Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/IAHd0AlrAQOipJIiOluIpkA7H7w.roa
File:                     IAHd0AlrAQOipJIiOluIpkA7H7w.roa (raw, json)
Hash identifier:          Ky0ahKcO24r+MRYGSX/zFS9IaXSg+4g52WS2q7pGygY=
Subject key identifier:   20:01:DD:D0:09:6B:01:03:A2:A4:92:22:3A:5B:88:A6:40:3B:1F:BC
Certificate issuer:       /CN=07d44a52778aa65f736e72436003f6654f268318
Certificate serial:       018CC3B67D6636435B68709EE2C917BD356E
Authority key identifier: 07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/IAHd0AlrAQOipJIiOluIpkA7H7w.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198121
IP address blocks:        193.224.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7d:66:36:43:5b:68:70:9e:e2:c9:17:bd:35:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d44a52778aa65f736e72436003f6654f268318
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2001ddd0096b0103a2a492223a5b88a6403b1fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f6:68:77:ff:d7:a9:57:1c:3a:f9:0f:80:5b:
                    05:09:18:0f:c5:49:0f:83:9b:a7:26:e0:38:83:22:
                    2e:84:d4:2a:74:e8:c8:c2:91:fc:35:a3:9e:e7:78:
                    be:02:88:c5:4b:e1:97:51:f3:5e:66:65:88:fa:74:
                    8d:31:e7:eb:a1:61:27:fd:39:9e:de:47:c3:0d:73:
                    a5:db:c2:68:2a:0a:7d:8d:26:3a:ff:31:d8:61:2f:
                    fb:5b:32:00:ea:cb:de:46:7d:1a:df:d0:cc:6c:f8:
                    37:83:19:bf:4d:c0:d9:4e:2c:b5:5a:20:36:fc:f7:
                    cd:1f:9b:d0:c2:6b:c9:6a:cf:21:e2:a4:26:9f:cf:
                    f6:05:43:f5:97:04:ba:bd:ba:a2:e4:fb:c4:db:6d:
                    73:ec:e0:7c:bb:69:59:15:53:5e:7d:6a:51:c6:a4:
                    53:31:81:01:63:72:56:9c:47:ce:4a:29:48:9e:a6:
                    6c:15:28:ae:f0:68:de:22:18:79:8f:e7:3f:64:85:
                    4e:6c:0d:25:36:61:eb:3b:38:e2:1b:26:25:16:17:
                    3a:54:d8:1a:7f:20:76:b0:85:6d:af:9e:2c:07:95:
                    93:b7:65:f4:d5:ef:31:c5:79:22:de:cb:c5:ac:bb:
                    16:98:f9:4a:30:22:23:26:ed:e7:67:1f:3c:f7:6b:
                    d7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:01:DD:D0:09:6B:01:03:A2:A4:92:22:3A:5B:88:A6:40:3B:1F:BC
            X509v3 Authority Key Identifier:
                keyid:07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/IAHd0AlrAQOipJIiOluIpkA7H7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.224.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:91:f5:f1:fa:a5:8b:37:d1:6c:05:57:2a:82:43:92:14:ac:
         b2:ed:ce:c4:e2:33:1a:cb:c2:72:dc:24:0f:1c:97:92:df:f2:
         40:8a:cf:d3:55:e4:01:70:f8:0a:a4:d2:c5:f5:9d:20:10:aa:
         1c:59:28:c3:b8:fb:28:7b:b1:18:75:4b:4a:65:f0:59:c3:fb:
         6f:de:f4:31:05:d6:f9:22:ba:bb:84:35:5b:a0:db:43:22:0b:
         a6:a5:71:3d:86:c1:a4:0a:e6:a3:d5:d1:f6:dc:1a:af:50:3d:
         7b:59:b3:c5:14:16:8a:9a:d9:eb:8d:2f:fa:a2:a9:24:d0:99:
         78:e6:fc:0b:7c:bb:95:26:db:94:d1:69:d1:59:2a:b9:f3:46:
         f0:08:56:05:53:5c:a3:25:d2:02:7d:14:8a:ac:4d:43:d9:6b:
         d8:5f:2b:35:8d:fa:0a:dc:bc:2b:71:6f:a7:ff:79:65:85:94:
         0e:20:93:6c:9f:a2:af:53:59:2f:ed:e1:ef:27:8d:39:af:7f:
         e7:c1:c3:87:b0:e1:23:f4:b3:76:51:09:bb:27:4b:87:dc:41:
         b8:cd:00:08:38:f0:03:41:5d:3c:51:3a:7d:3d:09:e7:a8:88:
         c8:8e:2c:bc:9e:0c:c6:67:e0:53:fa:42:57:0c:7a:5f:73:96:
         9c:72:6c:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtn1mNkNbaHCe4skXvTVuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDQ0YTUyNzc4YWE2NWY3MzZlNzI0MzYwMDNmNjY1NGYy
NjgzMTgwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDAxZGRkMDA5NmIwMTAzYTJhNDkyMjIzYTViODhhNjQwM2IxZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvZod//XqVccOvkPgFsFCRgPxUkP
g5unJuA4gyIuhNQqdOjIwpH8NaOe53i+AojFS+GXUfNeZmWI+nSNMefroWEn/Tme
3kfDDXOl28JoKgp9jSY6/zHYYS/7WzIA6sveRn0a39DMbPg3gxm/TcDZTiy1WiA2
/PfNH5vQwmvJas8h4qQmn8/2BUP1lwS6vbqi5PvE221z7OB8u2lZFVNefWpRxqRT
MYEBY3JWnEfOSilInqZsFSiu8GjeIhh5j+c/ZIVObA0lNmHrOzjiGyYlFhc6VNga
fyB2sIVtr54sB5WTt2X01e8xxXki3svFrLsWmPlKMCIjJu3nZx8892vXOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAB3dAJawEDoqSSIjpbiKZAOx+8MB8GA1UdIwQY
MBaAFAfUSlJ3iqZfc25yQ2AD9mVPJoMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGIt
MWQyOGE2MGUwZTMwLzEvSUFIZDBBbHJBUU9pcEpJaU9sdUlwa0E3SDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGItMWQyOGE2MGUwZTMw
LzEvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweA7MA0G
CSqGSIb3DQEBCwUAA4IBAQCAkfXx+qWLN9FsBVcqgkOSFKyy7c7E4jMay8Jy3CQP
HJeS3/JAis/TVeQBcPgKpNLF9Z0gEKocWSjDuPsoe7EYdUtKZfBZw/tv3vQxBdb5
Irq7hDVboNtDIgumpXE9hsGkCuaj1dH23BqvUD17WbPFFBaKmtnrjS/6oqkk0Jl4
5vwLfLuVJtuU0WnRWSq580bwCFYFU1yjJdICfRSKrE1D2WvYXys1jfoK3LwrcW+n
/3llhZQOIJNsn6KvU1kv7eHvJ405r3/nwcOHsOEj9LN2UQm7J0uH3EG4zQAIOPAD
QV08UTp9PQnnqIjIjiy8ngzGZ+BT+kJXDHpfc5accmzt
-----END CERTIFICATE-----