Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/sKOGTGMrWrZPQX-J7l7m7b9mOww.roa
File:                     sKOGTGMrWrZPQX-J7l7m7b9mOww.roa (raw, json)
Hash identifier:          aO0qjF80YILaufwJQlq93qBWxJYyVeumRnFNFYgwl10=
Subject key identifier:   B0:A3:86:4C:63:2B:5A:B6:4F:41:7F:89:EE:5E:E6:ED:BF:66:3B:0C
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019307C3045CB3F1DB6188C4E1DA23454B81
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/sKOGTGMrWrZPQX-J7l7m7b9mOww.roa
Signing time:             Thu 07 Nov 2024 17:54:01 +0000
ROA not before:           Thu 07 Nov 2024 17:54:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.126.158.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:07:c3:04:5c:b3:f1:db:61:88:c4:e1:da:23:45:4b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Nov  7 17:54:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0a3864c632b5ab64f417f89ee5ee6edbf663b0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f1:ad:bd:cc:4c:fe:14:7a:af:2c:0c:64:0c:
                    72:ca:5b:cd:af:d1:7b:fa:8c:5f:05:6e:72:32:70:
                    a9:b9:9a:28:1d:bf:e7:56:03:3a:04:df:09:ef:dd:
                    d7:b2:3b:79:da:de:6d:15:93:d8:ac:c6:65:35:95:
                    57:d7:da:10:b4:bf:51:bd:90:98:ee:a6:20:cf:62:
                    04:5e:5c:6f:a2:f4:07:6c:5b:e6:0d:b7:1a:83:52:
                    35:c6:df:fa:01:b2:7a:0f:8b:47:69:5a:19:07:07:
                    db:8c:30:55:19:e8:17:db:3c:d8:8d:43:33:bd:b6:
                    6b:b3:7d:a2:b1:49:d1:e6:97:33:de:80:e9:41:f8:
                    bd:60:b4:eb:fe:66:72:bf:4c:ea:a2:85:2b:b8:19:
                    3f:36:7e:13:ae:29:f2:61:6d:4b:5c:4c:48:b2:8e:
                    ac:be:f9:d7:ed:89:b2:ec:19:df:f0:d1:df:e1:04:
                    e1:32:94:4f:4d:5e:2b:54:65:1c:96:56:0f:7a:e5:
                    be:4e:a1:57:7a:b7:f5:1f:8b:ee:5d:72:50:46:50:
                    34:88:a5:11:05:37:f6:d8:b8:67:24:f9:83:64:4b:
                    eb:fb:f1:97:71:c4:6a:c1:74:66:ff:e1:35:48:62:
                    e5:63:5c:13:5d:b6:3f:21:0c:b2:28:22:14:be:31:
                    43:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:A3:86:4C:63:2B:5A:B6:4F:41:7F:89:EE:5E:E6:ED:BF:66:3B:0C
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/sKOGTGMrWrZPQX-J7l7m7b9mOww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:6e:67:41:68:15:2d:2c:52:5c:a5:85:e6:1e:6c:db:17:29:
         f0:98:b4:ce:0c:c7:78:4d:a0:21:68:aa:31:53:26:99:d1:66:
         74:eb:b2:60:77:df:f5:f4:86:cc:b1:6d:bc:d0:e8:c6:39:9e:
         72:69:f3:ce:ce:a3:4b:de:fd:77:26:dd:90:d3:a5:c6:d9:ca:
         97:33:00:56:cd:af:3a:e3:b9:3c:12:83:b1:27:ed:75:29:07:
         c4:f9:d3:79:a4:19:10:bd:13:cb:8c:1c:f9:00:8a:60:ba:78:
         b2:14:d7:69:92:9d:63:b9:05:85:1e:15:07:4e:7a:81:47:4c:
         ec:a0:76:fd:d9:cc:f4:69:5a:16:44:04:82:97:44:91:34:01:
         8d:4f:0b:5c:80:98:3c:9a:08:49:64:5a:0d:d2:aa:e0:1a:58:
         d8:f1:9a:78:81:c0:17:0f:29:61:1e:a8:97:ca:5d:c4:6b:b4:
         fc:22:1f:57:1a:aa:8d:52:5b:a6:ae:2e:06:bf:e4:d2:7c:b1:
         6c:04:e2:17:90:1d:47:61:00:dd:35:28:31:8f:9a:07:0b:e8:
         3b:c0:41:03:39:63:cb:0f:7e:aa:14:31:a2:f6:6d:9f:85:ae:
         1a:09:d6:70:46:7d:45:99:f8:66:f0:93:b1:56:78:86:1d:3e:
         f3:30:9c:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMHwwRcs/HbYYjE4dojRUuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQxMTA3MTc1NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGEzODY0YzYzMmI1YWI2NGY0MTdmODllZTVlZTZlZGJmNjYzYjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPGtvcxM/hR6rywMZAxyylvNr9F7
+oxfBW5yMnCpuZooHb/nVgM6BN8J793Xsjt52t5tFZPYrMZlNZVX19oQtL9RvZCY
7qYgz2IEXlxvovQHbFvmDbcag1I1xt/6AbJ6D4tHaVoZBwfbjDBVGegX2zzYjUMz
vbZrs32isUnR5pcz3oDpQfi9YLTr/mZyv0zqooUruBk/Nn4TrinyYW1LXExIso6s
vvnX7Ymy7Bnf8NHf4QThMpRPTV4rVGUcllYPeuW+TqFXerf1H4vuXXJQRlA0iKUR
BTf22LhnJPmDZEvr+/GXccRqwXRm/+E1SGLlY1wTXbY/IQyyKCIUvjFDvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCjhkxjK1q2T0F/ie5e5u2/ZjsMMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvc0tPR1RHTXJXclpQUVgtSjdsN203YjltT3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6eMA0G
CSqGSIb3DQEBCwUAA4IBAQBgbmdBaBUtLFJcpYXmHmzbFynwmLTODMd4TaAhaKox
UyaZ0WZ067Jgd9/19IbMsW280OjGOZ5yafPOzqNL3v13Jt2Q06XG2cqXMwBWza86
47k8EoOxJ+11KQfE+dN5pBkQvRPLjBz5AIpguniyFNdpkp1juQWFHhUHTnqBR0zs
oHb92cz0aVoWRASCl0SRNAGNTwtcgJg8mghJZFoN0qrgGljY8Zp4gcAXDylhHqiX
yl3Ea7T8Ih9XGqqNUlumri4Gv+TSfLFsBOIXkB1HYQDdNSgxj5oHC+g7wEEDOWPL
D36qFDGi9m2fha4aCdZwRn1Fmfhm8JOxVniGHT7zMJxk
-----END CERTIFICATE-----