Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/738801-ddc6-4843-936c-20acc38bc8ff/1/I6cOxvWLb07GCM4aFQVP1Qg0wLU.roa
File:                     I6cOxvWLb07GCM4aFQVP1Qg0wLU.roa (raw, json)
Hash identifier:          iMv98ZWFgtid/zW2vh7dAOnyQfhnDh/gowvSSyT929I=
Subject key identifier:   23:A7:0E:C6:F5:8B:6F:4E:C6:08:CE:1A:15:05:4F:D5:08:34:C0:B5
Certificate issuer:       /CN=c55085005d0e449d3bafa31c5cb429ff89d2c4b7
Certificate serial:       018CC34946DD64418F90B476EE885B694F57
Authority key identifier: C5:50:85:00:5D:0E:44:9D:3B:AF:A3:1C:5C:B4:29:FF:89:D2:C4:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVCFAF0ORJ07r6McXLQp_4nSxLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/738801-ddc6-4843-936c-20acc38bc8ff/1/I6cOxvWLb07GCM4aFQVP1Qg0wLU.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44845
IP address blocks:        213.159.197.0/24 maxlen: 24
                          213.159.196.0/24 maxlen: 24
                          213.159.199.0/24 maxlen: 24
                          213.159.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/738801-ddc6-4843-936c-20acc38bc8ff/1/xVCFAF0ORJ07r6McXLQp_4nSxLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/738801-ddc6-4843-936c-20acc38bc8ff/1/xVCFAF0ORJ07r6McXLQp_4nSxLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVCFAF0ORJ07r6McXLQp_4nSxLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:46:dd:64:41:8f:90:b4:76:ee:88:5b:69:4f:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c55085005d0e449d3bafa31c5cb429ff89d2c4b7
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23a70ec6f58b6f4ec608ce1a15054fd50834c0b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3b:b6:30:57:37:bd:32:d6:60:71:a0:7b:43:
                    8b:b2:ff:be:f3:9f:07:b7:62:2d:6f:f7:a9:a1:37:
                    ed:8e:87:9c:fd:67:ab:b6:de:55:57:ef:15:62:ec:
                    51:a1:31:3d:e7:06:ac:42:ca:cc:2d:5c:01:ce:68:
                    8c:a8:5a:b9:a8:20:4f:c8:80:c7:6e:88:4d:7d:db:
                    c8:ec:b6:23:62:54:a7:ce:4a:22:0d:6c:d3:d9:a6:
                    8d:2f:76:7b:55:ca:68:0e:9c:81:a0:38:a2:4b:64:
                    a0:13:ea:6a:1e:b5:91:bf:78:8a:3a:3d:6c:17:ea:
                    37:85:ce:8e:36:98:c4:cb:f0:20:66:52:32:e0:10:
                    57:9a:ae:8f:aa:af:3b:eb:c4:b6:21:15:88:62:fe:
                    7d:56:46:4d:57:6c:56:e5:18:0c:ca:ad:bc:5c:4f:
                    97:1e:0f:3b:68:20:0a:44:ab:0a:e2:a8:96:76:ac:
                    a6:15:10:48:3e:fe:9d:6f:27:8f:c3:4f:56:7c:9a:
                    4a:af:65:68:a9:c5:f2:67:d6:35:24:27:fb:a6:02:
                    8f:1b:f6:eb:82:c9:6c:ce:42:47:a7:a0:26:68:c5:
                    3d:66:e5:18:a3:b1:83:0d:99:33:58:8e:9d:32:84:
                    7d:7a:98:37:59:3d:9c:d2:92:29:0d:c5:2b:b5:bf:
                    1c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A7:0E:C6:F5:8B:6F:4E:C6:08:CE:1A:15:05:4F:D5:08:34:C0:B5
            X509v3 Authority Key Identifier:
                keyid:C5:50:85:00:5D:0E:44:9D:3B:AF:A3:1C:5C:B4:29:FF:89:D2:C4:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVCFAF0ORJ07r6McXLQp_4nSxLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/738801-ddc6-4843-936c-20acc38bc8ff/1/I6cOxvWLb07GCM4aFQVP1Qg0wLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/738801-ddc6-4843-936c-20acc38bc8ff/1/xVCFAF0ORJ07r6McXLQp_4nSxLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.159.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:a4:0b:df:a8:c9:8c:17:82:04:e9:c7:5a:02:a4:fb:16:03:
         ec:26:c4:07:f0:da:0e:c8:b3:c7:1d:f8:43:3a:97:8e:bf:d6:
         91:90:28:9a:e9:2d:9e:bf:f1:a1:19:cc:20:58:df:fa:a5:d4:
         8a:ef:11:ab:8b:ad:98:0e:19:a9:5a:10:fb:e0:58:f0:e4:c1:
         ec:e4:da:dd:7a:26:62:00:58:99:c5:56:dc:d3:82:99:9f:0b:
         d1:be:05:7b:75:9b:ae:f9:f6:02:d8:d0:b4:ca:ac:8d:a1:82:
         82:26:31:56:f3:5c:3a:0b:6f:22:ea:04:b5:70:65:13:a6:60:
         88:0d:5c:30:d7:ae:22:f4:0b:84:7d:3b:ff:2b:29:3f:da:57:
         26:b3:ac:7d:46:80:c5:06:92:7b:c6:65:90:4b:4c:2d:51:68:
         e8:2f:75:c2:35:6d:c9:26:11:84:0e:7f:8c:96:0b:da:92:42:
         0b:f6:58:98:60:03:50:a7:79:02:ab:b0:5e:70:a8:65:0d:d5:
         35:62:04:9b:20:db:aa:6d:a8:ba:f9:12:5c:68:ca:30:11:e9:
         c7:d5:b0:c3:4c:2e:c3:64:11:64:72:87:3d:f4:f4:90:90:63:
         6c:2c:ae:75:69:c7:c7:3a:bb:e7:90:f9:4d:59:0c:31:dd:b9:
         33:4d:67:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUbdZEGPkLR27ohbaU9XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NTA4NTAwNWQwZTQ0OWQzYmFmYTMxYzVjYjQyOWZmODlk
MmM0YjcwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2E3MGVjNmY1OGI2ZjRlYzYwOGNlMWExNTA1NGZkNTA4MzRjMGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDu2MFc3vTLWYHGge0OLsv++858H
t2Itb/epoTftjoec/Wertt5VV+8VYuxRoTE95wasQsrMLVwBzmiMqFq5qCBPyIDH
bohNfdvI7LYjYlSnzkoiDWzT2aaNL3Z7VcpoDpyBoDiiS2SgE+pqHrWRv3iKOj1s
F+o3hc6ONpjEy/AgZlIy4BBXmq6Pqq8768S2IRWIYv59VkZNV2xW5RgMyq28XE+X
Hg87aCAKRKsK4qiWdqymFRBIPv6dbyePw09WfJpKr2VoqcXyZ9Y1JCf7pgKPG/br
gslszkJHp6AmaMU9ZuUYo7GDDZkzWI6dMoR9epg3WT2c0pIpDcUrtb8c+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOnDsb1i29OxgjOGhUFT9UINMC1MB8GA1UdIwQY
MBaAFMVQhQBdDkSdO6+jHFy0Kf+J0sS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZDRkFGME9SSjA3cjZNY1hMUXBfNG5TeExjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83Mzg4MDEtZGRjNi00ODQzLTkzNmMt
MjBhY2MzOGJjOGZmLzEvSTZjT3h2V0xiMDdHQ000YUZRVlAxUWcwd0xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83Mzg4MDEtZGRjNi00ODQzLTkzNmMtMjBhY2MzOGJjOGZm
LzEveFZDRkFGME9SSjA3cjZNY1hMUXBfNG5TeExjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1Z/EMA0G
CSqGSIb3DQEBCwUAA4IBAQBgpAvfqMmMF4IE6cdaAqT7FgPsJsQH8NoOyLPHHfhD
OpeOv9aRkCia6S2ev/GhGcwgWN/6pdSK7xGri62YDhmpWhD74Fjw5MHs5NrdeiZi
AFiZxVbc04KZnwvRvgV7dZuu+fYC2NC0yqyNoYKCJjFW81w6C28i6gS1cGUTpmCI
DVww164i9AuEfTv/Kyk/2lcms6x9RoDFBpJ7xmWQS0wtUWjoL3XCNW3JJhGEDn+M
lgvakkIL9liYYANQp3kCq7BecKhlDdU1YgSbINuqbai6+RJcaMowEenH1bDDTC7D
ZBFkcoc99PSQkGNsLK51acfHOrvnkPlNWQwx3bkzTWcu
-----END CERTIFICATE-----