Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/aef8a4-28c8-4a96-9ecc-50d895d4ae23/1/IlCFYvdSTHLMvKy9xBz7qFdtqoE.roa
File:                     IlCFYvdSTHLMvKy9xBz7qFdtqoE.roa (raw, json)
Hash identifier:          wkMHg1ngbES+fewuakbPgdLWqsdyi97YPzuJNSxpZtw=
Subject key identifier:   22:50:85:62:F7:52:4C:72:CC:BC:AC:BD:C4:1C:FB:A8:57:6D:AA:81
Certificate issuer:       /CN=8c3bad6ae491643d075e21cba859ef28e26e3c79
Certificate serial:       018CCA2A43B0B202CDEC12542B4E3C4E6196
Authority key identifier: 8C:3B:AD:6A:E4:91:64:3D:07:5E:21:CB:A8:59:EF:28:E2:6E:3C:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jDutauSRZD0HXiHLqFnvKOJuPHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/aef8a4-28c8-4a96-9ecc-50d895d4ae23/1/IlCFYvdSTHLMvKy9xBz7qFdtqoE.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58174
IP address blocks:        91.239.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/aef8a4-28c8-4a96-9ecc-50d895d4ae23/1/jDutauSRZD0HXiHLqFnvKOJuPHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/aef8a4-28c8-4a96-9ecc-50d895d4ae23/1/jDutauSRZD0HXiHLqFnvKOJuPHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jDutauSRZD0HXiHLqFnvKOJuPHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:43:b0:b2:02:cd:ec:12:54:2b:4e:3c:4e:61:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c3bad6ae491643d075e21cba859ef28e26e3c79
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22508562f7524c72ccbcacbdc41cfba8576daa81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a0:3f:77:21:56:28:4a:e0:18:73:9e:f8:64:
                    7f:13:5d:24:6c:cd:82:3d:24:29:e4:c6:58:7b:fb:
                    e3:da:21:f1:14:28:ad:70:2c:a6:ee:eb:99:99:83:
                    c1:9e:23:a0:50:d9:29:a9:53:04:98:5c:3e:9d:b0:
                    48:3f:19:03:76:29:63:0a:a0:c8:3d:ff:b1:10:69:
                    ab:d2:59:43:d6:21:3b:71:ab:9e:4e:e0:a0:5a:34:
                    0a:0f:88:3a:1a:aa:01:a5:bb:c5:7a:cf:85:c4:ce:
                    90:28:5f:c9:67:81:de:0a:2a:b3:65:f9:fa:e2:05:
                    b8:a8:6a:49:92:6b:74:be:1d:42:f9:c7:c6:0d:3d:
                    08:c3:4f:07:76:b6:b5:0a:a3:48:3e:c7:0a:0e:38:
                    80:95:7d:dc:f0:a9:1c:15:28:b1:fc:ee:5e:6d:db:
                    1d:c2:27:3d:25:0d:36:64:ef:9d:3d:fa:4f:68:df:
                    4e:27:79:80:65:1b:62:b1:50:9a:ea:8a:8f:2e:80:
                    22:8b:f6:db:82:4d:a2:93:55:36:94:cf:e2:41:b9:
                    96:cf:0d:32:cd:41:c6:6c:f3:3c:20:5f:76:d9:ed:
                    60:dc:c7:28:b4:a8:54:ee:39:dd:15:43:13:4a:f8:
                    fc:88:39:6c:11:4d:26:6a:29:29:e1:36:50:ab:02:
                    e8:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:50:85:62:F7:52:4C:72:CC:BC:AC:BD:C4:1C:FB:A8:57:6D:AA:81
            X509v3 Authority Key Identifier:
                keyid:8C:3B:AD:6A:E4:91:64:3D:07:5E:21:CB:A8:59:EF:28:E2:6E:3C:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDutauSRZD0HXiHLqFnvKOJuPHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aef8a4-28c8-4a96-9ecc-50d895d4ae23/1/IlCFYvdSTHLMvKy9xBz7qFdtqoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/aef8a4-28c8-4a96-9ecc-50d895d4ae23/1/jDutauSRZD0HXiHLqFnvKOJuPHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:48:e6:e5:1b:ff:b4:92:7f:08:12:b1:ec:b3:18:f3:a6:b7:
         b8:1c:10:d2:00:cc:68:a8:4a:e7:79:83:a0:f3:63:da:ed:34:
         41:57:94:b3:b8:b1:0b:f5:89:b2:c8:3a:52:c5:99:ce:a3:59:
         47:e1:22:34:5d:7d:ea:b4:f2:fc:a7:29:2a:dc:d0:8a:21:59:
         e9:33:25:75:43:d6:77:86:dd:53:8a:92:43:d4:12:11:d9:20:
         24:5f:7c:b1:06:0f:04:0f:34:7a:5d:13:12:f5:15:8e:81:8a:
         a9:1d:23:b0:d8:d5:e8:b5:e5:9e:b1:e5:6d:c3:9d:65:c7:3f:
         19:0e:89:eb:58:20:b3:50:e2:6c:e9:4a:0e:f6:02:ee:a2:dd:
         33:f2:fe:0b:8f:5d:42:8e:a5:17:8c:97:21:2d:61:35:7a:67:
         c6:74:fc:a6:cc:c6:ca:f5:9a:c4:f0:04:40:bb:82:92:ba:be:
         4a:3a:65:f5:84:68:b0:12:9d:64:0d:7b:f1:7c:9f:76:45:73:
         1a:72:3c:cd:c6:c9:f2:f7:7b:b0:b9:54:7c:d7:c4:ea:d0:b2:
         c7:f4:bf:59:94:31:6d:8e:87:c4:ca:41:d4:e7:4f:3e:3d:08:
         fc:ce:c9:eb:6b:ee:e6:20:a0:6b:fc:01:84:d2:e8:a6:d8:bd:
         61:51:50:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkOwsgLN7BJUK048TmGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjM2JhZDZhZTQ5MTY0M2QwNzVlMjFjYmE4NTllZjI4ZTI2
ZTNjNzkwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjUwODU2MmY3NTI0YzcyY2NiY2FjYmRjNDFjZmJhODU3NmRhYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6A/dyFWKErgGHOe+GR/E10kbM2C
PSQp5MZYe/vj2iHxFCitcCym7uuZmYPBniOgUNkpqVMEmFw+nbBIPxkDdiljCqDI
Pf+xEGmr0llD1iE7caueTuCgWjQKD4g6GqoBpbvFes+FxM6QKF/JZ4HeCiqzZfn6
4gW4qGpJkmt0vh1C+cfGDT0Iw08Hdra1CqNIPscKDjiAlX3c8KkcFSix/O5ebdsd
wic9JQ02ZO+dPfpPaN9OJ3mAZRtisVCa6oqPLoAii/bbgk2ik1U2lM/iQbmWzw0y
zUHGbPM8IF922e1g3McotKhU7jndFUMTSvj8iDlsEU0maikp4TZQqwLoYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJQhWL3UkxyzLysvcQc+6hXbaqBMB8GA1UdIwQY
MBaAFIw7rWrkkWQ9B14hy6hZ7yjibjx5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakR1dGF1U1JaRDBIWGlITHFGbnZLT0p1UEhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hZWY4YTQtMjhjOC00YTk2LTllY2Mt
NTBkODk1ZDRhZTIzLzEvSWxDRll2ZFNUSExNdkt5OXhCejdxRmR0cW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hZWY4YTQtMjhjOC00YTk2LTllY2MtNTBkODk1ZDRhZTIz
LzEvakR1dGF1U1JaRDBIWGlITHFGbnZLT0p1UEhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+97MA0G
CSqGSIb3DQEBCwUAA4IBAQCbSOblG/+0kn8IErHssxjzpre4HBDSAMxoqErneYOg
82Pa7TRBV5SzuLEL9YmyyDpSxZnOo1lH4SI0XX3qtPL8pykq3NCKIVnpMyV1Q9Z3
ht1TipJD1BIR2SAkX3yxBg8EDzR6XRMS9RWOgYqpHSOw2NXoteWeseVtw51lxz8Z
DonrWCCzUOJs6UoO9gLuot0z8v4Lj11CjqUXjJchLWE1emfGdPymzMbK9ZrE8ARA
u4KSur5KOmX1hGiwEp1kDXvxfJ92RXMacjzNxsny93uwuVR818Tq0LLH9L9ZlDFt
jofEykHU508+PQj8zsnra+7mIKBr/AGE0uim2L1hUVAb
-----END CERTIFICATE-----