Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/IlVn5RMVAxJV-n80P_YsBfiQ_oc.roa
File:                     IlVn5RMVAxJV-n80P_YsBfiQ_oc.roa (raw, json)
Hash identifier:          QCbt0bBdFdX+LmMVuaLA0L7M7QFX3dQ0q60DpeHeBlU=
Subject key identifier:   22:55:67:E5:13:15:03:12:55:FA:7F:34:3F:F6:2C:05:F8:90:FE:87
Certificate issuer:       /CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
Certificate serial:       018CC9BCEF7985446C80B8EEDFF00D7D7928
Authority key identifier: 59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/IlVn5RMVAxJV-n80P_YsBfiQ_oc.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201388
IP address blocks:        84.47.154.0/24 maxlen: 24
                          84.47.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ef:79:85:44:6c:80:b8:ee:df:f0:0d:7d:79:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=225567e51315031255fa7f343ff62c05f890fe87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3a:d4:74:93:60:e1:7b:84:93:af:0a:ae:1b:
                    f4:69:e1:72:b2:1f:61:63:42:cc:c8:c8:be:9f:ed:
                    52:81:ee:83:4b:f3:2c:2a:d8:8f:86:e6:65:fc:0f:
                    21:cc:02:bb:4f:55:49:6d:cb:32:93:65:0b:20:2c:
                    31:b1:07:0c:15:2f:9c:9a:17:2c:04:21:14:8c:f8:
                    01:1a:03:7b:43:15:0f:61:e2:57:cc:b3:17:df:cf:
                    7c:d3:56:d4:b1:07:2f:3b:7a:b8:a3:48:e1:8a:b6:
                    22:f8:cc:c7:ac:e1:41:e7:84:f1:f8:77:2b:0f:4b:
                    c2:ee:f7:da:3d:73:1b:ea:a2:03:3e:35:56:44:66:
                    b2:71:a4:e2:50:8f:67:8d:cd:fa:92:14:94:9d:57:
                    9a:97:24:43:c1:7f:df:d0:d5:fd:a6:86:ff:db:6b:
                    d2:57:8f:69:9d:cb:8f:13:d4:49:6e:64:5b:96:01:
                    b3:47:12:33:db:e0:d5:9e:aa:05:3d:34:e1:b9:f2:
                    7a:4d:dc:df:01:f5:d4:00:56:55:7e:18:bd:d5:70:
                    8b:b2:41:2a:4c:6b:c3:3c:56:87:16:f3:3a:1f:a2:
                    99:10:ce:3c:8b:fa:2f:3d:fa:de:4d:e4:3c:a3:e6:
                    91:d7:86:00:04:f5:73:2f:0e:fe:ce:94:6e:2a:3b:
                    b1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:55:67:E5:13:15:03:12:55:FA:7F:34:3F:F6:2C:05:F8:90:FE:87
            X509v3 Authority Key Identifier:
                keyid:59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/IlVn5RMVAxJV-n80P_YsBfiQ_oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:63:95:f2:81:ae:78:b0:98:4c:11:65:4a:9e:90:e5:47:05:
         30:ab:ba:26:db:90:d6:66:1c:35:a7:91:19:a9:f0:af:e3:06:
         7c:be:0a:26:52:5a:38:9b:a2:11:6d:d4:bb:67:29:fa:93:aa:
         ea:be:36:65:72:e6:c2:98:44:63:62:1c:63:04:8f:cb:19:1a:
         55:44:85:42:27:aa:e3:69:8c:dc:c2:87:aa:df:aa:1e:37:74:
         70:fe:0a:97:1d:9f:9d:40:57:90:b7:6c:a2:a5:3d:70:f4:65:
         f2:7a:38:34:eb:7e:ca:34:5b:8d:21:c3:57:ec:71:6c:e0:e2:
         dd:35:cd:6e:c3:ba:bb:4b:e2:8a:dc:cd:72:f4:d8:50:54:19:
         ca:8c:51:d0:bb:2e:eb:63:5f:e1:ca:30:ca:de:71:ff:e5:fe:
         12:2c:33:13:5e:64:e9:a5:71:20:08:01:0e:41:4f:6e:9a:2a:
         60:bb:ea:a6:6c:3b:af:a7:40:51:c2:da:7f:77:89:28:5a:52:
         c8:81:85:36:d3:19:6c:99:96:12:66:ed:6b:28:3f:23:de:6f:
         77:1a:80:c9:f1:29:4e:44:a7:b3:54:e5:05:1b:f6:67:61:ad:
         b5:b6:68:66:97:e0:a9:e1:85:45:2d:41:96:cf:42:9d:7a:fb:
         15:9e:6f:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvO95hURsgLju3/ANfXkoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGQ1NDI3ODE4NTFjMGJjZTVhM2VhNWNjMzg3NjUwZmZj
ODI3N2UwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjU1NjdlNTEzMTUwMzEyNTVmYTdmMzQzZmY2MmMwNWY4OTBmZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDrUdJNg4XuEk68Krhv0aeFysh9h
Y0LMyMi+n+1Sge6DS/MsKtiPhuZl/A8hzAK7T1VJbcsyk2ULICwxsQcMFS+cmhcs
BCEUjPgBGgN7QxUPYeJXzLMX389801bUsQcvO3q4o0jhirYi+MzHrOFB54Tx+Hcr
D0vC7vfaPXMb6qIDPjVWRGaycaTiUI9njc36khSUnVealyRDwX/f0NX9pob/22vS
V49pncuPE9RJbmRblgGzRxIz2+DVnqoFPTThufJ6TdzfAfXUAFZVfhi91XCLskEq
TGvDPFaHFvM6H6KZEM48i/ovPfreTeQ8o+aR14YABPVzLw7+zpRuKjuxFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJVZ+UTFQMSVfp/ND/2LAX4kP6HMB8GA1UdIwQY
MBaAFFndVCeBhRwLzlo+pcw4dlD/yCd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYt
NDdlMDkzNzk4OWE4LzEvSWxWbjVSTVZBeEpWLW44MFBfWXNCZmlRX29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYtNDdlMDkzNzk4OWE4
LzEvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVC+aMA0G
CSqGSIb3DQEBCwUAA4IBAQA2Y5Xyga54sJhMEWVKnpDlRwUwq7om25DWZhw1p5EZ
qfCv4wZ8vgomUlo4m6IRbdS7Zyn6k6rqvjZlcubCmERjYhxjBI/LGRpVRIVCJ6rj
aYzcwoeq36oeN3Rw/gqXHZ+dQFeQt2yipT1w9GXyejg0637KNFuNIcNX7HFs4OLd
Nc1uw7q7S+KK3M1y9NhQVBnKjFHQuy7rY1/hyjDK3nH/5f4SLDMTXmTppXEgCAEO
QU9umipgu+qmbDuvp0BRwtp/d4koWlLIgYU20xlsmZYSZu1rKD8j3m93GoDJ8SlO
RKezVOUFG/ZnYa21tmhml+Cp4YVFLUGWz0KdevsVnm9z
-----END CERTIFICATE-----