Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/IlCQJx8xLMLhsCHR8kwr_OetMas.roa
File:                     IlCQJx8xLMLhsCHR8kwr_OetMas.roa (raw, json)
Hash identifier:          d502BYgC2bUAyRLygERY9qfFU2gMH3hPaCsQ507G/W0=
Subject key identifier:   22:50:90:27:1F:31:2C:C2:E1:B0:21:D1:F2:4C:2B:FC:E7:AD:31:AB
Certificate issuer:       /CN=36e7cfdd129193e219c370121ca16250e429b58b
Certificate serial:       018CC94D597A0F0EFA6E064C60ACD58AFFD8
Authority key identifier: 36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/IlCQJx8xLMLhsCHR8kwr_OetMas.roa
Signing time:             Tue 02 Jan 2024 08:32:18 +0000
ROA not before:           Tue 02 Jan 2024 08:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.206.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:59:7a:0f:0e:fa:6e:06:4c:60:ac:d5:8a:ff:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36e7cfdd129193e219c370121ca16250e429b58b
        Validity
            Not Before: Jan  2 08:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=225090271f312cc2e1b021d1f24c2bfce7ad31ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7c:03:2c:6a:7b:05:ca:17:85:d2:30:15:17:
                    a7:44:8b:bd:96:ad:bf:1a:6f:1e:c6:96:b5:5d:e1:
                    87:c0:72:ad:57:5d:6d:53:4d:2c:eb:5c:95:fb:1f:
                    04:a8:3a:d0:8e:a2:50:6e:90:42:c2:ee:91:19:75:
                    e6:b3:17:2f:73:83:61:6a:6e:1c:5c:e6:37:86:1b:
                    e5:9d:a1:c1:70:83:51:fc:0b:fa:2c:9e:d4:27:d9:
                    5a:34:f6:17:a6:b9:1e:f2:99:d7:36:b5:86:c5:77:
                    14:8c:24:3e:ab:58:88:60:b4:ec:ba:8f:9f:65:5b:
                    5c:c7:95:9d:f6:af:75:aa:f3:87:34:d5:1f:4d:40:
                    a3:8b:56:f8:0d:f4:4e:92:59:33:37:f9:13:e7:7b:
                    df:04:83:68:a5:cf:9e:d6:b0:10:75:f9:2b:70:13:
                    ba:da:2e:ee:aa:cb:96:50:35:68:57:c1:7b:2e:2c:
                    5b:9f:fd:17:8e:e5:22:63:4e:de:c8:0e:45:f8:77:
                    b7:d3:60:88:31:c9:69:20:e8:98:70:77:95:1c:55:
                    ee:a9:3b:36:3c:12:af:33:08:00:be:f2:e6:53:e6:
                    e4:1d:c5:f9:df:cc:51:51:e6:0e:22:e6:21:02:aa:
                    23:83:2b:44:9c:32:4e:69:68:98:f6:47:ee:e1:45:
                    10:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:50:90:27:1F:31:2C:C2:E1:B0:21:D1:F2:4C:2B:FC:E7:AD:31:AB
            X509v3 Authority Key Identifier:
                keyid:36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/IlCQJx8xLMLhsCHR8kwr_OetMas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:72:64:4c:65:dd:45:74:f3:fc:03:2b:2f:da:78:d1:33:5c:
         42:e4:8b:e5:58:54:ca:68:4b:b9:06:5b:fa:bb:7d:6c:0f:b5:
         03:7e:77:56:e9:be:c5:1d:e2:3d:83:9c:ea:d2:14:e5:8f:23:
         f5:52:4c:8c:77:61:f1:f5:ea:5a:4e:f9:a3:dc:c3:09:17:ec:
         15:c6:80:89:fb:e3:63:11:9b:84:07:f5:27:7c:43:71:33:d0:
         ad:04:84:75:d8:4a:e8:22:80:f0:44:48:36:fb:db:22:8c:2f:
         09:a8:aa:25:83:69:66:d0:6d:eb:80:4e:1a:5f:39:6c:39:0e:
         2a:f4:f0:fd:85:8f:a8:1a:df:ba:7c:34:38:d3:07:aa:ae:f1:
         7b:a2:9a:ac:0e:23:33:84:55:4d:46:e7:47:33:0a:f9:6f:43:
         9d:bc:fb:71:c2:47:93:ee:4d:89:df:b0:77:f4:6b:60:db:b1:
         42:df:8c:82:04:ea:1a:23:6a:1a:fc:08:6a:f4:c5:b6:3d:31:
         c4:d7:5b:3f:a0:06:2c:d8:fe:ef:d6:20:9c:41:c9:f9:df:4c:
         7a:28:33:ae:fb:0f:8e:93:8b:e5:cf:0a:a2:77:97:eb:c4:35:
         30:78:a1:b1:6d:68:30:d6:77:1a:7a:8c:10:3e:19:b7:f1:ed:
         f1:a8:4c:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTVl6Dw76bgZMYKzViv/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZTdjZmRkMTI5MTkzZTIxOWMzNzAxMjFjYTE2MjUwZTQy
OWI1OGIwHhcNMjQwMTAyMDgzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjUwOTAyNzFmMzEyY2MyZTFiMDIxZDFmMjRjMmJmY2U3YWQzMWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33wDLGp7BcoXhdIwFRenRIu9lq2/
Gm8expa1XeGHwHKtV11tU00s61yV+x8EqDrQjqJQbpBCwu6RGXXmsxcvc4Nham4c
XOY3hhvlnaHBcINR/Av6LJ7UJ9laNPYXprke8pnXNrWGxXcUjCQ+q1iIYLTsuo+f
ZVtcx5Wd9q91qvOHNNUfTUCji1b4DfROklkzN/kT53vfBINopc+e1rAQdfkrcBO6
2i7uqsuWUDVoV8F7Lixbn/0XjuUiY07eyA5F+He302CIMclpIOiYcHeVHFXuqTs2
PBKvMwgAvvLmU+bkHcX538xRUeYOIuYhAqojgytEnDJOaWiY9kfu4UUQ2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJQkCcfMSzC4bAh0fJMK/znrTGrMB8GA1UdIwQY
MBaAFDbnz90SkZPiGcNwEhyhYlDkKbWLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWIt
ZGQxN2JmZDY3Y2QzLzEvSWxDUUp4OHhMTUxoc0NIUjhrd3JfT2V0TWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWItZGQxN2JmZDY3Y2Qz
LzEvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc7kMA0G
CSqGSIb3DQEBCwUAA4IBAQCicmRMZd1FdPP8Aysv2njRM1xC5IvlWFTKaEu5Blv6
u31sD7UDfndW6b7FHeI9g5zq0hTljyP1UkyMd2Hx9epaTvmj3MMJF+wVxoCJ++Nj
EZuEB/UnfENxM9CtBIR12EroIoDwREg2+9sijC8JqKolg2lm0G3rgE4aXzlsOQ4q
9PD9hY+oGt+6fDQ40weqrvF7opqsDiMzhFVNRudHMwr5b0OdvPtxwkeT7k2J37B3
9Gtg27FC34yCBOoaI2oa/Ahq9MW2PTHE11s/oAYs2P7v1iCcQcn530x6KDOu+w+O
k4vlzwqid5frxDUweKGxbWgw1ncaeowQPhm38e3xqEwd
-----END CERTIFICATE-----