Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IrnVkpyu6zFCdfTLioEkZmNepdA.roa
File:                     IrnVkpyu6zFCdfTLioEkZmNepdA.roa (raw, json)
Hash identifier:          hdty1oHIuwLO8JB+IwH8/zEFekY23ElR8l/2ZYShvVM=
Subject key identifier:   22:B9:D5:92:9C:AE:EB:31:42:75:F4:CB:8A:81:24:66:63:5E:A5:D0
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       01928C1445BE69FE88500818A98EC30C3D89
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IrnVkpyu6zFCdfTLioEkZmNepdA.roa
Signing time:             Mon 14 Oct 2024 17:29:51 +0000
ROA not before:           Mon 14 Oct 2024 17:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42337
IP address blocks:        193.35.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8c:14:45:be:69:fe:88:50:08:18:a9:8e:c3:0c:3d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Oct 14 17:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22b9d5929caeeb314275f4cb8a812466635ea5d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0d:19:58:fb:d1:a6:eb:75:ab:49:1e:cb:15:
                    71:8f:f6:b4:ab:e3:f4:89:4c:40:82:de:c4:22:68:
                    6b:75:49:b8:d2:1a:b2:a4:55:81:b1:23:8d:8b:85:
                    ca:ef:67:44:c8:b6:b1:d1:73:59:d0:41:ee:3b:b4:
                    5a:d4:97:43:6f:8f:f5:05:18:e5:a3:cb:d0:1b:af:
                    59:15:be:a2:7d:e6:2f:ac:4d:2e:66:71:56:78:8a:
                    06:23:88:f6:cd:cb:8c:78:b3:8c:38:68:e2:e3:b8:
                    cc:25:d9:9f:3d:42:08:75:19:de:a0:7c:4e:b4:1f:
                    46:30:d8:a4:40:da:c3:0e:2b:26:4c:ac:51:f5:04:
                    9e:84:d0:f5:cc:8d:fb:65:4f:04:4c:77:66:3b:7c:
                    06:98:42:cf:30:8c:68:2e:53:32:5f:42:20:57:ae:
                    0a:63:96:1f:23:f0:35:13:3f:53:c8:6a:a4:c9:eb:
                    40:32:6a:f8:13:ce:68:5b:36:05:6f:9c:61:f4:a4:
                    b7:f5:f4:4a:22:d1:53:46:62:a1:ab:3c:9b:00:ad:
                    25:41:63:82:8f:89:2b:f0:b3:59:5d:c1:61:be:79:
                    7d:68:99:8f:66:5c:b1:bd:d9:6f:2d:f2:97:c1:ed:
                    95:d1:2e:20:3d:f9:5c:b5:fd:43:49:0e:07:12:d9:
                    68:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B9:D5:92:9C:AE:EB:31:42:75:F4:CB:8A:81:24:66:63:5E:A5:D0
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IrnVkpyu6zFCdfTLioEkZmNepdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:fc:bc:00:70:92:3c:e3:5a:ae:8c:53:f3:97:d5:78:3f:da:
         93:79:74:b3:67:13:e0:ed:db:9d:bf:d1:e0:fe:21:58:9e:1f:
         5a:28:8f:d5:f4:05:d9:ae:be:4e:6b:e5:5a:b4:f5:f2:08:ff:
         1a:ff:3a:11:bb:c9:e9:f3:f9:1b:d7:de:62:13:1f:df:51:4f:
         e3:b3:d3:48:6f:16:29:34:29:31:d4:ac:72:57:60:7f:d3:18:
         cb:08:59:4d:69:e2:cb:b0:e8:97:40:e5:05:7b:59:7a:4d:4c:
         93:6e:70:59:ff:66:89:69:7a:f4:ce:f6:f9:c2:6e:61:88:c7:
         cd:63:e7:c5:7f:1c:1c:79:d3:7b:ec:04:b3:73:f2:3e:02:fc:
         b7:38:4f:06:b9:21:28:13:37:16:25:a5:a2:d9:dd:18:b7:9d:
         b1:ca:06:7f:4c:bd:3f:5f:27:ee:7c:cd:1f:66:f4:d3:81:07:
         a3:cc:a1:c5:42:b6:93:68:94:d9:85:9d:4c:17:b0:56:45:bb:
         8a:46:25:47:ab:39:57:f9:c0:a9:09:41:1c:93:55:28:e3:b9:
         7c:71:15:d5:61:77:ae:1b:18:ff:6c:6a:ad:27:12:46:1d:4a:
         74:ff:9a:5b:57:f4:af:1d:af:ef:93:e1:9f:04:30:8b:4a:35:
         00:38:45:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKMFEW+af6IUAgYqY7DDD2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQxMDE0MTcyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmI5ZDU5MjljYWVlYjMxNDI3NWY0Y2I4YTgxMjQ2NjYzNWVhNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA0ZWPvRput1q0keyxVxj/a0q+P0
iUxAgt7EImhrdUm40hqypFWBsSONi4XK72dEyLax0XNZ0EHuO7Ra1JdDb4/1BRjl
o8vQG69ZFb6ifeYvrE0uZnFWeIoGI4j2zcuMeLOMOGji47jMJdmfPUIIdRneoHxO
tB9GMNikQNrDDismTKxR9QSehND1zI37ZU8ETHdmO3wGmELPMIxoLlMyX0IgV64K
Y5YfI/A1Ez9TyGqkyetAMmr4E85oWzYFb5xh9KS39fRKItFTRmKhqzybAK0lQWOC
j4kr8LNZXcFhvnl9aJmPZlyxvdlvLfKXwe2V0S4gPflctf1DSQ4HEtloTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCK51ZKcrusxQnX0y4qBJGZjXqXQMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvSXJuVmtweXU2ekZDZGZUTGlvRWtabU5lcGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSPmMA0G
CSqGSIb3DQEBCwUAA4IBAQBB/LwAcJI841qujFPzl9V4P9qTeXSzZxPg7dudv9Hg
/iFYnh9aKI/V9AXZrr5Oa+VatPXyCP8a/zoRu8np8/kb195iEx/fUU/js9NIbxYp
NCkx1KxyV2B/0xjLCFlNaeLLsOiXQOUFe1l6TUyTbnBZ/2aJaXr0zvb5wm5hiMfN
Y+fFfxwcedN77ASzc/I+Avy3OE8GuSEoEzcWJaWi2d0Yt52xygZ/TL0/XyfufM0f
ZvTTgQejzKHFQraTaJTZhZ1MF7BWRbuKRiVHqzlX+cCpCUEck1Uo47l8cRXVYXeu
Gxj/bGqtJxJGHUp0/5pbV/SvHa/vk+GfBDCLSjUAOEUs
-----END CERTIFICATE-----