Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/6c0680-7c8d-4dec-b2a8-298b5596976a/1/iyNuQreveige98vl5oUEelbcw6Y.roa
File:                     iyNuQreveige98vl5oUEelbcw6Y.roa (raw, json)
Hash identifier:          eWkU7ni+YSsuzJNl1NFU6H5XTxDxwr3CWqFHX7dELIw=
Subject key identifier:   8B:23:6E:42:B7:AF:7A:28:1E:F7:CB:E5:E6:85:04:7A:56:DC:C3:A6
Certificate issuer:       /CN=1aeac0f63257b224ec17106e1bcdefd32c24778b
Certificate serial:       018CC6B7BBEBB88756A08FC195B91C82DA75
Authority key identifier: 1A:EA:C0:F6:32:57:B2:24:EC:17:10:6E:1B:CD:EF:D3:2C:24:77:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GurA9jJXsiTsFxBuG83v0ywkd4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/6c0680-7c8d-4dec-b2a8-298b5596976a/1/iyNuQreveige98vl5oUEelbcw6Y.roa
Signing time:             Mon 01 Jan 2024 20:29:39 +0000
ROA not before:           Mon 01 Jan 2024 20:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29037
IP address blocks:        194.126.195.0/24 maxlen: 24
                          2001:67c:1950::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/6c0680-7c8d-4dec-b2a8-298b5596976a/1/GurA9jJXsiTsFxBuG83v0ywkd4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/6c0680-7c8d-4dec-b2a8-298b5596976a/1/GurA9jJXsiTsFxBuG83v0ywkd4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GurA9jJXsiTsFxBuG83v0ywkd4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:bb:eb:b8:87:56:a0:8f:c1:95:b9:1c:82:da:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aeac0f63257b224ec17106e1bcdefd32c24778b
        Validity
            Not Before: Jan  1 20:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b236e42b7af7a281ef7cbe5e685047a56dcc3a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:62:5f:f9:5b:d6:93:90:1b:85:e4:6d:3e:97:
                    3f:2c:41:be:3f:bb:6f:ec:dd:06:d4:6b:f6:f9:a3:
                    f6:2a:3e:b9:d2:67:a6:0b:d7:b6:ef:77:4d:1f:4d:
                    f4:9d:49:38:bb:ad:25:eb:6c:b8:f7:25:b2:f0:46:
                    0f:8d:29:36:17:95:2e:35:98:e5:08:1d:f9:88:7e:
                    20:ea:0d:7a:a6:21:1e:85:d9:c9:a3:a9:fb:43:76:
                    6e:9d:4f:02:2e:a1:82:0f:04:b3:f9:76:36:61:76:
                    2f:aa:75:be:96:b0:06:27:84:ad:f1:e1:81:99:5c:
                    42:13:1f:da:2e:76:03:8b:de:cb:bb:23:45:01:b0:
                    57:82:64:37:8b:79:04:0d:c7:dd:47:2f:18:8a:e0:
                    25:01:29:46:7a:22:ec:90:0f:e5:31:77:36:3f:6c:
                    7b:fd:06:c7:b0:5b:0b:a8:9e:ad:fb:d5:f8:9b:eb:
                    00:ec:3f:37:65:ab:84:0d:49:d2:b2:f4:5c:96:f1:
                    e3:ea:b3:d5:6b:09:28:d7:7d:02:d8:d8:93:27:33:
                    5a:cf:a7:c9:eb:36:2a:d0:3a:9f:6e:6c:70:16:25:
                    a2:97:89:55:6c:a5:58:28:42:60:f9:0b:45:37:fa:
                    b6:05:9a:6e:34:85:fb:ac:71:63:2c:f9:38:44:c9:
                    05:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:23:6E:42:B7:AF:7A:28:1E:F7:CB:E5:E6:85:04:7A:56:DC:C3:A6
            X509v3 Authority Key Identifier:
                keyid:1A:EA:C0:F6:32:57:B2:24:EC:17:10:6E:1B:CD:EF:D3:2C:24:77:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GurA9jJXsiTsFxBuG83v0ywkd4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/6c0680-7c8d-4dec-b2a8-298b5596976a/1/iyNuQreveige98vl5oUEelbcw6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/6c0680-7c8d-4dec-b2a8-298b5596976a/1/GurA9jJXsiTsFxBuG83v0ywkd4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.195.0/24
                IPv6:
                  2001:67c:1950::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:9c:57:83:67:71:e2:e8:84:34:61:37:a0:f4:8d:44:96:e4:
         b7:fb:aa:88:70:4f:48:55:c1:f9:de:b4:ec:0f:b3:c1:28:a4:
         97:90:c6:42:54:82:29:04:cf:81:99:41:f3:19:32:85:77:2a:
         10:62:e8:45:4f:c2:5b:19:fb:01:9a:b2:4f:7c:77:24:c8:26:
         73:57:03:31:9d:6d:77:71:0a:ed:a5:ae:05:38:5b:1c:f3:7e:
         b8:d7:02:4b:ec:60:4a:48:07:3e:3b:97:02:6c:74:6e:13:58:
         4d:89:64:14:db:03:20:39:6e:ad:11:67:f6:c4:e0:9c:31:9f:
         8e:58:c6:92:ac:05:48:15:db:06:80:31:49:a0:b1:c2:56:93:
         5b:51:f4:7a:a5:ef:d6:66:f4:c6:e7:af:5b:f6:b6:5b:96:12:
         65:6a:c5:0a:04:9a:59:aa:1d:03:6e:ba:20:e3:54:bc:f7:68:
         50:56:88:93:82:d0:1b:d1:af:91:73:1d:e4:54:cf:36:36:0f:
         3d:41:a5:5c:61:31:d6:9a:e7:08:a6:7d:77:03:96:35:98:d6:
         6b:ec:9c:a2:c5:96:7a:74:a8:d4:c5:13:29:44:0f:c2:de:29:
         36:a6:48:8b:ff:80:a8:d2:7b:3f:07:5c:66:6a:d7:3e:a0:2f:
         3f:f9:e1:07
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGt7vruIdWoI/Blbkcgtp1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZWFjMGY2MzI1N2IyMjRlYzE3MTA2ZTFiY2RlZmQzMmMy
NDc3OGIwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjIzNmU0MmI3YWY3YTI4MWVmN2NiZTVlNjg1MDQ3YTU2ZGNjM2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WJf+VvWk5AbheRtPpc/LEG+P7tv
7N0G1Gv2+aP2Kj650memC9e273dNH030nUk4u60l62y49yWy8EYPjSk2F5UuNZjl
CB35iH4g6g16piEehdnJo6n7Q3ZunU8CLqGCDwSz+XY2YXYvqnW+lrAGJ4St8eGB
mVxCEx/aLnYDi97LuyNFAbBXgmQ3i3kEDcfdRy8YiuAlASlGeiLskA/lMXc2P2x7
/QbHsFsLqJ6t+9X4m+sA7D83ZauEDUnSsvRclvHj6rPVawko130C2NiTJzNaz6fJ
6zYq0DqfbmxwFiWil4lVbKVYKEJg+QtFN/q2BZpuNIX7rHFjLPk4RMkFAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIsjbkK3r3ooHvfL5eaFBHpW3MOmMB8GA1UdIwQY
MBaAFBrqwPYyV7Ik7BcQbhvN79MsJHeLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3VyQTlqSlhzaVRzRnhCdUc4M3YweXdrZDRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni82YzA2ODAtN2M4ZC00ZGVjLWIyYTgt
Mjk4YjU1OTY5NzZhLzEvaXlOdVFyZXZlaWdlOTh2bDVvVUVlbGJjdzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni82YzA2ODAtN2M4ZC00ZGVjLWIyYTgtMjk4YjU1OTY5NzZh
LzEvR3VyQTlqSlhzaVRzRnhCdUc4M3YweXdrZDRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwn7DMA8E
AgACMAkDBwAgAQZ8GVAwDQYJKoZIhvcNAQELBQADggEBAAKcV4NnceLohDRhN6D0
jUSW5Lf7qohwT0hVwfnetOwPs8EopJeQxkJUgikEz4GZQfMZMoV3KhBi6EVPwlsZ
+wGask98dyTIJnNXAzGdbXdxCu2lrgU4WxzzfrjXAkvsYEpIBz47lwJsdG4TWE2J
ZBTbAyA5bq0RZ/bE4Jwxn45YxpKsBUgV2waAMUmgscJWk1tR9Hql79Zm9Mbnr1v2
tluWEmVqxQoEmlmqHQNuuiDjVLz3aFBWiJOC0BvRr5FzHeRUzzY2Dz1BpVxhMdaa
5wimfXcDljWY1mvsnKLFlnp0qNTFEylED8LeKTamSIv/gKjSez8HXGZq1z6gLz/5
4Qc=
-----END CERTIFICATE-----