Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/iIHLiBZX4PjbUzFvnKkA8sZbYk8.roa
File:                     iIHLiBZX4PjbUzFvnKkA8sZbYk8.roa (raw, json)
Hash identifier:          t4JjKVHzeixXmieDDrYpnCLksOYJ2dh0XKnw5x0oUxE=
Subject key identifier:   88:81:CB:88:16:57:E0:F8:DB:53:31:6F:9C:A9:00:F2:C6:5B:62:4F
Certificate issuer:       /CN=5ff7352d47db9785f49118092de8704a67f6520d
Certificate serial:       018CC794BAA7859145235373C380D4E2C993
Authority key identifier: 5F:F7:35:2D:47:DB:97:85:F4:91:18:09:2D:E8:70:4A:67:F6:52:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X_c1LUfbl4X0kRgJLehwSmf2Ug0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/iIHLiBZX4PjbUzFvnKkA8sZbYk8.roa
Signing time:             Tue 02 Jan 2024 00:31:02 +0000
ROA not before:           Tue 02 Jan 2024 00:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204751
IP address blocks:        185.241.188.0/22 maxlen: 22
                          2a0c:b080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/X_c1LUfbl4X0kRgJLehwSmf2Ug0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/X_c1LUfbl4X0kRgJLehwSmf2Ug0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X_c1LUfbl4X0kRgJLehwSmf2Ug0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ba:a7:85:91:45:23:53:73:c3:80:d4:e2:c9:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ff7352d47db9785f49118092de8704a67f6520d
        Validity
            Not Before: Jan  2 00:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8881cb881657e0f8db53316f9ca900f2c65b624f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9c:fa:04:4d:cd:69:1e:3c:87:95:65:a7:ba:
                    c9:8c:f1:69:fb:89:52:79:c9:e0:d5:bb:d6:bf:08:
                    41:a6:1b:e2:57:65:94:a7:c5:f6:99:92:e9:c5:74:
                    3a:92:39:53:5d:db:81:67:71:d4:38:f4:01:02:7b:
                    ad:50:ce:01:a1:d2:b1:73:aa:7f:db:44:00:8b:34:
                    31:7e:8b:8e:57:da:1a:79:23:05:1a:8c:7b:df:14:
                    a7:3b:fd:7d:88:70:3e:60:86:ce:eb:69:03:a2:ae:
                    1b:87:d2:a3:09:65:ec:10:48:4b:82:59:0f:b5:0e:
                    44:ea:b4:57:02:c6:1a:7c:17:21:38:63:ff:3a:91:
                    37:00:d1:0d:46:de:fc:b7:56:37:35:c1:35:c0:b3:
                    08:fc:db:d5:26:fa:60:52:76:af:f2:3c:5d:ae:8d:
                    18:be:cd:f3:5f:df:75:03:08:a9:fa:f5:68:3a:70:
                    45:36:bf:f3:d9:0b:3a:7d:80:65:ea:a2:c5:09:b8:
                    d6:f4:94:02:3d:70:7f:75:43:8e:3a:0b:bc:5b:4a:
                    9f:bd:49:ae:20:c8:a5:a2:85:b9:88:b3:be:ac:3d:
                    ea:f1:30:29:2d:c3:9e:f2:15:06:38:58:75:17:4c:
                    01:45:c8:14:22:0e:31:60:10:2d:5a:c6:17:da:34:
                    f7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:81:CB:88:16:57:E0:F8:DB:53:31:6F:9C:A9:00:F2:C6:5B:62:4F
            X509v3 Authority Key Identifier:
                keyid:5F:F7:35:2D:47:DB:97:85:F4:91:18:09:2D:E8:70:4A:67:F6:52:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X_c1LUfbl4X0kRgJLehwSmf2Ug0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/iIHLiBZX4PjbUzFvnKkA8sZbYk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/X_c1LUfbl4X0kRgJLehwSmf2Ug0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.188.0/22
                IPv6:
                  2a0c:b080::/29

    Signature Algorithm: sha256WithRSAEncryption
         cd:49:fe:4b:ca:06:80:8d:4f:96:b5:b0:f4:65:e4:1d:b3:0e:
         1d:c4:55:08:5c:bb:50:b6:cf:6b:6b:27:f3:03:3c:66:c0:91:
         8c:4b:1d:20:db:2e:7a:ef:78:e2:c3:d9:6d:af:2d:d3:b3:cb:
         dd:86:a8:45:fb:c2:32:eb:64:96:08:24:d2:9c:13:86:ae:14:
         64:eb:95:a8:dd:47:db:77:a3:4c:a4:a8:26:05:2a:8f:06:3e:
         5e:d8:32:10:db:4b:da:88:7c:88:88:82:cd:b8:10:c2:95:25:
         54:57:7e:f8:a1:81:7b:e1:bd:08:ee:b9:06:27:32:64:e0:3a:
         ea:d1:f4:e6:a1:fd:ec:c2:90:44:b0:d4:7e:4f:dd:26:57:f9:
         bd:4d:4a:e9:7d:0b:53:63:1a:71:f2:ff:23:19:2d:4e:39:c4:
         c5:45:46:56:90:da:a4:f2:23:e4:ae:40:1a:66:b2:7a:a4:62:
         11:ef:30:49:1a:66:63:42:13:13:64:7d:97:5f:b3:df:53:a4:
         15:4b:92:0b:b5:ff:64:53:bd:fa:a2:62:ba:3f:cc:20:33:87:
         79:aa:7c:19:f8:e1:39:40:b3:08:ee:e1:75:13:6e:2d:66:e4:
         48:80:7d:89:e8:8d:55:c6:50:c5:a6:21:27:50:e4:85:a2:66:
         5b:2c:8e:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlLqnhZFFI1Nzw4DU4smTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZjczNTJkNDdkYjk3ODVmNDkxMTgwOTJkZTg3MDRhNjdm
NjUyMGQwHhcNMjQwMTAyMDAzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODgxY2I4ODE2NTdlMGY4ZGI1MzMxNmY5Y2E5MDBmMmM2NWI2MjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpz6BE3NaR48h5Vlp7rJjPFp+4lS
ecng1bvWvwhBphviV2WUp8X2mZLpxXQ6kjlTXduBZ3HUOPQBAnutUM4BodKxc6p/
20QAizQxfouOV9oaeSMFGox73xSnO/19iHA+YIbO62kDoq4bh9KjCWXsEEhLglkP
tQ5E6rRXAsYafBchOGP/OpE3ANENRt78t1Y3NcE1wLMI/NvVJvpgUnav8jxdro0Y
vs3zX991Awip+vVoOnBFNr/z2Qs6fYBl6qLFCbjW9JQCPXB/dUOOOgu8W0qfvUmu
IMilooW5iLO+rD3q8TApLcOe8hUGOFh1F0wBRcgUIg4xYBAtWsYX2jT3KwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIiBy4gWV+D421Mxb5ypAPLGW2JPMB8GA1UdIwQY
MBaAFF/3NS1H25eF9JEYCS3ocEpn9lINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWF9jMUxVZmJsNFgwa1JnSkxlaHdTbWYyVWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWQyYjMtN2M0Mi00Nzg1LTk1OTYt
NTE3NDgxZDBmODUwLzEvaUlITGlCWlg0UGpiVXpGdm5La0E4c1piWWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWQyYjMtN2M0Mi00Nzg1LTk1OTYtNTE3NDgxZDBmODUw
LzEvWF9jMUxVZmJsNFgwa1JnSkxlaHdTbWYyVWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufG8MA0E
AgACMAcDBQMqDLCAMA0GCSqGSIb3DQEBCwUAA4IBAQDNSf5LygaAjU+WtbD0ZeQd
sw4dxFUIXLtQts9rayfzAzxmwJGMSx0g2y5673jiw9ltry3Ts8vdhqhF+8Iy62SW
CCTSnBOGrhRk65Wo3Ufbd6NMpKgmBSqPBj5e2DIQ20vaiHyIiILNuBDClSVUV374
oYF74b0I7rkGJzJk4Drq0fTmof3swpBEsNR+T90mV/m9TUrpfQtTYxpx8v8jGS1O
OcTFRUZWkNqk8iPkrkAaZrJ6pGIR7zBJGmZjQhMTZH2XX7PfU6QVS5ILtf9kU736
omK6P8wgM4d5qnwZ+OE5QLMI7uF1E24tZuRIgH2J6I1VxlDFpiEnUOSFomZbLI4H
-----END CERTIFICATE-----