Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/IviE858-xzClNMKBIcOo8xnsNmM.roa
File:                     IviE858-xzClNMKBIcOo8xnsNmM.roa (raw, json)
Hash identifier:          K3jAhQBw1spKl6G8PCVetuTQIQwD20P7QRFgK8fKNSs=
Subject key identifier:   22:F8:84:F3:9F:3E:C7:30:A5:34:C2:81:21:C3:A8:F3:19:EC:36:63
Certificate issuer:       /CN=ae1dc18a4b1fbfe2c2babd8bbb47fe1fd1cf22f8
Certificate serial:       018CC4251F3655B79EAE37695335FFF0173B
Authority key identifier: AE:1D:C1:8A:4B:1F:BF:E2:C2:BA:BD:8B:BB:47:FE:1F:D1:CF:22:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/IviE858-xzClNMKBIcOo8xnsNmM.roa
Signing time:             Mon 01 Jan 2024 08:30:16 +0000
ROA not before:           Mon 01 Jan 2024 08:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        194.99.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1f:36:55:b7:9e:ae:37:69:53:35:ff:f0:17:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae1dc18a4b1fbfe2c2babd8bbb47fe1fd1cf22f8
        Validity
            Not Before: Jan  1 08:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22f884f39f3ec730a534c28121c3a8f319ec3663
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ac:c3:80:81:e3:52:2b:3a:5e:93:f7:e2:6c:
                    83:f7:f7:f4:5f:5d:bd:59:56:b3:4d:7b:24:0c:29:
                    6a:38:45:ce:b0:1e:b2:5f:d5:98:8a:ed:86:6c:9d:
                    7b:7c:e7:fb:59:57:fe:06:1d:d9:7e:e1:97:35:23:
                    e4:37:38:47:02:af:89:c9:b6:dd:b9:b8:f0:f0:33:
                    13:e1:e2:ae:b2:ee:ac:7f:3e:0a:26:4e:74:9f:92:
                    1c:32:80:5d:9c:5a:87:62:16:25:27:04:dd:bb:11:
                    69:97:d6:48:4c:cd:31:73:fd:31:7f:31:f2:6c:e8:
                    59:f3:8c:2f:1b:da:0b:22:7b:8a:6e:3c:fb:c7:0d:
                    5e:c1:ed:23:cc:30:f5:96:b7:d0:a3:c3:8e:99:94:
                    16:87:f0:a4:08:f6:1a:60:de:20:54:16:f7:c8:d2:
                    f4:65:35:5c:75:47:d4:8c:ef:05:55:34:1c:db:52:
                    bf:7b:30:e1:40:89:68:3b:56:a6:9b:7f:63:ae:de:
                    be:fb:df:82:af:bf:8d:b5:5f:2e:04:c2:85:54:11:
                    bb:cc:b5:a4:24:87:22:77:d6:81:a3:13:cd:ad:50:
                    26:3c:ea:73:42:d1:9d:4f:cf:01:a5:bb:ae:c2:e5:
                    ca:2b:1f:cf:cf:de:bc:d2:a4:93:bd:df:50:c8:44:
                    b6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F8:84:F3:9F:3E:C7:30:A5:34:C2:81:21:C3:A8:F3:19:EC:36:63
            X509v3 Authority Key Identifier:
                keyid:AE:1D:C1:8A:4B:1F:BF:E2:C2:BA:BD:8B:BB:47:FE:1F:D1:CF:22:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/IviE858-xzClNMKBIcOo8xnsNmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:f0:e3:a7:47:88:25:55:24:fb:7e:fe:f8:c3:5d:86:6f:52:
         25:dc:c2:87:76:a8:50:b8:29:3d:b0:9a:85:40:b1:24:86:2b:
         42:ed:f5:69:ec:09:29:20:20:21:31:f4:5d:82:84:08:93:0f:
         6a:d2:ff:cd:2e:1f:f4:97:25:ca:00:12:b7:0f:77:59:27:1f:
         93:7a:7a:16:11:02:fd:e1:eb:46:e8:3d:13:5a:c6:69:46:29:
         23:00:5f:a4:e6:c1:8c:fe:84:86:84:94:c7:8a:9d:7f:3d:9f:
         a1:79:d8:3f:b2:a6:e8:61:10:bf:1d:ee:5d:6e:60:50:79:c9:
         26:af:72:13:c0:70:4e:21:5d:70:ef:81:71:2e:14:9b:17:a3:
         73:c2:2b:d5:69:86:9b:64:a4:4f:bd:b0:2b:ee:c9:96:eb:8a:
         7b:8b:ea:04:7e:fa:b5:72:c9:7a:f8:67:f3:97:db:b0:af:53:
         5b:04:d5:60:56:a0:41:09:95:0d:b6:94:cf:62:13:43:2c:28:
         15:68:f3:71:4e:57:73:55:7b:f8:58:d4:3a:d5:4f:5b:08:ad:
         e1:52:5e:ef:d2:16:3c:71:84:05:dc:07:2b:53:44:de:4f:b2:
         ed:b8:8f:d8:16:49:d5:6a:ba:f8:da:f0:2e:db:92:d2:8f:a2:
         d7:a9:a8:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJR82VbeerjdpUzX/8Bc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMWRjMThhNGIxZmJmZTJjMmJhYmQ4YmJiNDdmZTFmZDFj
ZjIyZjgwHhcNMjQwMTAxMDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY4ODRmMzlmM2VjNzMwYTUzNGMyODEyMWMzYThmMzE5ZWMzNjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6zDgIHjUis6XpP34myD9/f0X129
WVazTXskDClqOEXOsB6yX9WYiu2GbJ17fOf7WVf+Bh3ZfuGXNSPkNzhHAq+Jybbd
ubjw8DMT4eKusu6sfz4KJk50n5IcMoBdnFqHYhYlJwTduxFpl9ZITM0xc/0xfzHy
bOhZ84wvG9oLInuKbjz7xw1ewe0jzDD1lrfQo8OOmZQWh/CkCPYaYN4gVBb3yNL0
ZTVcdUfUjO8FVTQc21K/ezDhQIloO1amm39jrt6++9+Cr7+NtV8uBMKFVBG7zLWk
JIcid9aBoxPNrVAmPOpzQtGdT88BpbuuwuXKKx/Pz9680qSTvd9QyES21QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCL4hPOfPscwpTTCgSHDqPMZ7DZjMB8GA1UdIwQY
MBaAFK4dwYpLH7/iwrq9i7tH/h/RzyL4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmgzQmlrc2Z2LUxDdXIyTHUwZi1IOUhQSXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wMzc2ZDEtMTJjYS00MTM1LTk0ODMt
OGU3MTQ5ZjA0YTRlLzEvSXZpRTg1OC14ekNsTk1LQkljT284eG5zTm1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wMzc2ZDEtMTJjYS00MTM1LTk0ODMtOGU3MTQ5ZjA0YTRl
LzEvcmgzQmlrc2Z2LUxDdXIyTHUwZi1IOUhQSXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmNxMA0G
CSqGSIb3DQEBCwUAA4IBAQBO8OOnR4glVST7fv74w12Gb1Il3MKHdqhQuCk9sJqF
QLEkhitC7fVp7AkpICAhMfRdgoQIkw9q0v/NLh/0lyXKABK3D3dZJx+TenoWEQL9
4etG6D0TWsZpRikjAF+k5sGM/oSGhJTHip1/PZ+hedg/sqboYRC/He5dbmBQeckm
r3ITwHBOIV1w74FxLhSbF6NzwivVaYabZKRPvbAr7smW64p7i+oEfvq1csl6+Gfz
l9uwr1NbBNVgVqBBCZUNtpTPYhNDLCgVaPNxTldzVXv4WNQ61U9bCK3hUl7v0hY8
cYQF3AcrU0TeT7LtuI/YFknVarr42vAu25LSj6LXqaiz
-----END CERTIFICATE-----