Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/IglrYZw_UWIQOJ5C9kUKhcpqWmY.roa
File:                     IglrYZw_UWIQOJ5C9kUKhcpqWmY.roa (raw, json)
Hash identifier:          sWmK4U6fi3k6JUi/Uc21wspbMRQxsGP12KMT9UKKye0=
Subject key identifier:   22:09:6B:61:9C:3F:51:62:10:38:9E:42:F6:45:0A:85:CA:6A:5A:66
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018CC5DC154F1BC41A0B1BE450B683BE82A6
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/IglrYZw_UWIQOJ5C9kUKhcpqWmY.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.128.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:15:4f:1b:c4:1a:0b:1b:e4:50:b6:83:be:82:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22096b619c3f516210389e42f6450a85ca6a5a66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:98:4c:ca:7c:7d:e6:ec:7e:3c:c0:5d:49:56:
                    c5:e4:df:fe:eb:4f:2a:9e:ea:46:5a:3e:b0:74:dd:
                    3e:45:21:7f:28:52:92:b1:be:c4:0c:28:fa:67:f0:
                    c2:55:7a:f9:e7:64:fc:83:bf:8c:b2:56:22:44:45:
                    d8:af:70:89:c5:67:74:46:32:f2:24:b9:a7:bb:3c:
                    5f:6f:36:74:82:45:7a:9f:5a:cb:f4:5f:4b:70:ec:
                    f8:5e:5b:2c:78:b4:36:13:68:31:c7:39:4f:ff:3f:
                    44:cc:e8:6a:00:61:a5:3b:ad:a8:a0:eb:2d:55:90:
                    a8:bd:d5:d8:d0:ad:69:5e:34:2e:70:9e:c9:24:02:
                    fd:7c:5e:63:73:46:0a:db:8b:06:3e:87:5d:66:0b:
                    5e:9b:64:8d:59:7e:99:e8:ff:e4:b8:b2:00:37:10:
                    3a:66:e2:c5:e8:bd:65:2c:05:bd:80:f0:84:d7:cf:
                    98:75:11:8e:78:31:82:53:b4:eb:31:d6:63:95:00:
                    5a:22:13:6c:a0:a6:ec:b3:55:dc:b4:74:e8:81:e0:
                    cf:53:98:9f:fe:f6:4e:7c:20:d5:ce:67:39:f6:4d:
                    a8:06:f2:2f:8c:24:ba:21:ae:e2:3c:f3:75:d1:ce:
                    34:9b:c5:0a:65:b3:c2:f4:d6:5d:6a:b7:4e:2a:b5:
                    9a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:09:6B:61:9C:3F:51:62:10:38:9E:42:F6:45:0A:85:CA:6A:5A:66
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/IglrYZw_UWIQOJ5C9kUKhcpqWmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:13:63:54:b0:90:bb:62:52:df:43:b9:d8:ca:3f:df:2c:51:
         a3:3a:39:d7:06:fd:9d:a9:50:08:38:9d:6a:ee:3d:70:a3:10:
         0e:d0:18:75:4a:10:1d:33:d6:46:0b:12:0a:c1:cd:00:e5:07:
         95:09:01:8b:89:35:8f:54:0d:26:6d:2b:71:85:41:e9:a2:4c:
         5c:c1:a0:8f:cf:0a:9f:cf:23:94:79:b8:51:5f:ab:76:75:4f:
         49:47:99:6c:08:57:2a:8c:06:3b:4e:55:35:44:a0:2f:b6:b8:
         c1:ea:41:b1:ca:29:11:3a:0b:8e:cc:17:e4:63:3c:9f:96:5a:
         73:fb:0f:1b:f5:2f:31:b4:0a:98:6b:6c:4d:38:4f:8d:35:93:
         9d:67:bf:97:53:71:39:76:a7:c8:5e:cb:cf:da:20:0f:75:63:
         00:29:a3:f3:8d:cb:bc:6e:a3:1f:b7:2f:fa:3d:d2:ca:95:b4:
         4a:49:3f:d2:3f:c2:6b:3a:07:c1:92:6c:f8:8d:fd:60:c0:ff:
         15:b7:17:d5:ed:71:d4:4b:d6:ee:ca:b4:8b:82:c6:d0:e0:8b:
         f7:e3:04:c2:7c:f0:29:85:3f:7e:bb:22:7f:a0:0a:70:97:f0:
         d9:c9:e0:69:80:0c:37:e6:2e:85:f7:9e:31:2e:31:b8:67:14:
         6d:49:0b:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BVPG8QaCxvkULaDvoKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjA5NmI2MTljM2Y1MTYyMTAzODllNDJmNjQ1MGE4NWNhNmE1YTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhphMynx95ux+PMBdSVbF5N/+608q
nupGWj6wdN0+RSF/KFKSsb7EDCj6Z/DCVXr552T8g7+MslYiREXYr3CJxWd0RjLy
JLmnuzxfbzZ0gkV6n1rL9F9LcOz4XlsseLQ2E2gxxzlP/z9EzOhqAGGlO62ooOst
VZCovdXY0K1pXjQucJ7JJAL9fF5jc0YK24sGPoddZgtem2SNWX6Z6P/kuLIANxA6
ZuLF6L1lLAW9gPCE18+YdRGOeDGCU7TrMdZjlQBaIhNsoKbss1XctHTogeDPU5if
/vZOfCDVzmc59k2oBvIvjCS6Ia7iPPN10c40m8UKZbPC9NZdardOKrWaewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIJa2GcP1FiEDieQvZFCoXKalpmMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvSWdscllad19VV0lRT0o1QzlrVUtoY3BxV21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYAqMA0G
CSqGSIb3DQEBCwUAA4IBAQBSE2NUsJC7YlLfQ7nYyj/fLFGjOjnXBv2dqVAIOJ1q
7j1woxAO0Bh1ShAdM9ZGCxIKwc0A5QeVCQGLiTWPVA0mbStxhUHpokxcwaCPzwqf
zyOUebhRX6t2dU9JR5lsCFcqjAY7TlU1RKAvtrjB6kGxyikROguOzBfkYzyfllpz
+w8b9S8xtAqYa2xNOE+NNZOdZ7+XU3E5dqfIXsvP2iAPdWMAKaPzjcu8bqMfty/6
PdLKlbRKST/SP8JrOgfBkmz4jf1gwP8VtxfV7XHUS9buyrSLgsbQ4Iv34wTCfPAp
hT9+uyJ/oApwl/DZyeBpgAw35i6F954xLjG4ZxRtSQsf
-----END CERTIFICATE-----