Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/cd15c7-476a-4c57-baf4-de5f7bf59839/1/iJO7dm9bQ_JxPAusxalsAi5t7u8.roa
File:                     iJO7dm9bQ_JxPAusxalsAi5t7u8.roa (raw, json)
Hash identifier:          eTbvGjNmJ2siDzJMaXzRtql2bxPWtBGi85burvPHAho=
Subject key identifier:   88:93:BB:76:6F:5B:43:F2:71:3C:0B:AC:C5:A9:6C:02:2E:6D:EE:EF
Certificate issuer:       /CN=11e2a78ddc7f139f0c22a2a63662b4812ae5132e
Certificate serial:       018CC72748B728E2BE8F089F9EAB27E9D117
Authority key identifier: 11:E2:A7:8D:DC:7F:13:9F:0C:22:A2:A6:36:62:B4:81:2A:E5:13:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EeKnjdx_E58MIqKmNmK0gSrlEy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/cd15c7-476a-4c57-baf4-de5f7bf59839/1/iJO7dm9bQ_JxPAusxalsAi5t7u8.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        193.32.92.0/24 maxlen: 24
                          2a13:1000::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/cd15c7-476a-4c57-baf4-de5f7bf59839/1/EeKnjdx_E58MIqKmNmK0gSrlEy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/cd15c7-476a-4c57-baf4-de5f7bf59839/1/EeKnjdx_E58MIqKmNmK0gSrlEy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EeKnjdx_E58MIqKmNmK0gSrlEy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:48:b7:28:e2:be:8f:08:9f:9e:ab:27:e9:d1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e2a78ddc7f139f0c22a2a63662b4812ae5132e
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8893bb766f5b43f2713c0bacc5a96c022e6deeef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c2:51:fb:09:4d:3f:ce:1c:e1:ec:2b:37:a3:
                    c8:65:02:73:7f:15:3f:36:28:f2:f3:5b:cb:e9:54:
                    ee:63:87:ea:5b:49:74:6b:99:27:da:d2:6b:f9:cb:
                    39:a7:46:c3:78:bc:8c:e4:64:fd:86:4e:e5:0b:f4:
                    c8:ed:f0:39:37:9a:50:6a:8a:8b:f5:b6:8d:e1:d9:
                    c1:1c:87:f0:9a:60:c9:02:cd:32:25:b0:b6:59:24:
                    fe:fc:bb:38:b3:41:d2:ae:85:89:01:37:58:f6:c4:
                    c4:fb:d4:96:31:90:45:b9:a1:86:de:d2:4e:2d:3e:
                    cb:2e:bd:fd:15:ee:60:d9:78:be:88:30:fb:01:bd:
                    06:7f:df:27:37:3e:71:05:35:42:00:85:6c:a7:ed:
                    84:7e:bd:25:a9:6c:c7:3a:71:7f:68:9c:d6:df:98:
                    aa:77:fb:b2:b0:61:f3:94:16:f6:ee:44:c7:66:f5:
                    cd:08:d0:c8:10:8c:f8:a0:84:01:89:c9:24:dd:28:
                    42:58:b6:96:9b:52:14:bb:ce:d2:04:1c:75:9e:9b:
                    c4:10:4c:45:6c:e1:22:f5:70:cb:3b:d1:b4:57:15:
                    40:cc:5f:aa:0b:7b:98:01:a4:3c:02:83:1d:8b:24:
                    b2:7b:54:a4:16:17:9d:cb:ab:55:e6:61:b4:b6:ea:
                    c7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:93:BB:76:6F:5B:43:F2:71:3C:0B:AC:C5:A9:6C:02:2E:6D:EE:EF
            X509v3 Authority Key Identifier:
                keyid:11:E2:A7:8D:DC:7F:13:9F:0C:22:A2:A6:36:62:B4:81:2A:E5:13:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EeKnjdx_E58MIqKmNmK0gSrlEy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cd15c7-476a-4c57-baf4-de5f7bf59839/1/iJO7dm9bQ_JxPAusxalsAi5t7u8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/cd15c7-476a-4c57-baf4-de5f7bf59839/1/EeKnjdx_E58MIqKmNmK0gSrlEy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.92.0/24
                IPv6:
                  2a13:1000::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:4e:5c:f4:a5:e6:df:fe:a1:44:2c:47:0c:2b:69:9e:05:5d:
         dd:b0:a8:f4:8a:66:a1:5f:04:57:e0:ea:e9:b6:9e:cf:e3:1f:
         39:dc:e4:00:8b:fe:99:ec:e4:41:28:9f:43:43:f6:48:c3:4c:
         54:b5:21:1f:f9:55:0c:59:df:c3:b1:41:4f:30:70:dd:55:94:
         2b:9a:a6:fe:62:2d:21:2c:46:75:d3:f6:f7:12:31:62:06:9e:
         9a:b0:98:61:79:d4:7e:e6:7c:f1:e4:fc:82:d4:83:de:c2:d0:
         cc:f7:28:02:41:a4:dc:68:fe:9b:41:37:4b:20:9e:9e:58:a6:
         da:0f:85:7e:f4:e4:c2:b1:0b:45:3e:fd:1a:b7:61:04:68:89:
         fe:70:9a:f0:67:0d:11:5d:91:dd:ba:6d:a8:0a:5e:6c:9b:b5:
         44:02:b7:37:02:79:3f:b5:9c:8d:02:d6:db:fa:ae:a4:61:a4:
         af:c1:ac:f2:bc:47:ef:f6:de:8a:11:4e:52:d0:9f:5b:08:86:
         64:ad:96:d3:7c:04:3e:cc:79:65:d3:04:0e:c1:c4:ef:d1:ca:
         a2:8b:7f:53:00:ba:62:c2:2d:85:31:b1:6a:df:41:7a:d6:75:
         a1:7d:59:9e:87:7d:bb:96:12:19:5a:5a:81:89:4a:ed:b1:4d:
         fd:8c:b5:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJ0i3KOK+jwifnqsn6dEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTJhNzhkZGM3ZjEzOWYwYzIyYTJhNjM2NjJiNDgxMmFl
NTEzMmUwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODkzYmI3NjZmNWI0M2YyNzEzYzBiYWNjNWE5NmMwMjJlNmRlZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8JR+wlNP84c4ewrN6PIZQJzfxU/
Nijy81vL6VTuY4fqW0l0a5kn2tJr+cs5p0bDeLyM5GT9hk7lC/TI7fA5N5pQaoqL
9baN4dnBHIfwmmDJAs0yJbC2WST+/Ls4s0HSroWJATdY9sTE+9SWMZBFuaGG3tJO
LT7LLr39Fe5g2Xi+iDD7Ab0Gf98nNz5xBTVCAIVsp+2Efr0lqWzHOnF/aJzW35iq
d/uysGHzlBb27kTHZvXNCNDIEIz4oIQBickk3ShCWLaWm1IUu87SBBx1npvEEExF
bOEi9XDLO9G0VxVAzF+qC3uYAaQ8AoMdiySye1SkFhedy6tV5mG0turHjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIiTu3ZvW0PycTwLrMWpbAIube7vMB8GA1UdIwQY
MBaAFBHip43cfxOfDCKipjZitIEq5RMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVLbmpkeF9FNThNSXFLbU5tSzBnU3JsRXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jZDE1YzctNDc2YS00YzU3LWJhZjQt
ZGU1ZjdiZjU5ODM5LzEvaUpPN2RtOWJRX0p4UEF1c3hhbHNBaTV0N3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jZDE1YzctNDc2YS00YzU3LWJhZjQtZGU1ZjdiZjU5ODM5
LzEvRWVLbmpkeF9FNThNSXFLbU5tSzBnU3JsRXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSBcMA0E
AgACMAcDBQMqExAAMA0GCSqGSIb3DQEBCwUAA4IBAQBzTlz0pebf/qFELEcMK2me
BV3dsKj0imahXwRX4Orptp7P4x853OQAi/6Z7ORBKJ9DQ/ZIw0xUtSEf+VUMWd/D
sUFPMHDdVZQrmqb+Yi0hLEZ10/b3EjFiBp6asJhhedR+5nzx5PyC1IPewtDM9ygC
QaTcaP6bQTdLIJ6eWKbaD4V+9OTCsQtFPv0at2EEaIn+cJrwZw0RXZHdum2oCl5s
m7VEArc3Ank/tZyNAtbb+q6kYaSvwazyvEfv9t6KEU5S0J9bCIZkrZbTfAQ+zHll
0wQOwcTv0cqii39TALpiwi2FMbFq30F61nWhfVmeh327lhIZWlqBiUrtsU39jLXs
-----END CERTIFICATE-----