Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/iCU2vJ363CZpyHNUurK_dNuVXdE.roa
File:                     iCU2vJ363CZpyHNUurK_dNuVXdE.roa (raw, json)
Hash identifier:          6PP00+RtDHO5sFS+pfDuEa6e1rb1QssNLnp4R4FRlAQ=
Subject key identifier:   88:25:36:BC:9D:FA:DC:26:69:C8:73:54:BA:B2:BF:74:DB:95:5D:D1
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       01941FFA38958169F400AAF22A1504FA2075
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/iCU2vJ363CZpyHNUurK_dNuVXdE.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62454
IP address blocks:        176.100.38.0/24 maxlen: 24
                          176.100.39.0/24 maxlen: 24
                          185.14.92.0/24 maxlen: 24
                          185.14.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:38:95:81:69:f4:00:aa:f2:2a:15:04:fa:20:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=882536bc9dfadc2669c87354bab2bf74db955dd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:41:7c:2f:06:5a:a0:8f:7f:4f:28:c2:74:ec:
                    7c:53:27:de:8c:c9:6d:85:41:c8:88:67:96:f4:56:
                    0c:be:82:f7:79:28:0c:d3:94:55:ec:a3:fd:ef:12:
                    9a:8e:a3:d2:0f:92:87:fe:05:bd:04:e2:05:d5:fc:
                    80:d9:4f:62:46:d9:9b:4e:c7:8e:c4:86:3b:67:a6:
                    0a:61:dd:1b:1f:bc:22:d8:ce:d2:31:22:b6:2a:db:
                    9b:13:e0:5c:f8:77:e1:a0:27:79:de:e4:c3:f6:76:
                    5d:05:f2:eb:64:2d:3c:99:0e:4a:2d:91:9e:e0:d8:
                    a6:73:c9:f7:2d:0d:f5:ea:08:0f:99:e0:53:4d:9b:
                    9a:67:51:29:22:71:74:86:c1:af:d8:0c:48:4c:ba:
                    c9:12:cb:5c:85:8e:ee:d8:e1:d5:dc:7f:1f:7f:30:
                    10:0e:4d:62:a8:73:b3:62:ff:e1:2b:5e:a1:01:30:
                    eb:8f:b6:40:82:0f:dd:e0:49:11:ea:84:3e:4d:70:
                    48:b8:31:49:d1:7c:f3:ff:f5:3a:7b:0e:cc:cd:af:
                    6b:bd:43:2c:01:83:5e:82:c4:dd:5e:1a:1a:93:52:
                    f9:75:48:70:0c:c6:77:55:91:e6:f4:e0:6b:77:ca:
                    64:df:02:88:8f:70:dd:77:11:fe:96:19:40:7c:d2:
                    89:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:25:36:BC:9D:FA:DC:26:69:C8:73:54:BA:B2:BF:74:DB:95:5D:D1
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/iCU2vJ363CZpyHNUurK_dNuVXdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.38.0/23
                  185.14.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bc:3a:e3:cd:35:5e:dc:46:a8:b9:74:c0:88:67:2d:b2:37:47:
         64:a0:be:44:7c:6e:cc:85:67:ec:be:b7:f7:71:83:99:66:a1:
         b9:eb:63:82:b7:45:1c:60:5a:8d:70:05:55:10:c5:35:bf:b7:
         c6:c2:d6:65:6a:a3:81:24:33:45:27:c3:6d:79:ce:9b:76:a3:
         1f:ab:ea:04:9f:65:af:51:95:8c:16:63:16:ea:c9:fa:9a:8e:
         4d:61:81:a8:cd:f8:39:12:ce:0b:a8:fc:1b:fa:a3:32:25:41:
         8a:2e:f7:17:bc:7e:37:f2:22:3f:e7:bb:91:49:ca:f3:65:0c:
         67:cf:d0:07:51:ee:ce:4c:0b:43:7c:e3:12:c2:34:84:c2:6d:
         49:23:02:57:53:e5:a0:b2:b1:90:8f:8a:b2:2b:e0:50:a3:2c:
         be:df:e1:e8:c1:af:01:6d:df:5d:23:a8:2f:08:79:6d:50:7a:
         d4:e9:92:96:ea:99:f7:09:29:27:23:41:1d:5d:75:76:23:cf:
         49:9a:66:9b:3f:7a:98:56:67:6e:b0:6f:59:7b:fb:5d:2c:be:
         79:bf:e4:fa:fd:77:a2:b4:7c:53:2e:a6:a8:63:a8:69:16:fc:
         33:9f:ca:02:f3:e5:57:a4:fa:d6:7b:33:61:92:c1:06:bd:77:
         99:17:58:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+jiVgWn0AKryKhUE+iB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI1MzZiYzlkZmFkYzI2NjljODczNTRiYWIyYmY3NGRiOTU1ZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7UF8LwZaoI9/TyjCdOx8UyfejMlt
hUHIiGeW9FYMvoL3eSgM05RV7KP97xKajqPSD5KH/gW9BOIF1fyA2U9iRtmbTseO
xIY7Z6YKYd0bH7wi2M7SMSK2KtubE+Bc+HfhoCd53uTD9nZdBfLrZC08mQ5KLZGe
4Nimc8n3LQ316ggPmeBTTZuaZ1EpInF0hsGv2AxITLrJEstchY7u2OHV3H8ffzAQ
Dk1iqHOzYv/hK16hATDrj7ZAgg/d4EkR6oQ+TXBIuDFJ0Xzz//U6ew7Mza9rvUMs
AYNegsTdXhoak1L5dUhwDMZ3VZHm9OBrd8pk3wKIj3DddxH+lhlAfNKJRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIglNryd+twmachzVLqyv3TblV3RMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvaUNVMnZKMzYzQ1pweUhOVXVyS19kTnVWWGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsGQmAwQB
uQ5cMA0GCSqGSIb3DQEBCwUAA4IBAQC8OuPNNV7cRqi5dMCIZy2yN0dkoL5EfG7M
hWfsvrf3cYOZZqG562OCt0UcYFqNcAVVEMU1v7fGwtZlaqOBJDNFJ8Ntec6bdqMf
q+oEn2WvUZWMFmMW6sn6mo5NYYGozfg5Es4LqPwb+qMyJUGKLvcXvH438iI/57uR
ScrzZQxnz9AHUe7OTAtDfOMSwjSEwm1JIwJXU+WgsrGQj4qyK+BQoyy+3+Howa8B
bd9dI6gvCHltUHrU6ZKW6pn3CSknI0EdXXV2I89JmmabP3qYVmdusG9Ze/tdLL55
v+T6/XeitHxTLqaoY6hpFvwzn8oC8+VXpPrWezNhksEGvXeZF1ij
-----END CERTIFICATE-----