Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/iIllXOhTLIFlw3uLJYq6owxk4oY.roa
File:                     iIllXOhTLIFlw3uLJYq6owxk4oY.roa (raw, json)
Hash identifier:          HzncVs48U4rmJzjueXzmxR5qTiQFdeFWlybfVa6ItwU=
Subject key identifier:   88:89:65:5C:E8:53:2C:81:65:C3:7B:8B:25:8A:BA:A3:0C:64:E2:86
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018D69C7C63EE275E82893D24AD02BA392E1
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/iIllXOhTLIFlw3uLJYq6owxk4oY.roa
Signing time:             Fri 02 Feb 2024 12:25:16 +0000
ROA not before:           Fri 02 Feb 2024 12:25:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135983
IP address blocks:        2a0e:cbc3:8000::/33 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:c7:c6:3e:e2:75:e8:28:93:d2:4a:d0:2b:a3:92:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Feb  2 12:25:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8889655ce8532c8165c37b8b258abaa30c64e286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:92:ef:e5:33:85:72:c4:11:4a:0a:95:db:4e:
                    3c:4d:9e:57:16:7d:05:3e:69:cb:d6:a7:ad:ac:bd:
                    f5:1b:05:73:6b:da:8d:a9:17:86:77:58:d9:49:25:
                    64:53:cd:e2:73:fa:e1:83:ab:00:7d:d7:19:6d:7c:
                    4b:95:a7:11:6b:b7:08:99:5c:40:e0:c5:63:cd:ec:
                    33:1d:a4:46:1d:bf:7b:eb:f7:be:16:d1:c5:fe:98:
                    2c:57:98:93:d4:2a:9b:0a:a5:3d:5e:e2:5e:5d:03:
                    11:52:be:03:91:dd:18:34:a5:6c:ca:6d:2c:da:4d:
                    30:b3:ea:0b:76:65:55:48:dd:4e:49:94:30:06:87:
                    6e:b8:d4:ad:92:f0:77:21:54:03:b8:29:5b:eb:e9:
                    0b:c7:86:44:f4:1b:90:46:aa:fb:45:6e:74:57:f6:
                    dc:98:83:b8:7f:d0:24:53:ef:3f:c4:14:f5:59:ed:
                    49:d3:c3:c8:e9:0a:87:76:8f:97:be:95:34:b4:71:
                    c7:d2:e4:cb:6b:8b:03:53:9c:ec:b8:c6:52:95:2a:
                    04:e8:4d:1f:c0:88:fd:0a:58:6c:97:d5:53:de:05:
                    42:52:7c:8b:bb:63:f3:a8:71:b7:a8:85:0a:27:a4:
                    99:7a:18:2b:c2:84:e5:af:62:99:32:39:57:1d:17:
                    b7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:89:65:5C:E8:53:2C:81:65:C3:7B:8B:25:8A:BA:A3:0C:64:E2:86
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/iIllXOhTLIFlw3uLJYq6owxk4oY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:cbc3:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         42:ab:9e:d5:f8:55:3e:a1:20:f8:ae:7d:5f:a7:2e:53:a6:e5:
         0a:f0:f1:00:13:ad:28:af:04:b7:ae:a7:83:ab:46:b4:b9:00:
         d6:4a:80:85:2e:73:49:24:43:60:a4:b7:2a:ed:b3:63:e7:22:
         46:ee:b3:b2:31:2f:05:14:18:24:c9:e3:a4:1a:66:53:e8:24:
         6c:42:75:94:be:96:08:e9:1e:43:fc:3c:33:6a:74:bd:d4:2f:
         c4:b3:95:89:ab:dc:2e:d5:d4:6c:50:9f:f2:ba:ec:f8:5c:e0:
         06:44:e0:63:bd:73:69:1d:1a:d0:d7:af:63:1f:01:92:17:00:
         3a:f9:42:6d:67:f5:c8:6f:ed:80:d3:0e:a3:6e:2d:98:e6:99:
         9a:8d:e9:6d:fb:79:28:e6:29:8e:ae:41:88:38:ea:d3:39:53:
         b1:0b:ce:ef:39:30:5f:8c:33:20:02:0e:3f:4f:47:d5:b2:e4:
         9d:b8:66:6e:e7:7f:87:70:50:2c:1a:a1:5a:f8:3a:1a:a0:2d:
         af:e6:ff:09:2e:63:04:6a:f3:7b:3e:9a:38:d6:5a:15:bb:bc:
         f0:c3:30:b6:ee:dc:52:f8:d8:fb:b0:eb:46:83:3f:92:b4:72:
         e6:25:ee:77:db:33:c5:00:17:0a:41:1f:ee:c0:bd:0d:70:e8:
         a1:ae:47:de
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY1px8Y+4nXoKJPSStAro5LhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMjAyMTIyNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg5NjU1Y2U4NTMyYzgxNjVjMzdiOGIyNThhYmFhMzBjNjRlMjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZLv5TOFcsQRSgqV2048TZ5XFn0F
PmnL1qetrL31GwVza9qNqReGd1jZSSVkU83ic/rhg6sAfdcZbXxLlacRa7cImVxA
4MVjzewzHaRGHb976/e+FtHF/pgsV5iT1CqbCqU9XuJeXQMRUr4Dkd0YNKVsym0s
2k0ws+oLdmVVSN1OSZQwBoduuNStkvB3IVQDuClb6+kLx4ZE9BuQRqr7RW50V/bc
mIO4f9AkU+8/xBT1We1J08PI6QqHdo+XvpU0tHHH0uTLa4sDU5zsuMZSlSoE6E0f
wIj9Clhsl9VT3gVCUnyLu2PzqHG3qIUKJ6SZehgrwoTlr2KZMjlXHRe3AQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIiJZVzoUyyBZcN7iyWKuqMMZOKGMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvaUlsbFhPaFRMSUZsdzN1TEpZcTZvd3hrNG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYHKg7Lw4Aw
DQYJKoZIhvcNAQELBQADggEBAEKrntX4VT6hIPiufV+nLlOm5Qrw8QATrSivBLeu
p4OrRrS5ANZKgIUuc0kkQ2Cktyrts2PnIkbus7IxLwUUGCTJ46QaZlPoJGxCdZS+
lgjpHkP8PDNqdL3UL8SzlYmr3C7V1GxQn/K67Phc4AZE4GO9c2kdGtDXr2MfAZIX
ADr5Qm1n9chv7YDTDqNuLZjmmZqN6W37eSjmKY6uQYg46tM5U7ELzu85MF+MMyAC
Dj9PR9Wy5J24Zm7nf4dwUCwaoVr4OhqgLa/m/wkuYwRq83s+mjjWWhW7vPDDMLbu
3FL42Puw60aDP5K0cuYl7nfbM8UAFwpBH+7AvQ1w6KGuR94=
-----END CERTIFICATE-----