Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/ikN4SSSIJdpATfbTuF1aqPVQm8w.roa
File:                     ikN4SSSIJdpATfbTuF1aqPVQm8w.roa (raw, json)
Hash identifier:          gunzQ7zSHNaZSvXp8QC6wdbsRU0gF2fXQubVjTHi9K8=
Subject key identifier:   8A:43:78:49:24:88:25:DA:40:4D:F6:D3:B8:5D:5A:A8:F5:50:9B:CC
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       019427485BA4D2831F769C798CEE2B1F1AB7
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/ikN4SSSIJdpATfbTuF1aqPVQm8w.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8468
IP address blocks:        151.236.208.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5b:a4:d2:83:1f:76:9c:79:8c:ee:2b:1f:1a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a437849248825da404df6d3b85d5aa8f5509bcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:86:f5:47:96:7b:a2:39:c9:1d:01:62:74:2c:
                    1d:30:0f:4f:ea:bb:fa:32:82:6d:12:7a:26:50:8c:
                    5a:70:bb:0a:0a:fb:e1:c5:6c:28:96:a3:16:ee:29:
                    57:7a:b5:4d:34:02:c5:31:a3:61:c3:e6:95:76:f1:
                    3a:f9:4b:60:03:80:7e:41:3b:6c:99:a6:08:36:9c:
                    57:2b:12:1f:38:00:34:e1:e1:db:94:55:ad:d7:c3:
                    9c:99:25:57:24:55:20:d1:fb:ac:7b:a5:6d:4e:1f:
                    7f:ea:11:92:0a:9f:d1:f9:39:9c:88:19:f7:ce:a8:
                    a7:48:72:ae:fd:65:93:ba:59:8d:f6:e2:27:92:b3:
                    77:33:c9:42:7d:c8:68:1a:8e:78:c2:34:64:89:b1:
                    1b:01:90:3c:84:3e:f3:32:c8:31:b5:cd:67:e9:5c:
                    0d:40:9e:1d:67:82:a8:b6:03:3e:63:0a:22:60:f0:
                    a7:d0:f6:ac:4e:1d:c5:b4:82:e5:3e:25:5e:84:cc:
                    c2:e4:ae:9e:73:c6:e0:0a:8b:db:4a:c9:32:57:09:
                    10:67:62:2d:ae:fa:3f:ff:85:31:a7:9f:be:64:75:
                    84:b0:16:d9:ce:25:bf:d5:0b:1f:c0:6c:6b:f0:c9:
                    e2:4b:7c:75:1b:2d:ef:9b:c9:19:ff:53:66:ff:8b:
                    c3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:43:78:49:24:88:25:DA:40:4D:F6:D3:B8:5D:5A:A8:F5:50:9B:CC
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/ikN4SSSIJdpATfbTuF1aqPVQm8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.236.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:ab:5f:8b:0a:3c:c5:6a:8f:61:b2:f8:1f:36:2e:58:56:97:
         09:61:ad:2f:f5:4a:52:62:40:6a:3e:15:32:44:72:80:ae:c5:
         92:00:76:ce:8d:db:68:6a:a1:68:d7:80:5d:32:4f:b8:9e:a3:
         66:19:a9:bf:92:41:5c:b9:ae:11:46:4c:fc:2c:d5:28:30:30:
         d9:79:ae:6e:b3:dd:c7:5e:a8:4a:5a:88:60:d0:79:7a:c1:1d:
         e1:0f:51:6b:ef:c3:b7:f0:d3:8c:a2:48:52:64:2c:5b:c3:c9:
         c0:2d:67:49:90:ee:a1:41:f7:e6:e2:44:6d:2b:5e:a4:5f:0a:
         5e:73:2e:86:23:59:d5:ec:0b:e8:c7:74:b8:f2:29:e0:11:76:
         6c:81:5e:8b:2d:58:19:c0:d6:b0:1d:6c:b0:25:34:76:19:79:
         7f:14:b1:98:af:09:0a:7d:b6:c8:27:ef:88:fb:26:0c:9d:02:
         77:02:08:11:66:f7:20:1a:cb:d6:9e:76:b8:a7:bf:75:a1:93:
         9e:c0:9c:69:98:7b:45:c8:c7:41:bc:5c:46:2b:84:e8:78:be:
         af:3d:bd:20:18:4b:27:2e:2b:27:d7:08:b4:38:52:b3:5a:80:
         10:57:ba:47:60:32:9c:e9:47:b3:74:01:04:15:cb:d2:ea:06:
         86:9d:e9:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFuk0oMfdpx5jO4rHxq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQzNzg0OTI0ODgyNWRhNDA0ZGY2ZDNiODVkNWFhOGY1NTA5YmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyob1R5Z7ojnJHQFidCwdMA9P6rv6
MoJtEnomUIxacLsKCvvhxWwolqMW7ilXerVNNALFMaNhw+aVdvE6+UtgA4B+QTts
maYINpxXKxIfOAA04eHblFWt18OcmSVXJFUg0fuse6VtTh9/6hGSCp/R+TmciBn3
zqinSHKu/WWTulmN9uInkrN3M8lCfchoGo54wjRkibEbAZA8hD7zMsgxtc1n6VwN
QJ4dZ4KotgM+YwoiYPCn0PasTh3FtILlPiVehMzC5K6ec8bgCovbSskyVwkQZ2It
rvo//4Uxp5++ZHWEsBbZziW/1QsfwGxr8MniS3x1Gy3vm8kZ/1Nm/4vDxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpDeEkkiCXaQE3207hdWqj1UJvMMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvaWtONFNTU0lKZHBBVGZiVHVGMWFxUFZRbTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBl+zQMA0G
CSqGSIb3DQEBCwUAA4IBAQBhq1+LCjzFao9hsvgfNi5YVpcJYa0v9UpSYkBqPhUy
RHKArsWSAHbOjdtoaqFo14BdMk+4nqNmGam/kkFcua4RRkz8LNUoMDDZea5us93H
XqhKWohg0Hl6wR3hD1Fr78O38NOMokhSZCxbw8nALWdJkO6hQffm4kRtK16kXwpe
cy6GI1nV7Avox3S48ingEXZsgV6LLVgZwNawHWywJTR2GXl/FLGYrwkKfbbIJ++I
+yYMnQJ3AggRZvcgGsvWnna4p791oZOewJxpmHtFyMdBvFxGK4ToeL6vPb0gGEsn
Lisn1wi0OFKzWoAQV7pHYDKc6UezdAEEFcvS6gaGnenk
-----END CERTIFICATE-----