Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/44cbb0-1aee-4490-ac52-c941e6a9139f/1/ibbUyELQhKjbyC4vGuBJQ9JvHI4.roa
File:                     ibbUyELQhKjbyC4vGuBJQ9JvHI4.roa (raw, json)
Hash identifier:          yhXWbPVrcUcuC8qY1sWv2JnA+afHPBx2Lp6OeW/psOg=
Subject key identifier:   89:B6:D4:C8:42:D0:84:A8:DB:C8:2E:2F:1A:E0:49:43:D2:6F:1C:8E
Certificate issuer:       /CN=f9c256745bd273c9186ae296368a2117d3d2cad9
Certificate serial:       018CC3B69B45744DB8465ADDE23EB1B2BBCA
Authority key identifier: F9:C2:56:74:5B:D2:73:C9:18:6A:E2:96:36:8A:21:17:D3:D2:CA:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-cJWdFvSc8kYauKWNoohF9PSytk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/44cbb0-1aee-4490-ac52-c941e6a9139f/1/ibbUyELQhKjbyC4vGuBJQ9JvHI4.roa
Signing time:             Mon 01 Jan 2024 06:29:33 +0000
ROA not before:           Mon 01 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39307
IP address blocks:        185.210.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/44cbb0-1aee-4490-ac52-c941e6a9139f/1/1-cJWdFvSc8kYauKWNoohF9PSytk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/44cbb0-1aee-4490-ac52-c941e6a9139f/1/1-cJWdFvSc8kYauKWNoohF9PSytk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-cJWdFvSc8kYauKWNoohF9PSytk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 15:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9b:45:74:4d:b8:46:5a:dd:e2:3e:b1:b2:bb:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9c256745bd273c9186ae296368a2117d3d2cad9
        Validity
            Not Before: Jan  1 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89b6d4c842d084a8dbc82e2f1ae04943d26f1c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:59:ab:e9:05:7b:56:95:a9:69:2d:14:4a:f2:
                    6e:fe:45:dd:d0:e8:f0:52:23:6e:54:c9:88:b6:6c:
                    25:b3:33:12:fa:c8:d8:c9:18:4f:e0:19:a3:19:43:
                    48:1c:9b:5a:34:6b:52:f0:76:2f:f7:7b:c7:8d:44:
                    c6:1b:7c:6f:da:90:de:23:9a:c9:11:ee:37:55:d0:
                    5a:e0:0c:73:f9:99:d5:90:81:d3:ce:a5:25:5d:f5:
                    fc:3a:c6:16:de:cd:01:1f:8c:43:56:55:cb:cf:bd:
                    7f:35:c8:69:e7:15:b4:ce:4b:9e:49:b4:09:18:43:
                    26:d0:6b:da:af:1b:c8:5b:43:ca:c1:3b:1f:01:cc:
                    06:e0:3f:ad:1c:f0:b2:47:60:6d:1d:60:e7:02:aa:
                    d1:14:25:4e:86:0b:ad:06:d7:74:58:fb:d7:08:50:
                    e2:e4:11:5e:92:a5:cd:dd:5a:d9:b8:27:2b:2e:ac:
                    83:4b:ec:58:af:1f:ec:02:1f:1a:a5:46:64:d2:84:
                    84:c2:da:85:85:ac:05:16:e1:50:81:93:3a:ac:8d:
                    74:ba:2c:58:7e:81:85:6c:f0:8b:ae:f8:7f:16:ef:
                    21:c9:0e:be:e8:9f:4d:fc:ca:75:70:76:37:68:01:
                    30:c8:3f:4a:90:8b:72:e7:87:18:2f:e6:a8:e9:57:
                    8a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B6:D4:C8:42:D0:84:A8:DB:C8:2E:2F:1A:E0:49:43:D2:6F:1C:8E
            X509v3 Authority Key Identifier:
                keyid:F9:C2:56:74:5B:D2:73:C9:18:6A:E2:96:36:8A:21:17:D3:D2:CA:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-cJWdFvSc8kYauKWNoohF9PSytk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/44cbb0-1aee-4490-ac52-c941e6a9139f/1/ibbUyELQhKjbyC4vGuBJQ9JvHI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/44cbb0-1aee-4490-ac52-c941e6a9139f/1/1-cJWdFvSc8kYauKWNoohF9PSytk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:7a:d2:73:85:3c:99:93:97:dd:71:6e:8c:68:1d:24:06:93:
         31:06:b5:f8:e8:3e:10:74:fd:4a:83:98:db:07:2a:1a:95:96:
         b3:47:a9:58:a3:88:3b:56:a1:2d:6a:86:0d:6a:f1:5b:ec:db:
         1c:e4:29:d6:bc:9d:01:2d:d8:8f:12:3d:31:d6:49:79:91:a1:
         de:01:5e:99:78:f3:d1:c3:3d:44:36:b6:bd:7a:9c:6d:48:da:
         df:c8:8c:50:43:af:3d:3e:3e:be:90:1d:0d:6b:d5:d2:38:89:
         6b:10:b8:24:5a:79:f1:6a:cf:23:cf:c3:d6:aa:b6:22:e5:96:
         d5:4c:8d:ea:13:cc:2d:aa:b9:9d:76:6d:9d:49:34:ad:6e:a9:
         50:6b:4b:b2:3d:72:0c:7d:73:39:50:35:57:b2:5f:52:9e:98:
         d2:93:62:dd:48:f6:d2:76:2c:bd:50:d4:63:fd:50:bd:9a:aa:
         28:6c:83:c1:9d:42:5f:be:44:39:63:54:87:d3:83:4a:72:51:
         14:38:13:a1:32:04:4f:90:5e:c3:1e:d8:40:d6:0a:5a:76:a1:
         69:98:3d:14:c8:d3:86:a6:26:b9:67:67:40:ed:4a:6b:fa:8f:
         fe:e8:c4:c7:69:bf:9b:13:dc:13:68:ec:fd:bd:5d:97:dc:35:
         bb:ba:79:5b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtptFdE24Rlrd4j6xsrvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5YzI1Njc0NWJkMjczYzkxODZhZTI5NjM2OGEyMTE3ZDNk
MmNhZDkwHhcNMjQwMTAxMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWI2ZDRjODQyZDA4NGE4ZGJjODJlMmYxYWUwNDk0M2QyNmYxYzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFmr6QV7VpWpaS0USvJu/kXd0Ojw
UiNuVMmItmwlszMS+sjYyRhP4BmjGUNIHJtaNGtS8HYv93vHjUTGG3xv2pDeI5rJ
Ee43VdBa4Axz+ZnVkIHTzqUlXfX8OsYW3s0BH4xDVlXLz71/Nchp5xW0zkueSbQJ
GEMm0GvarxvIW0PKwTsfAcwG4D+tHPCyR2BtHWDnAqrRFCVOhgutBtd0WPvXCFDi
5BFekqXN3VrZuCcrLqyDS+xYrx/sAh8apUZk0oSEwtqFhawFFuFQgZM6rI10uixY
foGFbPCLrvh/Fu8hyQ6+6J9N/Mp1cHY3aAEwyD9KkIty54cYL+ao6VeKxQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIm21MhC0ISo28guLxrgSUPSbxyOMB8GA1UdIwQY
MBaAFPnCVnRb0nPJGGriljaKIRfT0srZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1jSldkRnZTYzhrWWF1S1dOb29oRjlQU3l0ay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWQvNDRjYmIwLTFhZWUtNDQ5MC1hYzUy
LWM5NDFlNmE5MTM5Zi8xL2liYlV5RUxRaEtqYnlDNHZHdUJKUTlKdkhJNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWQvNDRjYmIwLTFhZWUtNDQ5MC1hYzUyLWM5NDFlNmE5MTM5
Zi8xLzEtY0pXZEZ2U2M4a1lhdUtXTm9vaEY5UFN5dGsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC50qAw
DQYJKoZIhvcNAQELBQADggEBABp60nOFPJmTl91xboxoHSQGkzEGtfjoPhB0/UqD
mNsHKhqVlrNHqVijiDtWoS1qhg1q8Vvs2xzkKda8nQEt2I8SPTHWSXmRod4BXpl4
89HDPUQ2tr16nG1I2t/IjFBDrz0+Pr6QHQ1r1dI4iWsQuCRaefFqzyPPw9aqtiLl
ltVMjeoTzC2quZ12bZ1JNK1uqVBrS7I9cgx9czlQNVeyX1KemNKTYt1I9tJ2LL1Q
1GP9UL2aqihsg8GdQl++RDljVIfTg0pyURQ4E6EyBE+QXsMe2EDWClp2oWmYPRTI
04amJrlnZ0DtSmv6j/7oxMdpv5sT3BNo7P29XZfcNbu6eVs=
-----END CERTIFICATE-----