Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/iGWnAlCFQ6pmXTyPhSirCP5UB4U.roa
File:                     iGWnAlCFQ6pmXTyPhSirCP5UB4U.roa (raw, json)
Hash identifier:          4zG8JsxyxdWf4j+Yjdv8Dm4ymHITRyxtThA4racm63s=
Subject key identifier:   88:65:A7:02:50:85:43:AA:66:5D:3C:8F:85:28:AB:08:FE:54:07:85
Certificate issuer:       /CN=69eb002f000bd426e4a640c71d6c0201b5050e34
Certificate serial:       019421444AF8BE9DE5D63F6B64E9E476F6F4
Authority key identifier: 69:EB:00:2F:00:0B:D4:26:E4:A6:40:C7:1D:6C:02:01:B5:05:0E:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aesALwAL1CbkpkDHHWwCAbUFDjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/iGWnAlCFQ6pmXTyPhSirCP5UB4U.roa
Signing time:             Wed 01 Jan 2025 09:48:31 +0000
ROA not before:           Wed 01 Jan 2025 09:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47176
IP address blocks:        185.20.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/aesALwAL1CbkpkDHHWwCAbUFDjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/aesALwAL1CbkpkDHHWwCAbUFDjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aesALwAL1CbkpkDHHWwCAbUFDjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4a:f8:be:9d:e5:d6:3f:6b:64:e9:e4:76:f6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69eb002f000bd426e4a640c71d6c0201b5050e34
        Validity
            Not Before: Jan  1 09:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8865a702508543aa665d3c8f8528ab08fe540785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:75:0b:93:fd:32:7c:bb:0f:9f:80:74:b4:95:
                    9c:fa:b5:d7:42:0d:1c:af:65:44:59:59:3c:12:a9:
                    75:c1:57:df:dd:0d:01:ab:6c:c7:5f:83:07:3b:29:
                    40:3a:83:34:2e:e5:38:11:71:0a:35:b4:d5:86:35:
                    d0:dd:35:86:23:f4:66:1f:b5:58:9e:22:c0:16:b3:
                    f8:74:3d:3a:b1:4d:80:55:d6:f9:76:be:66:5b:33:
                    d9:d2:6d:e2:09:08:9a:df:40:97:83:a8:05:cf:96:
                    05:07:a8:d1:23:3d:f3:b8:a2:c4:d2:32:f4:b6:1b:
                    d3:44:7c:a8:55:ac:d5:05:02:48:6d:ab:24:22:8f:
                    8e:4a:04:02:05:16:a8:aa:3c:ae:5f:84:5c:14:25:
                    92:32:01:9b:42:23:0f:e6:38:e0:65:9a:e8:dc:ee:
                    bb:bc:06:3e:0c:d9:8a:b6:1e:f9:ba:60:a2:2f:24:
                    5e:3e:03:df:4c:b3:1a:3f:d6:4c:78:35:f3:6d:2d:
                    b7:c9:14:2f:cb:69:c3:3d:fa:3e:80:91:44:70:5e:
                    6f:f0:b9:2f:2c:94:3b:85:1f:0a:08:9f:97:05:0c:
                    c5:ed:2b:3f:07:06:19:14:7d:fa:cf:63:ba:0f:96:
                    7c:ea:f1:ba:7d:c2:69:9e:c0:89:1e:a6:3e:c8:0e:
                    b2:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:65:A7:02:50:85:43:AA:66:5D:3C:8F:85:28:AB:08:FE:54:07:85
            X509v3 Authority Key Identifier:
                keyid:69:EB:00:2F:00:0B:D4:26:E4:A6:40:C7:1D:6C:02:01:B5:05:0E:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aesALwAL1CbkpkDHHWwCAbUFDjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/iGWnAlCFQ6pmXTyPhSirCP5UB4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d3e682-3370-4271-9437-785475c22c9b/1/aesALwAL1CbkpkDHHWwCAbUFDjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:9f:20:e3:52:a1:05:31:95:d5:e0:94:ff:1e:a4:0b:7f:1e:
         4e:96:20:80:45:92:c8:d5:19:e7:c0:70:14:02:41:e5:9a:67:
         2e:1c:8a:39:42:03:a8:8d:76:cc:1d:e5:69:f5:76:92:a8:68:
         0b:c2:3b:33:b5:44:3f:99:5d:80:43:ac:8e:8a:16:23:27:82:
         8c:b0:a4:d6:18:73:4b:ba:e2:42:ae:0b:d9:3e:68:89:29:70:
         95:9f:61:5f:fd:97:c5:48:d1:bb:b9:be:6f:38:f0:6f:d7:0f:
         3a:8b:84:91:40:91:d5:6e:86:58:b3:9a:d1:23:10:d8:aa:a0:
         50:d4:08:88:3c:8e:7d:f3:5d:24:a4:5e:0e:ac:ab:15:c3:c9:
         a4:d0:61:29:40:cd:16:c1:95:c7:6b:a5:43:bc:9a:8c:f8:04:
         47:12:6b:68:e6:4e:dc:49:0f:de:d1:a2:6e:7a:cb:8a:48:ca:
         fa:5c:60:f5:c3:ed:12:aa:03:82:e9:af:73:dd:43:84:27:7a:
         a8:85:dd:ce:1d:b7:a5:70:b1:ad:2c:b4:5b:9f:a7:d7:37:6a:
         c3:25:de:e0:62:59:4c:b4:be:d4:d8:8b:d4:56:b1:98:a2:e9:
         de:8f:5f:3b:ca:49:00:f8:f3:9d:8f:7f:77:c4:bb:d6:3c:10:
         b3:02:2d:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhREr4vp3l1j9rZOnkdvb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZWIwMDJmMDAwYmQ0MjZlNGE2NDBjNzFkNmMwMjAxYjUw
NTBlMzQwHhcNMjUwMTAxMDk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODY1YTcwMjUwODU0M2FhNjY1ZDNjOGY4NTI4YWIwOGZlNTQwNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3ULk/0yfLsPn4B0tJWc+rXXQg0c
r2VEWVk8Eql1wVff3Q0Bq2zHX4MHOylAOoM0LuU4EXEKNbTVhjXQ3TWGI/RmH7VY
niLAFrP4dD06sU2AVdb5dr5mWzPZ0m3iCQia30CXg6gFz5YFB6jRIz3zuKLE0jL0
thvTRHyoVazVBQJIbaskIo+OSgQCBRaoqjyuX4RcFCWSMgGbQiMP5jjgZZro3O67
vAY+DNmKth75umCiLyRePgPfTLMaP9ZMeDXzbS23yRQvy2nDPfo+gJFEcF5v8Lkv
LJQ7hR8KCJ+XBQzF7Ss/BwYZFH36z2O6D5Z86vG6fcJpnsCJHqY+yA6yHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhlpwJQhUOqZl08j4Uoqwj+VAeFMB8GA1UdIwQY
MBaAFGnrAC8AC9Qm5KZAxx1sAgG1BQ40MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWVzQUx3QUwxQ2JrcGtESEhXd0NBYlVGRGpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9kM2U2ODItMzM3MC00MjcxLTk0Mzct
Nzg1NDc1YzIyYzliLzEvaUdXbkFsQ0ZRNnBtWFR5UGhTaXJDUDVVQjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9kM2U2ODItMzM3MC00MjcxLTk0MzctNzg1NDc1YzIyYzli
LzEvYWVzQUx3QUwxQ2JrcGtESEhXd0NBYlVGRGpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRTpMA0G
CSqGSIb3DQEBCwUAA4IBAQBonyDjUqEFMZXV4JT/HqQLfx5OliCARZLI1RnnwHAU
AkHlmmcuHIo5QgOojXbMHeVp9XaSqGgLwjsztUQ/mV2AQ6yOihYjJ4KMsKTWGHNL
uuJCrgvZPmiJKXCVn2Ff/ZfFSNG7ub5vOPBv1w86i4SRQJHVboZYs5rRIxDYqqBQ
1AiIPI59810kpF4OrKsVw8mk0GEpQM0WwZXHa6VDvJqM+ARHEmto5k7cSQ/e0aJu
esuKSMr6XGD1w+0SqgOC6a9z3UOEJ3qohd3OHbelcLGtLLRbn6fXN2rDJd7gYllM
tL7U2IvUVrGYounej187ykkA+POdj393xLvWPBCzAi0g
-----END CERTIFICATE-----