Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/ACIBAbl9ktim21ELExAXTA3-000.roa
File:                     ACIBAbl9ktim21ELExAXTA3-000.roa (raw, json)
Hash identifier:          JWQ2+Fq1/bK+UcgshEyM1Ck/EwfGg3JEEA+JiLXRNiU=
Subject key identifier:   00:22:01:01:B9:7D:92:D8:A6:DB:51:0B:13:10:17:4C:0D:FE:D3:4D
Certificate issuer:       /CN=cc159c8a1e64fc64ff666bd9219dce174373caf2
Certificate serial:       019001DF113388743BB370D59FD5C7AAC116
Authority key identifier: CC:15:9C:8A:1E:64:FC:64:FF:66:6B:D9:21:9D:CE:17:43:73:CA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/ACIBAbl9ktim21ELExAXTA3-000.roa
Signing time:             Mon 10 Jun 2024 11:18:34 +0000
ROA not before:           Mon 10 Jun 2024 11:18:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208693
IP address blocks:        195.234.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:01:df:11:33:88:74:3b:b3:70:d5:9f:d5:c7:aa:c1:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc159c8a1e64fc64ff666bd9219dce174373caf2
        Validity
            Not Before: Jun 10 11:18:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00220101b97d92d8a6db510b1310174c0dfed34d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c6:ba:4c:c7:e3:38:c1:50:64:68:e3:1c:ba:
                    46:84:c9:fb:6f:95:9b:e0:cf:55:f0:61:c4:f0:ec:
                    4f:05:bd:53:9a:e6:56:c5:31:9c:d6:6a:97:a7:67:
                    17:e8:ca:db:3e:6c:cf:c9:81:1e:aa:bf:66:c9:43:
                    b8:c8:0b:6d:f1:b3:d6:9d:31:87:8a:b9:4b:73:83:
                    1f:5d:57:a6:3a:45:b5:ce:11:12:6b:e0:17:e1:9e:
                    27:55:6d:34:29:7b:45:ad:18:57:79:6b:b7:87:64:
                    82:e8:06:3a:13:76:94:b1:5a:73:88:e9:d9:53:a2:
                    2a:9b:44:78:bf:98:05:73:3e:80:29:f5:58:66:e2:
                    1c:6b:90:64:57:7f:6c:7d:65:77:ca:6e:7c:f5:5b:
                    d3:e6:23:47:b2:a2:9b:ae:b4:e9:c6:44:10:b3:81:
                    70:87:7f:5a:a0:4a:62:c2:7b:f5:a2:26:14:0e:84:
                    47:28:e4:13:80:bc:2e:2d:22:28:e6:c5:04:4d:a8:
                    a4:50:74:9b:50:ef:7b:40:54:5c:33:2b:b6:b3:c1:
                    b9:d6:d2:7d:c0:be:bd:b1:06:3c:e9:a5:24:b9:30:
                    21:0e:b4:61:3e:f2:43:e9:ca:da:8a:ab:08:6b:0d:
                    ea:e8:5a:dd:f6:de:5f:8f:7b:fd:96:f0:87:fd:29:
                    9f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:22:01:01:B9:7D:92:D8:A6:DB:51:0B:13:10:17:4C:0D:FE:D3:4D
            X509v3 Authority Key Identifier:
                keyid:CC:15:9C:8A:1E:64:FC:64:FF:66:6B:D9:21:9D:CE:17:43:73:CA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/ACIBAbl9ktim21ELExAXTA3-000.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:56:bf:4f:77:92:cb:7b:17:26:6c:0f:f1:04:f1:7b:2d:07:
         15:83:5b:fe:17:6e:9d:b2:1a:db:78:60:5d:ae:5b:e1:7d:ed:
         ec:f6:8e:55:8d:fa:91:0a:8e:6d:48:80:d7:a0:df:3e:0c:f4:
         3f:d5:c9:fb:b3:ee:9e:90:a8:68:e0:68:16:ae:a7:a3:60:99:
         f2:fb:39:5e:4b:5f:c8:26:fa:23:f3:49:e0:c2:57:f8:c5:70:
         d6:40:29:f1:a5:fc:72:3b:31:7e:b6:bc:a3:fa:3f:ea:42:d3:
         0d:aa:33:6a:da:78:c1:7f:2f:76:34:22:2b:5d:f9:e1:e7:a4:
         de:20:8f:22:06:8d:42:61:38:b7:52:ea:4d:61:18:a0:2f:4f:
         2b:94:1a:68:7d:70:ac:09:4e:33:b0:b3:cf:c9:38:cd:c3:c9:
         32:49:00:95:1b:e5:f4:a9:77:82:c1:a7:96:22:99:e4:26:39:
         d2:67:65:df:c3:06:0f:4a:d1:a5:3e:57:80:04:4d:f3:30:51:
         2a:59:41:bb:00:9a:78:2c:5b:13:65:5a:b2:43:d8:aa:d9:96:
         f1:d0:4c:f8:b4:a0:f2:3f:b0:3a:2c:4b:4a:b9:8c:63:96:18:
         16:32:a6:90:b3:79:e0:96:fe:dc:42:b7:eb:18:cc:c9:8f:7f:
         db:27:86:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAB3xEziHQ7s3DVn9XHqsEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMTU5YzhhMWU2NGZjNjRmZjY2NmJkOTIxOWRjZTE3NDM3
M2NhZjIwHhcNMjQwNjEwMTExODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDIyMDEwMWI5N2Q5MmQ4YTZkYjUxMGIxMzEwMTc0YzBkZmVkMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8a6TMfjOMFQZGjjHLpGhMn7b5Wb
4M9V8GHE8OxPBb1TmuZWxTGc1mqXp2cX6MrbPmzPyYEeqr9myUO4yAtt8bPWnTGH
irlLc4MfXVemOkW1zhESa+AX4Z4nVW00KXtFrRhXeWu3h2SC6AY6E3aUsVpziOnZ
U6Iqm0R4v5gFcz6AKfVYZuIca5BkV39sfWV3ym589VvT5iNHsqKbrrTpxkQQs4Fw
h39aoEpiwnv1oiYUDoRHKOQTgLwuLSIo5sUETaikUHSbUO97QFRcMyu2s8G51tJ9
wL69sQY86aUkuTAhDrRhPvJD6craiqsIaw3q6Frd9t5fj3v9lvCH/SmfAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAiAQG5fZLYpttRCxMQF0wN/tNNMB8GA1UdIwQY
MBaAFMwVnIoeZPxk/2Zr2SGdzhdDc8ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekJXY2loNWtfR1RfWm12WklaM09GME56eXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zZTMxMDktY2VjMy00NmJiLWI4ZDYt
NjQ4MjA0MWE4MjQ2LzEvQUNJQkFibDlrdGltMjFFTEV4QVhUQTMtMDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zZTMxMDktY2VjMy00NmJiLWI4ZDYtNjQ4MjA0MWE4MjQ2
LzEvekJXY2loNWtfR1RfWm12WklaM09GME56eXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+qhMA0G
CSqGSIb3DQEBCwUAA4IBAQAnVr9Pd5LLexcmbA/xBPF7LQcVg1v+F26dshrbeGBd
rlvhfe3s9o5VjfqRCo5tSIDXoN8+DPQ/1cn7s+6ekKho4GgWrqejYJny+zleS1/I
Jvoj80ngwlf4xXDWQCnxpfxyOzF+tryj+j/qQtMNqjNq2njBfy92NCIrXfnh56Te
II8iBo1CYTi3UupNYRigL08rlBpofXCsCU4zsLPPyTjNw8kySQCVG+X0qXeCwaeW
IpnkJjnSZ2XfwwYPStGlPleABE3zMFEqWUG7AJp4LFsTZVqyQ9iq2Zbx0Ez4tKDy
P7A6LEtKuYxjlhgWMqaQs3nglv7cQrfrGMzJj3/bJ4bx
-----END CERTIFICATE-----