Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/1ac271-6be9-4a14-8616-465a333ab444/1/iKKb1X29tTU2k_RZJyC1P6S0W1I.roa
File:                     iKKb1X29tTU2k_RZJyC1P6S0W1I.roa (raw, json)
Hash identifier:          JYbd5SDgMPm4EIN7ny/Mr7yif1cItUNdM4vZHpLmqsU=
Subject key identifier:   88:A2:9B:D5:7D:BD:B5:35:36:93:F4:59:27:20:B5:3F:A4:B4:5B:52
Certificate issuer:       /CN=8d843b57d0afcc112fe389668bf675d80d8223da
Certificate serial:       019420685B5343BD2965B8A89E5D383ACC3D
Authority key identifier: 8D:84:3B:57:D0:AF:CC:11:2F:E3:89:66:8B:F6:75:D8:0D:82:23:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYQ7V9CvzBEv44lmi_Z12A2CI9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/1ac271-6be9-4a14-8616-465a333ab444/1/iKKb1X29tTU2k_RZJyC1P6S0W1I.roa
Signing time:             Wed 01 Jan 2025 05:48:17 +0000
ROA not before:           Wed 01 Jan 2025 05:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199979
IP address blocks:        193.22.131.0/24 maxlen: 24
                          212.11.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/1ac271-6be9-4a14-8616-465a333ab444/1/jYQ7V9CvzBEv44lmi_Z12A2CI9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/1ac271-6be9-4a14-8616-465a333ab444/1/jYQ7V9CvzBEv44lmi_Z12A2CI9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYQ7V9CvzBEv44lmi_Z12A2CI9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5b:53:43:bd:29:65:b8:a8:9e:5d:38:3a:cc:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d843b57d0afcc112fe389668bf675d80d8223da
        Validity
            Not Before: Jan  1 05:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88a29bd57dbdb5353693f4592720b53fa4b45b52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:03:1c:0f:48:af:5d:f4:d7:27:ae:14:01:70:
                    1f:10:ff:56:31:f3:13:c5:3b:85:a3:fa:ec:d2:ec:
                    1f:99:6d:78:bf:8b:b4:66:5e:92:7f:2d:14:ec:d2:
                    8c:d1:e2:fb:f1:48:4d:2f:8a:08:7f:bc:3a:66:d6:
                    8e:eb:bc:c1:61:15:7b:39:a1:54:f0:e0:c6:79:b0:
                    27:7a:28:58:7d:63:04:2e:3f:1f:f5:70:60:3d:68:
                    c7:13:c6:e2:34:51:c5:30:98:c5:b3:aa:30:cb:7e:
                    cc:15:b8:38:17:d3:2f:dc:e9:ee:24:bb:ca:b0:53:
                    55:69:da:8c:91:fd:73:ac:ff:2b:c2:b8:c6:26:02:
                    a2:f9:98:7e:e5:37:f1:58:18:2f:3e:c3:3b:8c:78:
                    72:7d:b0:53:fe:e2:45:83:56:4d:64:c9:5d:01:73:
                    0a:84:f7:44:34:1c:ac:44:9e:34:21:02:29:7a:56:
                    9b:dd:ce:6a:26:35:f7:3e:d7:d6:1a:55:f5:17:6c:
                    88:73:af:ac:20:c2:ce:3b:b4:9b:1b:11:44:8b:08:
                    ba:61:12:a7:f0:cb:24:59:e2:f9:18:45:9f:c7:3c:
                    2b:3a:f2:7a:33:fa:49:d2:15:df:a6:c1:92:9d:9d:
                    67:26:26:00:06:da:46:33:c4:7c:0b:c8:a7:04:1f:
                    27:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A2:9B:D5:7D:BD:B5:35:36:93:F4:59:27:20:B5:3F:A4:B4:5B:52
            X509v3 Authority Key Identifier:
                keyid:8D:84:3B:57:D0:AF:CC:11:2F:E3:89:66:8B:F6:75:D8:0D:82:23:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYQ7V9CvzBEv44lmi_Z12A2CI9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/1ac271-6be9-4a14-8616-465a333ab444/1/iKKb1X29tTU2k_RZJyC1P6S0W1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/1ac271-6be9-4a14-8616-465a333ab444/1/jYQ7V9CvzBEv44lmi_Z12A2CI9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.131.0/24
                  212.11.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:93:d4:7c:af:e6:8d:1d:51:67:31:4e:91:68:20:3b:fa:4b:
         67:3c:ca:de:f0:98:dc:87:24:4a:9d:96:d4:a2:d9:25:c7:4e:
         1a:51:4e:ed:eb:2f:86:9a:48:11:86:5a:72:9c:9a:b8:b6:98:
         7c:9c:60:7f:cc:d1:57:6a:a5:85:eb:60:1f:de:f1:54:e2:90:
         fd:58:6f:37:05:06:a1:40:bf:01:6e:a0:12:17:79:39:47:44:
         fd:bf:85:ea:09:13:a8:ee:f3:67:6f:db:08:86:bd:f7:26:56:
         34:56:ab:2a:0e:ad:4c:e1:2f:5b:9d:99:aa:29:67:5a:67:20:
         48:7b:18:55:6f:81:36:ef:1d:33:4d:e4:91:f6:1c:5c:88:e2:
         bd:55:a8:b0:79:63:e7:1c:d4:7b:4a:a6:6c:0c:f6:e7:32:b4:
         64:55:f8:b8:b0:a1:b4:cd:7d:1d:49:de:cb:e2:3c:32:da:e5:
         75:1f:4c:66:ef:64:05:2d:b1:ac:30:86:85:a7:e7:08:f2:55:
         fb:86:ab:94:cd:4e:a5:59:1d:fd:f3:e2:64:d6:c9:fa:fb:b9:
         3b:b7:d6:d5:03:a9:1d:f4:37:07:b1:8b:f4:82:2e:62:90:c0:
         3e:38:59:d5:c7:c4:0a:5a:ee:93:b0:c0:1f:f9:d2:0f:e6:48:
         52:68:ec:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaFtTQ70pZbionl04Osw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQzYjU3ZDBhZmNjMTEyZmUzODk2NjhiZjY3NWQ4MGQ4
MjIzZGEwHhcNMjUwMTAxMDU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEyOWJkNTdkYmRiNTM1MzY5M2Y0NTkyNzIwYjUzZmE0YjQ1YjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwMcD0ivXfTXJ64UAXAfEP9WMfMT
xTuFo/rs0uwfmW14v4u0Zl6Sfy0U7NKM0eL78UhNL4oIf7w6ZtaO67zBYRV7OaFU
8ODGebAneihYfWMELj8f9XBgPWjHE8biNFHFMJjFs6owy37MFbg4F9Mv3OnuJLvK
sFNVadqMkf1zrP8rwrjGJgKi+Zh+5TfxWBgvPsM7jHhyfbBT/uJFg1ZNZMldAXMK
hPdENBysRJ40IQIpelab3c5qJjX3PtfWGlX1F2yIc6+sIMLOO7SbGxFEiwi6YRKn
8MskWeL5GEWfxzwrOvJ6M/pJ0hXfpsGSnZ1nJiYABtpGM8R8C8inBB8nVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIiim9V9vbU1NpP0WScgtT+ktFtSMB8GA1UdIwQY
MBaAFI2EO1fQr8wRL+OJZov2ddgNgiPaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallRN1Y5Q3Z6QkV2NDRsbWlfWjEyQTJDSTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8xYWMyNzEtNmJlOS00YTE0LTg2MTYt
NDY1YTMzM2FiNDQ0LzEvaUtLYjFYMjl0VFUya19SWkp5QzFQNlMwVzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8xYWMyNzEtNmJlOS00YTE0LTg2MTYtNDY1YTMzM2FiNDQ0
LzEvallRN1Y5Q3Z6QkV2NDRsbWlfWjEyQTJDSTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRaDAwQA
1AtcMA0GCSqGSIb3DQEBCwUAA4IBAQBjk9R8r+aNHVFnMU6RaCA7+ktnPMre8Jjc
hyRKnZbUotklx04aUU7t6y+GmkgRhlpynJq4tph8nGB/zNFXaqWF62Af3vFU4pD9
WG83BQahQL8BbqASF3k5R0T9v4XqCROo7vNnb9sIhr33JlY0VqsqDq1M4S9bnZmq
KWdaZyBIexhVb4E27x0zTeSR9hxciOK9VaiweWPnHNR7SqZsDPbnMrRkVfi4sKG0
zX0dSd7L4jwy2uV1H0xm72QFLbGsMIaFp+cI8lX7hquUzU6lWR398+Jk1sn6+7k7
t9bVA6kd9DcHsYv0gi5ikMA+OFnVx8QKWu6TsMAf+dIP5khSaOzX
-----END CERTIFICATE-----