Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/IyoYjd4oLeZCTeLzBxckH_GSzAo.roa
File:                     IyoYjd4oLeZCTeLzBxckH_GSzAo.roa (raw, json)
Hash identifier:          FQ6NIKwuKsK/n9l1JPU5oSFXw4lKag17UGMiBJWsL70=
Subject key identifier:   23:2A:18:8D:DE:28:2D:E6:42:4D:E2:F3:07:17:24:1F:F1:92:CC:0A
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC795265CD453048A767B92DD470A1E0B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/IyoYjd4oLeZCTeLzBxckH_GSzAo.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44834
IP address blocks:        193.233.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:26:5c:d4:53:04:8a:76:7b:92:dd:47:0a:1e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=232a188dde282de6424de2f30717241ff192cc0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:df:bf:2e:e4:3b:e6:3b:10:ac:f0:f3:ed:e2:
                    23:b2:5c:ad:4d:78:53:a3:57:43:9d:39:80:35:7a:
                    57:bd:32:6d:81:8f:e9:71:4d:5b:7a:4b:42:a3:3c:
                    95:2e:7a:68:ce:1f:a7:2c:82:66:fa:79:e3:1d:32:
                    05:c6:5f:9b:46:0a:ae:86:4f:98:df:72:96:4e:02:
                    9b:a5:fa:f9:43:b1:fa:1d:90:44:32:a1:4a:a5:5b:
                    63:cc:1b:69:7c:8b:49:63:0f:88:4b:67:bb:1d:1a:
                    1f:45:d9:c1:5a:26:94:2e:3d:74:19:2a:76:d4:5d:
                    dd:94:77:b4:d3:34:c3:8b:87:0a:c4:79:ad:cb:56:
                    c3:bc:ee:bc:1c:aa:5d:ea:d9:3c:b2:38:13:d8:fa:
                    24:24:ea:4b:53:99:ff:4e:53:bc:89:9e:7f:e4:07:
                    f6:ce:8c:6e:6e:99:29:02:ec:15:84:7e:32:3e:07:
                    a4:3c:27:ed:13:91:77:9b:f4:09:ff:00:c7:c0:d8:
                    7c:38:2b:27:a6:2e:0c:6a:17:70:8f:25:62:3c:2a:
                    60:31:0f:50:15:e2:aa:64:14:14:ad:28:96:10:b5:
                    a7:95:5c:92:af:45:4f:84:84:c6:3d:8d:7b:ef:a7:
                    71:40:b1:a9:77:70:6f:3d:b4:ed:5d:dd:b9:93:86:
                    05:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2A:18:8D:DE:28:2D:E6:42:4D:E2:F3:07:17:24:1F:F1:92:CC:0A
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/IyoYjd4oLeZCTeLzBxckH_GSzAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:23:f0:2e:55:00:2c:f9:94:c4:a7:da:5b:b6:47:c5:0b:72:
         1c:9a:d4:80:4e:88:db:50:b7:ca:92:f4:3d:9c:83:9e:24:ec:
         a2:48:3a:ac:c8:9d:f7:f5:16:83:67:79:8e:11:e7:b8:65:e1:
         95:87:a1:8c:71:b0:e4:d8:08:9a:21:4a:da:a4:e0:0a:16:55:
         f3:12:0b:2e:b4:ca:4f:3d:ec:f4:25:a7:03:c0:5d:28:b8:2b:
         40:e1:06:9b:35:32:c8:c6:ca:08:dd:52:5c:6f:f9:cd:7e:50:
         0b:b4:9f:ca:7e:80:9f:92:50:37:d6:df:13:2c:5c:a0:31:62:
         0b:34:05:40:4e:2a:9d:3b:28:15:ce:4b:48:dd:f7:6b:63:c0:
         6d:c7:c0:4f:41:0e:65:14:fa:57:9b:40:18:a1:83:18:ce:1f:
         5c:9b:80:d0:5e:bf:69:7f:92:69:03:e9:9e:f8:1a:7c:25:c3:
         29:1b:1f:78:fe:f2:a9:65:f1:50:68:1a:fd:1f:92:4b:c4:e2:
         3b:74:09:4a:99:02:95:f3:3d:67:3d:b3:5e:59:b3:d5:c6:ad:
         3f:22:06:99:e3:16:81:55:94:aa:d8:2c:91:cf:9f:8e:80:7a:
         14:85:06:2f:33:f3:4b:cd:43:aa:d9:76:6f:99:40:ae:37:45:
         5e:21:24:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSZc1FMEinZ7kt1HCh4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzJhMTg4ZGRlMjgyZGU2NDI0ZGUyZjMwNzE3MjQxZmYxOTJjYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApN+/LuQ75jsQrPDz7eIjslytTXhT
o1dDnTmANXpXvTJtgY/pcU1bektCozyVLnpozh+nLIJm+nnjHTIFxl+bRgquhk+Y
33KWTgKbpfr5Q7H6HZBEMqFKpVtjzBtpfItJYw+IS2e7HRofRdnBWiaULj10GSp2
1F3dlHe00zTDi4cKxHmty1bDvO68HKpd6tk8sjgT2PokJOpLU5n/TlO8iZ5/5Af2
zoxubpkpAuwVhH4yPgekPCftE5F3m/QJ/wDHwNh8OCsnpi4MahdwjyViPCpgMQ9Q
FeKqZBQUrSiWELWnlVySr0VPhITGPY1776dxQLGpd3BvPbTtXd25k4YFJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMqGI3eKC3mQk3i8wcXJB/xkswKMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvSXlvWWpkNG9MZVpDVGVMekJ4Y2tIX0dTekFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweloMA0G
CSqGSIb3DQEBCwUAA4IBAQCMI/AuVQAs+ZTEp9pbtkfFC3IcmtSATojbULfKkvQ9
nIOeJOyiSDqsyJ339RaDZ3mOEee4ZeGVh6GMcbDk2AiaIUrapOAKFlXzEgsutMpP
Pez0JacDwF0ouCtA4QabNTLIxsoI3VJcb/nNflALtJ/KfoCfklA31t8TLFygMWIL
NAVATiqdOygVzktI3fdrY8Btx8BPQQ5lFPpXm0AYoYMYzh9cm4DQXr9pf5JpA+me
+Bp8JcMpGx94/vKpZfFQaBr9H5JLxOI7dAlKmQKV8z1nPbNeWbPVxq0/IgaZ4xaB
VZSq2CyRz5+OgHoUhQYvM/NLzUOq2XZvmUCuN0VeISSn
-----END CERTIFICATE-----