Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/IZLKju0sJ0JBXaP_Y5iCeJcNJDQ.roa
File:                     IZLKju0sJ0JBXaP_Y5iCeJcNJDQ.roa (raw, json)
Hash identifier:          pULORW3W+OJnPxCB+xBDeRSUbmeC8GFCotseXQLeRAk=
Subject key identifier:   21:92:CA:8E:ED:2C:27:42:41:5D:A3:FF:63:98:82:78:97:0D:24:34
Certificate issuer:       /CN=cfd3a3f1069fcd512da514f66d6ee34ba3debb0f
Certificate serial:       018CC56F0269A144574ADECA800F38229745
Authority key identifier: CF:D3:A3:F1:06:9F:CD:51:2D:A5:14:F6:6D:6E:E3:4B:A3:DE:BB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z9Oj8QafzVEtpRT2bW7jS6Peuw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/IZLKju0sJ0JBXaP_Y5iCeJcNJDQ.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59975
IP address blocks:        176.107.230.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/z9Oj8QafzVEtpRT2bW7jS6Peuw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/z9Oj8QafzVEtpRT2bW7jS6Peuw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z9Oj8QafzVEtpRT2bW7jS6Peuw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:02:69:a1:44:57:4a:de:ca:80:0f:38:22:97:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfd3a3f1069fcd512da514f66d6ee34ba3debb0f
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2192ca8eed2c2742415da3ff63988278970d2434
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0c:88:f9:ba:e8:8d:ed:5f:2e:20:5b:08:a5:
                    a7:ad:1f:63:2f:e8:ba:05:ce:bd:88:e1:cd:2d:cf:
                    db:c9:81:3d:57:4d:86:13:6b:51:39:8e:bc:cc:5e:
                    63:5c:22:12:0c:b5:aa:d4:74:10:53:5c:5c:e4:b2:
                    a8:2a:fe:93:9c:89:16:00:62:82:48:e2:13:19:c4:
                    0c:00:7d:e4:01:5b:4e:2c:e9:e4:e6:54:6f:16:23:
                    bb:4f:f7:9e:44:1e:33:a5:cd:d8:34:11:96:5a:3a:
                    d0:c8:4a:f6:6a:50:00:51:8c:fa:32:30:d9:ef:08:
                    22:66:1c:24:64:14:52:bc:26:4c:4f:c7:b3:7d:d8:
                    14:c1:c6:2a:97:1d:0b:b2:f6:d4:23:2f:7a:65:19:
                    58:63:6e:24:33:f8:d0:ed:a8:2f:bf:77:b6:4c:30:
                    e9:15:04:ce:98:92:25:55:99:7d:42:21:1a:97:39:
                    09:76:9e:dc:bd:3b:eb:6c:ba:ac:51:c4:3a:a1:7f:
                    5f:a0:ab:f9:0a:f3:f8:d9:3f:d8:2c:f8:d7:00:ee:
                    da:c9:3d:de:76:c8:ce:c5:86:b7:be:07:21:99:42:
                    6e:3d:a9:35:9a:9e:9c:0f:b6:9c:24:79:96:98:c9:
                    ed:bb:da:ea:4a:64:8d:41:da:3f:cd:99:d3:c6:00:
                    b9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:92:CA:8E:ED:2C:27:42:41:5D:A3:FF:63:98:82:78:97:0D:24:34
            X509v3 Authority Key Identifier:
                keyid:CF:D3:A3:F1:06:9F:CD:51:2D:A5:14:F6:6D:6E:E3:4B:A3:DE:BB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z9Oj8QafzVEtpRT2bW7jS6Peuw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/IZLKju0sJ0JBXaP_Y5iCeJcNJDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/b3f825-da38-4989-9629-382920155ffb/1/z9Oj8QafzVEtpRT2bW7jS6Peuw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.107.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:b2:1e:a3:13:3a:8e:17:72:34:51:2a:b1:48:fe:48:b4:35:
         b0:2a:42:3f:9f:55:05:6b:04:3d:84:43:04:6b:95:76:27:4d:
         d1:a3:c8:0b:a9:84:1b:dd:46:de:91:42:61:d7:ea:ac:e6:67:
         0b:76:f1:76:7f:9a:2c:a3:cc:a3:e2:99:65:16:35:82:ae:53:
         31:78:db:a4:c3:3d:8a:25:e8:45:6b:b4:5e:37:bd:48:8a:a9:
         70:b0:1d:56:aa:94:d9:5f:35:01:9d:dd:2b:c2:c0:07:d1:49:
         2a:52:11:ee:c4:d5:35:ab:13:c7:11:a7:77:07:20:24:7c:71:
         12:bf:81:94:fc:39:5f:c5:bb:91:ba:aa:db:19:50:78:3e:cb:
         4e:03:29:2f:b9:df:50:69:cc:99:5e:70:86:d2:bd:03:65:be:
         5a:29:5f:7a:8a:19:44:fd:cc:37:25:97:9a:24:d1:7c:e5:83:
         b7:bb:f7:bc:34:1f:4e:d2:20:61:a9:d3:eb:aa:0d:90:54:d5:
         7f:1d:38:d0:b8:4b:3b:8d:cb:08:87:09:9d:18:df:69:46:5f:
         60:07:3d:d3:9d:80:f4:f0:6b:e9:d8:1b:e7:7c:da:69:c7:14:
         4d:64:36:12:7b:af:47:af:64:b7:87:eb:f0:92:5e:35:e9:bf:
         11:83:3c:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwJpoURXSt7KgA84IpdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZDNhM2YxMDY5ZmNkNTEyZGE1MTRmNjZkNmVlMzRiYTNk
ZWJiMGYwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTkyY2E4ZWVkMmMyNzQyNDE1ZGEzZmY2Mzk4ODI3ODk3MGQyNDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAyI+broje1fLiBbCKWnrR9jL+i6
Bc69iOHNLc/byYE9V02GE2tROY68zF5jXCISDLWq1HQQU1xc5LKoKv6TnIkWAGKC
SOITGcQMAH3kAVtOLOnk5lRvFiO7T/eeRB4zpc3YNBGWWjrQyEr2alAAUYz6MjDZ
7wgiZhwkZBRSvCZMT8ezfdgUwcYqlx0LsvbUIy96ZRlYY24kM/jQ7agvv3e2TDDp
FQTOmJIlVZl9QiEalzkJdp7cvTvrbLqsUcQ6oX9foKv5CvP42T/YLPjXAO7ayT3e
dsjOxYa3vgchmUJuPak1mp6cD7acJHmWmMntu9rqSmSNQdo/zZnTxgC5NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGSyo7tLCdCQV2j/2OYgniXDSQ0MB8GA1UdIwQY
MBaAFM/To/EGn81RLaUU9m1u40uj3rsPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejlPajhRYWZ6VkV0cFJUMmJXN2pTNlBldXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iM2Y4MjUtZGEzOC00OTg5LTk2Mjkt
MzgyOTIwMTU1ZmZiLzEvSVpMS2p1MHNKMEpCWGFQX1k1aUNlSmNOSkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iM2Y4MjUtZGEzOC00OTg5LTk2MjktMzgyOTIwMTU1ZmZi
LzEvejlPajhRYWZ6VkV0cFJUMmJXN2pTNlBldXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsGvmMA0G
CSqGSIb3DQEBCwUAA4IBAQAXsh6jEzqOF3I0USqxSP5ItDWwKkI/n1UFawQ9hEME
a5V2J03Ro8gLqYQb3UbekUJh1+qs5mcLdvF2f5oso8yj4pllFjWCrlMxeNukwz2K
JehFa7ReN71IiqlwsB1WqpTZXzUBnd0rwsAH0UkqUhHuxNU1qxPHEad3ByAkfHES
v4GU/DlfxbuRuqrbGVB4PstOAykvud9QacyZXnCG0r0DZb5aKV96ihlE/cw3JZea
JNF85YO3u/e8NB9O0iBhqdPrqg2QVNV/HTjQuEs7jcsIhwmdGN9pRl9gBz3TnYD0
8Gvp2BvnfNppxxRNZDYSe69Hr2S3h+vwkl416b8Rgzxw
-----END CERTIFICATE-----