Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/IybHU6Pl_9YNg5jp9zbwWTg2qDw.roa
File:                     IybHU6Pl_9YNg5jp9zbwWTg2qDw.roa (raw, json)
Hash identifier:          XHsVhsr67U8Z+ikZKmise7OfFx0DUwhYTzhjSrJD9S0=
Subject key identifier:   23:26:C7:53:A3:E5:FF:D6:0D:83:98:E9:F7:36:F0:59:38:36:A8:3C
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       018CC801AAC3789E3ADCBBCEB9DAB3D1584A
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/IybHU6Pl_9YNg5jp9zbwWTg2qDw.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210600
IP address blocks:        213.135.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:aa:c3:78:9e:3a:dc:bb:ce:b9:da:b3:d1:58:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2326c753a3e5ffd60d8398e9f736f0593836a83c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0a:ef:28:8f:2f:79:6d:66:b1:4b:06:91:0d:
                    66:e1:56:ea:29:12:25:4e:88:ae:90:6b:b4:b5:4b:
                    e4:f0:0d:f8:e6:5b:bf:7e:7d:04:3e:6b:19:5e:54:
                    de:11:7f:aa:6d:65:09:a1:b6:83:f9:31:7e:b6:8d:
                    fe:30:b6:e2:70:90:bc:99:89:43:ef:36:15:1f:41:
                    b4:68:6d:43:d6:99:c0:a5:c4:ec:43:e6:4d:89:59:
                    2c:71:9e:16:a6:ed:5d:bf:ac:b6:ff:0d:49:7f:4d:
                    ce:11:68:82:08:1d:06:e2:1f:d8:df:20:59:51:88:
                    64:bc:f5:f2:b2:b0:b8:cd:fb:74:a6:9e:08:1e:73:
                    b4:23:0f:91:e1:48:e6:ab:50:07:60:59:9c:ff:5f:
                    0c:53:d5:b2:38:17:80:4d:4f:75:6a:b3:05:6e:88:
                    63:1a:2a:c3:da:01:47:a2:c8:d3:0d:d2:70:48:6f:
                    5e:d0:2b:ef:c2:48:5f:99:b3:a0:b6:36:64:63:b5:
                    1d:81:fc:0d:f5:f1:77:5f:79:25:90:15:bd:48:02:
                    a0:ef:bf:cd:50:fb:a1:a4:8d:1d:ab:9f:27:f5:36:
                    19:65:96:82:2e:21:35:8e:25:19:b9:f9:3a:6d:b7:
                    3f:c7:ba:0d:a8:09:d5:71:91:4b:f8:4f:de:34:c4:
                    6d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:26:C7:53:A3:E5:FF:D6:0D:83:98:E9:F7:36:F0:59:38:36:A8:3C
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/IybHU6Pl_9YNg5jp9zbwWTg2qDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.135.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:2d:33:2f:63:d8:8c:7a:a3:29:4c:f0:ed:d5:9a:2e:8f:8a:
         72:15:66:24:18:dc:6c:43:0e:61:ad:b7:6c:f5:a9:3f:e4:64:
         a9:19:7b:d8:9e:9e:f1:cf:fe:23:f7:a6:87:63:2f:f4:32:41:
         c3:01:f9:b7:2a:18:94:f6:4d:99:63:f6:be:47:63:62:cd:b8:
         8c:7f:10:4a:5a:d8:5c:da:c4:32:e4:48:83:b6:c0:4f:f9:b2:
         05:00:08:21:86:99:78:9b:aa:9d:cd:58:0d:96:31:2e:09:8d:
         17:05:d8:39:25:c7:54:80:38:39:aa:36:8e:9d:18:2e:e6:e6:
         ab:8c:30:3a:09:2c:dd:7d:c0:e8:2a:b8:6b:bb:37:6f:4b:29:
         6d:3f:9a:2a:2e:98:61:a8:92:66:dc:4c:b8:26:66:28:55:79:
         b8:0e:30:f6:55:2c:da:63:f1:68:da:a5:b6:f3:7e:11:0c:1c:
         d2:56:5a:b1:46:21:58:04:80:52:9c:a4:95:06:72:7a:ef:de:
         3f:96:ac:41:78:a0:a7:50:e7:63:32:d2:fd:34:f6:05:a3:25:
         53:f1:1a:ab:ab:dc:f2:b7:b5:ad:78:05:a9:8a:7e:a9:2f:39:
         02:4b:eb:09:ff:5b:31:96:f2:c1:24:10:5d:d3:26:cb:c1:a7:
         fd:a1:55:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAarDeJ463LvOudqz0VhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI2Yzc1M2EzZTVmZmQ2MGQ4Mzk4ZTlmNzM2ZjA1OTM4MzZhODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqArvKI8veW1msUsGkQ1m4VbqKRIl
ToiukGu0tUvk8A345lu/fn0EPmsZXlTeEX+qbWUJobaD+TF+to3+MLbicJC8mYlD
7zYVH0G0aG1D1pnApcTsQ+ZNiVkscZ4Wpu1dv6y2/w1Jf03OEWiCCB0G4h/Y3yBZ
UYhkvPXysrC4zft0pp4IHnO0Iw+R4Ujmq1AHYFmc/18MU9WyOBeATU91arMFbohj
GirD2gFHosjTDdJwSG9e0CvvwkhfmbOgtjZkY7UdgfwN9fF3X3klkBW9SAKg77/N
UPuhpI0dq58n9TYZZZaCLiE1jiUZufk6bbc/x7oNqAnVcZFL+E/eNMRtIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMmx1Oj5f/WDYOY6fc28Fk4Nqg8MB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvSXliSFU2UGxfOVlOZzVqcDl6YndXVGcycUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YdKMA0G
CSqGSIb3DQEBCwUAA4IBAQCkLTMvY9iMeqMpTPDt1Zouj4pyFWYkGNxsQw5hrbds
9ak/5GSpGXvYnp7xz/4j96aHYy/0MkHDAfm3KhiU9k2ZY/a+R2NizbiMfxBKWthc
2sQy5EiDtsBP+bIFAAghhpl4m6qdzVgNljEuCY0XBdg5JcdUgDg5qjaOnRgu5uar
jDA6CSzdfcDoKrhruzdvSyltP5oqLphhqJJm3Ey4JmYoVXm4DjD2VSzaY/Fo2qW2
834RDBzSVlqxRiFYBIBSnKSVBnJ6794/lqxBeKCnUOdjMtL9NPYFoyVT8Rqrq9zy
t7WteAWpin6pLzkCS+sJ/1sxlvLBJBBd0ybLwaf9oVUD
-----END CERTIFICATE-----