Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/iXKN4-0Q5TmzoftYJ_JehGe7Jog.roa
File:                     iXKN4-0Q5TmzoftYJ_JehGe7Jog.roa (raw, json)
Hash identifier:          TLOzZHT9JaesQDeR6UlNHjxrXdl5xXoy5tsVyYS/i5E=
Subject key identifier:   89:72:8D:E3:ED:10:E5:39:B3:A1:FB:58:27:F2:5E:84:67:BB:26:88
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       018CC64ACC60648A0F49D179549A383AB6A3
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/iXKN4-0Q5TmzoftYJ_JehGe7Jog.roa
Signing time:             Mon 01 Jan 2024 18:30:39 +0000
ROA not before:           Mon 01 Jan 2024 18:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48806
IP address blocks:        185.114.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:cc:60:64:8a:0f:49:d1:79:54:9a:38:3a:b6:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Jan  1 18:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89728de3ed10e539b3a1fb5827f25e8467bb2688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9c:35:84:8a:9d:00:8a:6f:0e:4d:f4:7b:5c:
                    62:38:b7:3c:8e:3a:4f:ca:fe:97:fa:dd:55:3c:8a:
                    44:19:72:ea:0e:09:61:0b:90:ec:8c:6d:ca:11:77:
                    72:02:cd:b5:b2:2c:06:65:47:06:74:42:e5:0c:79:
                    60:4b:a2:4c:23:73:a6:7a:e9:54:3d:58:7b:18:4b:
                    df:01:4c:ee:56:d6:c7:47:62:9e:28:4f:0e:eb:49:
                    78:25:ea:32:b6:23:07:9e:b9:6c:e4:60:bf:7b:9f:
                    ab:25:8f:92:f8:9e:13:bb:ca:58:2f:d8:d8:88:cd:
                    1a:2b:98:1f:89:a5:cd:26:42:00:74:41:5c:e8:44:
                    f2:3d:16:cf:26:f7:1a:92:0d:50:d9:fb:e5:44:9e:
                    db:8b:70:f5:67:21:ba:26:5e:cd:f7:e6:b8:f3:ed:
                    11:2d:56:3e:75:42:5a:94:ba:3c:50:32:ec:ca:a6:
                    12:6f:a2:fe:f8:40:ce:fa:ff:e8:67:dd:8d:d5:88:
                    6a:53:52:02:45:6a:f0:ec:e9:e3:25:83:6e:cc:48:
                    c6:58:2c:55:75:ad:06:8c:ee:9c:11:31:ec:f9:fb:
                    5c:9d:52:9c:31:73:46:71:d0:33:3c:c2:15:46:88:
                    97:19:66:23:db:b3:83:23:31:d3:f5:37:98:fa:b3:
                    c8:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:72:8D:E3:ED:10:E5:39:B3:A1:FB:58:27:F2:5E:84:67:BB:26:88
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/iXKN4-0Q5TmzoftYJ_JehGe7Jog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:5e:55:01:a6:d1:9f:1e:cd:a6:00:32:44:75:3e:52:6b:45:
         13:24:81:42:1b:99:da:d9:11:35:4f:f5:7c:8b:e1:71:91:63:
         98:00:c8:0d:ed:1c:6f:cd:26:6f:3d:d1:9e:c7:e9:76:0f:59:
         7d:24:5d:8f:46:c9:ce:66:b2:ff:a2:c7:13:e9:0a:e0:67:d2:
         3b:ef:94:3f:27:c0:77:28:81:8c:b8:c5:c7:47:e5:eb:72:63:
         e6:b5:22:54:18:d8:cc:5c:a3:b3:81:95:98:5e:b5:28:f5:50:
         15:4f:e3:9d:ab:4a:20:cc:9d:2b:62:1f:dd:4a:4e:a2:a1:b0:
         51:16:97:4b:83:b0:34:06:dd:49:2c:cf:93:99:75:a1:d8:c8:
         31:46:46:96:89:52:26:c1:4c:80:33:09:d2:49:b6:de:4e:b2:
         1b:4d:b0:e1:e1:c9:44:e8:88:ff:bd:63:17:0e:4d:41:be:e4:
         bf:c4:61:f5:3a:fe:44:9f:90:af:0c:c7:d9:6c:f4:e2:a3:61:
         f7:8b:ed:ff:14:37:d4:8e:a0:dd:34:40:41:5e:86:8c:10:68:
         1b:f0:06:16:4c:8b:14:8b:2e:7a:e5:83:6f:c9:17:dd:9d:86:
         95:1a:3d:34:08:dc:cd:ba:12:0a:3e:6d:64:23:2d:bd:44:69:
         51:d6:0f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSsxgZIoPSdF5VJo4OrajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjQwMTAxMTgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTcyOGRlM2VkMTBlNTM5YjNhMWZiNTgyN2YyNWU4NDY3YmIyNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5w1hIqdAIpvDk30e1xiOLc8jjpP
yv6X+t1VPIpEGXLqDglhC5DsjG3KEXdyAs21siwGZUcGdELlDHlgS6JMI3OmeulU
PVh7GEvfAUzuVtbHR2KeKE8O60l4JeoytiMHnrls5GC/e5+rJY+S+J4Tu8pYL9jY
iM0aK5gfiaXNJkIAdEFc6ETyPRbPJvcakg1Q2fvlRJ7bi3D1ZyG6Jl7N9+a48+0R
LVY+dUJalLo8UDLsyqYSb6L++EDO+v/oZ92N1YhqU1ICRWrw7OnjJYNuzEjGWCxV
da0GjO6cETHs+ftcnVKcMXNGcdAzPMIVRoiXGWYj27ODIzHT9TeY+rPIiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlyjePtEOU5s6H7WCfyXoRnuyaIMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvaVhLTjQtMFE1VG16b2Z0WUpfSmVoR2U3Sm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIgMA0G
CSqGSIb3DQEBCwUAA4IBAQBWXlUBptGfHs2mADJEdT5Sa0UTJIFCG5na2RE1T/V8
i+FxkWOYAMgN7RxvzSZvPdGex+l2D1l9JF2PRsnOZrL/oscT6QrgZ9I775Q/J8B3
KIGMuMXHR+XrcmPmtSJUGNjMXKOzgZWYXrUo9VAVT+Odq0ogzJ0rYh/dSk6iobBR
FpdLg7A0Bt1JLM+TmXWh2MgxRkaWiVImwUyAMwnSSbbeTrIbTbDh4clE6Ij/vWMX
Dk1BvuS/xGH1Ov5En5CvDMfZbPTio2H3i+3/FDfUjqDdNEBBXoaMEGgb8AYWTIsU
iy565YNvyRfdnYaVGj00CNzNuhIKPm1kIy29RGlR1g8C
-----END CERTIFICATE-----