Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/Ik52051-0l_GH_yW5GcmWIyqBYg.roa
File:                     Ik52051-0l_GH_yW5GcmWIyqBYg.roa (raw, json)
Hash identifier:          3O7uT2oVdMHU2ylpY3T9Ldxr5vlJz1JCehYubE8zFxo=
Subject key identifier:   22:4E:76:D3:9D:7E:D2:5F:C6:1F:FC:96:E4:67:26:58:8C:AA:05:88
Certificate issuer:       /CN=74864f5023ec6263ef9f16f90187f5f28061d115
Certificate serial:       018CC801C750FEF88428E88E4EF5A56C6F43
Authority key identifier: 74:86:4F:50:23:EC:62:63:EF:9F:16:F9:01:87:F5:F2:80:61:D1:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dIZPUCPsYmPvnxb5AYf18oBh0RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/Ik52051-0l_GH_yW5GcmWIyqBYg.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198470
IP address blocks:        91.235.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/dIZPUCPsYmPvnxb5AYf18oBh0RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/dIZPUCPsYmPvnxb5AYf18oBh0RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dIZPUCPsYmPvnxb5AYf18oBh0RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c7:50:fe:f8:84:28:e8:8e:4e:f5:a5:6c:6f:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74864f5023ec6263ef9f16f90187f5f28061d115
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=224e76d39d7ed25fc61ffc96e46726588caa0588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8f:3e:8c:62:83:50:4b:b0:50:ab:c3:00:d4:
                    d4:0b:cc:95:2a:82:0e:32:a5:71:27:12:c5:de:ce:
                    ea:96:d3:99:db:a2:d0:c3:58:6c:4b:92:0f:58:80:
                    70:d9:87:ad:04:79:81:c4:16:76:6a:fd:65:51:53:
                    cb:f0:29:86:8f:9e:76:97:da:99:b1:7b:80:08:f6:
                    37:9c:28:95:1e:70:71:24:20:b2:33:19:19:9d:42:
                    4f:fa:6e:61:50:d3:0e:61:7f:16:7f:90:a7:23:1e:
                    cd:d7:57:0c:bb:41:29:7c:d5:ca:4d:7b:0d:2e:4a:
                    68:60:7a:45:be:ea:c2:51:da:07:7d:37:49:ac:5f:
                    6f:53:b8:34:80:49:91:86:dc:f3:04:81:ed:ee:a2:
                    3b:68:1f:db:35:23:98:33:a6:3f:69:55:7b:62:eb:
                    78:08:e3:92:4b:c5:12:46:47:9d:97:19:fe:20:fc:
                    3a:87:a9:51:65:54:49:87:d2:49:29:77:bd:e2:51:
                    d8:7a:94:65:63:06:f3:09:bf:68:0d:7b:21:60:27:
                    55:22:41:de:fe:ae:76:73:77:21:c9:9f:18:40:55:
                    c5:ed:11:35:10:f2:ca:70:50:f8:10:55:70:9f:4f:
                    b9:5a:24:cd:82:94:1a:4a:13:8b:c9:f8:6a:a2:51:
                    da:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4E:76:D3:9D:7E:D2:5F:C6:1F:FC:96:E4:67:26:58:8C:AA:05:88
            X509v3 Authority Key Identifier:
                keyid:74:86:4F:50:23:EC:62:63:EF:9F:16:F9:01:87:F5:F2:80:61:D1:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dIZPUCPsYmPvnxb5AYf18oBh0RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/Ik52051-0l_GH_yW5GcmWIyqBYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0ca4df-2e06-4406-9688-78f02805c709/1/dIZPUCPsYmPvnxb5AYf18oBh0RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:8b:f7:7f:ef:fc:fa:ae:9c:af:3b:09:40:05:82:0b:2a:82:
         0d:7c:d0:36:e6:d8:24:7c:39:f6:43:3a:88:28:08:a9:4d:1d:
         e8:5b:29:20:9e:d9:2e:65:68:cb:4b:e2:b8:f8:3b:9f:2d:4f:
         be:db:c2:df:47:5a:0e:3a:50:ab:65:cd:9c:99:dc:9c:52:f6:
         9b:27:ce:56:ed:96:bd:03:a8:e0:22:08:2e:05:ae:8c:5b:4f:
         16:6b:f0:a6:95:9b:db:d4:55:4e:ad:a0:e7:16:69:3e:9e:f9:
         9e:9e:38:b9:f0:18:67:12:9f:58:12:48:bd:50:a9:cf:e8:0c:
         ff:c3:d6:72:01:c1:96:35:7e:59:35:2a:55:b4:b6:d9:a2:df:
         b8:f1:f6:e9:11:b2:64:85:f3:3e:51:0f:8a:b4:4f:c1:d9:e7:
         cb:70:3e:eb:51:d0:2f:44:f5:7a:d7:21:44:19:27:de:bc:47:
         93:a8:e1:5a:bc:ee:25:fa:98:4a:43:93:36:ee:ba:b9:84:bc:
         10:15:7e:34:71:82:e6:01:f5:31:ea:83:33:7c:6c:5f:d8:0c:
         b3:67:28:e0:e4:c4:42:91:26:3d:2b:d6:8f:42:48:52:aa:00:
         d0:21:ef:53:1c:55:8d:51:d4:e5:17:52:c3:49:97:e7:41:1c:
         e4:38:67:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcdQ/viEKOiOTvWlbG9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ODY0ZjUwMjNlYzYyNjNlZjlmMTZmOTAxODdmNWYyODA2
MWQxMTUwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRlNzZkMzlkN2VkMjVmYzYxZmZjOTZlNDY3MjY1ODhjYWEwNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr48+jGKDUEuwUKvDANTUC8yVKoIO
MqVxJxLF3s7qltOZ26LQw1hsS5IPWIBw2YetBHmBxBZ2av1lUVPL8CmGj552l9qZ
sXuACPY3nCiVHnBxJCCyMxkZnUJP+m5hUNMOYX8Wf5CnIx7N11cMu0EpfNXKTXsN
LkpoYHpFvurCUdoHfTdJrF9vU7g0gEmRhtzzBIHt7qI7aB/bNSOYM6Y/aVV7Yut4
COOSS8USRkedlxn+IPw6h6lRZVRJh9JJKXe94lHYepRlYwbzCb9oDXshYCdVIkHe
/q52c3chyZ8YQFXF7RE1EPLKcFD4EFVwn0+5WiTNgpQaShOLyfhqolHaKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJOdtOdftJfxh/8luRnJliMqgWIMB8GA1UdIwQY
MBaAFHSGT1Aj7GJj758W+QGH9fKAYdEVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZElaUFVDUHNZbVB2bnhiNUFZZjE4b0JoMFJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wY2E0ZGYtMmUwNi00NDA2LTk2ODgt
NzhmMDI4MDVjNzA5LzEvSWs1MjA1MS0wbF9HSF95VzVHY21XSXlxQllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wY2E0ZGYtMmUwNi00NDA2LTk2ODgtNzhmMDI4MDVjNzA5
LzEvZElaUFVDUHNZbVB2bnhiNUFZZjE4b0JoMFJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+tSMA0G
CSqGSIb3DQEBCwUAA4IBAQB2i/d/7/z6rpyvOwlABYILKoINfNA25tgkfDn2QzqI
KAipTR3oWykgntkuZWjLS+K4+DufLU++28LfR1oOOlCrZc2cmdycUvabJ85W7Za9
A6jgIgguBa6MW08Wa/CmlZvb1FVOraDnFmk+nvmenji58BhnEp9YEki9UKnP6Az/
w9ZyAcGWNX5ZNSpVtLbZot+48fbpEbJkhfM+UQ+KtE/B2efLcD7rUdAvRPV61yFE
GSfevEeTqOFavO4l+phKQ5M27rq5hLwQFX40cYLmAfUx6oMzfGxf2AyzZyjg5MRC
kSY9K9aPQkhSqgDQIe9THFWNUdTlF1LDSZfnQRzkOGfO
-----END CERTIFICATE-----