Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/iVHyYw7p97BcaTeMHE9oFUn1tIc.roa
File:                     iVHyYw7p97BcaTeMHE9oFUn1tIc.roa (raw, json)
Hash identifier:          Xhb/OxeEjJjsfyRf/kLIvvX/xYF0kvj0ybKvGg2xPDQ=
Subject key identifier:   89:51:F2:63:0E:E9:F7:B0:5C:69:37:8C:1C:4F:68:15:49:F5:B4:87
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       018CCA29BA989CBEA8BB1BDBC5673506DB4D
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/iVHyYw7p97BcaTeMHE9oFUn1tIc.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        194.187.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ba:98:9c:be:a8:bb:1b:db:c5:67:35:06:db:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8951f2630ee9f7b05c69378c1c4f681549f5b487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4e:17:81:8f:92:84:10:47:f2:82:1e:c5:44:
                    ae:72:17:23:a8:e6:16:be:af:b4:05:6f:27:fe:00:
                    75:f5:7e:5a:f9:3b:df:a9:19:cd:3c:a4:5f:91:5b:
                    5a:86:f9:43:59:3e:1c:89:15:bc:4f:8f:44:1e:27:
                    a8:7d:a4:63:39:8d:b1:35:da:4e:d1:20:41:1f:0f:
                    b2:9e:16:e5:ae:e7:44:86:bd:fa:35:e3:7e:cc:5f:
                    63:f7:70:cd:0c:37:47:c5:1b:6f:cf:c8:ac:fb:24:
                    c5:f1:3f:76:eb:c3:9f:7e:7c:f3:7f:11:e5:e7:6a:
                    d2:54:54:21:62:1f:1f:af:b7:04:44:14:27:8b:e2:
                    c6:5e:15:f6:db:2b:81:f2:9b:5e:a8:9d:62:c3:1f:
                    73:ef:82:85:46:fe:2b:19:dd:56:b3:1c:0a:a6:4f:
                    d6:db:03:6d:b9:05:af:30:2d:d4:18:ed:da:7c:a0:
                    95:d7:25:ff:1b:f6:0b:4e:0e:35:e6:29:80:37:c1:
                    26:74:b6:8b:ce:1a:38:a7:f9:ed:5e:19:19:cd:57:
                    6b:9c:92:68:79:5e:e1:7c:7e:a8:44:7e:01:7d:20:
                    b1:8a:1b:a8:b6:59:d6:b6:58:9e:de:97:91:e5:cb:
                    75:69:43:03:85:8c:e1:c6:8c:ac:f1:a7:3a:e7:e9:
                    f0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:51:F2:63:0E:E9:F7:B0:5C:69:37:8C:1C:4F:68:15:49:F5:B4:87
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/iVHyYw7p97BcaTeMHE9oFUn1tIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:d3:54:ee:cd:f6:79:13:fb:2a:4c:d8:08:bd:31:89:64:a4:
         72:3f:71:ad:b0:08:b6:a4:b1:39:0c:4e:74:d9:d3:00:23:16:
         b8:c2:06:0f:01:cf:6e:35:ec:ed:6d:0e:1c:b5:dc:5c:17:8b:
         96:fc:fe:c6:ef:2a:c7:79:68:99:dd:e2:13:74:c9:99:c1:59:
         0f:6d:ca:15:72:49:9b:d2:93:2b:c9:61:05:2b:55:e2:dc:6f:
         85:ba:cd:82:42:3e:86:0b:10:6f:50:32:bf:bb:57:ff:54:64:
         eb:cb:df:5b:06:e0:88:69:fb:00:69:55:84:8a:52:51:d8:a3:
         4c:6f:e9:1a:40:16:ab:36:2f:53:3c:5e:73:c2:3f:cf:01:e7:
         41:cf:bf:43:5e:29:20:a9:67:40:5a:ce:67:6a:8e:93:93:71:
         b3:db:ef:cb:f3:3d:9a:5e:a0:1d:43:75:8e:1e:1a:a2:75:e8:
         3e:ff:aa:70:7b:ba:17:c2:34:25:25:3a:10:db:34:14:d4:78:
         50:82:2a:0c:f0:37:df:e5:ee:e7:a4:be:1d:ef:56:02:f4:99:
         13:be:28:b9:a3:cc:41:76:38:17:0e:df:06:20:7b:52:ec:38:
         84:ac:db:3a:8d:0d:b3:02:af:26:d6:ef:6f:f3:97:a7:76:35:
         38:ae:fc:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKbqYnL6ouxvbxWc1BttNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTUxZjI2MzBlZTlmN2IwNWM2OTM3OGMxYzRmNjgxNTQ5ZjViNDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE4XgY+ShBBH8oIexUSuchcjqOYW
vq+0BW8n/gB19X5a+TvfqRnNPKRfkVtahvlDWT4ciRW8T49EHieofaRjOY2xNdpO
0SBBHw+ynhblrudEhr36NeN+zF9j93DNDDdHxRtvz8is+yTF8T9268OffnzzfxHl
52rSVFQhYh8fr7cERBQni+LGXhX22yuB8pteqJ1iwx9z74KFRv4rGd1WsxwKpk/W
2wNtuQWvMC3UGO3afKCV1yX/G/YLTg415imAN8EmdLaLzho4p/ntXhkZzVdrnJJo
eV7hfH6oRH4BfSCxihuotlnWtlie3peR5ct1aUMDhYzhxoys8ac65+nwaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlR8mMO6fewXGk3jBxPaBVJ9bSHMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvaVZIeVl3N3A5N0JjYVRlTUhFOW9GVW4xdEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrt1MA0G
CSqGSIb3DQEBCwUAA4IBAQCh01TuzfZ5E/sqTNgIvTGJZKRyP3GtsAi2pLE5DE50
2dMAIxa4wgYPAc9uNeztbQ4ctdxcF4uW/P7G7yrHeWiZ3eITdMmZwVkPbcoVckmb
0pMryWEFK1Xi3G+Fus2CQj6GCxBvUDK/u1f/VGTry99bBuCIafsAaVWEilJR2KNM
b+kaQBarNi9TPF5zwj/PAedBz79DXikgqWdAWs5nao6Tk3Gz2+/L8z2aXqAdQ3WO
Hhqideg+/6pwe7oXwjQlJToQ2zQU1HhQgioM8Dff5e7npL4d71YC9JkTvii5o8xB
djgXDt8GIHtS7DiErNs6jQ2zAq8m1u9v85endjU4rvxf
-----END CERTIFICATE-----