Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/p-I_4YimX4eYXcgNk879jSVSOAI.roa
File:                     p-I_4YimX4eYXcgNk879jSVSOAI.roa (raw, json)
Hash identifier:          6/93q4I+Feeh+UU0mPUaY5y+sNGFRDIqp01LPece34I=
Subject key identifier:   A7:E2:3F:E1:88:A6:5F:87:98:5D:C8:0D:93:CE:FD:8D:25:52:38:02
Certificate issuer:       /CN=ee1cce901e5fb7c92f09a915cf6e656f693ba100
Certificate serial:       018CC9BC3025291329E00F1829CFC59FEB4C
Authority key identifier: EE:1C:CE:90:1E:5F:B7:C9:2F:09:A9:15:CF:6E:65:6F:69:3B:A1:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/p-I_4YimX4eYXcgNk879jSVSOAI.roa
Signing time:             Tue 02 Jan 2024 10:33:22 +0000
ROA not before:           Tue 02 Jan 2024 10:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10122
IP address blocks:        185.155.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:30:25:29:13:29:e0:0f:18:29:cf:c5:9f:eb:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1cce901e5fb7c92f09a915cf6e656f693ba100
        Validity
            Not Before: Jan  2 10:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7e23fe188a65f87985dc80d93cefd8d25523802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3e:cf:d2:13:69:79:db:ac:79:3c:7e:f3:6a:
                    36:0f:04:b1:c6:62:69:f2:05:49:d8:29:d7:07:00:
                    2e:c5:45:c0:ae:bb:02:fa:88:3a:48:06:f1:9b:16:
                    57:61:19:3d:e1:d4:95:78:06:18:83:6d:bc:cb:70:
                    63:94:5d:fb:82:e3:b8:6d:e0:25:34:20:cc:ab:29:
                    a4:95:b0:35:84:59:34:dc:20:2d:4d:cf:0f:6e:3d:
                    7f:3a:00:f6:a6:6e:3b:a3:e4:c0:cd:b4:21:00:67:
                    e0:bb:a9:c9:a6:43:a1:fd:25:25:e9:2d:12:2f:bc:
                    ad:2f:c4:4e:9a:a0:0e:de:f6:07:8e:d7:1a:37:6e:
                    cb:40:29:f1:ae:b0:f2:c6:63:68:c5:7a:21:45:ce:
                    55:49:68:70:9b:be:d1:f3:17:a8:97:19:e8:e1:62:
                    7d:bf:4c:85:bf:62:4b:23:f2:7c:7f:54:c5:7e:b0:
                    ac:47:33:cc:e2:93:bd:9e:7b:5e:bb:6a:1b:53:e2:
                    d3:a1:4d:ab:ce:ce:fd:ea:6a:e0:43:c6:96:1d:cc:
                    fb:88:78:67:2d:3c:8e:43:7c:25:52:a5:bc:78:61:
                    1b:60:16:2c:31:c2:7e:6d:60:38:4d:22:54:cd:82:
                    56:5d:c3:fb:30:60:88:06:f1:4a:02:b0:a4:01:4c:
                    0b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E2:3F:E1:88:A6:5F:87:98:5D:C8:0D:93:CE:FD:8D:25:52:38:02
            X509v3 Authority Key Identifier:
                keyid:EE:1C:CE:90:1E:5F:B7:C9:2F:09:A9:15:CF:6E:65:6F:69:3B:A1:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/p-I_4YimX4eYXcgNk879jSVSOAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:71:ac:e7:54:92:2d:4f:7d:dd:7d:cc:7f:70:89:65:fd:10:
         47:78:c4:da:d3:35:73:cd:c8:7a:f5:e9:6a:e8:2b:28:3e:ec:
         b2:63:41:03:dc:d9:2b:f7:fe:41:5d:42:db:ed:15:10:8c:7b:
         3a:8e:c0:34:af:17:08:6d:86:54:df:6e:7b:2d:4f:00:bc:5e:
         6e:3a:2d:51:10:ab:df:37:6f:e9:f5:34:5d:71:c7:e0:5b:13:
         71:be:5b:2b:00:39:21:d1:f1:75:13:90:55:5e:b5:6b:50:50:
         bd:99:cc:b4:06:5b:c2:c5:03:2d:b1:cd:03:78:12:58:b0:c1:
         52:6c:dc:e2:15:35:04:73:df:e1:b6:54:15:45:b1:8a:b6:d2:
         ec:0f:a8:ec:47:a0:61:6c:e6:33:01:eb:fe:e4:cd:56:6b:9f:
         17:b1:bf:f0:8f:23:f9:ad:6a:e9:9c:a3:df:c7:db:7f:4c:05:
         cc:df:63:76:02:37:3e:41:f8:43:0b:54:1c:38:46:88:29:76:
         da:98:e6:27:cf:03:df:83:19:1f:26:fd:b5:70:ab:2b:6a:98:
         41:2d:8f:a6:31:51:92:5a:f4:42:77:e5:5f:5c:9b:94:5f:9d:
         37:f7:af:cb:00:2d:d2:76:1b:c9:87:aa:5f:62:5a:f4:11:61:
         24:d9:da:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDAlKRMp4A8YKc/Fn+tMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWNjZTkwMWU1ZmI3YzkyZjA5YTkxNWNmNmU2NTZmNjkz
YmExMDAwHhcNMjQwMTAyMTAzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2UyM2ZlMTg4YTY1Zjg3OTg1ZGM4MGQ5M2NlZmQ4ZDI1NTIzODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAij7P0hNpeduseTx+82o2DwSxxmJp
8gVJ2CnXBwAuxUXArrsC+og6SAbxmxZXYRk94dSVeAYYg228y3BjlF37guO4beAl
NCDMqymklbA1hFk03CAtTc8Pbj1/OgD2pm47o+TAzbQhAGfgu6nJpkOh/SUl6S0S
L7ytL8ROmqAO3vYHjtcaN27LQCnxrrDyxmNoxXohRc5VSWhwm77R8xeolxno4WJ9
v0yFv2JLI/J8f1TFfrCsRzPM4pO9nnteu2obU+LToU2rzs796mrgQ8aWHcz7iHhn
LTyOQ3wlUqW8eGEbYBYsMcJ+bWA4TSJUzYJWXcP7MGCIBvFKArCkAUwLawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfiP+GIpl+HmF3IDZPO/Y0lUjgCMB8GA1UdIwQY
MBaAFO4czpAeX7fJLwmpFc9uZW9pO6EAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h6T2tCNWZ0OGt2Q2FrVnoyNWxiMms3b1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zOWQ1ZjEtNjZmNy00OWQ4LWFmYmEt
MTRhMTkwOWIxMjM3LzEvcC1JXzRZaW1YNGVZWGNnTms4NzlqU1ZTT0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zOWQ1ZjEtNjZmNy00OWQ4LWFmYmEtMTRhMTkwOWIxMjM3
LzEvN2h6T2tCNWZ0OGt2Q2FrVnoyNWxiMms3b1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZuJMA0G
CSqGSIb3DQEBCwUAA4IBAQCMcaznVJItT33dfcx/cIll/RBHeMTa0zVzzch69elq
6CsoPuyyY0ED3Nkr9/5BXULb7RUQjHs6jsA0rxcIbYZU3257LU8AvF5uOi1REKvf
N2/p9TRdccfgWxNxvlsrADkh0fF1E5BVXrVrUFC9mcy0BlvCxQMtsc0DeBJYsMFS
bNziFTUEc9/htlQVRbGKttLsD6jsR6BhbOYzAev+5M1Wa58Xsb/wjyP5rWrpnKPf
x9t/TAXM32N2Ajc+QfhDC1QcOEaIKXbamOYnzwPfgxkfJv21cKsraphBLY+mMVGS
WvRCd+VfXJuUX50396/LAC3SdhvJh6pfYlr0EWEk2doI
-----END CERTIFICATE-----