Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/375c02-d77b-4c2b-baea-0e59f2ecb175/1/iGZ_t3TvseaaSR_Ao_QM6sZmuiE.roa
File:                     iGZ_t3TvseaaSR_Ao_QM6sZmuiE.roa (raw, json)
Hash identifier:          YhLoi4X3i5x2qgwp+ou7pOYkqF/F0bjd6I5Bi5KIMo4=
Subject key identifier:   88:66:7F:B7:74:EF:B1:E6:9A:49:1F:C0:A3:F4:0C:EA:C6:66:BA:21
Certificate issuer:       /CN=6c903c1a2e906ed8cd2e362ccc67df00ade1b825
Certificate serial:       018CC5DBF5B7BEC71A9796E9B05407FDB256
Authority key identifier: 6C:90:3C:1A:2E:90:6E:D8:CD:2E:36:2C:CC:67:DF:00:AD:E1:B8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bJA8Gi6QbtjNLjYszGffAK3huCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/375c02-d77b-4c2b-baea-0e59f2ecb175/1/iGZ_t3TvseaaSR_Ao_QM6sZmuiE.roa
Signing time:             Mon 01 Jan 2024 16:29:35 +0000
ROA not before:           Mon 01 Jan 2024 16:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42837
IP address blocks:        193.34.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/375c02-d77b-4c2b-baea-0e59f2ecb175/1/bJA8Gi6QbtjNLjYszGffAK3huCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/375c02-d77b-4c2b-baea-0e59f2ecb175/1/bJA8Gi6QbtjNLjYszGffAK3huCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bJA8Gi6QbtjNLjYszGffAK3huCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f5:b7:be:c7:1a:97:96:e9:b0:54:07:fd:b2:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c903c1a2e906ed8cd2e362ccc67df00ade1b825
        Validity
            Not Before: Jan  1 16:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88667fb774efb1e69a491fc0a3f40ceac666ba21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b0:b9:79:32:94:77:79:ce:9b:38:45:d2:b3:
                    4c:17:83:4d:7e:99:f4:e5:92:7e:4c:bd:16:6b:ca:
                    bd:f4:40:fe:dd:34:2a:76:64:aa:7c:4f:0b:eb:54:
                    ac:80:c3:90:46:7a:3a:ce:c7:39:05:4a:0c:97:da:
                    11:51:25:0d:9e:23:d0:90:ea:b9:c8:9b:8e:3c:61:
                    b0:e2:74:f7:85:36:a5:e3:c4:1f:26:4e:49:c4:cc:
                    86:c4:bc:ae:3e:5e:bc:d8:d9:cd:4d:1b:88:28:9c:
                    01:40:4f:73:21:ae:93:ea:6f:b3:fc:5d:b8:02:ca:
                    49:0c:52:69:c5:e7:27:e7:8d:4c:f5:8f:18:58:23:
                    0c:d0:2c:f8:10:1c:d7:53:8f:f2:78:82:9a:54:1a:
                    86:d3:68:d6:f2:c3:16:82:d2:b1:76:bd:97:76:8f:
                    fb:68:c9:b5:6b:7c:44:78:b6:d8:2d:fe:ce:ba:09:
                    39:a1:59:69:e9:eb:04:15:2b:a8:0b:0f:e1:01:f6:
                    3d:3c:7f:be:2a:54:2e:e0:19:4f:01:64:7a:f6:42:
                    20:62:70:0e:5c:70:f0:d3:8f:d3:ed:a2:9b:ec:04:
                    71:d2:f0:c1:de:c8:fa:48:a7:f1:4f:fa:7f:41:a6:
                    58:8a:3d:00:a0:a8:14:d5:b3:b8:a3:73:ca:e7:b1:
                    13:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:66:7F:B7:74:EF:B1:E6:9A:49:1F:C0:A3:F4:0C:EA:C6:66:BA:21
            X509v3 Authority Key Identifier:
                keyid:6C:90:3C:1A:2E:90:6E:D8:CD:2E:36:2C:CC:67:DF:00:AD:E1:B8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bJA8Gi6QbtjNLjYszGffAK3huCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/375c02-d77b-4c2b-baea-0e59f2ecb175/1/iGZ_t3TvseaaSR_Ao_QM6sZmuiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/375c02-d77b-4c2b-baea-0e59f2ecb175/1/bJA8Gi6QbtjNLjYszGffAK3huCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:0b:fc:72:87:f3:e7:fa:df:b5:80:90:8a:4c:3f:c7:ee:76:
         d5:db:22:9a:94:56:fe:68:f5:9b:a9:9c:94:0b:ed:cb:2c:31:
         1d:46:22:67:6b:94:40:71:c9:4f:1c:f1:ff:cd:33:a7:57:23:
         19:03:27:4c:25:11:1b:d4:1e:fe:59:10:8f:0f:5c:80:a9:77:
         7e:fc:78:e5:68:a3:7a:e5:c6:5e:d6:fc:35:91:92:83:3e:de:
         a6:42:c2:4f:bb:4d:5e:9f:96:cb:93:e9:d7:e3:0b:7c:5b:b3:
         e2:41:3a:7d:a4:2b:83:c8:17:50:47:d4:40:d4:02:a5:37:d7:
         66:e5:c9:af:2b:16:6f:ff:92:7b:f3:74:9c:ab:fc:11:7f:67:
         3c:20:ce:f9:69:04:77:b4:f0:00:c0:02:b8:f3:14:7a:31:30:
         45:5d:e7:f9:24:83:d4:b9:e6:a9:09:15:b5:86:eb:5f:eb:ae:
         de:72:4a:41:fd:2c:96:61:dd:e7:e1:93:29:fe:40:ee:ed:22:
         0e:b9:3b:8a:88:7a:6b:5e:2f:63:d0:d8:6c:11:71:59:76:66:
         f7:dc:c5:98:1a:9d:4d:2c:15:a4:c7:ad:97:91:21:b5:67:2a:
         37:1a:ca:21:10:3f:92:b6:88:d7:7a:77:87:1e:82:ac:f7:31:
         bb:a6:63:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/W3vscal5bpsFQH/bJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOTAzYzFhMmU5MDZlZDhjZDJlMzYyY2NjNjdkZjAwYWRl
MWI4MjUwHhcNMjQwMTAxMTYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODY2N2ZiNzc0ZWZiMWU2OWE0OTFmYzBhM2Y0MGNlYWM2NjZiYTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrC5eTKUd3nOmzhF0rNMF4NNfpn0
5ZJ+TL0Wa8q99ED+3TQqdmSqfE8L61SsgMOQRno6zsc5BUoMl9oRUSUNniPQkOq5
yJuOPGGw4nT3hTal48QfJk5JxMyGxLyuPl682NnNTRuIKJwBQE9zIa6T6m+z/F24
AspJDFJpxecn541M9Y8YWCMM0Cz4EBzXU4/yeIKaVBqG02jW8sMWgtKxdr2Xdo/7
aMm1a3xEeLbYLf7Ougk5oVlp6esEFSuoCw/hAfY9PH++KlQu4BlPAWR69kIgYnAO
XHDw04/T7aKb7ARx0vDB3sj6SKfxT/p/QaZYij0AoKgU1bO4o3PK57ETYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhmf7d077HmmkkfwKP0DOrGZrohMB8GA1UdIwQY
MBaAFGyQPBoukG7YzS42LMxn3wCt4bglMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkpBOEdpNlFidGpOTGpZc3pHZmZBSzNodUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8zNzVjMDItZDc3Yi00YzJiLWJhZWEt
MGU1OWYyZWNiMTc1LzEvaUdaX3QzVHZzZWFhU1JfQW9fUU02c1ptdWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8zNzVjMDItZDc3Yi00YzJiLWJhZWEtMGU1OWYyZWNiMTc1
LzEvYkpBOEdpNlFidGpOTGpZc3pHZmZBSzNodUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSLhMA0G
CSqGSIb3DQEBCwUAA4IBAQBOC/xyh/Pn+t+1gJCKTD/H7nbV2yKalFb+aPWbqZyU
C+3LLDEdRiJna5RAcclPHPH/zTOnVyMZAydMJREb1B7+WRCPD1yAqXd+/HjlaKN6
5cZe1vw1kZKDPt6mQsJPu01en5bLk+nX4wt8W7PiQTp9pCuDyBdQR9RA1AKlN9dm
5cmvKxZv/5J783Scq/wRf2c8IM75aQR3tPAAwAK48xR6MTBFXef5JIPUueapCRW1
hutf667eckpB/SyWYd3n4ZMp/kDu7SIOuTuKiHprXi9j0NhsEXFZdmb33MWYGp1N
LBWkx62XkSG1Zyo3GsohED+StojXeneHHoKs9zG7pmOv
-----END CERTIFICATE-----