Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/kIKAhgvOodsa_O0Br7sXETFt51Q.roa
File:                     kIKAhgvOodsa_O0Br7sXETFt51Q.roa (raw, json)
Hash identifier:          bd96VwputTnIUWhZDxzKLBiEr6g1NnL8+iXqtQKz7a4=
Subject key identifier:   90:82:80:86:0B:CE:A1:DB:1A:FC:ED:01:AF:BB:17:11:31:6D:E7:54
Certificate issuer:       /CN=11fe3900e141c3b169a3cccb3557bccef2895e85
Certificate serial:       018CC80120EB3C05647E4E8CE82B49A4F34D
Authority key identifier: 11:FE:39:00:E1:41:C3:B1:69:A3:CC:CB:35:57:BC:CE:F2:89:5E:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/kIKAhgvOodsa_O0Br7sXETFt51Q.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48152
IP address blocks:        193.143.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:20:eb:3c:05:64:7e:4e:8c:e8:2b:49:a4:f3:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11fe3900e141c3b169a3cccb3557bccef2895e85
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=908280860bcea1db1afced01afbb1711316de754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9c:87:05:bf:ae:6e:aa:e2:08:92:5f:a6:f8:
                    a6:15:62:31:df:54:aa:5b:7d:7d:3b:9b:3a:63:b6:
                    d2:c6:b8:69:21:61:b5:90:57:ff:8a:fb:8b:36:56:
                    bd:67:ba:2b:fb:fe:b4:cb:cd:80:70:bb:fe:6d:3a:
                    2d:a2:8f:0c:65:40:75:f6:03:3b:ad:16:89:12:0e:
                    bd:55:aa:65:fe:d8:20:db:b0:1f:e4:b4:63:52:37:
                    73:91:31:17:0e:55:46:fe:a0:85:f4:9d:a6:10:de:
                    c1:d8:90:2a:50:5e:80:b2:6d:86:21:12:05:2d:de:
                    e1:0b:de:f9:af:d2:ac:05:f7:3c:91:21:b8:ab:8c:
                    e0:c8:ae:82:d0:e9:5f:08:95:f2:1d:3b:62:66:72:
                    44:46:ee:20:ff:ff:c2:44:45:f1:fc:f1:2a:d4:22:
                    4b:4b:14:02:57:16:47:a8:e0:e6:21:27:45:01:0d:
                    dd:b6:79:f8:44:05:4f:1d:5e:8b:08:6c:8b:36:81:
                    2d:81:6c:c5:4a:6b:c3:16:70:14:a3:7a:ce:4f:29:
                    0e:16:05:1d:6a:f2:a8:88:01:c9:b0:3b:f9:7b:81:
                    99:5c:92:aa:5c:16:6f:ec:bc:d7:87:ed:a7:67:10:
                    89:8b:f0:2c:48:43:53:79:fe:4c:d4:83:9a:a5:c2:
                    8a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:82:80:86:0B:CE:A1:DB:1A:FC:ED:01:AF:BB:17:11:31:6D:E7:54
            X509v3 Authority Key Identifier:
                keyid:11:FE:39:00:E1:41:C3:B1:69:A3:CC:CB:35:57:BC:CE:F2:89:5E:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/kIKAhgvOodsa_O0Br7sXETFt51Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:b6:89:96:0c:f4:24:37:4a:99:f1:32:a6:de:70:15:29:15:
         01:fb:96:a3:70:0c:00:fa:b8:ba:5e:34:2d:bf:25:1a:62:f2:
         fa:8f:02:df:7f:62:45:13:7a:33:b4:02:de:23:da:75:8f:e1:
         95:13:e8:6f:6a:ee:13:af:c4:76:d0:61:55:99:e6:9f:72:08:
         f5:e9:76:b8:eb:1e:d0:59:bd:9f:12:dd:d2:2f:b7:41:21:6a:
         48:87:6e:51:31:c9:ac:64:10:bd:fd:d3:d4:bb:59:d9:f7:82:
         59:43:51:f1:67:51:4f:6e:d3:28:97:b1:b8:bb:6e:40:09:ce:
         d0:3e:d4:ee:7d:57:48:2c:68:29:3f:35:ea:dc:53:b4:cd:af:
         53:22:5b:84:4f:41:37:08:60:08:fd:de:87:8f:7b:4a:2d:7a:
         3d:0e:45:b8:68:47:46:4f:0b:03:ab:2f:43:8e:32:60:f3:ce:
         31:7b:e7:a2:7f:7b:7a:62:46:16:28:8a:1e:6e:bb:98:2d:7a:
         6e:a2:a3:2e:73:ab:ec:f6:2f:23:1d:ab:bc:29:ca:d5:b5:b3:
         87:44:27:5d:fc:de:1e:32:b6:5e:05:ed:bd:8e:71:09:44:40:
         03:52:40:77:f5:e1:33:da:6a:a4:0b:c3:2c:00:45:e0:81:f3:
         d1:98:ea:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASDrPAVkfk6M6CtJpPNNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZmUzOTAwZTE0MWMzYjE2OWEzY2NjYjM1NTdiY2NlZjI4
OTVlODUwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDgyODA4NjBiY2VhMWRiMWFmY2VkMDFhZmJiMTcxMTMxNmRlNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJyHBb+ubqriCJJfpvimFWIx31Sq
W319O5s6Y7bSxrhpIWG1kFf/ivuLNla9Z7or+/60y82AcLv+bTotoo8MZUB19gM7
rRaJEg69Vapl/tgg27Af5LRjUjdzkTEXDlVG/qCF9J2mEN7B2JAqUF6Asm2GIRIF
Ld7hC975r9KsBfc8kSG4q4zgyK6C0OlfCJXyHTtiZnJERu4g///CREXx/PEq1CJL
SxQCVxZHqODmISdFAQ3dtnn4RAVPHV6LCGyLNoEtgWzFSmvDFnAUo3rOTykOFgUd
avKoiAHJsDv5e4GZXJKqXBZv7LzXh+2nZxCJi/AsSENTef5M1IOapcKKPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCCgIYLzqHbGvztAa+7FxExbedUMB8GA1UdIwQY
MBaAFBH+OQDhQcOxaaPMyzVXvM7yiV6FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWY0NUFPRkJ3N0Zwbzh6TE5WZTh6dktKWG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83ZWU5ODEtMGQ3Yy00YTUzLWFkYTEt
Y2UxYThkYzk0MDQ4LzEva0lLQWhndk9vZHNhX08wQnI3c1hFVEZ0NTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83ZWU5ODEtMGQ3Yy00YTUzLWFkYTEtY2UxYThkYzk0MDQ4
LzEvRWY0NUFPRkJ3N0Zwbzh6TE5WZTh6dktKWG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY96MA0G
CSqGSIb3DQEBCwUAA4IBAQBZtomWDPQkN0qZ8TKm3nAVKRUB+5ajcAwA+ri6XjQt
vyUaYvL6jwLff2JFE3oztALeI9p1j+GVE+hvau4Tr8R20GFVmeafcgj16Xa46x7Q
Wb2fEt3SL7dBIWpIh25RMcmsZBC9/dPUu1nZ94JZQ1HxZ1FPbtMol7G4u25ACc7Q
PtTufVdILGgpPzXq3FO0za9TIluET0E3CGAI/d6Hj3tKLXo9DkW4aEdGTwsDqy9D
jjJg884xe+eif3t6YkYWKIoebruYLXpuoqMuc6vs9i8jHau8KcrVtbOHRCdd/N4e
MrZeBe29jnEJREADUkB39eEz2mqkC8MsAEXggfPRmOqG
-----END CERTIFICATE-----