Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/iqcN1W7uW9j2oY8SrsUlR6NSUKM.roa
File:                     iqcN1W7uW9j2oY8SrsUlR6NSUKM.roa (raw, json)
Hash identifier:          f3AmjdjZbI2uW9hsrmOaRSGMv2lb3q/ivFqs8lUa7go=
Subject key identifier:   8A:A7:0D:D5:6E:EE:5B:D8:F6:A1:8F:12:AE:C5:25:47:A3:52:50:A3
Certificate issuer:       /CN=cc215f58159ec576a2022776ea64f61c5bb00194
Certificate serial:       018EA4137F6C733661AD2D31F5CFBF2F133D
Authority key identifier: CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/iqcN1W7uW9j2oY8SrsUlR6NSUKM.roa
Signing time:             Wed 03 Apr 2024 13:08:44 +0000
ROA not before:           Wed 03 Apr 2024 13:08:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        212.122.164.0/24 maxlen: 24
                          212.122.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:13:7f:6c:73:36:61:ad:2d:31:f5:cf:bf:2f:13:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc215f58159ec576a2022776ea64f61c5bb00194
        Validity
            Not Before: Apr  3 13:08:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8aa70dd56eee5bd8f6a18f12aec52547a35250a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a5:3b:d2:54:70:3d:97:14:51:81:2c:8a:68:
                    d5:00:3c:1a:29:f1:0b:4e:f6:99:22:fc:19:8c:82:
                    2b:d1:c3:67:8f:9b:f1:a1:24:30:cd:94:4a:e1:e9:
                    68:e4:59:13:36:dd:29:c5:c5:8a:76:ec:ab:ed:70:
                    83:9f:12:22:2a:d8:ac:32:39:65:90:7c:f8:fb:b8:
                    9b:88:a9:fb:03:00:d0:24:88:ab:23:e6:c8:13:21:
                    8d:dd:e1:7b:cf:79:eb:e7:42:79:5d:39:fc:4f:ee:
                    13:2c:53:ea:77:cf:ba:eb:b2:80:ab:16:39:6f:2e:
                    c2:1a:c0:d3:be:94:04:4a:6a:ee:a0:da:4c:41:1b:
                    72:01:c5:26:df:a8:2a:6c:67:06:13:38:e9:b1:eb:
                    b7:3e:75:b8:2c:98:a0:96:25:e2:aa:cb:35:e7:d1:
                    8a:0b:bd:cf:fe:73:b5:93:67:60:ad:f5:01:66:4e:
                    03:f9:77:ce:ea:d1:6c:b5:c0:89:02:a5:e9:f6:a3:
                    b6:77:46:f3:79:93:f1:34:f6:b7:39:c4:25:84:66:
                    de:bb:3a:7c:f0:4e:4c:60:b4:11:08:7b:22:bb:f0:
                    f1:b9:79:20:5b:3d:47:d1:4b:9a:f1:c9:1d:bf:47:
                    85:aa:ea:d4:a4:de:53:ae:e8:63:79:97:ec:96:13:
                    66:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A7:0D:D5:6E:EE:5B:D8:F6:A1:8F:12:AE:C5:25:47:A3:52:50:A3
            X509v3 Authority Key Identifier:
                keyid:CC:21:5F:58:15:9E:C5:76:A2:02:27:76:EA:64:F6:1C:5B:B0:01:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zCFfWBWexXaiAid26mT2HFuwAZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/iqcN1W7uW9j2oY8SrsUlR6NSUKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ebc748-6826-4140-a8e0-843eeee0a260/1/zCFfWBWexXaiAid26mT2HFuwAZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.122.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:6d:fd:82:46:31:c7:1e:e3:37:33:41:dd:8c:d8:4e:e8:12:
         b0:6e:08:cd:1f:8c:02:ca:5e:a7:28:f5:79:75:cc:9f:11:ac:
         e8:1d:cc:01:05:58:2e:99:6f:2c:85:d3:7f:60:83:43:48:7e:
         20:5a:8f:64:79:b3:0c:0d:56:ec:a3:62:cc:77:5e:f0:20:7b:
         17:53:03:0f:95:01:fa:b5:8d:54:bc:f7:6e:90:54:41:b5:79:
         a9:08:3c:c2:57:85:c2:b7:dd:51:ae:91:dc:dd:b1:89:3d:a8:
         c4:9d:2e:0c:a5:82:5c:8e:2d:ef:00:17:1e:ce:6b:f5:1f:c6:
         61:07:bb:83:85:7d:34:66:40:ed:50:bd:96:41:7f:24:7c:1e:
         f2:8d:6e:8e:d6:7e:4f:b7:ba:11:56:12:35:d3:32:32:d9:52:
         85:4f:33:56:01:05:5a:45:99:0b:30:27:4c:68:85:3e:c6:2c:
         f7:28:e8:5c:21:42:ce:5e:51:39:92:4a:5b:6f:3b:d3:36:79:
         1c:54:6f:49:2b:7d:62:df:88:4a:ce:70:54:17:12:9a:81:14:
         6f:3d:1b:4a:16:b5:49:6b:e4:a6:cc:f8:7c:51:42:bd:de:53:
         a4:66:78:5a:a5:3e:43:4f:e8:21:b3:e7:a2:b7:e9:b1:4d:95:
         d0:a2:31:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6kE39sczZhrS0x9c+/LxM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMjE1ZjU4MTU5ZWM1NzZhMjAyMjc3NmVhNjRmNjFjNWJi
MDAxOTQwHhcNMjQwNDAzMTMwODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWE3MGRkNTZlZWU1YmQ4ZjZhMThmMTJhZWM1MjU0N2EzNTI1MGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKU70lRwPZcUUYEsimjVADwaKfEL
TvaZIvwZjIIr0cNnj5vxoSQwzZRK4elo5FkTNt0pxcWKduyr7XCDnxIiKtisMjll
kHz4+7ibiKn7AwDQJIirI+bIEyGN3eF7z3nr50J5XTn8T+4TLFPqd8+667KAqxY5
by7CGsDTvpQESmruoNpMQRtyAcUm36gqbGcGEzjpseu3PnW4LJigliXiqss159GK
C73P/nO1k2dgrfUBZk4D+XfO6tFstcCJAqXp9qO2d0bzeZPxNPa3OcQlhGbeuzp8
8E5MYLQRCHsiu/DxuXkgWz1H0Uua8ckdv0eFqurUpN5TruhjeZfslhNmWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqnDdVu7lvY9qGPEq7FJUejUlCjMB8GA1UdIwQY
MBaAFMwhX1gVnsV2ogIndupk9hxbsAGUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAt
ODQzZWVlZTBhMjYwLzEvaXFjTjFXN3VXOWoyb1k4U3JzVWxSNk5TVUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9lYmM3NDgtNjgyNi00MTQwLWE4ZTAtODQzZWVlZTBhMjYw
LzEvekNGZldCV2V4WGFpQWlkMjZtVDJIRnV3QVpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1HqkMA0G
CSqGSIb3DQEBCwUAA4IBAQCEbf2CRjHHHuM3M0HdjNhO6BKwbgjNH4wCyl6nKPV5
dcyfEazoHcwBBVgumW8shdN/YINDSH4gWo9kebMMDVbso2LMd17wIHsXUwMPlQH6
tY1UvPdukFRBtXmpCDzCV4XCt91RrpHc3bGJPajEnS4MpYJcji3vABcezmv1H8Zh
B7uDhX00ZkDtUL2WQX8kfB7yjW6O1n5Pt7oRVhI10zIy2VKFTzNWAQVaRZkLMCdM
aIU+xiz3KOhcIULOXlE5kkpbbzvTNnkcVG9JK31i34hKznBUFxKagRRvPRtKFrVJ
a+SmzPh8UUK93lOkZnhapT5DT+ghs+eit+mxTZXQojGJ
-----END CERTIFICATE-----