Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/I9i3fnf4Nk0WsFMmWEWJhe5vh40.roa
File:                     I9i3fnf4Nk0WsFMmWEWJhe5vh40.roa (raw, json)
Hash identifier:          llYywC4U70yW6sSChiJ+ZHwIZzZjQAej/EchqIalMeA=
Subject key identifier:   23:D8:B7:7E:77:F8:36:4D:16:B0:53:26:58:45:89:85:EE:6F:87:8D
Certificate issuer:       /CN=93dc45ffe13f841f188af743bd7dc34ed54805d4
Certificate serial:       019424B3D67D32151F20C1C6DC680A2F4FD5
Authority key identifier: 93:DC:45:FF:E1:3F:84:1F:18:8A:F7:43:BD:7D:C3:4E:D5:48:05:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/I9i3fnf4Nk0WsFMmWEWJhe5vh40.roa
Signing time:             Thu 02 Jan 2025 01:49:13 +0000
ROA not before:           Thu 02 Jan 2025 01:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205660
IP address blocks:        185.188.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:d6:7d:32:15:1f:20:c1:c6:dc:68:0a:2f:4f:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93dc45ffe13f841f188af743bd7dc34ed54805d4
        Validity
            Not Before: Jan  2 01:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23d8b77e77f8364d16b0532658458985ee6f878d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:53:bf:85:64:3f:42:a6:b9:b9:78:63:d4:1b:
                    f3:e7:12:12:29:86:c3:12:f3:c6:49:fd:b7:51:21:
                    fa:1c:33:b4:6a:ec:1c:13:49:6a:09:f0:7c:df:e3:
                    27:52:8f:80:84:1c:ec:e1:d2:38:bf:62:6e:4e:d0:
                    27:39:9e:0e:0b:6f:3f:89:58:5c:96:14:52:1e:32:
                    bb:95:52:02:6b:ce:c6:08:ab:f6:19:50:a3:50:f6:
                    ba:59:fc:51:69:93:ba:8c:83:e6:40:ea:95:2b:42:
                    53:f3:f4:18:bc:5f:ae:79:d0:b4:9a:c4:ca:c9:7a:
                    a5:a0:91:8b:38:31:c9:0c:7b:12:c9:87:23:03:2f:
                    9a:77:59:16:45:a9:e8:a7:84:2e:2c:05:ba:41:8c:
                    ef:dc:87:f7:44:df:7f:d2:5c:64:8b:9e:3f:5f:ae:
                    5f:64:09:23:a1:99:44:e9:cc:09:51:7f:08:5d:96:
                    fb:3b:e4:d6:f6:4f:2f:56:ef:9a:e4:4d:57:fe:28:
                    26:19:37:81:32:aa:f4:6e:ce:e1:99:3f:70:36:15:
                    92:77:fe:92:55:07:e6:65:31:df:45:ea:e4:c4:0c:
                    84:60:8a:09:0f:83:cb:22:66:7c:d3:21:c3:86:5b:
                    4e:1b:8e:90:ce:42:68:ee:6d:fc:c9:e7:a6:c0:af:
                    e5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D8:B7:7E:77:F8:36:4D:16:B0:53:26:58:45:89:85:EE:6F:87:8D
            X509v3 Authority Key Identifier:
                keyid:93:DC:45:FF:E1:3F:84:1F:18:8A:F7:43:BD:7D:C3:4E:D5:48:05:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k9xF_-E_hB8YivdDvX3DTtVIBdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/I9i3fnf4Nk0WsFMmWEWJhe5vh40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d0b19-0aff-412f-a2fd-21895728ba4e/1/k9xF_-E_hB8YivdDvX3DTtVIBdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:2f:c4:28:c4:d0:33:9f:42:20:22:fb:13:85:96:fa:7e:d4:
         97:34:fa:dc:ec:9f:be:c3:9f:76:6a:5f:a4:ca:ed:c5:f0:d3:
         d2:31:0c:33:33:17:81:a2:01:5c:13:cd:1e:53:4b:43:97:86:
         76:00:34:af:ad:a4:9a:b7:9c:1e:89:d1:7b:e4:20:9f:c2:2c:
         2f:13:36:74:d5:70:62:67:8c:45:a9:ca:dd:4f:8d:50:83:cd:
         3a:60:81:6c:09:65:21:03:bf:29:c3:cc:bc:dd:62:3a:d0:d3:
         fb:82:f3:52:49:a7:0d:60:8b:41:35:81:21:35:15:7e:1c:de:
         cb:6f:a9:d8:39:c5:93:1a:b6:6c:8a:e0:0b:5a:bd:d5:5a:21:
         2c:56:da:fd:04:5b:3f:43:01:97:7e:db:cf:8a:78:b7:6d:b3:
         72:05:0b:a7:17:25:3a:99:24:f6:76:aa:a8:2f:d7:58:c3:32:
         e1:12:b4:7e:dc:61:38:15:79:48:b9:0d:15:e2:e7:7d:57:9e:
         5b:11:6b:b5:aa:2b:3e:d8:d0:c6:0c:80:59:44:1d:16:c9:1c:
         8a:84:01:af:be:09:11:89:27:7e:59:6b:bc:05:19:b0:f9:53:
         79:32:c7:b4:1c:66:11:72:46:7c:f2:92:11:fe:96:b6:21:24:
         d6:ba:10:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks9Z9MhUfIMHG3GgKL0/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZGM0NWZmZTEzZjg0MWYxODhhZjc0M2JkN2RjMzRlZDU0
ODA1ZDQwHhcNMjUwMTAyMDE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Q4Yjc3ZTc3ZjgzNjRkMTZiMDUzMjY1ODQ1ODk4NWVlNmY4NzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1O/hWQ/Qqa5uXhj1Bvz5xISKYbD
EvPGSf23USH6HDO0auwcE0lqCfB83+MnUo+AhBzs4dI4v2JuTtAnOZ4OC28/iVhc
lhRSHjK7lVICa87GCKv2GVCjUPa6WfxRaZO6jIPmQOqVK0JT8/QYvF+uedC0msTK
yXqloJGLODHJDHsSyYcjAy+ad1kWRanop4QuLAW6QYzv3If3RN9/0lxki54/X65f
ZAkjoZlE6cwJUX8IXZb7O+TW9k8vVu+a5E1X/igmGTeBMqr0bs7hmT9wNhWSd/6S
VQfmZTHfRerkxAyEYIoJD4PLImZ80yHDhltOG46QzkJo7m38yeemwK/lfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPYt353+DZNFrBTJlhFiYXub4eNMB8GA1UdIwQY
MBaAFJPcRf/hP4QfGIr3Q719w07VSAXUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazl4Rl8tRV9oQjhZaXZkRHZYM0RUdFZJQmRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yZDBiMTktMGFmZi00MTJmLWEyZmQt
MjE4OTU3MjhiYTRlLzEvSTlpM2ZuZjROazBXc0ZNbVdFV0poZTV2aDQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yZDBiMTktMGFmZi00MTJmLWEyZmQtMjE4OTU3MjhiYTRl
LzEvazl4Rl8tRV9oQjhZaXZkRHZYM0RUdFZJQmRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubwCMA0G
CSqGSIb3DQEBCwUAA4IBAQB8L8QoxNAzn0IgIvsThZb6ftSXNPrc7J++w592al+k
yu3F8NPSMQwzMxeBogFcE80eU0tDl4Z2ADSvraSat5weidF75CCfwiwvEzZ01XBi
Z4xFqcrdT41Qg806YIFsCWUhA78pw8y83WI60NP7gvNSSacNYItBNYEhNRV+HN7L
b6nYOcWTGrZsiuALWr3VWiEsVtr9BFs/QwGXftvPini3bbNyBQunFyU6mST2dqqo
L9dYwzLhErR+3GE4FXlIuQ0V4ud9V55bEWu1qis+2NDGDIBZRB0WyRyKhAGvvgkR
iSd+WWu8BRmw+VN5Mse0HGYRckZ88pIR/pa2ISTWuhCW
-----END CERTIFICATE-----