Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/IBa2FfCm0NXr_jkTnl9W4lKJHbQ.roa
File:                     IBa2FfCm0NXr_jkTnl9W4lKJHbQ.roa (raw, json)
Hash identifier:          g/fWzUMptSij5CbXIEyMw6oyGmVps6iOuy9vK1HPOHA=
Subject key identifier:   20:16:B6:15:F0:A6:D0:D5:EB:FE:39:13:9E:5F:56:E2:52:89:1D:B4
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0195EB98BAF07FE89E1AC6EE6FB26944755E
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/IBa2FfCm0NXr_jkTnl9W4lKJHbQ.roa
Signing time:             Mon 31 Mar 2025 09:46:49 +0000
ROA not before:           Mon 31 Mar 2025 09:46:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25693
IP address blocks:        193.108.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:eb:98:ba:f0:7f:e8:9e:1a:c6:ee:6f:b2:69:44:75:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Mar 31 09:46:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2016b615f0a6d0d5ebfe39139e5f56e252891db4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7e:36:11:ee:37:35:22:17:51:68:de:14:7f:
                    36:e7:d0:9b:5b:fc:fe:c4:57:f9:de:8e:44:53:11:
                    a7:33:3b:58:49:f7:c2:11:c9:32:31:9b:8d:22:2d:
                    83:e7:9d:02:20:0b:ce:03:9d:13:fe:7f:ab:1d:e6:
                    20:ae:e7:a5:b0:ae:f5:16:f8:02:11:f8:b9:b9:25:
                    72:b4:d7:10:1c:18:c2:91:6b:02:98:3e:2e:2a:f0:
                    2c:40:bf:14:28:85:df:92:70:e8:52:d8:3f:f6:1f:
                    32:3d:cc:2c:bc:d6:e5:4c:2e:95:77:dc:f9:29:56:
                    f8:28:6b:ac:e5:f4:93:7a:fe:91:17:06:34:69:e9:
                    7e:e5:4b:b0:4e:2a:6e:a4:d9:bb:97:fa:ba:39:68:
                    35:49:c9:05:63:30:1e:f9:e8:90:3a:93:9a:41:ff:
                    ea:c2:01:f6:47:c1:00:70:f7:d4:c0:c0:fc:d9:7f:
                    87:4d:be:2a:26:9a:97:5e:4d:87:bc:a8:17:2b:07:
                    a0:38:c3:44:f3:90:9e:8b:50:9f:20:9f:b9:93:e8:
                    50:64:bc:fb:98:31:92:88:78:14:2b:8a:b6:50:9d:
                    b5:72:83:b8:8a:cb:04:01:12:7b:5c:20:13:c9:aa:
                    e3:5c:96:b1:90:08:e1:6f:ca:cd:24:1f:7f:9f:62:
                    f0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:16:B6:15:F0:A6:D0:D5:EB:FE:39:13:9E:5F:56:E2:52:89:1D:B4
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/IBa2FfCm0NXr_jkTnl9W4lKJHbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:39:1d:42:e3:22:a8:50:60:ce:5b:c4:56:59:cf:c8:8f:42:
         49:a6:ec:27:ca:40:12:67:b0:0f:df:21:de:a3:83:fe:aa:65:
         76:b6:a8:86:49:a9:3b:46:e8:1d:30:a5:43:b1:de:40:f8:b5:
         b8:df:3f:f0:33:f4:f8:3c:c9:7b:9e:65:5f:11:aa:d7:d5:99:
         bc:2d:54:88:16:73:6f:5d:a5:78:6b:12:f9:9a:d9:cd:e2:ad:
         39:c5:2e:74:c9:0e:b1:61:e2:a5:99:30:9b:04:df:1e:f9:2e:
         ec:f3:ad:2d:5b:6e:ec:64:79:b9:86:1c:e2:db:06:ba:23:4e:
         df:61:cf:79:2c:6a:a0:66:28:be:97:7a:03:34:f1:b3:e4:57:
         a3:f8:c9:41:ee:a7:60:b8:5b:5c:20:4a:dc:8c:b9:e4:dc:3e:
         7e:46:af:2b:c9:43:3d:4c:32:49:30:08:3b:0e:24:25:44:9d:
         ee:37:85:30:a4:97:84:a1:fc:9b:87:b0:19:63:43:00:62:08:
         a3:00:56:13:c9:6f:f6:0e:ba:64:d3:72:75:d1:27:2d:c5:de:
         1c:3e:a9:48:a2:cc:0a:2d:28:7a:80:62:b2:f3:eb:d3:ee:23:
         c2:2a:ab:e2:d7:2a:50:1c:21:66:a1:2d:51:5c:bd:db:b9:cc:
         5b:63:f8:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXrmLrwf+ieGsbub7JpRHVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMzMxMDk0NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDE2YjYxNWYwYTZkMGQ1ZWJmZTM5MTM5ZTVmNTZlMjUyODkxZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqn42Ee43NSIXUWjeFH8259CbW/z+
xFf53o5EUxGnMztYSffCEckyMZuNIi2D550CIAvOA50T/n+rHeYgruelsK71FvgC
Efi5uSVytNcQHBjCkWsCmD4uKvAsQL8UKIXfknDoUtg/9h8yPcwsvNblTC6Vd9z5
KVb4KGus5fSTev6RFwY0ael+5UuwTipupNm7l/q6OWg1SckFYzAe+eiQOpOaQf/q
wgH2R8EAcPfUwMD82X+HTb4qJpqXXk2HvKgXKwegOMNE85Cei1CfIJ+5k+hQZLz7
mDGSiHgUK4q2UJ21coO4issEARJ7XCATyarjXJaxkAjhb8rNJB9/n2LwLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAWthXwptDV6/45E55fVuJSiR20MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvSUJhMkZmQ20wTlhyX2prVG5sOVc0bEtKSGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw4MA0G
CSqGSIb3DQEBCwUAA4IBAQCZOR1C4yKoUGDOW8RWWc/Ij0JJpuwnykASZ7AP3yHe
o4P+qmV2tqiGSak7RugdMKVDsd5A+LW43z/wM/T4PMl7nmVfEarX1Zm8LVSIFnNv
XaV4axL5mtnN4q05xS50yQ6xYeKlmTCbBN8e+S7s860tW27sZHm5hhzi2wa6I07f
Yc95LGqgZii+l3oDNPGz5Fej+MlB7qdguFtcIErcjLnk3D5+Rq8ryUM9TDJJMAg7
DiQlRJ3uN4UwpJeEofybh7AZY0MAYgijAFYTyW/2Drpk03J10Sctxd4cPqlIoswK
LSh6gGKy8+vT7iPCKqvi1ypQHCFmoS1RXL3bucxbY/ix
-----END CERTIFICATE-----