Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/IBrrmjKlJxJTlpB2KCWAHr1hdz4.roa
File:                     IBrrmjKlJxJTlpB2KCWAHr1hdz4.roa (raw, json)
Hash identifier:          Qtmcha4EFtR3vtp6WPP0yQyrSxHUj8/8orjVuqpz6dg=
Subject key identifier:   20:1A:EB:9A:32:A5:27:12:53:96:90:76:28:25:80:1E:BD:61:77:3E
Certificate issuer:       /CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
Certificate serial:       018CC6B836AEBB1259421E58B27D32E7EB9C
Authority key identifier: 24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/IBrrmjKlJxJTlpB2KCWAHr1hdz4.roa
Signing time:             Mon 01 Jan 2024 20:30:10 +0000
ROA not before:           Mon 01 Jan 2024 20:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20922
IP address blocks:        193.188.192.0/23 maxlen: 23
                          193.188.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:36:ae:bb:12:59:42:1e:58:b2:7d:32:e7:eb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
        Validity
            Not Before: Jan  1 20:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=201aeb9a32a52712539690762825801ebd61773e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:78:64:4c:04:dc:66:09:b8:0f:a0:b3:85:50:
                    37:7b:0e:78:5a:db:ba:96:53:8d:ab:3a:6b:cc:b5:
                    b3:4a:03:c3:4b:a0:40:09:88:f8:ef:90:70:8d:14:
                    c0:62:6c:72:e1:77:d0:d9:0e:51:e4:6a:3e:96:62:
                    8d:62:96:92:94:9a:e1:74:6f:29:54:cb:b0:70:7d:
                    e1:dd:24:c9:47:6d:4e:1c:8a:db:3b:27:26:ff:95:
                    84:58:62:d3:48:dd:af:ae:4a:0b:9c:f8:c3:a2:8c:
                    2a:74:8c:25:7c:a3:2a:be:48:92:1e:68:ab:96:eb:
                    98:9e:ec:e8:5f:84:3e:70:19:49:5d:96:55:94:3b:
                    39:66:b7:e1:66:d8:cd:5a:16:1c:9e:82:87:a2:82:
                    18:c0:b9:9b:27:2d:3d:be:a7:4b:6d:c8:ab:9a:40:
                    c8:ae:0a:65:a3:8d:46:0f:75:52:7f:6a:b3:4e:11:
                    35:a1:b1:b9:18:f3:22:5c:0f:74:7c:46:8e:a6:2d:
                    39:71:58:6e:12:07:69:a9:5a:a4:af:dd:bb:cf:e2:
                    af:7f:50:96:b2:5c:4c:77:20:32:e7:e9:c5:84:f3:
                    8a:5f:0a:ed:80:ac:3f:38:de:db:ac:3f:ae:07:7b:
                    b8:e6:a0:9b:f8:73:f7:83:14:29:b9:d8:03:17:8e:
                    1b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:1A:EB:9A:32:A5:27:12:53:96:90:76:28:25:80:1E:BD:61:77:3E
            X509v3 Authority Key Identifier:
                keyid:24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/IBrrmjKlJxJTlpB2KCWAHr1hdz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:db:43:43:a0:6b:c4:98:b2:44:3b:70:8f:65:05:2b:cf:a5:
         fd:4d:9d:c8:ba:2e:6b:c2:38:26:db:08:f5:40:c9:2d:d5:f7:
         06:25:42:32:56:64:70:ca:8e:ef:8b:11:9c:7d:58:ad:2b:4e:
         96:75:49:c7:68:61:5b:2d:1e:59:52:57:4f:b0:d6:52:4f:ef:
         0a:9e:fd:47:77:aa:1f:93:0c:30:06:6d:0e:67:1c:1a:6f:7a:
         ca:78:2e:ef:d9:5e:d5:fc:6c:46:ce:9a:ec:98:cb:94:bb:8a:
         5e:74:f2:d6:c3:e9:b7:d8:3d:f0:2b:c4:10:fd:79:f8:74:e0:
         e0:b5:a0:a4:4a:09:8e:d7:e3:8d:c4:97:98:7b:af:ad:26:f1:
         6d:2b:ea:03:53:5c:3e:d1:5b:70:c1:40:c2:2c:45:75:d3:fa:
         eb:15:52:20:3d:4b:3e:26:ae:ea:53:77:7b:83:40:9d:87:79:
         45:61:ae:91:31:9f:ea:bc:30:1f:56:b4:6b:84:6e:e1:07:85:
         53:74:80:71:70:ef:f1:e0:8b:f9:37:5e:d7:2c:b6:eb:df:8d:
         27:63:9d:17:d4:56:94:b0:5f:3a:99:1b:34:4b:db:ba:ed:4a:
         3c:d6:a1:5d:31:c9:1b:75:59:51:de:9f:e2:0e:3a:ef:da:60:
         47:d6:53:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuDauuxJZQh5Ysn0y5+ucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0OGY1ZTI2ZjFjMDhmNDQ4NmM5OTExYzhiNjA5ZWFlOGI2
Y2I3NGQwHhcNMjQwMTAxMjAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDFhZWI5YTMyYTUyNzEyNTM5NjkwNzYyODI1ODAxZWJkNjE3NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHhkTATcZgm4D6CzhVA3ew54Wtu6
llONqzprzLWzSgPDS6BACYj475BwjRTAYmxy4XfQ2Q5R5Go+lmKNYpaSlJrhdG8p
VMuwcH3h3STJR21OHIrbOycm/5WEWGLTSN2vrkoLnPjDoowqdIwlfKMqvkiSHmir
luuYnuzoX4Q+cBlJXZZVlDs5ZrfhZtjNWhYcnoKHooIYwLmbJy09vqdLbcirmkDI
rgplo41GD3VSf2qzThE1obG5GPMiXA90fEaOpi05cVhuEgdpqVqkr927z+Kvf1CW
slxMdyAy5+nFhPOKXwrtgKw/ON7brD+uB3u45qCb+HP3gxQpudgDF44b9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAa65oypScSU5aQdiglgB69YXc+MB8GA1UdIwQY
MBaAFCSPXibxwI9EhsmRHItgnq6LbLdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYt
MDEzN2IxZjc1ZDAyLzEvSUJycm1qS2xKeEpUbHBCMktDV0FIcjFoZHo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYtMDEzN2IxZjc1ZDAy
LzEvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbzAMA0G
CSqGSIb3DQEBCwUAA4IBAQA520NDoGvEmLJEO3CPZQUrz6X9TZ3Iui5rwjgm2wj1
QMkt1fcGJUIyVmRwyo7vixGcfVitK06WdUnHaGFbLR5ZUldPsNZST+8Knv1Hd6of
kwwwBm0OZxwab3rKeC7v2V7V/GxGzprsmMuUu4pedPLWw+m32D3wK8QQ/Xn4dODg
taCkSgmO1+ONxJeYe6+tJvFtK+oDU1w+0VtwwUDCLEV10/rrFVIgPUs+Jq7qU3d7
g0Cdh3lFYa6RMZ/qvDAfVrRrhG7hB4VTdIBxcO/x4Iv5N17XLLbr340nY50X1FaU
sF86mRs0S9u67Uo81qFdMckbdVlR3p/iDjrv2mBH1lPm
-----END CERTIFICATE-----