Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/i-DEwkTa_CGuAL2Isom-RIKH530.roa
File:                     i-DEwkTa_CGuAL2Isom-RIKH530.roa (raw, json)
Hash identifier:          WXjAIREkRzrOB3QWgQBB+1TcT0FnhKFE+pyfA4pb/ig=
Subject key identifier:   8B:E0:C4:C2:44:DA:FC:21:AE:00:BD:88:B2:89:BE:44:82:87:E7:7D
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       0191705064EC9BCF60685060D565125D792C
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/i-DEwkTa_CGuAL2Isom-RIKH530.roa
Signing time:             Tue 20 Aug 2024 15:03:22 +0000
ROA not before:           Tue 20 Aug 2024 15:03:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211043
IP address blocks:        46.244.99.0/24 maxlen: 24
                          92.240.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:70:50:64:ec:9b:cf:60:68:50:60:d5:65:12:5d:79:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Aug 20 15:03:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8be0c4c244dafc21ae00bd88b289be448287e77d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c8:00:e4:85:73:ee:43:9a:d9:ed:ee:ab:f8:
                    cf:78:d3:cb:53:43:5a:96:da:5f:72:cf:e7:a2:c5:
                    87:1c:2b:7b:7b:ba:29:4a:1a:6f:44:35:a1:94:94:
                    dd:d3:a7:2b:8c:44:42:9d:7d:b9:70:b8:b0:e8:e7:
                    12:a9:34:b5:db:5c:f9:60:14:fe:39:8f:1f:15:16:
                    da:a3:68:25:6c:37:93:0e:90:16:ab:92:3b:90:6b:
                    3d:c2:ce:52:91:ac:35:63:08:44:39:1a:1e:0e:4e:
                    6f:e0:9f:81:f6:74:fe:3e:a6:dc:0a:5a:da:2f:72:
                    da:ca:9c:a6:10:eb:bb:13:13:fa:23:24:80:79:8f:
                    60:0c:8d:0e:88:0a:4c:f7:7c:02:22:7e:28:a7:75:
                    32:7d:86:23:cf:05:54:4a:a5:e8:48:ee:08:ef:5b:
                    63:99:89:14:ab:d2:50:7f:34:7b:67:83:2a:a4:1c:
                    d2:a1:e2:a4:00:eb:92:d3:24:31:ff:e6:d1:f6:01:
                    6d:77:61:77:be:23:61:7b:33:dd:6b:ef:d4:56:01:
                    4d:fb:02:0d:89:22:d7:47:99:87:f0:b3:e9:a3:be:
                    fc:dd:a3:63:91:77:98:b8:81:a3:1d:93:91:67:5f:
                    7b:17:bf:8f:57:a9:0f:13:a2:41:54:38:b3:8f:f6:
                    30:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:E0:C4:C2:44:DA:FC:21:AE:00:BD:88:B2:89:BE:44:82:87:E7:7D
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/i-DEwkTa_CGuAL2Isom-RIKH530.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.244.99.0/24
                  92.240.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:7c:64:72:86:04:90:07:a9:e4:67:85:79:7e:2d:14:23:86:
         38:e0:55:35:c5:4e:71:e9:79:57:44:3e:b9:e3:89:50:fc:f7:
         be:b6:29:44:e0:f9:55:17:33:07:be:b3:1f:7a:52:0e:49:a2:
         4c:af:09:e7:64:4d:ea:9b:da:67:cf:c1:7a:07:41:82:d0:d7:
         3d:e0:ac:e6:2c:4b:b1:8f:ba:1c:62:27:6a:16:52:b9:87:22:
         9e:8a:57:9e:f3:6a:ed:06:f5:fc:15:3c:b5:6e:8c:bc:96:67:
         d9:b0:08:67:12:14:53:ed:f8:c0:4c:1c:6f:f1:1d:15:dd:09:
         90:33:57:64:53:ce:fa:d4:c4:9b:cb:d0:88:9a:ee:52:a7:17:
         b2:a0:0e:e4:2f:bc:ef:13:04:ad:9f:e8:9d:61:63:28:39:da:
         79:68:37:35:f6:2b:80:be:e0:79:9b:5f:11:13:9d:7d:8d:cd:
         d0:5c:fe:d4:96:4e:5b:61:f5:05:01:d2:67:56:a4:be:ff:bb:
         77:57:2e:ec:bc:7e:ba:ed:c2:64:7f:0a:e2:62:23:a3:b6:aa:
         59:2c:f6:cd:98:10:41:3f:08:8d:80:32:23:b7:38:56:83:ba:
         97:10:6e:aa:9f:47:ee:b4:19:e3:34:6e:a9:2e:01:27:f1:3c:
         7a:9b:ce:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFwUGTsm89gaFBg1WUSXXksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwODIwMTUwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmUwYzRjMjQ0ZGFmYzIxYWUwMGJkODhiMjg5YmU0NDgyODdlNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMgA5IVz7kOa2e3uq/jPeNPLU0Na
ltpfcs/nosWHHCt7e7opShpvRDWhlJTd06crjERCnX25cLiw6OcSqTS121z5YBT+
OY8fFRbao2glbDeTDpAWq5I7kGs9ws5Skaw1YwhEORoeDk5v4J+B9nT+PqbcClra
L3LaypymEOu7ExP6IySAeY9gDI0OiApM93wCIn4op3UyfYYjzwVUSqXoSO4I71tj
mYkUq9JQfzR7Z4MqpBzSoeKkAOuS0yQx/+bR9gFtd2F3viNhezPda+/UVgFN+wIN
iSLXR5mH8LPpo7783aNjkXeYuIGjHZORZ197F7+PV6kPE6JBVDizj/Yw+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIvgxMJE2vwhrgC9iLKJvkSCh+d9MB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvaS1ERXdrVGFfQ0d1QUwySXNvbS1SSUtINTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALvRjAwQA
XPCWMA0GCSqGSIb3DQEBCwUAA4IBAQAJfGRyhgSQB6nkZ4V5fi0UI4Y44FU1xU5x
6XlXRD6544lQ/Pe+tilE4PlVFzMHvrMfelIOSaJMrwnnZE3qm9pnz8F6B0GC0Nc9
4KzmLEuxj7ocYidqFlK5hyKeilee82rtBvX8FTy1boy8lmfZsAhnEhRT7fjATBxv
8R0V3QmQM1dkU8761MSby9CImu5SpxeyoA7kL7zvEwStn+idYWMoOdp5aDc19iuA
vuB5m18RE519jc3QXP7Ulk5bYfUFAdJnVqS+/7t3Vy7svH667cJkfwriYiOjtqpZ
LPbNmBBBPwiNgDIjtzhWg7qXEG6qn0futBnjNG6pLgEn8Tx6m87p
-----END CERTIFICATE-----