Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/04c4ce-b9f3-4c6a-a3e9-91bf61dd853f/1/Iixf0rqiB-yNbHXKOstCAO4oVIQ.roa
File:                     Iixf0rqiB-yNbHXKOstCAO4oVIQ.roa (raw, json)
Hash identifier:          O08jsDn556HjnnTXmdk2D3ZqMeofhuQnZFXo4nt30BQ=
Subject key identifier:   22:2C:5F:D2:BA:A2:07:EC:8D:6C:75:CA:3A:CB:42:00:EE:28:54:84
Certificate issuer:       /CN=88987ed4e73d0407483cc224ccf45aedf4969dd5
Certificate serial:       018CC8010A163A788999C84F1535DA58B7C1
Authority key identifier: 88:98:7E:D4:E7:3D:04:07:48:3C:C2:24:CC:F4:5A:ED:F4:96:9D:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iJh-1Oc9BAdIPMIkzPRa7fSWndU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/04c4ce-b9f3-4c6a-a3e9-91bf61dd853f/1/Iixf0rqiB-yNbHXKOstCAO4oVIQ.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25091
IP address blocks:        185.185.200.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/04c4ce-b9f3-4c6a-a3e9-91bf61dd853f/1/iJh-1Oc9BAdIPMIkzPRa7fSWndU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/04c4ce-b9f3-4c6a-a3e9-91bf61dd853f/1/iJh-1Oc9BAdIPMIkzPRa7fSWndU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iJh-1Oc9BAdIPMIkzPRa7fSWndU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0a:16:3a:78:89:99:c8:4f:15:35:da:58:b7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88987ed4e73d0407483cc224ccf45aedf4969dd5
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=222c5fd2baa207ec8d6c75ca3acb4200ee285484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:33:07:7f:ee:30:20:af:7c:c4:b6:85:60:0e:
                    be:2e:41:55:d2:f1:f6:26:a1:b2:e9:f5:47:ae:c1:
                    95:84:dc:e6:74:d3:81:3e:40:aa:59:2c:4c:a0:5a:
                    28:bf:ba:e6:26:f9:d0:b9:e9:05:5b:d7:61:a5:f0:
                    b3:50:d7:be:de:83:59:dd:66:dc:1a:82:81:c5:45:
                    c9:20:db:b5:a1:d9:97:a3:11:92:76:62:45:f5:e7:
                    00:97:9e:28:72:c7:d3:3e:45:bb:14:a1:dc:2c:eb:
                    c8:ad:2c:fe:2e:58:2c:8f:65:c5:f4:9d:52:40:bf:
                    fd:07:b8:d4:0e:29:5b:67:82:a3:55:75:c1:54:ff:
                    0e:ad:fa:99:0b:06:14:82:db:5b:42:92:b5:54:6f:
                    8b:83:58:09:59:0a:7a:61:dc:65:8d:92:35:6f:9a:
                    91:ad:88:2f:5a:76:be:90:67:c6:c3:5c:51:fd:b5:
                    61:25:80:36:f7:b1:3f:a0:5c:07:d2:bd:4d:e7:da:
                    3a:95:99:a0:42:73:26:18:48:a1:7c:cb:35:b1:26:
                    b2:d6:6b:ed:cd:51:26:95:7d:de:69:89:35:9d:ac:
                    e0:4b:1a:df:ca:e4:19:c6:b7:d2:bc:3e:ce:8e:01:
                    8e:75:1f:6d:8b:30:fc:5a:f8:44:88:68:a4:f5:86:
                    16:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:2C:5F:D2:BA:A2:07:EC:8D:6C:75:CA:3A:CB:42:00:EE:28:54:84
            X509v3 Authority Key Identifier:
                keyid:88:98:7E:D4:E7:3D:04:07:48:3C:C2:24:CC:F4:5A:ED:F4:96:9D:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iJh-1Oc9BAdIPMIkzPRa7fSWndU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/04c4ce-b9f3-4c6a-a3e9-91bf61dd853f/1/Iixf0rqiB-yNbHXKOstCAO4oVIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/04c4ce-b9f3-4c6a-a3e9-91bf61dd853f/1/iJh-1Oc9BAdIPMIkzPRa7fSWndU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:db:a4:b9:bb:5d:74:1b:c2:e9:8e:47:97:80:d1:4a:67:e9:
         ad:f4:56:8b:d7:9d:af:3e:4b:1f:a3:56:1f:c7:f1:6a:b3:87:
         a6:4b:20:92:a1:b4:5b:08:02:a3:c4:39:0e:48:68:a7:93:47:
         a4:e9:4d:c3:60:d3:a4:fc:d7:da:17:46:f6:e0:aa:46:69:f9:
         3e:8f:5e:7c:ce:a1:11:fa:5d:38:87:ee:5c:53:a1:93:4a:16:
         e0:e2:a2:1b:4b:ef:0d:4e:2f:88:d5:3d:d0:a9:cc:75:83:1c:
         10:bc:eb:d8:e1:6c:2c:e2:29:f3:eb:f8:73:5b:15:2d:2b:c6:
         f3:6c:81:c9:60:23:b5:ba:98:e8:17:38:cc:d0:89:ba:44:61:
         69:6c:b0:6a:eb:b4:a9:d6:8b:e4:8f:7d:76:b5:05:14:39:31:
         24:f4:bb:1c:59:81:16:51:20:c2:e7:be:ac:ec:d5:14:9c:4b:
         a5:a5:6f:a0:c8:c6:e7:99:1f:dc:0a:ba:4e:36:8f:92:59:30:
         88:b8:10:b1:d2:2e:84:ca:89:80:63:36:a3:32:20:ae:8d:32:
         c5:19:9e:fa:cc:e8:91:ca:a3:2e:7d:45:a6:29:8b:04:e9:db:
         54:f3:cb:4f:98:0b:f1:d0:f4:b5:84:22:a5:1e:74:b2:d5:00:
         00:09:8b:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQoWOniJmchPFTXaWLfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4OTg3ZWQ0ZTczZDA0MDc0ODNjYzIyNGNjZjQ1YWVkZjQ5
NjlkZDUwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjJjNWZkMmJhYTIwN2VjOGQ2Yzc1Y2EzYWNiNDIwMGVlMjg1NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDMHf+4wIK98xLaFYA6+LkFV0vH2
JqGy6fVHrsGVhNzmdNOBPkCqWSxMoFoov7rmJvnQuekFW9dhpfCzUNe+3oNZ3Wbc
GoKBxUXJINu1odmXoxGSdmJF9ecAl54ocsfTPkW7FKHcLOvIrSz+Llgsj2XF9J1S
QL/9B7jUDilbZ4KjVXXBVP8OrfqZCwYUgttbQpK1VG+Lg1gJWQp6YdxljZI1b5qR
rYgvWna+kGfGw1xR/bVhJYA297E/oFwH0r1N59o6lZmgQnMmGEihfMs1sSay1mvt
zVEmlX3eaYk1nazgSxrfyuQZxrfSvD7OjgGOdR9tizD8WvhEiGik9YYWhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIsX9K6ogfsjWx1yjrLQgDuKFSEMB8GA1UdIwQY
MBaAFIiYftTnPQQHSDzCJMz0Wu30lp3VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUpoLTFPYzlCQWRJUE1Ja3pQUmE3ZlNXbmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8wNGM0Y2UtYjlmMy00YzZhLWEzZTkt
OTFiZjYxZGQ4NTNmLzEvSWl4ZjBycWlCLXlOYkhYS09zdENBTzRvVklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8wNGM0Y2UtYjlmMy00YzZhLWEzZTktOTFiZjYxZGQ4NTNm
LzEvaUpoLTFPYzlCQWRJUE1Ja3pQUmE3ZlNXbmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubnIMA0G
CSqGSIb3DQEBCwUAA4IBAQCN26S5u110G8LpjkeXgNFKZ+mt9FaL152vPksfo1Yf
x/Fqs4emSyCSobRbCAKjxDkOSGink0ek6U3DYNOk/NfaF0b24KpGafk+j158zqER
+l04h+5cU6GTShbg4qIbS+8NTi+I1T3Qqcx1gxwQvOvY4Wws4inz6/hzWxUtK8bz
bIHJYCO1upjoFzjM0Im6RGFpbLBq67Sp1ovkj312tQUUOTEk9LscWYEWUSDC576s
7NUUnEulpW+gyMbnmR/cCrpONo+SWTCIuBCx0i6EyomAYzajMiCujTLFGZ76zOiR
yqMufUWmKYsE6dtU88tPmAvx0PS1hCKlHnSy1QAACYsK
-----END CERTIFICATE-----