Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/iOrESlwrDWPa2kfBXXOoFj4xIhQ.roa
File:                     iOrESlwrDWPa2kfBXXOoFj4xIhQ.roa (raw, json)
Hash identifier:          u/5p6wCxcA9XSh3wFQuY8w8XpDedABJpm+tuj0oSPg4=
Subject key identifier:   88:EA:C4:4A:5C:2B:0D:63:DA:DA:47:C1:5D:73:A8:16:3E:31:22:14
Certificate issuer:       /CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
Certificate serial:       018CC5002C9C9992C825DA19753C835B5970
Authority key identifier: 2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/iOrESlwrDWPa2kfBXXOoFj4xIhQ.roa
Signing time:             Mon 01 Jan 2024 12:29:32 +0000
ROA not before:           Mon 01 Jan 2024 12:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34761
IP address blocks:        217.194.80.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:2c:9c:99:92:c8:25:da:19:75:3c:83:5b:59:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ec121e1545df3e5bb86e9188f2825fad7477f75
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88eac44a5c2b0d63dada47c15d73a8163e312214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c0:c0:7a:b6:cd:b4:85:7d:d5:9d:ae:b9:8d:
                    64:22:52:71:e0:e6:d9:d2:e8:59:af:9f:b0:0c:9c:
                    8c:2d:bc:c8:ce:e7:f0:e6:65:c6:78:e7:87:15:dd:
                    d8:00:8a:bc:56:c0:ae:67:aa:71:cb:ad:79:d3:49:
                    f0:89:ef:fc:6b:74:d7:ab:1c:e3:eb:c9:cc:33:d1:
                    d7:7e:d4:cc:e1:ac:45:0c:0f:22:8f:79:de:36:38:
                    69:31:5a:15:1c:4f:ee:b3:dc:4b:26:d0:0f:06:1c:
                    0b:39:9d:1f:06:7e:9e:1c:89:bc:e4:78:a3:11:70:
                    b1:19:29:34:89:aa:ef:b0:9b:aa:1f:d5:71:63:b9:
                    d4:83:ae:93:b4:3b:c4:49:94:a2:79:02:99:d7:a0:
                    14:d7:d7:74:d2:14:ff:c7:d5:4c:49:86:4d:d8:98:
                    ca:3c:2a:db:5d:d7:fe:13:fc:01:fe:b4:19:74:92:
                    63:b7:6e:2e:ce:86:b2:f5:e5:e0:2f:77:bd:ae:7a:
                    29:83:81:74:13:27:c0:46:2c:70:9c:b7:7e:40:6b:
                    f8:89:cc:7b:54:55:c9:f4:60:48:64:7b:53:7c:f9:
                    b2:09:4c:85:53:f2:39:cb:a3:ae:b5:a4:b7:97:a0:
                    73:4a:36:d5:ac:72:27:84:1c:09:95:37:6b:89:4c:
                    c5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:EA:C4:4A:5C:2B:0D:63:DA:DA:47:C1:5D:73:A8:16:3E:31:22:14
            X509v3 Authority Key Identifier:
                keyid:2E:C1:21:E1:54:5D:F3:E5:BB:86:E9:18:8F:28:25:FA:D7:47:7F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LsEh4VRd8-W7hukYjygl-tdHf3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/iOrESlwrDWPa2kfBXXOoFj4xIhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1ed27c-2d8c-4080-a458-9f522a284595/1/LsEh4VRd8-W7hukYjygl-tdHf3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.194.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         01:de:d7:2f:b1:39:30:8f:29:54:cb:f4:d2:b0:97:6d:e7:86:
         f8:df:51:7b:e3:7c:cc:a8:95:bc:06:e5:33:07:73:08:bf:84:
         37:2e:d5:59:95:28:22:b2:63:4a:ef:ef:9e:dc:10:25:e0:55:
         46:cc:42:4e:ee:87:d1:83:26:5b:e9:db:6a:79:1e:41:24:e0:
         fb:3a:98:05:9b:e9:4e:91:bb:6d:f7:12:d6:c3:11:14:4e:d8:
         db:65:d3:7e:c7:59:d5:7e:dc:08:29:c6:97:9d:42:78:52:38:
         fb:6c:8d:bf:28:63:df:23:55:d9:dd:99:09:79:a1:38:74:35:
         e6:c6:18:c7:ad:32:87:d3:68:3f:22:12:24:7e:3e:1d:26:99:
         e8:72:59:62:01:94:c4:ac:54:30:b0:2e:ef:bd:2c:93:9b:30:
         7b:16:2b:16:22:1a:c6:f2:9a:c0:4d:a1:e0:f4:2b:1f:f4:03:
         da:f9:9b:8d:7e:ac:85:29:4f:d6:0e:65:9f:8e:cc:35:36:68:
         cc:16:92:87:bb:96:cd:b8:a4:48:9b:60:45:11:52:35:4b:0d:
         72:c3:95:7a:18:94:59:04:39:23:24:5b:54:19:7b:24:15:d5:
         6c:ca:68:c9:af:70:3b:c6:7d:1e:dd:dc:27:8c:7d:3a:01:c9:
         de:12:73:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFACycmZLIJdoZdTyDW1lwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYzEyMWUxNTQ1ZGYzZTViYjg2ZTkxODhmMjgyNWZhZDc0
NzdmNzUwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGVhYzQ0YTVjMmIwZDYzZGFkYTQ3YzE1ZDczYTgxNjNlMzEyMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsDAerbNtIV91Z2uuY1kIlJx4ObZ
0uhZr5+wDJyMLbzIzufw5mXGeOeHFd3YAIq8VsCuZ6pxy61500nwie/8a3TXqxzj
68nMM9HXftTM4axFDA8ij3neNjhpMVoVHE/us9xLJtAPBhwLOZ0fBn6eHIm85Hij
EXCxGSk0iarvsJuqH9VxY7nUg66TtDvESZSieQKZ16AU19d00hT/x9VMSYZN2JjK
PCrbXdf+E/wB/rQZdJJjt24uzoay9eXgL3e9rnopg4F0EyfARixwnLd+QGv4icx7
VFXJ9GBIZHtTfPmyCUyFU/I5y6OutaS3l6BzSjbVrHInhBwJlTdriUzF4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjqxEpcKw1j2tpHwV1zqBY+MSIUMB8GA1UdIwQY
MBaAFC7BIeFUXfPlu4bpGI8oJfrXR391MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgt
OWY1MjJhMjg0NTk1LzEvaU9yRVNsd3JEV1BhMmtmQlhYT29GajR4SWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xZWQyN2MtMmQ4Yy00MDgwLWE0NTgtOWY1MjJhMjg0NTk1
LzEvTHNFaDRWUmQ4LVc3aHVrWWp5Z2wtdGRIZjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2cJQMA0G
CSqGSIb3DQEBCwUAA4IBAQAB3tcvsTkwjylUy/TSsJdt54b431F743zMqJW8BuUz
B3MIv4Q3LtVZlSgismNK7++e3BAl4FVGzEJO7ofRgyZb6dtqeR5BJOD7OpgFm+lO
kbtt9xLWwxEUTtjbZdN+x1nVftwIKcaXnUJ4Ujj7bI2/KGPfI1XZ3ZkJeaE4dDXm
xhjHrTKH02g/IhIkfj4dJpnoclliAZTErFQwsC7vvSyTmzB7FisWIhrG8prATaHg
9Csf9APa+ZuNfqyFKU/WDmWfjsw1NmjMFpKHu5bNuKRIm2BFEVI1Sw1yw5V6GJRZ
BDkjJFtUGXskFdVsymjJr3A7xn0e3dwnjH06AcneEnPq
-----END CERTIFICATE-----