Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/IuI5Zp7F6ur4Ejo0oGjR6BvjzpE.roa
File:                     IuI5Zp7F6ur4Ejo0oGjR6BvjzpE.roa (raw, json)
Hash identifier:          JGfY+uNZ77ROLoN13I3ANvYc6UIRM/7LO2Rz9nqOzCc=
Subject key identifier:   22:E2:39:66:9E:C5:EA:EA:F8:12:3A:34:A0:68:D1:E8:1B:E3:CE:91
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       018CC56E32D4679305E676FD4B4795297092
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/IuI5Zp7F6ur4Ejo0oGjR6BvjzpE.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207479
IP address blocks:        81.95.43.0/24 maxlen: 24
                          82.194.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:32:d4:67:93:05:e6:76:fd:4b:47:95:29:70:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22e239669ec5eaeaf8123a34a068d1e81be3ce91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bf:4d:3b:38:bf:05:bd:02:ea:87:e3:bd:39:
                    af:77:b1:8d:7d:de:b3:b5:b8:11:d1:4f:8a:86:f8:
                    8e:c4:fb:89:14:a3:f0:15:a7:5f:ad:45:7d:14:75:
                    61:3a:be:8c:49:f4:8e:f7:1b:62:7f:c5:8c:43:e8:
                    e6:6a:71:4c:86:cd:db:ac:f4:24:e0:38:20:ba:6f:
                    85:bd:9d:a2:7f:9d:a4:f9:e9:b0:e8:8e:ab:64:a3:
                    95:43:ed:2a:89:cb:8e:b0:5c:09:1f:f4:cc:96:47:
                    44:fe:87:e0:0c:42:93:55:65:ca:79:19:dd:08:05:
                    55:22:e6:0f:9f:43:a3:8f:e8:6b:d5:6a:a0:42:34:
                    04:ef:9b:a9:20:e2:09:39:76:2e:9b:97:28:0f:04:
                    a3:74:37:f1:10:44:98:66:be:28:cb:ac:51:34:31:
                    d8:e0:62:6b:bc:a3:9c:de:5f:e0:f6:4b:69:5f:f5:
                    35:ff:58:1c:4b:6b:c4:c1:c8:7a:2f:27:88:68:7f:
                    0c:97:1e:8b:60:54:51:55:36:ed:26:71:1d:1e:be:
                    9e:10:4b:29:72:24:97:dc:c6:e0:09:ed:9b:b3:f2:
                    5f:93:6e:96:00:cf:eb:da:52:2b:c5:81:75:78:84:
                    57:41:87:f1:a7:49:24:37:46:4d:e0:d3:ba:10:55:
                    22:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E2:39:66:9E:C5:EA:EA:F8:12:3A:34:A0:68:D1:E8:1B:E3:CE:91
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/IuI5Zp7F6ur4Ejo0oGjR6BvjzpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.43.0/24
                  82.194.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:39:02:f4:8b:9c:81:61:24:52:0a:0c:af:9b:be:28:ef:97:
         5b:09:7f:fe:70:67:8b:8b:3d:b8:d2:ca:a5:35:84:e4:47:9e:
         a1:61:2f:d4:ff:3a:1f:07:18:ac:6f:82:ac:df:5b:66:27:23:
         15:77:69:54:24:e1:30:f9:b1:c6:48:9f:cd:ee:be:ba:d3:bc:
         cf:2c:12:aa:cf:35:8d:10:27:a6:af:c1:33:26:40:08:e2:f3:
         bf:6b:b0:60:ed:41:c1:0d:4b:97:21:e6:cb:8f:39:7f:09:ce:
         d3:08:4c:d4:6e:19:fa:60:25:b1:86:90:d1:18:34:08:3b:4f:
         3b:23:62:65:fd:07:03:bc:13:99:05:30:0b:c9:e7:1d:9f:ed:
         20:fe:4c:25:fe:63:b7:4f:a1:aa:7e:2c:d8:ae:e4:cb:a8:41:
         21:89:50:3e:4f:4e:69:3f:37:ad:71:b0:21:9e:2b:46:a0:d4:
         b3:4f:ba:33:a2:e6:c6:7a:49:9a:ed:60:33:eb:ba:66:8b:28:
         15:d1:0c:67:0f:a6:17:54:74:90:ac:0e:64:49:01:14:41:f2:
         99:88:6e:c9:f1:86:1f:64:0d:4a:80:27:d5:82:f0:89:c5:42:
         c3:23:0c:a4:42:c4:76:d3:f6:3c:99:d5:4f:9d:ae:ac:d6:58:
         9e:6e:6a:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbjLUZ5MF5nb9S0eVKXCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmUyMzk2NjllYzVlYWVhZjgxMjNhMzRhMDY4ZDFlODFiZTNjZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr9NOzi/Bb0C6ofjvTmvd7GNfd6z
tbgR0U+KhviOxPuJFKPwFadfrUV9FHVhOr6MSfSO9xtif8WMQ+jmanFMhs3brPQk
4Dggum+FvZ2if52k+emw6I6rZKOVQ+0qicuOsFwJH/TMlkdE/ofgDEKTVWXKeRnd
CAVVIuYPn0Ojj+hr1WqgQjQE75upIOIJOXYum5coDwSjdDfxEESYZr4oy6xRNDHY
4GJrvKOc3l/g9ktpX/U1/1gcS2vEwch6LyeIaH8Mlx6LYFRRVTbtJnEdHr6eEEsp
ciSX3MbgCe2bs/Jfk26WAM/r2lIrxYF1eIRXQYfxp0kkN0ZN4NO6EFUiZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCLiOWaexerq+BI6NKBo0egb486RMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvSXVJNVpwN0Y2dXI0RWpvMG9HalI2QnZqenBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUV8rAwQA
UsL4MA0GCSqGSIb3DQEBCwUAA4IBAQAfOQL0i5yBYSRSCgyvm74o75dbCX/+cGeL
iz240sqlNYTkR56hYS/U/zofBxisb4Ks31tmJyMVd2lUJOEw+bHGSJ/N7r6607zP
LBKqzzWNECemr8EzJkAI4vO/a7Bg7UHBDUuXIebLjzl/Cc7TCEzUbhn6YCWxhpDR
GDQIO087I2Jl/QcDvBOZBTALyecdn+0g/kwl/mO3T6GqfizYruTLqEEhiVA+T05p
PzetcbAhnitGoNSzT7ozoubGekma7WAz67pmiygV0QxnD6YXVHSQrA5kSQEUQfKZ
iG7J8YYfZA1KgCfVgvCJxULDIwykQsR20/Y8mdVPna6s1liebmps
-----END CERTIFICATE-----