Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/ICYKgKIxJsgnQDs5SonxlYnxDSc.roa
File:                     ICYKgKIxJsgnQDs5SonxlYnxDSc.roa (raw, json)
Hash identifier:          EJxSz+t7s2w2rkac40Q8yuTU2ZIPL3iqUDY3qoboMms=
Subject key identifier:   20:26:0A:80:A2:31:26:C8:27:40:3B:39:4A:89:F1:95:89:F1:0D:27
Certificate issuer:       /CN=7c8c1371dd6afd5fd79ea984da3fbda1b94afe23
Certificate serial:       018CC801101155C6C0564B10D98AA4EEA19D
Authority key identifier: 7C:8C:13:71:DD:6A:FD:5F:D7:9E:A9:84:DA:3F:BD:A1:B9:4A:FE:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fIwTcd1q_V_XnqmE2j-9oblK_iM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/ICYKgKIxJsgnQDs5SonxlYnxDSc.roa
Signing time:             Tue 02 Jan 2024 02:29:22 +0000
ROA not before:           Tue 02 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210252
IP address blocks:        193.23.20.0/22 maxlen: 24
                          2a0d:5bc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/fIwTcd1q_V_XnqmE2j-9oblK_iM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/fIwTcd1q_V_XnqmE2j-9oblK_iM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fIwTcd1q_V_XnqmE2j-9oblK_iM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:10:11:55:c6:c0:56:4b:10:d9:8a:a4:ee:a1:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c8c1371dd6afd5fd79ea984da3fbda1b94afe23
        Validity
            Not Before: Jan  2 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20260a80a23126c827403b394a89f19589f10d27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b3:7a:9a:b8:ee:87:3a:e5:33:66:17:f1:07:
                    ef:8a:67:90:6a:e9:b9:ff:b7:af:c9:7f:5d:62:4a:
                    73:dd:3e:09:92:11:4a:2e:58:0d:ec:dd:52:c4:42:
                    94:e4:46:30:22:ba:50:b1:e0:a7:c0:fb:37:d7:e8:
                    72:a7:02:96:18:49:55:10:66:b5:cb:06:05:8d:ba:
                    67:3f:99:45:bb:b0:bd:fa:e5:66:32:49:ab:62:cd:
                    2e:a3:8d:b5:6f:86:ca:55:3e:de:b9:a0:ad:ca:56:
                    75:3e:58:f9:d5:be:67:a9:00:96:9e:c3:a0:61:14:
                    b2:7f:25:69:91:48:ed:41:be:4c:bc:94:4e:07:9b:
                    7e:81:c0:01:b4:58:5a:c1:cd:46:e6:7f:2c:df:45:
                    d2:ff:a3:e6:2c:14:cd:9c:f2:d3:40:7d:08:13:87:
                    68:78:16:33:5f:a3:2f:93:12:75:c2:1c:02:97:51:
                    4b:04:e2:75:4a:82:c2:52:17:8f:a2:19:88:6e:e5:
                    b2:0b:ce:99:11:f6:9c:a2:a6:d0:76:9d:3d:a8:c4:
                    8e:c8:11:e7:17:4b:26:cc:15:d7:f4:8b:d1:55:3e:
                    2e:56:d6:11:6c:d3:b0:bc:99:32:7d:51:7b:47:6e:
                    35:7e:a6:34:cf:bc:6b:6c:4a:5c:55:c4:0d:5d:1a:
                    de:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:26:0A:80:A2:31:26:C8:27:40:3B:39:4A:89:F1:95:89:F1:0D:27
            X509v3 Authority Key Identifier:
                keyid:7C:8C:13:71:DD:6A:FD:5F:D7:9E:A9:84:DA:3F:BD:A1:B9:4A:FE:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fIwTcd1q_V_XnqmE2j-9oblK_iM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/ICYKgKIxJsgnQDs5SonxlYnxDSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e94652-1564-4d1b-8198-1ac5d8863082/1/fIwTcd1q_V_XnqmE2j-9oblK_iM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.20.0/22
                IPv6:
                  2a0d:5bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:bd:ed:43:8a:52:e4:79:15:8f:2b:49:24:ae:34:9a:84:b9:
         94:61:cb:f8:d2:6e:e6:95:72:17:a1:b1:f1:34:75:be:9f:88:
         e5:09:17:ea:73:b2:f5:f6:9c:e2:40:c3:07:25:75:bb:59:61:
         fa:ca:d7:7a:69:48:0a:3c:f9:ca:20:19:7e:79:ed:a7:80:7f:
         e9:0b:13:8d:f5:3c:b7:0b:36:8f:ab:71:50:ef:19:4a:52:54:
         da:11:f1:b6:8b:4c:5f:f9:9b:f5:48:9a:87:be:00:4d:a0:cc:
         e6:1e:11:9d:8d:3b:90:b9:46:73:a4:91:8f:84:7e:b4:d1:35:
         9b:ff:ed:47:73:64:87:90:70:0c:27:79:a2:23:a0:e3:64:22:
         ac:29:5d:d1:7b:74:68:7d:00:e3:c8:48:c7:99:fa:d8:20:e9:
         ad:84:33:00:7b:75:a4:af:84:7b:f3:90:ab:b7:8c:e2:a1:7f:
         b4:ac:04:33:c0:06:f0:0a:5d:52:22:22:3f:9d:b1:d9:99:b9:
         31:a3:7d:fa:31:fe:b3:3e:2d:84:d5:8a:d0:90:8e:59:3f:2b:
         a1:57:0e:a6:cb:ce:cb:00:60:ac:d0:1f:2d:99:11:60:f9:d0:
         1b:73:54:36:11:21:01:a1:63:9b:c4:2c:d3:65:a2:a1:51:ec:
         e4:d9:0e:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIARARVcbAVksQ2Yqk7qGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjOGMxMzcxZGQ2YWZkNWZkNzllYTk4NGRhM2ZiZGExYjk0
YWZlMjMwHhcNMjQwMTAyMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDI2MGE4MGEyMzEyNmM4Mjc0MDNiMzk0YTg5ZjE5NTg5ZjEwZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLN6mrjuhzrlM2YX8QfvimeQaum5
/7evyX9dYkpz3T4JkhFKLlgN7N1SxEKU5EYwIrpQseCnwPs31+hypwKWGElVEGa1
ywYFjbpnP5lFu7C9+uVmMkmrYs0uo421b4bKVT7euaCtylZ1Plj51b5nqQCWnsOg
YRSyfyVpkUjtQb5MvJROB5t+gcABtFhawc1G5n8s30XS/6PmLBTNnPLTQH0IE4do
eBYzX6MvkxJ1whwCl1FLBOJ1SoLCUhePohmIbuWyC86ZEfacoqbQdp09qMSOyBHn
F0smzBXX9IvRVT4uVtYRbNOwvJkyfVF7R241fqY0z7xrbEpcVcQNXRre0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCAmCoCiMSbIJ0A7OUqJ8ZWJ8Q0nMB8GA1UdIwQY
MBaAFHyME3Hdav1f156phNo/vaG5Sv4jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkl3VGNkMXFfVl9YbnFtRTJqLTlvYmxLX2lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lOTQ2NTItMTU2NC00ZDFiLTgxOTgt
MWFjNWQ4ODYzMDgyLzEvSUNZS2dLSXhKc2duUURzNVNvbnhsWW54RFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lOTQ2NTItMTU2NC00ZDFiLTgxOTgtMWFjNWQ4ODYzMDgy
LzEvZkl3VGNkMXFfVl9YbnFtRTJqLTlvYmxLX2lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwRcUMA0E
AgACMAcDBQMqDVvAMA0GCSqGSIb3DQEBCwUAA4IBAQBXve1DilLkeRWPK0kkrjSa
hLmUYcv40m7mlXIXobHxNHW+n4jlCRfqc7L19pziQMMHJXW7WWH6ytd6aUgKPPnK
IBl+ee2ngH/pCxON9Ty3CzaPq3FQ7xlKUlTaEfG2i0xf+Zv1SJqHvgBNoMzmHhGd
jTuQuUZzpJGPhH600TWb/+1Hc2SHkHAMJ3miI6DjZCKsKV3Re3RofQDjyEjHmfrY
IOmthDMAe3Wkr4R785Crt4zioX+0rAQzwAbwCl1SIiI/nbHZmbkxo336Mf6zPi2E
1YrQkI5ZPyuhVw6my87LAGCs0B8tmRFg+dAbc1Q2ESEBoWObxCzTZaKhUezk2Q4G
-----END CERTIFICATE-----