5:c2:d2:8a:d7:b6:4a:c1:da:
         67:62:79:12:4c:b8:76:c5:db:f3:c5:d6:00:63:59:c6:82:6d:
         78:79:11:22:f8:29:a9:83:e8:f0:36:d6:4e:0a:dc:c0:51:8d:
         ca:47:ee:12:ac:ce:3f:1d:1d:a4:11:e6:ea:3e:86:27:90:4f:
         62:f0:8e:79:f8:ab:64:b1:12:cc:a3:44:16:64:36:c1:1d:ce:
         e5:3c:5c:46:9e:84:79:c0:ed:70:b2:a1:14:92:30:df:23:83:
         47:58:fb:00:b8:51:8c:6a:35:1a:2a:bf:3d:c9:41:aa:89:dc:
         8a:d7:fa:64:37:aa:f9:67:db:32:5d:1c:b4:9e:f3:65:78:bd:
         28:94:46:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3BTRqWrhlVxMVR9Ug7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOTgyODgzZTFkZmJmNDYzM2UwOGMwYjU4Yzg1ZTg5ZmZj
MzIxMDEwHhcNMjQwMTAxMjIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmUwMzI3ODEyYjEwZTBhMDRiZDJmNWMzMjU1NzRiNmJjOWQ3MDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14KHMfI77y/UKhaKmRCaFhNDpPGL
rx2o++0coKB70ObOBeQwK/nbmyWbx/lwO+MLAsuACBnTXM3Ff6I7DAilIqphiGjZ
wvXEeEoisLaUP2CH0tv1ng3gdxwvWWVq3ojDqDLKKscQAeu9BkPmQ90mIvWAha3T
N17b+LbNEfISYDaqb76akV09dXw++PVXzYSvjCy+Cv5r7tmZQQJWBD08mb80aX7O
eZztgLk5zND8T9W0zV1cvAe225S+dc0drwZvYJdJaELjLg1sbwyOAceggqHiB8sy
OxQX+WgKdhH8gBGGrkv2btSTIWl8h9ar8jqgnbxzKIRbf9YyhKRv0a8bHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLgMngSsQ4KBL0vXDJVdLa8nXATMB8GA1UdIwQY
MBaAFBuYKIPh379GM+CMC1jIXon/wyEBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2It
ZDA3OGVlYzgyYjJhLzEvSXVBeWVCS3hEZ29FdlM5Y01sVjB0cnlkY0JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81Nzg2MGEtZGQ1ZS00NmU4LTllY2ItZDA3OGVlYzgyYjJh
LzEvRzVnb2ctSGZ2MFl6NEl3TFdNaGVpZl9ESVFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTD7MA0G
CSqGSIb3DQEBCwUAA4IBAQABvyMpv/BT+EhuxfLjlhvQxBAwzRGTKh+TwzGufOW/
w7TNqdGpZRyBTAAxCRQriOdYD6nGQ7R8n/wv3Uv6y548CfH7gDShNUtfl47XVXmn
8wJwk3x7q2EcFGCxPk6Of3ziyV+9frZIoVf6mrlLlxHLMO7k3TGlwtKK17ZKwdpn
YnkSTLh2xdvzxdYAY1nGgm14eREi+Cmpg+jwNtZOCtzAUY3KR+4SrM4/HR2kEebq
PoYnkE9i8I55+KtksRLMo0QWZDbBHc7lPFxGnoR5wO1wsqEUkjDfI4NHWPsAuFGM
ajUaKr89yUGqidyK1/pkN6r5Z9syXRy0nvNleL0olEaJ
-----END CERTIFICATE-----