Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/iLB9ybcRFPYh7-KiWvpXj0J_kt8.roa
File:                     iLB9ybcRFPYh7-KiWvpXj0J_kt8.roa (raw, json)
Hash identifier:          bdSwoyHCOcBjvMzjyD2eFaoWFYNitJbTHGTTR2BEuns=
Subject key identifier:   88:B0:7D:C9:B7:11:14:F6:21:EF:E2:A2:5A:FA:57:8F:42:7F:92:DF
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       018CC86FFDE5724F8A570DFDC72DA4E0E569
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/iLB9ybcRFPYh7-KiWvpXj0J_kt8.roa
Signing time:             Tue 02 Jan 2024 04:30:31 +0000
ROA not before:           Tue 02 Jan 2024 04:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        193.239.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:08:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:fd:e5:72:4f:8a:57:0d:fd:c7:2d:a4:e0:e5:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jan  2 04:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88b07dc9b71114f621efe2a25afa578f427f92df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:76:a2:ed:e3:09:3f:bb:d4:e9:48:0e:16:6b:
                    c5:59:8b:3d:8f:b6:ac:65:34:52:2c:ab:78:73:38:
                    ef:f2:85:6a:e0:ea:17:db:bb:fd:91:8a:d2:ed:74:
                    af:69:fa:94:a0:be:c5:c8:76:ef:f9:97:ea:f6:50:
                    52:c4:49:da:92:51:0d:dc:6e:09:91:bc:45:b1:f3:
                    a2:29:90:ed:a9:b3:15:41:03:f5:f6:fa:b0:6c:df:
                    97:c3:f0:1e:24:27:e6:f4:91:d5:4d:34:5e:d9:a7:
                    16:a4:0c:6e:45:bb:11:d2:53:75:b7:c2:9b:f5:c4:
                    40:e5:6c:ca:a4:0e:3c:63:ba:32:4e:8e:f9:f8:61:
                    6f:0e:84:63:23:8f:5a:1b:54:c4:14:47:47:27:a3:
                    b3:47:0e:41:dc:96:26:20:69:6e:43:08:72:70:ab:
                    b5:e9:a1:10:fb:29:65:11:9b:b9:ba:83:7c:13:57:
                    51:57:d0:92:c2:cf:80:d9:61:0e:77:8c:20:e2:a7:
                    8a:11:51:31:c2:c0:f3:36:e6:93:f5:e4:77:96:56:
                    68:3d:32:57:fa:43:a6:02:8c:18:c6:ec:06:00:ed:
                    22:3b:d7:e3:6a:5f:51:08:3a:35:1b:8f:f1:36:8e:
                    74:63:37:3f:18:fc:d7:6b:67:2f:18:ac:78:0a:8f:
                    ab:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B0:7D:C9:B7:11:14:F6:21:EF:E2:A2:5A:FA:57:8F:42:7F:92:DF
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/iLB9ybcRFPYh7-KiWvpXj0J_kt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:7d:18:b9:37:8b:38:26:61:13:16:85:87:bf:9f:62:7f:fa:
         51:1e:27:12:7b:3c:6d:e4:ec:07:a0:6b:39:f1:02:fb:bf:9c:
         07:e1:9e:0c:d3:b7:9e:3a:3c:8a:f4:e8:89:59:8a:fe:7b:cb:
         a1:61:eb:59:ab:e9:e8:60:a7:40:07:e0:47:27:5a:d8:a8:04:
         83:5c:0c:82:55:1a:52:3d:37:67:3b:b6:ac:3e:1f:f6:e2:a9:
         14:e9:f6:4b:f7:24:9a:1b:4f:ab:30:c8:e9:64:4a:32:55:ba:
         89:36:d8:74:d1:56:5f:92:87:ef:30:0e:a7:94:ca:fe:ac:8a:
         ec:86:d1:af:89:cd:32:16:c1:b9:53:56:1a:1a:bc:0b:08:bf:
         d6:36:c4:01:fb:29:b7:3a:94:e9:c2:95:c8:fb:07:8d:40:7e:
         8c:b0:b7:5a:71:e8:49:1d:c9:9c:c6:e1:a9:15:ca:24:18:c1:
         d2:16:cd:17:0a:4d:51:11:2a:51:0b:ec:da:51:fc:6b:26:c5:
         24:70:95:98:ac:da:64:f2:98:10:a4:66:00:3e:d3:01:86:ea:
         25:cd:f0:3c:69:9e:66:d2:ff:ca:c8:81:f1:5f:14:dc:91:96:
         7a:7f:36:01:31:d3:87:cb:28:a3:19:eb:50:4b:83:d7:c5:5f:
         d7:44:0d:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/3lck+KVw39xy2k4OVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwMTAyMDQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGIwN2RjOWI3MTExNGY2MjFlZmUyYTI1YWZhNTc4ZjQyN2Y5MmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3ai7eMJP7vU6UgOFmvFWYs9j7as
ZTRSLKt4czjv8oVq4OoX27v9kYrS7XSvafqUoL7FyHbv+Zfq9lBSxEnaklEN3G4J
kbxFsfOiKZDtqbMVQQP19vqwbN+Xw/AeJCfm9JHVTTRe2acWpAxuRbsR0lN1t8Kb
9cRA5WzKpA48Y7oyTo75+GFvDoRjI49aG1TEFEdHJ6OzRw5B3JYmIGluQwhycKu1
6aEQ+yllEZu5uoN8E1dRV9CSws+A2WEOd4wg4qeKEVExwsDzNuaT9eR3llZoPTJX
+kOmAowYxuwGAO0iO9fjal9RCDo1G4/xNo50Yzc/GPzXa2cvGKx4Co+rbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiwfcm3ERT2Ie/iolr6V49Cf5LfMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvaUxCOXliY1JGUFloNy1LaVd2cFhqMEpfa3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe+bMA0G
CSqGSIb3DQEBCwUAA4IBAQBOfRi5N4s4JmETFoWHv59if/pRHicSezxt5OwHoGs5
8QL7v5wH4Z4M07eeOjyK9OiJWYr+e8uhYetZq+noYKdAB+BHJ1rYqASDXAyCVRpS
PTdnO7asPh/24qkU6fZL9ySaG0+rMMjpZEoyVbqJNth00VZfkofvMA6nlMr+rIrs
htGvic0yFsG5U1YaGrwLCL/WNsQB+ym3OpTpwpXI+weNQH6MsLdacehJHcmcxuGp
FcokGMHSFs0XCk1RESpRC+zaUfxrJsUkcJWYrNpk8pgQpGYAPtMBhuolzfA8aZ5m
0v/KyIHxXxTckZZ6fzYBMdOHyyijGetQS4PXxV/XRA3a
-----END CERTIFICATE-----