Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/04d708-feea-4e96-94a1-f428b9954ab2/1/iIQ1AeCAwX8Coaw-N52jgtMOim8.roa
File:                     iIQ1AeCAwX8Coaw-N52jgtMOim8.roa (raw, json)
Hash identifier:          i17BJnUr+wdgxIvE/KTaa2OvwcTHsYLN/zDREHRhQbE=
Subject key identifier:   88:84:35:01:E0:80:C1:7F:02:A1:AC:3E:37:9D:A3:82:D3:0E:8A:6F
Certificate issuer:       /CN=11e5af4c72869209539b1194597b03fa3a4a554a
Certificate serial:       018CC3B67108C05D1840E7BD1FF12C340C06
Authority key identifier: 11:E5:AF:4C:72:86:92:09:53:9B:11:94:59:7B:03:FA:3A:4A:55:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EeWvTHKGkglTmxGUWXsD-jpKVUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/04d708-feea-4e96-94a1-f428b9954ab2/1/iIQ1AeCAwX8Coaw-N52jgtMOim8.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.3.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/04d708-feea-4e96-94a1-f428b9954ab2/1/EeWvTHKGkglTmxGUWXsD-jpKVUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/04d708-feea-4e96-94a1-f428b9954ab2/1/EeWvTHKGkglTmxGUWXsD-jpKVUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EeWvTHKGkglTmxGUWXsD-jpKVUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 18:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:08:c0:5d:18:40:e7:bd:1f:f1:2c:34:0c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e5af4c72869209539b1194597b03fa3a4a554a
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88843501e080c17f02a1ac3e379da382d30e8a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:90:14:8a:a3:da:8f:25:01:82:3f:52:8c:3b:
                    f7:b9:f7:85:68:1e:51:ca:e2:59:86:fb:7c:9b:de:
                    2d:e4:8d:d2:a3:86:1a:d2:d5:75:ce:d7:df:c7:b7:
                    b2:68:61:8c:01:17:d5:48:b5:b4:5a:5e:30:95:59:
                    a1:48:71:61:75:f4:23:1f:f0:ba:0d:f0:16:b1:9b:
                    1c:f5:bc:74:f5:b3:1e:b7:5d:6e:ae:0d:33:36:cc:
                    91:b8:e4:0e:49:ab:6f:a4:0e:af:c2:36:57:f3:0c:
                    e1:77:28:f1:38:db:8b:86:77:5e:2d:98:60:13:0f:
                    f1:f6:79:96:3f:69:cc:36:71:77:aa:ba:04:c7:33:
                    7b:c5:95:25:39:c3:b4:d9:3c:a0:13:84:04:69:0e:
                    65:1a:41:6c:b3:98:f1:52:0b:6d:20:c8:b0:fc:45:
                    96:59:6a:1b:cb:3d:a3:96:b7:c9:1b:f2:5a:9e:61:
                    39:73:cb:27:00:95:99:9d:9d:f4:2c:f9:06:99:7b:
                    af:0a:57:8e:5f:67:8f:24:0f:1b:95:07:6e:81:ab:
                    eb:6f:84:21:92:b4:8d:ea:7b:ae:83:5b:24:5e:8d:
                    ca:a1:44:92:18:98:e5:9e:3e:e0:f7:8c:04:4b:d4:
                    b8:07:76:66:aa:81:78:01:0f:da:39:c9:e9:13:33:
                    25:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:84:35:01:E0:80:C1:7F:02:A1:AC:3E:37:9D:A3:82:D3:0E:8A:6F
            X509v3 Authority Key Identifier:
                keyid:11:E5:AF:4C:72:86:92:09:53:9B:11:94:59:7B:03:FA:3A:4A:55:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EeWvTHKGkglTmxGUWXsD-jpKVUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/04d708-feea-4e96-94a1-f428b9954ab2/1/iIQ1AeCAwX8Coaw-N52jgtMOim8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/04d708-feea-4e96-94a1-f428b9954ab2/1/EeWvTHKGkglTmxGUWXsD-jpKVUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:96:cc:5f:72:61:74:78:34:2c:51:0a:b3:0c:40:1e:0b:2d:
         6e:a4:e9:df:be:98:09:c0:fd:dc:aa:8e:6d:24:bb:d7:58:31:
         32:f8:2e:ce:b8:4a:1c:4b:bf:e6:14:66:25:04:1b:4c:87:4e:
         66:54:70:89:07:af:33:49:58:96:27:b0:27:37:9a:a0:ad:0a:
         cc:30:85:cf:1e:e3:81:22:14:39:06:bd:a2:90:84:84:64:86:
         41:fa:a0:46:19:d5:3f:a1:33:51:26:15:2e:b4:6c:3c:49:2d:
         a8:3a:80:de:37:d0:1a:f6:ff:1e:3c:71:36:51:e4:67:c1:e4:
         90:45:d5:01:f6:c6:11:5b:eb:c5:3c:bb:b9:de:31:ae:1e:7b:
         86:29:7d:41:2a:b8:cc:fb:3c:55:8d:ed:d6:87:78:bf:35:51:
         7e:81:86:12:6f:ea:b7:97:90:6c:35:6f:44:80:c9:57:1a:70:
         cf:51:d9:9f:38:ae:75:16:b0:1d:4a:37:66:bf:bb:cb:28:74:
         de:fc:19:07:60:42:c2:3c:f0:61:33:fd:7f:20:9f:e1:f3:49:
         88:c2:ca:39:ce:2c:d4:5c:88:5c:a3:7f:b3:c6:73:d2:c8:4e:
         f8:d9:2e:12:f3:3c:76:40:ad:fe:38:4b:0d:64:f7:8e:7f:78:
         82:5f:72:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnEIwF0YQOe9H/EsNAwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTVhZjRjNzI4NjkyMDk1MzliMTE5NDU5N2IwM2ZhM2E0
YTU1NGEwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg0MzUwMWUwODBjMTdmMDJhMWFjM2UzNzlkYTM4MmQzMGU4YTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZAUiqPajyUBgj9SjDv3ufeFaB5R
yuJZhvt8m94t5I3So4Ya0tV1ztffx7eyaGGMARfVSLW0Wl4wlVmhSHFhdfQjH/C6
DfAWsZsc9bx09bMet11urg0zNsyRuOQOSatvpA6vwjZX8wzhdyjxONuLhndeLZhg
Ew/x9nmWP2nMNnF3qroExzN7xZUlOcO02TygE4QEaQ5lGkFss5jxUgttIMiw/EWW
WWobyz2jlrfJG/JanmE5c8snAJWZnZ30LPkGmXuvCleOX2ePJA8blQdugavrb4Qh
krSN6nuug1skXo3KoUSSGJjlnj7g94wES9S4B3ZmqoF4AQ/aOcnpEzMl4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiENQHggMF/AqGsPjedo4LTDopvMB8GA1UdIwQY
MBaAFBHlr0xyhpIJU5sRlFl7A/o6SlVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVXdlRIS0drZ2xUbXhHVVdYc0QtanBLVlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wNGQ3MDgtZmVlYS00ZTk2LTk0YTEt
ZjQyOGI5OTU0YWIyLzEvaUlRMUFlQ0F3WDhDb2F3LU41MmpndE1PaW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wNGQ3MDgtZmVlYS00ZTk2LTk0YTEtZjQyOGI5OTU0YWIy
LzEvRWVXdlRIS0drZ2xUbXhHVVdYc0QtanBLVlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQOgMA0G
CSqGSIb3DQEBCwUAA4IBAQANlsxfcmF0eDQsUQqzDEAeCy1upOnfvpgJwP3cqo5t
JLvXWDEy+C7OuEocS7/mFGYlBBtMh05mVHCJB68zSViWJ7AnN5qgrQrMMIXPHuOB
IhQ5Br2ikISEZIZB+qBGGdU/oTNRJhUutGw8SS2oOoDeN9Aa9v8ePHE2UeRnweSQ
RdUB9sYRW+vFPLu53jGuHnuGKX1BKrjM+zxVje3Wh3i/NVF+gYYSb+q3l5BsNW9E
gMlXGnDPUdmfOK51FrAdSjdmv7vLKHTe/BkHYELCPPBhM/1/IJ/h80mIwso5zizU
XIhco3+zxnPSyE742S4S8zx2QK3+OEsNZPeOf3iCX3Kx
-----END CERTIFICATE-----