Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/iggqa0ns_KLEWTN6S_0dUW9MqgE.roa
File:                     iggqa0ns_KLEWTN6S_0dUW9MqgE.roa (raw, json)
Hash identifier:          pBuTaOstCCtRE8aISyp+fT7tn28eJcq4TaJQEXaNl0o=
Subject key identifier:   8A:08:2A:6B:49:EC:FC:A2:C4:59:33:7A:4B:FD:1D:51:6F:4C:AA:01
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       018CC49374253E0556E7A46C1AEDAD3E63E2
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/iggqa0ns_KLEWTN6S_0dUW9MqgE.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42580
IP address blocks:        185.224.164.0/22 maxlen: 22
                          80.243.88.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:74:25:3e:05:56:e7:a4:6c:1a:ed:ad:3e:63:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a082a6b49ecfca2c459337a4bfd1d516f4caa01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:75:b6:5a:c0:23:0e:92:1c:c1:6b:79:2f:4f:
                    f2:3e:7e:c8:e5:80:46:f2:42:66:09:b7:84:53:4b:
                    cd:0b:d4:3e:3f:05:e5:41:60:3f:4b:4b:bb:21:b0:
                    a0:b6:21:81:08:90:b4:37:0e:d3:e5:ab:fa:e8:be:
                    c0:2c:b1:84:a0:64:ca:1d:a4:c0:4e:5e:73:2b:ff:
                    52:4c:7d:c4:00:35:a3:0e:76:7a:55:f7:79:5a:57:
                    ae:42:45:74:e2:80:5b:bc:fc:05:19:30:93:04:f5:
                    95:24:9f:e2:c8:71:33:da:6d:35:31:e7:31:89:eb:
                    d4:78:21:23:74:1f:01:e7:a9:20:f9:45:00:60:ff:
                    4d:c3:06:b4:e8:28:d5:64:38:c0:c8:bf:e9:44:84:
                    d0:ea:90:a6:26:d0:35:9d:0d:07:b6:e2:35:57:9a:
                    e6:82:02:d2:bf:db:bb:eb:4c:e0:ff:35:94:25:18:
                    2c:d8:6b:8e:ec:93:97:84:e4:d4:7b:b8:91:36:ce:
                    09:cb:35:ac:b9:fb:1c:8f:2d:47:a6:b0:60:b6:42:
                    88:61:fa:20:c9:ca:e6:56:96:60:32:fa:c8:b5:93:
                    3f:32:d5:a9:27:cc:eb:7a:b1:56:3e:8d:9a:49:7e:
                    bb:16:fb:b6:0d:18:fa:90:41:51:0e:7b:67:ce:02:
                    fb:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:08:2A:6B:49:EC:FC:A2:C4:59:33:7A:4B:FD:1D:51:6F:4C:AA:01
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/iggqa0ns_KLEWTN6S_0dUW9MqgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.243.88.0/21
                  185.224.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:16:9e:13:73:ee:c2:66:92:4e:9b:c4:24:0d:2e:9e:06:59:
         a6:13:3e:2a:36:e7:d1:8f:12:12:06:c5:83:c2:e9:dc:33:6c:
         5b:ad:91:26:19:7f:b5:b7:99:ed:f6:7b:eb:c6:71:f5:1d:32:
         33:30:1e:19:9c:7f:50:fb:0c:bd:2f:cf:9c:c3:38:f8:dd:49:
         3e:8f:be:cd:27:59:5e:87:df:78:69:2b:91:ce:09:b7:2f:dd:
         2f:b6:c2:7c:db:cb:eb:67:c5:2d:77:74:de:28:e4:bc:89:ad:
         a0:96:ff:a2:fc:fd:2e:6c:23:f1:3e:52:6c:41:6a:f1:e1:f6:
         6d:73:f5:d0:91:5e:37:a8:f2:6e:b0:ed:4b:fa:36:f7:f5:eb:
         1b:16:22:05:b6:ee:94:48:69:89:d0:cb:02:b7:b6:da:2b:27:
         85:2d:bb:7e:65:11:e3:84:a0:b5:29:57:b1:78:d6:64:3f:1f:
         04:98:a7:19:ef:2e:85:a3:ed:d1:64:f4:24:a6:d0:87:42:71:
         04:0e:2e:a8:77:f6:89:ed:50:cf:39:2c:0a:cb:f6:50:c4:ff:
         c0:77:99:98:08:df:f6:87:48:25:d6:b6:e2:32:ad:98:b3:8a:
         b4:0c:59:12:06:1d:ec:8d:fb:74:d5:1f:9a:5a:05:16:d3:c7:
         2e:75:37:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk3QlPgVW56RsGu2tPmPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTA4MmE2YjQ5ZWNmY2EyYzQ1OTMzN2E0YmZkMWQ1MTZmNGNhYTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnW2WsAjDpIcwWt5L0/yPn7I5YBG
8kJmCbeEU0vNC9Q+PwXlQWA/S0u7IbCgtiGBCJC0Nw7T5av66L7ALLGEoGTKHaTA
Tl5zK/9STH3EADWjDnZ6Vfd5WleuQkV04oBbvPwFGTCTBPWVJJ/iyHEz2m01Mecx
ievUeCEjdB8B56kg+UUAYP9Nwwa06CjVZDjAyL/pRITQ6pCmJtA1nQ0HtuI1V5rm
ggLSv9u760zg/zWUJRgs2GuO7JOXhOTUe7iRNs4JyzWsufscjy1HprBgtkKIYfog
ycrmVpZgMvrItZM/MtWpJ8zrerFWPo2aSX67Fvu2DRj6kEFRDntnzgL7RQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIoIKmtJ7PyixFkzekv9HVFvTKoBMB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvaWdncWEwbnNfS0xFV1RONlNfMGRVVzlNcWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDUPNYAwQC
ueCkMA0GCSqGSIb3DQEBCwUAA4IBAQCRFp4Tc+7CZpJOm8QkDS6eBlmmEz4qNufR
jxISBsWDwuncM2xbrZEmGX+1t5nt9nvrxnH1HTIzMB4ZnH9Q+wy9L8+cwzj43Uk+
j77NJ1leh994aSuRzgm3L90vtsJ828vrZ8Utd3TeKOS8ia2glv+i/P0ubCPxPlJs
QWrx4fZtc/XQkV43qPJusO1L+jb39esbFiIFtu6USGmJ0MsCt7baKyeFLbt+ZRHj
hKC1KVexeNZkPx8EmKcZ7y6Fo+3RZPQkptCHQnEEDi6od/aJ7VDPOSwKy/ZQxP/A
d5mYCN/2h0gl1rbiMq2Ys4q0DFkSBh3sjft01R+aWgUW08cudTd1
-----END CERTIFICATE-----