Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/afa6d6-50f9-41d4-b7cf-a33649e3e2c5/1/Ik_D8ub1_usofNl0IE7xV2juSKo.roa
File:                     Ik_D8ub1_usofNl0IE7xV2juSKo.roa (raw, json)
Hash identifier:          HWJc95/voPz35SaXMJ1Ep6YlgKGsqL4sDkMC+6TOvPE=
Subject key identifier:   22:4F:C3:F2:E6:F5:FE:EB:28:7C:D9:74:20:4E:F1:57:68:EE:48:AA
Certificate issuer:       /CN=f5ada901d408bf7f5b9435921e4800a8f82dbdab
Certificate serial:       018CC424DD69EA86CF8B8D21DF7E27B1DCF4
Authority key identifier: F5:AD:A9:01:D4:08:BF:7F:5B:94:35:92:1E:48:00:A8:F8:2D:BD:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9a2pAdQIv39blDWSHkgAqPgtvas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/afa6d6-50f9-41d4-b7cf-a33649e3e2c5/1/Ik_D8ub1_usofNl0IE7xV2juSKo.roa
Signing time:             Mon 01 Jan 2024 08:29:59 +0000
ROA not before:           Mon 01 Jan 2024 08:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205572
IP address blocks:        185.213.84.0/22 maxlen: 22
                          2a0b:8540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/afa6d6-50f9-41d4-b7cf-a33649e3e2c5/1/9a2pAdQIv39blDWSHkgAqPgtvas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/afa6d6-50f9-41d4-b7cf-a33649e3e2c5/1/9a2pAdQIv39blDWSHkgAqPgtvas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9a2pAdQIv39blDWSHkgAqPgtvas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:dd:69:ea:86:cf:8b:8d:21:df:7e:27:b1:dc:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5ada901d408bf7f5b9435921e4800a8f82dbdab
        Validity
            Not Before: Jan  1 08:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=224fc3f2e6f5feeb287cd974204ef15768ee48aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7e:73:65:84:8d:16:6d:fa:a1:5e:04:f5:1c:
                    04:5d:80:c5:5f:f2:06:e7:30:a2:43:c1:cd:60:cb:
                    88:0c:65:f0:c9:c8:2f:bf:3b:b3:9b:b0:49:04:c2:
                    4d:8f:21:98:ab:3d:e6:63:fc:68:5d:9b:e0:2a:c6:
                    e0:d5:b6:4c:fe:6c:99:4c:1a:d8:4b:76:ee:77:8f:
                    58:3c:5a:ed:54:7c:2d:03:65:2b:e0:46:94:ce:80:
                    56:0e:4f:df:13:26:e5:8f:aa:74:a7:65:66:ba:5e:
                    89:97:6b:0f:e7:06:5b:8d:e0:e0:c4:d5:0f:37:15:
                    9e:df:94:d8:ab:75:40:d0:f4:b6:61:7a:ac:fb:04:
                    65:bc:4a:eb:d6:24:34:c6:57:f8:68:4c:ea:f8:e1:
                    37:c6:84:f8:72:b8:64:0b:40:21:8f:db:2a:a1:3b:
                    ef:e3:4e:79:3f:79:bf:90:60:eb:5a:45:aa:4a:5b:
                    ed:40:7d:f0:e8:0f:9b:2c:88:a2:01:13:f3:26:f6:
                    67:18:fd:98:91:1a:1c:97:8d:8a:0f:d2:a1:db:f5:
                    64:ce:b7:b4:bc:73:79:27:62:9d:3e:46:50:98:f1:
                    08:36:4b:2e:2d:e9:e8:01:bf:2b:d9:8d:64:57:2c:
                    c4:c0:bf:37:bb:a6:a2:6d:52:24:30:bc:ff:43:86:
                    a8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4F:C3:F2:E6:F5:FE:EB:28:7C:D9:74:20:4E:F1:57:68:EE:48:AA
            X509v3 Authority Key Identifier:
                keyid:F5:AD:A9:01:D4:08:BF:7F:5B:94:35:92:1E:48:00:A8:F8:2D:BD:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a2pAdQIv39blDWSHkgAqPgtvas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/afa6d6-50f9-41d4-b7cf-a33649e3e2c5/1/Ik_D8ub1_usofNl0IE7xV2juSKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/afa6d6-50f9-41d4-b7cf-a33649e3e2c5/1/9a2pAdQIv39blDWSHkgAqPgtvas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.84.0/22
                IPv6:
                  2a0b:8540::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:1e:83:35:77:c7:fe:ae:ca:7b:31:9f:cf:25:1b:bd:bd:9c:
         83:e9:ad:90:f4:fe:23:f2:41:c3:95:91:79:5c:cf:f7:44:51:
         0c:76:35:84:c5:8e:12:83:07:69:3f:e4:f7:92:65:4e:d4:7f:
         27:d9:9b:5c:f0:0d:a9:81:8a:8a:35:53:1c:76:b5:53:6c:ba:
         7e:06:1a:e3:78:77:ff:45:00:c7:3c:ee:5f:2f:c6:8a:d9:a6:
         1d:5b:65:98:85:4b:d2:2d:d3:d7:33:6e:88:05:bc:ed:ca:b4:
         81:7e:59:95:49:2d:f7:18:da:3a:fc:a6:c9:e0:9c:4a:59:69:
         a2:2b:61:79:e0:3a:14:79:52:f2:b1:4f:19:14:a5:a9:72:92:
         e1:ee:82:4c:cd:8c:1f:35:3e:42:f6:32:b0:1d:24:59:a8:34:
         17:d6:72:4d:21:f8:ad:e2:26:75:c0:28:00:21:8c:b3:3f:e7:
         45:89:cc:6e:78:75:ba:23:6e:d4:47:82:d3:ef:38:e4:36:43:
         f8:13:f9:a6:e8:b9:c5:28:55:1f:f8:b0:f4:a9:d5:09:d8:2d:
         ba:7c:88:1e:3a:6f:69:38:91:bb:a7:d1:87:5e:92:7d:7e:a8:
         f0:e2:83:ee:47:a5:da:45:84:e1:31:13:af:78:72:32:ef:0a:
         1e:2a:2e:2c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJN1p6obPi40h334nsdz0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YWRhOTAxZDQwOGJmN2Y1Yjk0MzU5MjFlNDgwMGE4Zjgy
ZGJkYWIwHhcNMjQwMTAxMDgyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRmYzNmMmU2ZjVmZWViMjg3Y2Q5NzQyMDRlZjE1NzY4ZWU0OGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlH5zZYSNFm36oV4E9RwEXYDFX/IG
5zCiQ8HNYMuIDGXwycgvvzuzm7BJBMJNjyGYqz3mY/xoXZvgKsbg1bZM/myZTBrY
S3bud49YPFrtVHwtA2Ur4EaUzoBWDk/fEyblj6p0p2Vmul6Jl2sP5wZbjeDgxNUP
NxWe35TYq3VA0PS2YXqs+wRlvErr1iQ0xlf4aEzq+OE3xoT4crhkC0Ahj9sqoTvv
4055P3m/kGDrWkWqSlvtQH3w6A+bLIiiARPzJvZnGP2YkRocl42KD9Kh2/Vkzre0
vHN5J2KdPkZQmPEINksuLenoAb8r2Y1kVyzEwL83u6aibVIkMLz/Q4aoCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCJPw/Lm9f7rKHzZdCBO8Vdo7kiqMB8GA1UdIwQY
MBaAFPWtqQHUCL9/W5Q1kh5IAKj4Lb2rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWEycEFkUUl2MzlibERXU0hrZ0FxUGd0dmFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9hZmE2ZDYtNTBmOS00MWQ0LWI3Y2Yt
YTMzNjQ5ZTNlMmM1LzEvSWtfRDh1YjFfdXNvZk5sMElFN3hWMmp1U0tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9hZmE2ZDYtNTBmOS00MWQ0LWI3Y2YtYTMzNjQ5ZTNlMmM1
LzEvOWEycEFkUUl2MzlibERXU0hrZ0FxUGd0dmFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudVUMA0E
AgACMAcDBQMqC4VAMA0GCSqGSIb3DQEBCwUAA4IBAQBXHoM1d8f+rsp7MZ/PJRu9
vZyD6a2Q9P4j8kHDlZF5XM/3RFEMdjWExY4SgwdpP+T3kmVO1H8n2Ztc8A2pgYqK
NVMcdrVTbLp+BhrjeHf/RQDHPO5fL8aK2aYdW2WYhUvSLdPXM26IBbztyrSBflmV
SS33GNo6/KbJ4JxKWWmiK2F54DoUeVLysU8ZFKWpcpLh7oJMzYwfNT5C9jKwHSRZ
qDQX1nJNIfit4iZ1wCgAIYyzP+dFicxueHW6I27UR4LT7zjkNkP4E/mm6LnFKFUf
+LD0qdUJ2C26fIgeOm9pOJG7p9GHXpJ9fqjw4oPuR6XaRYThMROveHIy7woeKi4s
-----END CERTIFICATE-----