Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/2d5337-da24-4ce8-a3b7-c302c10ec5c0/1/Ibyte-tjE3QUzwaz7tIHIx4O7Vg.roa
File:                     Ibyte-tjE3QUzwaz7tIHIx4O7Vg.roa (raw, json)
Hash identifier:          f+M4uxkuB9wS0xBVznRZhg0WIHyPQdZz3TeUVc46eBg=
Subject key identifier:   21:BC:AD:7B:EB:63:13:74:14:CF:06:B3:EE:D2:07:23:1E:0E:ED:58
Certificate issuer:       /CN=e363a9d7023b3cb0032912dcaac9c563c90a9772
Certificate serial:       018CC7957C66EC3CFD76DF5FBF91B04761DA
Authority key identifier: E3:63:A9:D7:02:3B:3C:B0:03:29:12:DC:AA:C9:C5:63:C9:0A:97:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/42Op1wI7PLADKRLcqsnFY8kKl3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/2d5337-da24-4ce8-a3b7-c302c10ec5c0/1/Ibyte-tjE3QUzwaz7tIHIx4O7Vg.roa
Signing time:             Tue 02 Jan 2024 00:31:51 +0000
ROA not before:           Tue 02 Jan 2024 00:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198024
IP address blocks:        2a00:89e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/2d5337-da24-4ce8-a3b7-c302c10ec5c0/1/42Op1wI7PLADKRLcqsnFY8kKl3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/2d5337-da24-4ce8-a3b7-c302c10ec5c0/1/42Op1wI7PLADKRLcqsnFY8kKl3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/42Op1wI7PLADKRLcqsnFY8kKl3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7c:66:ec:3c:fd:76:df:5f:bf:91:b0:47:61:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e363a9d7023b3cb0032912dcaac9c563c90a9772
        Validity
            Not Before: Jan  2 00:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21bcad7beb63137414cf06b3eed207231e0eed58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:08:ab:f8:cc:7d:79:f0:89:42:c7:8f:a6:7e:
                    ac:d9:2e:fd:d4:97:88:c4:b9:b8:82:fe:81:87:4b:
                    75:32:b9:50:21:72:b8:44:1c:6c:66:11:3c:01:64:
                    81:38:32:06:69:47:f0:05:87:f3:08:70:8d:f0:3d:
                    ee:37:72:dd:29:58:43:cb:d0:31:dc:06:68:5f:b0:
                    f0:ca:95:b8:63:ff:91:5b:2b:ab:97:52:75:73:c2:
                    54:d6:18:12:da:da:90:15:ae:41:36:f6:54:aa:22:
                    7b:4f:3a:12:8b:02:a9:b1:f5:4d:bc:84:bf:df:81:
                    de:2e:90:22:8c:59:49:0c:34:ed:43:5f:87:dd:b6:
                    d1:f7:2b:10:33:41:95:1d:4c:b4:9d:70:0c:36:f1:
                    43:0a:04:e9:f3:3e:6f:01:21:99:06:cc:05:d0:55:
                    25:ae:e9:53:08:c2:f5:9b:fa:09:46:d5:fc:3a:91:
                    d7:fe:79:fe:77:b3:b3:f0:8b:ce:14:42:a2:55:be:
                    62:36:27:3a:f1:a9:f2:22:14:46:18:8e:47:b2:dc:
                    d0:04:45:25:9e:20:08:97:4b:36:68:10:0d:8b:91:
                    ec:7d:b6:26:28:dc:cf:1d:b3:cc:ac:e4:2c:c4:02:
                    0d:a1:c3:2f:23:ab:55:f1:22:04:75:ce:40:64:0c:
                    ec:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BC:AD:7B:EB:63:13:74:14:CF:06:B3:EE:D2:07:23:1E:0E:ED:58
            X509v3 Authority Key Identifier:
                keyid:E3:63:A9:D7:02:3B:3C:B0:03:29:12:DC:AA:C9:C5:63:C9:0A:97:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/42Op1wI7PLADKRLcqsnFY8kKl3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2d5337-da24-4ce8-a3b7-c302c10ec5c0/1/Ibyte-tjE3QUzwaz7tIHIx4O7Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2d5337-da24-4ce8-a3b7-c302c10ec5c0/1/42Op1wI7PLADKRLcqsnFY8kKl3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:89e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:2d:df:ca:4a:d6:a4:24:42:6b:3d:77:83:4d:2c:f9:35:27:
         0b:5b:01:8e:c1:e4:58:20:f3:08:2b:27:68:a9:f8:54:e5:3d:
         98:d2:39:88:c2:17:2d:64:cb:41:1c:84:86:dc:2c:90:e1:dd:
         bb:7d:df:83:16:00:a9:6f:0b:43:e3:65:d0:42:db:ec:c3:3a:
         7e:23:53:1f:c2:52:8f:5b:22:0a:33:14:61:64:82:b6:68:d9:
         6a:55:4f:5d:e7:eb:e0:75:18:c3:2f:2b:e0:db:62:e7:e0:68:
         52:e8:29:23:74:c9:a3:17:b0:41:c0:ad:07:ad:f2:95:0e:eb:
         9b:21:01:87:33:fe:eb:c2:c5:0d:5b:88:d7:d4:cb:3d:1c:f1:
         31:ef:ea:7e:fb:50:5a:07:79:b4:52:f1:a2:c9:3c:cb:aa:bd:
         38:33:b0:ac:66:24:5b:a2:09:0e:32:3c:32:45:93:21:ba:47:
         40:03:f4:24:4d:e7:7f:46:ba:d5:83:08:f4:02:db:ba:cf:31:
         62:0e:5e:f7:33:da:6b:1b:5a:c1:63:f0:14:4e:72:6a:ec:6e:
         f1:86:71:63:37:95:98:25:d3:50:e2:65:85:6f:d9:dc:75:e5:
         4e:ab:42:47:b4:dc:ab:a9:03:fd:04:c4:eb:20:54:ca:cd:51:
         40:5c:22:d3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlXxm7Dz9dt9fv5GwR2HaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNjNhOWQ3MDIzYjNjYjAwMzI5MTJkY2FhYzljNTYzYzkw
YTk3NzIwHhcNMjQwMTAyMDAzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWJjYWQ3YmViNjMxMzc0MTRjZjA2YjNlZWQyMDcyMzFlMGVlZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQir+Mx9efCJQsePpn6s2S791JeI
xLm4gv6Bh0t1MrlQIXK4RBxsZhE8AWSBODIGaUfwBYfzCHCN8D3uN3LdKVhDy9Ax
3AZoX7DwypW4Y/+RWyurl1J1c8JU1hgS2tqQFa5BNvZUqiJ7TzoSiwKpsfVNvIS/
34HeLpAijFlJDDTtQ1+H3bbR9ysQM0GVHUy0nXAMNvFDCgTp8z5vASGZBswF0FUl
rulTCML1m/oJRtX8OpHX/nn+d7Oz8IvOFEKiVb5iNic68anyIhRGGI5HstzQBEUl
niAIl0s2aBANi5HsfbYmKNzPHbPMrOQsxAINocMvI6tV8SIEdc5AZAzsxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCG8rXvrYxN0FM8Gs+7SByMeDu1YMB8GA1UdIwQY
MBaAFONjqdcCOzywAykS3KrJxWPJCpdyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDJPcDF3STdQTEFES1JMY3FzbkZZOGtLbDNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yZDUzMzctZGEyNC00Y2U4LWEzYjct
YzMwMmMxMGVjNWMwLzEvSWJ5dGUtdGpFM1FVendhejd0SUhJeDRPN1ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yZDUzMzctZGEyNC00Y2U4LWEzYjctYzMwMmMxMGVjNWMw
LzEvNDJPcDF3STdQTEFES1JMY3FzbkZZOGtLbDNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgCJ4DAN
BgkqhkiG9w0BAQsFAAOCAQEAYy3fykrWpCRCaz13g00s+TUnC1sBjsHkWCDzCCsn
aKn4VOU9mNI5iMIXLWTLQRyEhtwskOHdu33fgxYAqW8LQ+Nl0ELb7MM6fiNTH8JS
j1siCjMUYWSCtmjZalVPXefr4HUYwy8r4Nti5+BoUugpI3TJoxewQcCtB63ylQ7r
myEBhzP+68LFDVuI19TLPRzxMe/qfvtQWgd5tFLxosk8y6q9ODOwrGYkW6IJDjI8
MkWTIbpHQAP0JE3nf0a61YMI9ALbus8xYg5e9zPaaxtawWPwFE5yauxu8YZxYzeV
mCXTUOJlhW/Z3HXlTqtCR7Tcq6kD/QTE6yBUys1RQFwi0w==
-----END CERTIFICATE-----