Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/Ikzkr6rGXkJSESuDBcHQNfUOrmA.roa
File:                     Ikzkr6rGXkJSESuDBcHQNfUOrmA.roa (raw, json)
Hash identifier:          LGWSm8/EBak96XUKwHDJ8r3IKx7U0UE30SVQ7X1tPnQ=
Subject key identifier:   22:4C:E4:AF:AA:C6:5E:42:52:11:2B:83:05:C1:D0:35:F5:0E:AE:60
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       019349D1DA59C3E00C134AF3867EED672772
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/Ikzkr6rGXkJSESuDBcHQNfUOrmA.roa
Signing time:             Wed 20 Nov 2024 13:45:09 +0000
ROA not before:           Wed 20 Nov 2024 13:45:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206271
IP address blocks:        195.93.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:d1:da:59:c3:e0:0c:13:4a:f3:86:7e:ed:67:27:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Nov 20 13:45:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=224ce4afaac65e4252112b8305c1d035f50eae60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:18:52:70:86:6e:8c:dc:f3:d8:ad:07:d3:da:
                    be:b6:71:00:39:69:60:e5:74:67:fa:d1:8c:fd:f2:
                    c8:aa:59:76:af:13:cf:02:44:e3:fa:ac:d5:f5:1d:
                    0c:26:11:15:27:7c:f9:d5:28:2d:d7:87:c7:94:f5:
                    2b:b9:40:29:2c:a0:23:c2:13:04:66:77:81:22:1d:
                    25:a1:df:42:fb:0a:0f:e4:3c:e5:ab:74:5c:60:04:
                    40:9a:15:da:63:14:f7:6b:bd:ed:28:31:a6:0a:ca:
                    72:1a:f8:c0:e1:f2:00:13:8f:7c:34:10:de:40:a0:
                    65:6b:11:b6:9a:eb:07:de:7b:17:8c:82:66:94:9a:
                    cb:73:2f:e2:d6:3d:8c:ad:29:95:55:28:85:f8:db:
                    f7:ec:b3:32:e8:17:4b:5b:1b:04:10:27:12:a8:f8:
                    d0:81:70:06:b0:ae:0f:e3:66:dd:10:38:ba:7f:41:
                    79:35:9a:ed:30:6b:97:26:7f:81:88:2f:4c:9c:bf:
                    e6:11:e2:c4:6a:06:0c:f0:db:9e:a4:7d:c9:8b:eb:
                    a4:e4:cb:aa:63:ab:a6:ad:d2:59:02:ba:93:81:fb:
                    6b:d6:92:ba:67:d2:64:2e:0a:5d:75:a6:c4:fe:18:
                    72:f2:ee:a1:52:0f:86:a8:9a:35:0d:e0:fa:3b:4a:
                    f9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4C:E4:AF:AA:C6:5E:42:52:11:2B:83:05:C1:D0:35:F5:0E:AE:60
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/Ikzkr6rGXkJSESuDBcHQNfUOrmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:66:57:96:87:30:3c:87:62:d9:ab:15:b0:9a:43:47:43:b4:
         b3:35:32:e3:e9:73:bc:fd:46:bb:3e:ab:e2:04:7c:08:cd:cb:
         60:cf:c2:ab:1d:8c:ae:e1:bb:d6:39:45:ec:37:f3:7d:fc:11:
         ca:48:4d:04:59:e8:aa:14:b0:08:15:a8:f7:8a:6f:06:50:8a:
         ce:eb:df:af:95:eb:ee:2f:5a:d7:ac:e9:ee:c0:df:27:85:28:
         05:b4:e3:c4:28:3a:8e:2f:68:93:99:08:14:17:95:26:93:c5:
         8c:68:1b:a7:c8:13:bd:41:40:87:52:34:6d:b7:6a:14:d2:13:
         fb:d3:30:7e:fb:49:84:a8:99:04:a2:85:ca:31:17:fd:db:15:
         20:2b:a4:b2:fc:09:ea:e1:2d:d4:b0:6b:22:90:88:c3:7e:2e:
         e5:28:e4:d5:bf:b2:4d:da:d1:b5:fc:5b:63:d1:dd:f2:9e:81:
         a0:4d:db:aa:09:df:40:3d:74:47:a4:fa:4a:2e:2b:3f:1c:33:
         c3:f3:a3:30:bb:7d:dd:32:b6:fb:bd:95:ef:fa:31:c5:dd:1e:
         30:01:7b:1e:8c:32:56:38:90:3a:38:84:b3:a1:e6:09:8a:98:
         4b:db:84:32:60:30:72:d8:12:c9:bf:26:2c:d6:e6:a2:6b:59:
         32:65:b1:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNJ0dpZw+AME0rzhn7tZydyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQxMTIwMTM0NTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRjZTRhZmFhYzY1ZTQyNTIxMTJiODMwNWMxZDAzNWY1MGVhZTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohhScIZujNzz2K0H09q+tnEAOWlg
5XRn+tGM/fLIqll2rxPPAkTj+qzV9R0MJhEVJ3z51Sgt14fHlPUruUApLKAjwhME
ZneBIh0lod9C+woP5Dzlq3RcYARAmhXaYxT3a73tKDGmCspyGvjA4fIAE498NBDe
QKBlaxG2musH3nsXjIJmlJrLcy/i1j2MrSmVVSiF+Nv37LMy6BdLWxsEECcSqPjQ
gXAGsK4P42bdEDi6f0F5NZrtMGuXJn+BiC9MnL/mEeLEagYM8NuepH3Ji+uk5Muq
Y6umrdJZArqTgftr1pK6Z9JkLgpddabE/hhy8u6hUg+GqJo1DeD6O0r5FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJM5K+qxl5CUhErgwXB0DX1Dq5gMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvSWt6a3I2ckdYa0pTRVN1REJjSFFOZlVPcm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw13iMA0G
CSqGSIb3DQEBCwUAA4IBAQCjZleWhzA8h2LZqxWwmkNHQ7SzNTLj6XO8/Ua7Pqvi
BHwIzctgz8KrHYyu4bvWOUXsN/N9/BHKSE0EWeiqFLAIFaj3im8GUIrO69+vlevu
L1rXrOnuwN8nhSgFtOPEKDqOL2iTmQgUF5Umk8WMaBunyBO9QUCHUjRtt2oU0hP7
0zB++0mEqJkEooXKMRf92xUgK6Sy/Anq4S3UsGsikIjDfi7lKOTVv7JN2tG1/Ftj
0d3ynoGgTduqCd9APXRHpPpKLis/HDPD86Mwu33dMrb7vZXv+jHF3R4wAXsejDJW
OJA6OISzoeYJiphL24QyYDBy2BLJvyYs1uaia1kyZbER
-----END CERTIFICATE-----