Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/IqcwUeOGcAnS-tBgjkUM-XNO3is.roa
File:                     IqcwUeOGcAnS-tBgjkUM-XNO3is.roa (raw, json)
Hash identifier:          wn0T7F5N0/+0KEuMUe6YilItigsuYUK7JvlaTh+yZLw=
Subject key identifier:   22:A7:30:51:E3:86:70:09:D2:FA:D0:60:8E:45:0C:F9:73:4E:DE:2B
Certificate issuer:       /CN=6283b6d1d86102e9edf2abddaa7c9347aac717c7
Certificate serial:       01942067EF5F7989AA270A7195322718F4F2
Authority key identifier: 62:83:B6:D1:D8:61:02:E9:ED:F2:AB:DD:AA:7C:93:47:AA:C7:17:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/IqcwUeOGcAnS-tBgjkUM-XNO3is.roa
Signing time:             Wed 01 Jan 2025 05:47:49 +0000
ROA not before:           Wed 01 Jan 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209555
IP address blocks:        188.116.58.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ef:5f:79:89:aa:27:0a:71:95:32:27:18:f4:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6283b6d1d86102e9edf2abddaa7c9347aac717c7
        Validity
            Not Before: Jan  1 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22a73051e3867009d2fad0608e450cf9734ede2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3d:7f:85:16:c1:b0:8f:19:e4:e8:d3:70:c4:
                    2b:6e:0f:e1:70:8f:e9:cd:2b:80:75:06:59:36:f5:
                    b8:08:3e:4d:ab:7f:b5:fc:4f:32:81:0e:0b:f6:8f:
                    a3:9c:4b:65:b6:a6:21:53:68:c3:cd:24:e9:af:72:
                    f9:22:c2:ed:6f:51:bb:18:52:8a:b8:cc:93:86:0b:
                    65:c1:3a:97:42:4f:c1:ac:ed:11:11:f2:fc:cc:07:
                    0a:02:83:2f:4d:c7:56:f0:f1:40:55:54:45:b3:91:
                    de:96:03:37:c6:d8:0b:53:8a:f5:a8:60:2f:09:91:
                    85:59:7b:c1:11:96:14:9a:96:67:cd:b4:58:60:a9:
                    81:1e:fb:56:bd:df:5c:f9:17:79:c2:c7:fa:09:cd:
                    74:d0:ca:e2:36:fe:10:5d:c5:3f:f5:4a:ba:a5:35:
                    a7:ae:c3:b9:f3:e5:e2:86:7d:d3:5d:62:ab:9b:36:
                    da:63:1b:a3:0b:fb:07:e8:ca:93:c5:d0:3b:42:95:
                    21:3d:eb:2a:e5:9e:70:c1:6c:67:9d:2d:84:3b:b1:
                    e4:e4:33:bd:b9:d2:46:8a:2b:1d:e3:c8:e3:ad:a2:
                    bb:17:16:6d:0b:c5:81:6c:63:fe:ec:c5:c2:68:8c:
                    cd:0f:bb:68:0c:67:3f:6c:b0:09:77:a2:de:58:a5:
                    c9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A7:30:51:E3:86:70:09:D2:FA:D0:60:8E:45:0C:F9:73:4E:DE:2B
            X509v3 Authority Key Identifier:
                keyid:62:83:B6:D1:D8:61:02:E9:ED:F2:AB:DD:AA:7C:93:47:AA:C7:17:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/IqcwUeOGcAnS-tBgjkUM-XNO3is.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.116.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:55:85:f4:43:fc:79:ec:b0:6d:ca:85:7c:31:6f:7f:16:94:
         76:41:de:22:e3:17:58:5f:8d:56:a8:ca:b4:81:7d:9a:32:0a:
         ad:c0:45:72:22:7f:e1:80:56:32:c0:75:6d:9a:87:c1:e5:a0:
         23:63:6d:d0:2e:54:1b:4c:6c:3f:30:e7:ad:f7:b1:06:c7:f0:
         6f:f1:6f:3a:d2:cc:a6:1a:c5:d3:3e:34:40:c6:1d:aa:c0:14:
         bc:01:21:df:08:3a:15:08:20:02:06:9a:92:c3:20:fa:ac:e0:
         f8:46:b4:63:87:00:62:be:19:f6:0c:43:49:b7:d0:8e:1e:c3:
         69:b9:34:3d:98:54:9a:ac:e2:03:0c:81:8a:53:f0:1d:15:69:
         42:91:c3:43:de:35:76:78:30:d7:57:6e:c0:b1:60:0c:fb:50:
         53:ff:dd:32:19:fe:72:5a:95:92:b9:0e:80:9f:b1:7a:d5:c3:
         a3:3b:37:9c:6d:75:eb:1a:14:3e:d9:6d:ae:bc:2e:95:e4:1e:
         c4:8e:98:87:02:c7:c7:44:5d:6f:d2:ea:73:e6:f9:67:01:95:
         63:40:8d:49:79:dd:72:89:8f:4f:32:9a:a4:1b:a5:a1:1f:f9:
         20:9e:b4:ee:f6:5e:6f:00:12:22:15:23:82:13:56:c4:04:ec:
         01:74:07:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+9feYmqJwpxlTInGPTyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyODNiNmQxZDg2MTAyZTllZGYyYWJkZGFhN2M5MzQ3YWFj
NzE3YzcwHhcNMjUwMTAxMDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmE3MzA1MWUzODY3MDA5ZDJmYWQwNjA4ZTQ1MGNmOTczNGVkZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD1/hRbBsI8Z5OjTcMQrbg/hcI/p
zSuAdQZZNvW4CD5Nq3+1/E8ygQ4L9o+jnEtltqYhU2jDzSTpr3L5IsLtb1G7GFKK
uMyThgtlwTqXQk/BrO0REfL8zAcKAoMvTcdW8PFAVVRFs5HelgM3xtgLU4r1qGAv
CZGFWXvBEZYUmpZnzbRYYKmBHvtWvd9c+Rd5wsf6Cc100MriNv4QXcU/9Uq6pTWn
rsO58+Xihn3TXWKrmzbaYxujC/sH6MqTxdA7QpUhPesq5Z5wwWxnnS2EO7Hk5DO9
udJGiisd48jjraK7FxZtC8WBbGP+7MXCaIzND7toDGc/bLAJd6LeWKXJCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKnMFHjhnAJ0vrQYI5FDPlzTt4rMB8GA1UdIwQY
MBaAFGKDttHYYQLp7fKr3ap8k0eqxxfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW9PMjBkaGhBdW50OHF2ZHFueVRSNnJIRjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iZDQzMTctYjllZi00YjIzLTgwYWQt
OTE0ZTQ4ODFlZWE4LzEvSXFjd1VlT0djQW5TLXRCZ2prVU0tWE5PM2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iZDQzMTctYjllZi00YjIzLTgwYWQtOTE0ZTQ4ODFlZWE4
LzEvWW9PMjBkaGhBdW50OHF2ZHFueVRSNnJIRjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvHQ6MA0G
CSqGSIb3DQEBCwUAA4IBAQASVYX0Q/x57LBtyoV8MW9/FpR2Qd4i4xdYX41WqMq0
gX2aMgqtwEVyIn/hgFYywHVtmofB5aAjY23QLlQbTGw/MOet97EGx/Bv8W860sym
GsXTPjRAxh2qwBS8ASHfCDoVCCACBpqSwyD6rOD4RrRjhwBivhn2DENJt9COHsNp
uTQ9mFSarOIDDIGKU/AdFWlCkcND3jV2eDDXV27AsWAM+1BT/90yGf5yWpWSuQ6A
n7F61cOjOzecbXXrGhQ+2W2uvC6V5B7EjpiHAsfHRF1v0upz5vlnAZVjQI1Jed1y
iY9PMpqkG6WhH/kgnrTu9l5vABIiFSOCE1bEBOwBdAeJ
-----END CERTIFICATE-----