Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/6919ad-33a5-43c0-8ca2-9d4a66ab3ff2/1/IsFlxznr2DXMgO0eZAaQ4ftpals.roa
File:                     IsFlxznr2DXMgO0eZAaQ4ftpals.roa (raw, json)
Hash identifier:          zxInshWaFQPf9n1N2k3G5WQAIyg+b3+46U7/5jDuAO8=
Subject key identifier:   22:C1:65:C7:39:EB:D8:35:CC:80:ED:1E:64:06:90:E1:FB:69:6A:5B
Certificate issuer:       /CN=eda26c408fc67b752734cc997f3630dbaf6f606f
Certificate serial:       018CCA2B3DF580F21B089963CE1A38A64795
Authority key identifier: ED:A2:6C:40:8F:C6:7B:75:27:34:CC:99:7F:36:30:DB:AF:6F:60:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7aJsQI_Ge3UnNMyZfzYw269vYG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/6919ad-33a5-43c0-8ca2-9d4a66ab3ff2/1/IsFlxznr2DXMgO0eZAaQ4ftpals.roa
Signing time:             Tue 02 Jan 2024 12:34:40 +0000
ROA not before:           Tue 02 Jan 2024 12:34:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25166
IP address blocks:        193.201.172.0/24 maxlen: 24
                          2001:67c:16b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/6919ad-33a5-43c0-8ca2-9d4a66ab3ff2/1/7aJsQI_Ge3UnNMyZfzYw269vYG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/6919ad-33a5-43c0-8ca2-9d4a66ab3ff2/1/7aJsQI_Ge3UnNMyZfzYw269vYG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7aJsQI_Ge3UnNMyZfzYw269vYG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:3d:f5:80:f2:1b:08:99:63:ce:1a:38:a6:47:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eda26c408fc67b752734cc997f3630dbaf6f606f
        Validity
            Not Before: Jan  2 12:34:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22c165c739ebd835cc80ed1e640690e1fb696a5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:00:17:77:fd:dd:bb:1b:88:8e:24:a9:06:88:
                    ca:0e:47:58:83:ec:32:27:3b:0b:14:60:d9:a2:04:
                    5a:04:bf:84:4f:e7:4c:40:29:02:3c:69:e2:d4:2b:
                    56:e2:7d:e9:27:89:3e:ae:49:79:c6:1c:1f:4f:31:
                    59:4c:58:64:19:03:fa:12:78:2c:18:51:81:89:2d:
                    e9:90:51:c0:54:3f:93:60:a9:df:2d:fa:6b:75:09:
                    db:c8:39:0d:95:bf:c6:8d:d3:03:03:4d:bd:a5:bf:
                    0c:45:a3:d7:84:c3:25:a3:2a:df:fe:12:4d:12:ab:
                    ea:92:23:76:bd:25:fd:4e:c1:43:ec:47:b2:d5:7c:
                    c9:9f:9f:4f:91:d0:7b:83:37:0c:bf:6c:6d:12:79:
                    16:b7:71:dc:63:f3:13:e6:3e:47:0d:13:15:4a:e3:
                    64:31:9a:11:a9:13:3f:ed:f3:ed:2c:a3:b8:c0:2a:
                    8b:4f:ed:9d:78:e5:e0:8a:c6:26:73:58:8f:a7:3e:
                    93:82:62:b2:7d:39:f1:ac:25:2e:c6:36:c2:d6:bf:
                    f1:70:26:4a:35:69:5c:69:31:5f:9e:d4:3c:83:5d:
                    92:3f:6d:75:cf:6f:f6:6c:c6:9f:17:3a:c9:5e:34:
                    30:6f:b1:1a:93:11:8d:e4:b0:b4:ed:80:62:23:43:
                    05:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C1:65:C7:39:EB:D8:35:CC:80:ED:1E:64:06:90:E1:FB:69:6A:5B
            X509v3 Authority Key Identifier:
                keyid:ED:A2:6C:40:8F:C6:7B:75:27:34:CC:99:7F:36:30:DB:AF:6F:60:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7aJsQI_Ge3UnNMyZfzYw269vYG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/6919ad-33a5-43c0-8ca2-9d4a66ab3ff2/1/IsFlxznr2DXMgO0eZAaQ4ftpals.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/6919ad-33a5-43c0-8ca2-9d4a66ab3ff2/1/7aJsQI_Ge3UnNMyZfzYw269vYG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.172.0/24
                IPv6:
                  2001:67c:16b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         ce:50:86:d4:c1:9a:cf:dd:6f:18:7e:1e:54:9c:01:f9:da:5a:
         f0:50:55:79:c3:20:d1:f8:72:d0:09:5b:9b:21:95:d2:66:3c:
         da:dd:54:ba:b0:16:c0:0d:f4:16:88:11:43:21:21:de:d8:bf:
         79:74:87:2c:0d:92:91:f0:bc:3c:3a:38:fa:a0:6e:1e:77:a2:
         6e:8d:ca:e2:7c:26:6d:c8:1a:86:d4:b9:2b:c1:97:53:bb:de:
         41:4d:2b:f7:29:13:ca:92:42:c2:9c:1c:34:7c:00:a2:be:13:
         22:44:26:c8:4c:08:1c:7c:3a:58:5d:f4:70:ad:28:49:15:cc:
         70:cc:30:27:40:c6:23:69:7a:1a:52:c9:ef:d1:a1:95:ae:c0:
         76:52:fb:26:e2:bd:74:0a:96:a4:52:78:22:2d:a8:fc:68:8e:
         ac:bc:d0:4d:85:a6:90:b4:18:0a:71:da:f4:fc:c8:47:ce:44:
         b7:47:73:96:a1:bd:54:7c:e4:73:73:9e:82:79:f7:08:3b:b4:
         5b:31:e2:9c:d8:79:b8:ee:d0:54:6e:24:b6:70:7d:20:f2:dd:
         41:27:62:80:bc:8f:d5:96:e3:e6:b1:c9:a2:31:0a:06:ec:99:
         61:7b:18:10:ee:b2:d3:23:23:b5:25:4a:02:d7:67:2f:e6:2a:
         76:67:19:71
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKz31gPIbCJljzho4pkeVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYTI2YzQwOGZjNjdiNzUyNzM0Y2M5OTdmMzYzMGRiYWY2
ZjYwNmYwHhcNMjQwMTAyMTIzNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmMxNjVjNzM5ZWJkODM1Y2M4MGVkMWU2NDA2OTBlMWZiNjk2YTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQAXd/3duxuIjiSpBojKDkdYg+wy
JzsLFGDZogRaBL+ET+dMQCkCPGni1CtW4n3pJ4k+rkl5xhwfTzFZTFhkGQP6Engs
GFGBiS3pkFHAVD+TYKnfLfprdQnbyDkNlb/GjdMDA029pb8MRaPXhMMloyrf/hJN
EqvqkiN2vSX9TsFD7Eey1XzJn59PkdB7gzcMv2xtEnkWt3HcY/MT5j5HDRMVSuNk
MZoRqRM/7fPtLKO4wCqLT+2deOXgisYmc1iPpz6TgmKyfTnxrCUuxjbC1r/xcCZK
NWlcaTFfntQ8g12SP211z2/2bMafFzrJXjQwb7EakxGN5LC07YBiI0MFpQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCLBZcc569g1zIDtHmQGkOH7aWpbMB8GA1UdIwQY
MBaAFO2ibECPxnt1JzTMmX82MNuvb2BvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2FKc1FJX0dlM1VuTk15WmZ6WXcyNjl2WUc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi82OTE5YWQtMzNhNS00M2MwLThjYTIt
OWQ0YTY2YWIzZmYyLzEvSXNGbHh6bnIyRFhNZ08wZVpBYVE0ZnRwYWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi82OTE5YWQtMzNhNS00M2MwLThjYTItOWQ0YTY2YWIzZmYy
LzEvN2FKc1FJX0dlM1VuTk15WmZ6WXcyNjl2WUc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcmsMA8E
AgACMAkDBwAgAQZ8FrgwDQYJKoZIhvcNAQELBQADggEBAM5QhtTBms/dbxh+HlSc
AfnaWvBQVXnDINH4ctAJW5shldJmPNrdVLqwFsAN9BaIEUMhId7Yv3l0hywNkpHw
vDw6OPqgbh53om6NyuJ8Jm3IGobUuSvBl1O73kFNK/cpE8qSQsKcHDR8AKK+EyJE
JshMCBx8Olhd9HCtKEkVzHDMMCdAxiNpehpSye/RoZWuwHZS+ybivXQKlqRSeCIt
qPxojqy80E2FppC0GApx2vT8yEfORLdHc5ahvVR85HNznoJ59wg7tFsx4pzYebju
0FRuJLZwfSDy3UEnYoC8j9WW4+axyaIxCgbsmWF7GBDustMjI7UlSgLXZy/mKnZn
GXE=
-----END CERTIFICATE-----