Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iji0IOf7Ve7nQ3ZrdXo87aA-of8.roa
File:                     iji0IOf7Ve7nQ3ZrdXo87aA-of8.roa (raw, json)
Hash identifier:          DxHdQ4C1J4Ii/BI0BajdGzq8awfli8Yg0HPKwiRPbyw=
Subject key identifier:   8A:38:B4:20:E7:FB:55:EE:E7:43:76:6B:75:7A:3C:ED:A0:3E:A1:FF
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018D381BF14F76712293B99B8F918EA8AC95
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iji0IOf7Ve7nQ3ZrdXo87aA-of8.roa
Signing time:             Tue 23 Jan 2024 20:56:11 +0000
ROA not before:           Tue 23 Jan 2024 20:56:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400175
IP address blocks:        194.26.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:38:1b:f1:4f:76:71:22:93:b9:9b:8f:91:8e:a8:ac:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jan 23 20:56:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a38b420e7fb55eee743766b757a3ceda03ea1ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:14:66:b7:b0:96:46:10:94:d1:5d:f3:c4:ef:
                    f5:e8:25:89:71:43:8b:c3:31:1a:78:6e:6c:0f:09:
                    b9:c0:e9:c0:ea:b9:85:74:65:cf:78:af:e9:6e:f4:
                    2e:c5:1b:75:38:11:41:a0:52:bf:74:e4:d8:95:1c:
                    74:1c:d7:cc:d3:65:3f:b8:9d:cd:df:98:29:33:9e:
                    8b:3b:17:3d:6b:73:e5:f8:c9:0d:f1:69:db:14:14:
                    b4:8d:3f:d0:89:81:f4:d6:de:bc:20:59:25:e1:b0:
                    22:c8:03:2e:05:1e:f7:96:f1:92:8f:62:3c:4c:c6:
                    d2:70:cd:60:7b:56:5c:93:6f:10:ad:d7:ca:aa:e9:
                    40:62:64:33:de:e5:4e:25:94:90:a9:3b:2a:72:c3:
                    01:0d:f2:27:95:ad:9e:f0:35:80:00:12:ce:c9:e0:
                    68:33:a4:ab:aa:53:76:23:43:ce:3f:df:e1:68:f8:
                    7b:52:25:13:2c:5e:44:81:40:c4:e9:ca:58:1e:94:
                    13:94:51:aa:9e:0f:a7:06:42:5a:22:31:82:e9:5c:
                    d2:92:46:45:d1:10:7a:ff:9b:bc:6f:22:11:6f:eb:
                    44:28:f4:29:62:e6:99:b0:8b:22:72:b7:bc:ca:c9:
                    4a:0e:3c:7c:c9:7a:c7:21:2d:01:3f:de:5b:24:90:
                    7c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:38:B4:20:E7:FB:55:EE:E7:43:76:6B:75:7A:3C:ED:A0:3E:A1:FF
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iji0IOf7Ve7nQ3ZrdXo87aA-of8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:14:79:36:e8:19:45:69:e9:af:29:c9:16:6f:89:31:72:43:
         1d:08:0f:6c:41:b7:6e:e0:81:18:28:bb:3d:f5:b8:74:17:43:
         d7:44:3c:7d:c4:32:6a:5a:8a:91:0e:d8:59:67:3e:64:7d:43:
         69:80:3a:66:ca:b0:83:b0:b6:ec:fc:07:44:85:bc:4f:d6:3b:
         ca:1a:4a:a8:ee:fb:8d:1c:d7:4a:4f:88:95:a6:55:6d:a9:3c:
         32:cd:bc:33:b7:9e:6e:c1:29:57:39:72:71:6b:e1:9e:43:35:
         cd:8f:fb:2c:a3:43:ae:9e:dc:36:6e:2c:7e:8d:95:63:eb:81:
         1c:9a:f2:dd:6b:8d:2c:f7:0c:be:40:fb:a3:4f:60:5d:b0:49:
         e1:e6:fd:d2:4f:5a:3d:48:f7:70:bc:ab:b5:a6:d2:a0:63:d8:
         dd:d2:4f:c0:7d:0c:49:37:cc:49:81:d3:34:80:9c:b8:22:94:
         12:2b:3f:77:6a:c4:47:f9:ab:46:06:f0:55:7b:e5:fe:6f:1e:
         7d:4e:a4:1e:05:32:b2:a6:5a:4c:7b:58:95:6b:ff:fd:11:cc:
         c3:58:ad:26:e5:b9:57:4c:77:13:aa:a3:12:1d:e5:6d:dd:dd:
         07:04:95:24:03:40:34:d2:eb:bc:d8:9d:b6:d6:0d:e5:5d:17:
         a9:03:af:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY04G/FPdnEik7mbj5GOqKyVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMTIzMjA1NjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTM4YjQyMGU3ZmI1NWVlZTc0Mzc2NmI3NTdhM2NlZGEwM2VhMWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxRmt7CWRhCU0V3zxO/16CWJcUOL
wzEaeG5sDwm5wOnA6rmFdGXPeK/pbvQuxRt1OBFBoFK/dOTYlRx0HNfM02U/uJ3N
35gpM56LOxc9a3Pl+MkN8WnbFBS0jT/QiYH01t68IFkl4bAiyAMuBR73lvGSj2I8
TMbScM1ge1Zck28QrdfKqulAYmQz3uVOJZSQqTsqcsMBDfInla2e8DWAABLOyeBo
M6SrqlN2I0POP9/haPh7UiUTLF5EgUDE6cpYHpQTlFGqng+nBkJaIjGC6VzSkkZF
0RB6/5u8byIRb+tEKPQpYuaZsIsicre8yslKDjx8yXrHIS0BP95bJJB8BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIo4tCDn+1Xu50N2a3V6PO2gPqH/MB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvaWppMElPZjdWZTduUTNacmRYbzg3YUEtb2Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrfMA0G
CSqGSIb3DQEBCwUAA4IBAQBSFHk26BlFaemvKckWb4kxckMdCA9sQbdu4IEYKLs9
9bh0F0PXRDx9xDJqWoqRDthZZz5kfUNpgDpmyrCDsLbs/AdEhbxP1jvKGkqo7vuN
HNdKT4iVplVtqTwyzbwzt55uwSlXOXJxa+GeQzXNj/sso0Ountw2bix+jZVj64Ec
mvLda40s9wy+QPujT2BdsEnh5v3ST1o9SPdwvKu1ptKgY9jd0k/AfQxJN8xJgdM0
gJy4IpQSKz93asRH+atGBvBVe+X+bx59TqQeBTKyplpMe1iVa//9EczDWK0m5blX
THcTqqMSHeVt3d0HBJUkA0A00uu82J221g3lXRepA6/B
-----END CERTIFICATE-----