Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/72fb45-30c7-4a53-a2db-b4c9e2b0d156/1/1IW4-SHO6vQN9BtmLdYWMmz30c4.roa
File:                     1IW4-SHO6vQN9BtmLdYWMmz30c4.roa (raw, json)
Hash identifier:          ZKkuLXmHLb73PeZxRe4wzGyhGuGFNEukuRRnlJudItU=
Subject key identifier:   D4:85:B8:F9:21:CE:EA:F4:0D:F4:1B:66:2D:D6:16:32:6C:F7:D1:CE
Certificate issuer:       /CN=0b35acbf30559668ea18ea3f10b297ee64c8e493
Certificate serial:       018CC8011AF9EB2FE544440A89A6CEE2210A
Authority key identifier: 0B:35:AC:BF:30:55:96:68:EA:18:EA:3F:10:B2:97:EE:64:C8:E4:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CzWsvzBVlmjqGOo_ELKX7mTI5JM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/72fb45-30c7-4a53-a2db-b4c9e2b0d156/1/1IW4-SHO6vQN9BtmLdYWMmz30c4.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212886
IP address blocks:        193.107.76.0/22 maxlen: 22
                          2a09:99c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/72fb45-30c7-4a53-a2db-b4c9e2b0d156/1/CzWsvzBVlmjqGOo_ELKX7mTI5JM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/72fb45-30c7-4a53-a2db-b4c9e2b0d156/1/CzWsvzBVlmjqGOo_ELKX7mTI5JM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CzWsvzBVlmjqGOo_ELKX7mTI5JM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:1a:f9:eb:2f:e5:44:44:0a:89:a6:ce:e2:21:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b35acbf30559668ea18ea3f10b297ee64c8e493
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d485b8f921ceeaf40df41b662dd616326cf7d1ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4b:3f:54:64:1f:c9:d5:60:e8:cf:c4:92:05:
                    54:08:d0:c3:98:19:99:f7:32:ad:bd:60:bf:94:7e:
                    71:17:83:40:74:1a:90:2d:f1:f3:0c:84:e8:8a:aa:
                    e3:84:ad:04:fe:69:74:97:60:34:87:03:d1:c0:cb:
                    d0:6b:2f:44:7c:f9:d8:29:03:3a:63:67:da:d4:31:
                    d7:1c:f6:8d:00:0f:ba:6c:70:67:c8:f1:2c:5f:10:
                    53:af:aa:8f:82:c6:6b:86:47:55:b6:a6:cc:ff:75:
                    fe:36:cd:c9:a6:9f:93:63:c0:07:dc:65:f0:6d:da:
                    40:d0:3a:2e:b1:4a:08:f7:aa:52:e0:f4:ea:c5:83:
                    b0:1a:34:c7:3e:6a:c3:25:c7:ed:c5:9e:50:a0:e6:
                    ea:17:06:85:9c:4e:b8:ad:8c:6d:7e:2d:e7:2d:52:
                    03:18:d6:0d:a2:3a:37:e0:a7:8b:93:33:bb:ae:ef:
                    f3:3d:6c:4a:30:c4:da:ae:5c:2b:04:f4:77:c0:3c:
                    ea:7b:09:ce:a3:c0:60:f8:cc:d9:aa:2c:56:27:b2:
                    06:95:ae:2c:34:4c:cd:4f:e1:70:37:1e:20:55:db:
                    ce:46:82:e8:5a:46:dd:e4:d5:69:71:2c:16:bf:e4:
                    59:93:eb:be:df:ed:5b:cb:e0:32:34:84:19:3b:15:
                    1b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:85:B8:F9:21:CE:EA:F4:0D:F4:1B:66:2D:D6:16:32:6C:F7:D1:CE
            X509v3 Authority Key Identifier:
                keyid:0B:35:AC:BF:30:55:96:68:EA:18:EA:3F:10:B2:97:EE:64:C8:E4:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CzWsvzBVlmjqGOo_ELKX7mTI5JM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/72fb45-30c7-4a53-a2db-b4c9e2b0d156/1/1IW4-SHO6vQN9BtmLdYWMmz30c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/72fb45-30c7-4a53-a2db-b4c9e2b0d156/1/CzWsvzBVlmjqGOo_ELKX7mTI5JM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.76.0/22
                IPv6:
                  2a09:99c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:c6:d7:7a:f5:7d:58:c4:2f:8f:4d:15:bb:f9:f3:07:bf:77:
         59:f1:9b:db:33:c9:24:8d:96:f6:3b:37:a7:4f:31:7a:86:96:
         c0:ce:0e:1d:14:cb:2f:4d:3d:37:08:ea:47:d0:84:92:c0:4f:
         8f:9d:66:bc:87:0d:91:0a:2d:75:4f:97:12:27:e1:c5:c3:f9:
         c3:ea:e4:f1:b9:0a:bb:7b:f0:93:29:3b:be:a3:71:2e:e0:9e:
         c5:ba:1e:19:81:af:5c:41:24:74:18:cf:79:85:b5:7e:11:80:
         f4:fc:10:8d:96:37:7f:ee:06:6a:9b:ad:1a:0c:cf:d4:ea:b1:
         9f:d2:50:5a:5a:71:da:89:e5:5a:3f:ca:dc:29:fd:79:f2:0b:
         8a:cc:18:69:d6:6f:bb:c5:df:82:95:de:bd:06:ba:65:7c:2f:
         4b:1e:dd:77:52:5e:74:0e:8b:5a:b6:11:97:5b:27:3a:cf:a4:
         d8:95:81:ae:36:96:9b:5e:1c:4f:96:90:f8:25:6c:ae:95:b0:
         84:8f:fc:f3:23:4c:db:b1:61:67:d9:6a:4b:c8:f6:95:97:8a:
         36:aa:38:29:ac:f3:0b:33:07:d0:e3:ff:ce:f9:1f:4f:6a:9b:
         ce:38:54:61:4f:de:65:9c:b7:8f:30:a9:73:5f:fe:41:23:92:
         53:60:00:99
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIARr56y/lREQKiabO4iEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMzVhY2JmMzA1NTk2NjhlYTE4ZWEzZjEwYjI5N2VlNjRj
OGU0OTMwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg1YjhmOTIxY2VlYWY0MGRmNDFiNjYyZGQ2MTYzMjZjZjdkMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUs/VGQfydVg6M/EkgVUCNDDmBmZ
9zKtvWC/lH5xF4NAdBqQLfHzDIToiqrjhK0E/ml0l2A0hwPRwMvQay9EfPnYKQM6
Y2fa1DHXHPaNAA+6bHBnyPEsXxBTr6qPgsZrhkdVtqbM/3X+Ns3Jpp+TY8AH3GXw
bdpA0DousUoI96pS4PTqxYOwGjTHPmrDJcftxZ5QoObqFwaFnE64rYxtfi3nLVID
GNYNojo34KeLkzO7ru/zPWxKMMTarlwrBPR3wDzqewnOo8Bg+MzZqixWJ7IGla4s
NEzNT+FwNx4gVdvORoLoWkbd5NVpcSwWv+RZk+u+3+1by+AyNIQZOxUbYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNSFuPkhzur0DfQbZi3WFjJs99HOMB8GA1UdIwQY
MBaAFAs1rL8wVZZo6hjqPxCyl+5kyOSTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3pXc3Z6QlZsbWpxR09vX0VMS1g3bVRJNUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83MmZiNDUtMzBjNy00YTUzLWEyZGIt
YjRjOWUyYjBkMTU2LzEvMUlXNC1TSE82dlFOOUJ0bUxkWVdNbXozMGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83MmZiNDUtMzBjNy00YTUzLWEyZGItYjRjOWUyYjBkMTU2
LzEvQ3pXc3Z6QlZsbWpxR09vX0VMS1g3bVRJNUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwWtMMA8E
AgACMAkDBwAqCZnAAAAwDQYJKoZIhvcNAQELBQADggEBALnG13r1fVjEL49NFbv5
8we/d1nxm9szySSNlvY7N6dPMXqGlsDODh0Uyy9NPTcI6kfQhJLAT4+dZryHDZEK
LXVPlxIn4cXD+cPq5PG5Crt78JMpO76jcS7gnsW6HhmBr1xBJHQYz3mFtX4RgPT8
EI2WN3/uBmqbrRoMz9TqsZ/SUFpacdqJ5Vo/ytwp/XnyC4rMGGnWb7vF34KV3r0G
umV8L0se3XdSXnQOi1q2EZdbJzrPpNiVga42lpteHE+WkPglbK6VsISP/PMjTNux
YWfZakvI9pWXijaqOCms8wszB9Dj/875H09qm844VGFP3mWct48wqXNf/kEjklNg
AJk=
-----END CERTIFICATE-----