Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/IiH7Ay2sUk8aTTEbkkgN6-3_oY8.roa
File:                     IiH7Ay2sUk8aTTEbkkgN6-3_oY8.roa (raw, json)
Hash identifier:          D0WMrIKXOkqwNlCQyvFAcTMVOlfHthGO8HeN4JgS8Fg=
Subject key identifier:   22:21:FB:03:2D:AC:52:4F:1A:4D:31:1B:92:48:0D:EB:ED:FF:A1:8F
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC727551F3152A9FC122C489D0A27B9F5
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/IiH7Ay2sUk8aTTEbkkgN6-3_oY8.roa
Signing time:             Mon 01 Jan 2024 22:31:32 +0000
ROA not before:           Mon 01 Jan 2024 22:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209275
IP address blocks:        213.238.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:55:1f:31:52:a9:fc:12:2c:48:9d:0a:27:b9:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2221fb032dac524f1a4d311b92480debedffa18f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:76:a9:e2:00:b5:31:be:1e:63:20:07:23:ef:
                    ad:11:d3:6b:71:8f:0f:d5:fe:a6:77:b3:34:51:bf:
                    b3:4c:ae:06:db:b8:6b:dc:4c:76:37:fe:78:03:32:
                    68:a6:d5:3f:87:56:24:90:dc:55:47:65:0d:fd:63:
                    49:b2:29:f5:2f:b1:bc:fb:b0:66:55:00:70:54:95:
                    13:8c:72:c5:a2:e6:e6:dd:8a:bb:66:ea:c8:6a:ec:
                    76:a0:04:28:e7:e7:27:40:a6:de:4a:5c:c6:b8:e8:
                    f1:7b:b5:db:f5:91:92:72:d9:4d:de:0a:77:64:75:
                    17:61:96:33:76:e2:9a:dc:68:52:a7:44:a4:05:1d:
                    37:a1:9c:29:71:ac:d2:35:b6:38:c1:bb:87:b7:d4:
                    76:c5:9d:5b:09:ba:62:03:d0:42:4a:70:89:4e:2b:
                    e0:6f:5c:5a:3d:a0:cf:d3:63:e2:f3:bd:d6:19:5a:
                    b3:82:d6:1f:38:1c:4c:fb:10:60:e5:23:ac:5e:ce:
                    4c:93:3d:ac:a0:25:30:68:ca:a2:11:09:1a:e7:3b:
                    24:56:0a:1f:4f:97:15:75:e8:17:49:44:d7:c0:f9:
                    2e:4a:31:39:9f:60:0e:2f:c4:a8:0b:b0:de:c4:8a:
                    83:ad:b0:71:30:c9:c7:13:17:73:3b:e3:0c:01:0a:
                    64:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:21:FB:03:2D:AC:52:4F:1A:4D:31:1B:92:48:0D:EB:ED:FF:A1:8F
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/IiH7Ay2sUk8aTTEbkkgN6-3_oY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b6:a0:e4:be:f5:24:99:9e:82:31:a0:cd:fa:e7:d0:99:09:
         c9:ed:1c:7f:29:c3:9a:dc:7c:c0:9c:d8:b0:7e:a6:80:e5:30:
         5f:c2:88:00:6a:cd:a1:46:93:0b:f0:34:2a:b4:11:bf:ab:7b:
         8b:83:03:e5:f5:83:da:7f:0a:8a:6e:a2:29:b8:18:22:1c:98:
         6e:c5:09:47:ce:04:e7:e8:81:d6:29:25:79:36:cd:38:c2:02:
         c8:c8:ab:d2:40:0b:15:b4:05:71:39:4f:ef:ef:de:16:38:d4:
         f5:f6:94:61:15:28:11:de:6f:76:54:6e:e4:fa:99:21:dd:6c:
         84:1c:14:25:e4:f5:08:c8:fe:ac:28:eb:7d:81:36:40:f4:94:
         0e:e0:02:f7:39:3f:a5:a3:c8:0c:80:f9:bf:ed:84:da:ba:46:
         43:65:7f:94:90:de:4d:cb:4a:d6:0f:bf:6a:dd:30:25:d4:db:
         09:ef:da:58:5b:48:7b:b3:a8:51:9d:a4:56:83:6e:7b:fc:e1:
         d5:72:72:36:23:a6:77:f0:23:5a:c4:b5:5b:69:f9:b9:1f:1b:
         31:68:6c:0d:2e:da:c5:2e:98:80:cb:15:79:be:99:50:d8:be:
         7e:32:45:df:f6:25:d7:58:f4:38:28:c2:91:76:e9:5f:40:a6:
         e8:a1:e5:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1UfMVKp/BIsSJ0KJ7n1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjIxZmIwMzJkYWM1MjRmMWE0ZDMxMWI5MjQ4MGRlYmVkZmZhMThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnap4gC1Mb4eYyAHI++tEdNrcY8P
1f6md7M0Ub+zTK4G27hr3Ex2N/54AzJoptU/h1YkkNxVR2UN/WNJsin1L7G8+7Bm
VQBwVJUTjHLFoubm3Yq7ZurIaux2oAQo5+cnQKbeSlzGuOjxe7Xb9ZGSctlN3gp3
ZHUXYZYzduKa3GhSp0SkBR03oZwpcazSNbY4wbuHt9R2xZ1bCbpiA9BCSnCJTivg
b1xaPaDP02Pi873WGVqzgtYfOBxM+xBg5SOsXs5Mkz2soCUwaMqiEQka5zskVgof
T5cVdegXSUTXwPkuSjE5n2AOL8SoC7DexIqDrbBxMMnHExdzO+MMAQpkqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIh+wMtrFJPGk0xG5JIDevt/6GPMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvSWlIN0F5MnNVazhhVFRFYmtrZ042LTNfb1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6gMA0G
CSqGSIb3DQEBCwUAA4IBAQAatqDkvvUkmZ6CMaDN+ufQmQnJ7Rx/KcOa3HzAnNiw
fqaA5TBfwogAas2hRpML8DQqtBG/q3uLgwPl9YPafwqKbqIpuBgiHJhuxQlHzgTn
6IHWKSV5Ns04wgLIyKvSQAsVtAVxOU/v794WONT19pRhFSgR3m92VG7k+pkh3WyE
HBQl5PUIyP6sKOt9gTZA9JQO4AL3OT+lo8gMgPm/7YTaukZDZX+UkN5Ny0rWD79q
3TAl1NsJ79pYW0h7s6hRnaRWg257/OHVcnI2I6Z38CNaxLVbafm5HxsxaGwNLtrF
LpiAyxV5vplQ2L5+MkXf9iXXWPQ4KMKRdulfQKbooeUR
-----END CERTIFICATE-----