Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/Ij5GiqnT_BJJX8cGzLaDcWGn7kw.roa
File:                     Ij5GiqnT_BJJX8cGzLaDcWGn7kw.roa (raw, json)
Hash identifier:          KDig2vEVv3uYgo9Luq8md+9oQ6Eq5ChQakJTJauFIWc=
Subject key identifier:   22:3E:46:8A:A9:D3:FC:12:49:5F:C7:06:CC:B6:83:71:61:A7:EE:4C
Certificate issuer:       /CN=788f5b210f3c3eb42065960e85d061e9d9d63ab8
Certificate serial:       018CC348D09C1C09C5A0C782B195A342C86D
Authority key identifier: 78:8F:5B:21:0F:3C:3E:B4:20:65:96:0E:85:D0:61:E9:D9:D6:3A:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eI9bIQ88PrQgZZYOhdBh6dnWOrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/Ij5GiqnT_BJJX8cGzLaDcWGn7kw.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60195
IP address blocks:        185.238.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/eI9bIQ88PrQgZZYOhdBh6dnWOrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/eI9bIQ88PrQgZZYOhdBh6dnWOrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eI9bIQ88PrQgZZYOhdBh6dnWOrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d0:9c:1c:09:c5:a0:c7:82:b1:95:a3:42:c8:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=788f5b210f3c3eb42065960e85d061e9d9d63ab8
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=223e468aa9d3fc12495fc706ccb6837161a7ee4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:06:1f:b2:de:2f:15:9a:ce:da:3b:61:54:b8:
                    24:a5:88:5f:0c:a3:e5:79:66:42:8f:f1:d2:cb:9b:
                    b6:86:9a:30:72:96:35:d5:19:4e:29:b0:89:ed:b5:
                    93:64:4d:36:92:b0:47:60:ea:79:f4:8c:3c:9b:e9:
                    18:5d:43:3b:a4:7a:77:b5:da:12:21:ae:9a:97:b9:
                    20:2d:47:de:48:e7:45:f5:ed:c1:93:b6:29:c7:29:
                    f3:d9:2e:96:02:42:4f:5e:cb:2f:c5:7d:00:77:ea:
                    ef:28:b0:29:9c:df:d3:62:bf:d8:d4:41:75:93:25:
                    1a:18:b2:de:32:cb:1c:91:00:04:dc:f7:9e:cc:04:
                    c0:20:72:af:b1:b0:8a:d3:74:5e:84:70:ef:c7:3f:
                    a5:4f:63:75:cc:d2:9d:3e:03:ba:d3:fc:ee:b1:12:
                    3b:3d:36:e7:95:13:e3:05:4f:e5:ce:34:76:2a:09:
                    0e:df:d4:40:4d:0d:8e:05:ab:c7:7f:1e:b9:57:ca:
                    c2:0e:55:1b:99:43:4e:36:ba:2a:01:60:00:7b:b3:
                    53:52:4d:9a:08:56:1a:33:b7:92:57:5b:15:a2:0f:
                    d0:4a:24:75:83:c8:20:20:6c:a1:0d:78:99:af:33:
                    ac:66:37:0f:46:38:d7:e1:53:7c:86:a2:60:af:32:
                    1c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:3E:46:8A:A9:D3:FC:12:49:5F:C7:06:CC:B6:83:71:61:A7:EE:4C
            X509v3 Authority Key Identifier:
                keyid:78:8F:5B:21:0F:3C:3E:B4:20:65:96:0E:85:D0:61:E9:D9:D6:3A:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eI9bIQ88PrQgZZYOhdBh6dnWOrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/Ij5GiqnT_BJJX8cGzLaDcWGn7kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/e100b5-6f0a-4fe9-befb-c4acb8969c49/1/eI9bIQ88PrQgZZYOhdBh6dnWOrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:40:c5:df:6f:9c:5e:ec:81:1b:7f:36:d6:00:e3:e2:97:ac:
         eb:95:b1:25:40:8a:40:dd:23:72:cd:c0:21:58:99:0f:bc:5b:
         a9:da:9e:e9:08:ac:85:16:23:d9:0e:39:2c:0e:e8:61:93:c4:
         1a:10:50:6c:ac:f0:70:81:86:cd:37:db:85:2a:1e:41:73:c8:
         12:f9:87:65:54:d3:86:5e:48:63:cc:72:2c:48:f2:4a:b6:07:
         f5:4e:30:a3:bd:d6:f4:59:b1:f9:9c:9c:d5:e1:0c:b2:3e:68:
         a7:bc:28:45:c3:2f:f6:7c:62:22:d3:a8:c9:b1:22:1e:b8:dd:
         17:b3:95:0b:33:ab:96:6e:77:dd:93:dd:57:84:14:5c:a6:e8:
         e5:b9:d7:64:b2:f3:aa:98:e4:4d:db:b7:af:0e:37:56:71:fa:
         79:5a:ee:9d:40:1b:41:61:b2:2f:35:c2:64:d0:0b:df:d7:c3:
         b3:a8:e5:0d:87:f1:2f:e9:69:73:a9:8b:95:2e:ba:53:cb:9e:
         9c:2e:dd:69:bc:68:67:f9:f1:13:e4:ac:ea:47:d5:80:e7:4a:
         79:e8:f4:c2:39:3e:ab:10:63:7d:89:ca:fd:12:dc:38:37:ba:
         72:ab:2a:8f:b0:6c:de:9f:fe:ab:56:fc:ef:8d:65:fd:53:b5:
         e6:df:21:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNCcHAnFoMeCsZWjQshtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4OGY1YjIxMGYzYzNlYjQyMDY1OTYwZTg1ZDA2MWU5ZDlk
NjNhYjgwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjNlNDY4YWE5ZDNmYzEyNDk1ZmM3MDZjY2I2ODM3MTYxYTdlZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQYfst4vFZrO2jthVLgkpYhfDKPl
eWZCj/HSy5u2hpowcpY11RlOKbCJ7bWTZE02krBHYOp59Iw8m+kYXUM7pHp3tdoS
Ia6al7kgLUfeSOdF9e3Bk7Ypxynz2S6WAkJPXssvxX0Ad+rvKLApnN/TYr/Y1EF1
kyUaGLLeMssckQAE3PeezATAIHKvsbCK03RehHDvxz+lT2N1zNKdPgO60/zusRI7
PTbnlRPjBU/lzjR2KgkO39RATQ2OBavHfx65V8rCDlUbmUNONroqAWAAe7NTUk2a
CFYaM7eSV1sVog/QSiR1g8ggIGyhDXiZrzOsZjcPRjjX4VN8hqJgrzIcowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCI+Roqp0/wSSV/HBsy2g3Fhp+5MMB8GA1UdIwQY
MBaAFHiPWyEPPD60IGWWDoXQYenZ1jq4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUk5YklRODhQclFnWlpZT2hkQmg2ZG5XT3JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9lMTAwYjUtNmYwYS00ZmU5LWJlZmIt
YzRhY2I4OTY5YzQ5LzEvSWo1R2lxblRfQkpKWDhjR3pMYURjV0duN2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9lMTAwYjUtNmYwYS00ZmU5LWJlZmItYzRhY2I4OTY5YzQ5
LzEvZUk5YklRODhQclFnWlpZT2hkQmg2ZG5XT3JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue49MA0G
CSqGSIb3DQEBCwUAA4IBAQAXQMXfb5xe7IEbfzbWAOPil6zrlbElQIpA3SNyzcAh
WJkPvFup2p7pCKyFFiPZDjksDuhhk8QaEFBsrPBwgYbNN9uFKh5Bc8gS+YdlVNOG
XkhjzHIsSPJKtgf1TjCjvdb0WbH5nJzV4QyyPminvChFwy/2fGIi06jJsSIeuN0X
s5ULM6uWbnfdk91XhBRcpujluddksvOqmORN27evDjdWcfp5Wu6dQBtBYbIvNcJk
0Avf18OzqOUNh/Ev6WlzqYuVLrpTy56cLt1pvGhn+fET5KzqR9WA50p56PTCOT6r
EGN9icr9Etw4N7pyqyqPsGzen/6rVvzvjWX9U7Xm3yFc
-----END CERTIFICATE-----