Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/i6vy6H4xpx_igFLk_XHPv6V16x8.roa
File:                     i6vy6H4xpx_igFLk_XHPv6V16x8.roa (raw, json)
Hash identifier:          01naeRDri/o6A8qUYUpfb/tDhKd6h3KJGIoKVkqg4ic=
Subject key identifier:   8B:AB:F2:E8:7E:31:A7:1F:E2:80:52:E4:FD:71:CF:BF:A5:75:EB:1F
Certificate issuer:       /CN=b453a86fd3081b803edc10d23bbeda91d7932025
Certificate serial:       018CC2DB52B49E98F4B2F26253B99F60EC1B
Authority key identifier: B4:53:A8:6F:D3:08:1B:80:3E:DC:10:D2:3B:BE:DA:91:D7:93:20:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFOob9MIG4A-3BDSO77akdeTICU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/i6vy6H4xpx_igFLk_XHPv6V16x8.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        193.22.32.0/20 maxlen: 20
                          193.22.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/tFOob9MIG4A-3BDSO77akdeTICU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/tFOob9MIG4A-3BDSO77akdeTICU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFOob9MIG4A-3BDSO77akdeTICU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:52:b4:9e:98:f4:b2:f2:62:53:b9:9f:60:ec:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b453a86fd3081b803edc10d23bbeda91d7932025
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8babf2e87e31a71fe28052e4fd71cfbfa575eb1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:32:a7:ac:2f:49:36:01:4f:f1:6f:6c:2a:d1:
                    e6:6c:06:81:6e:9b:36:25:e4:21:3b:78:a0:a2:b2:
                    04:f6:79:4a:0a:aa:d2:0d:4d:44:fa:c4:d0:c6:ef:
                    96:f6:f4:3a:80:57:ed:53:19:1a:c0:4a:02:35:eb:
                    04:71:62:02:dd:30:90:70:ae:2e:d5:3c:18:78:e2:
                    63:e7:db:1d:ac:44:9c:db:47:93:98:c5:94:38:20:
                    5e:82:fa:bd:e5:27:10:b9:91:17:5f:11:b2:c3:0b:
                    8e:74:86:58:5f:e3:b5:68:cf:a5:df:8a:6e:92:53:
                    75:6a:a1:ba:28:0e:34:b6:f3:97:fe:fa:d4:67:80:
                    7d:6b:bb:89:b9:83:53:b0:5f:c9:63:9a:2c:92:76:
                    d4:96:5d:95:c2:54:26:a6:1d:b0:46:4a:2b:99:6f:
                    b6:bb:59:1e:ac:5b:7b:16:34:95:d5:db:4c:d1:c1:
                    4a:2d:a9:64:f4:f2:67:9c:34:16:3d:d4:c4:09:77:
                    09:35:99:18:2e:0f:72:f7:c4:d7:71:84:a5:21:81:
                    9e:24:d2:54:b7:78:76:16:16:6c:1b:df:a6:7c:18:
                    25:07:cd:f6:ba:93:59:21:d6:46:95:5f:1a:ec:c7:
                    0b:93:58:c5:cd:09:44:77:e1:33:26:b4:e1:ef:c6:
                    88:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AB:F2:E8:7E:31:A7:1F:E2:80:52:E4:FD:71:CF:BF:A5:75:EB:1F
            X509v3 Authority Key Identifier:
                keyid:B4:53:A8:6F:D3:08:1B:80:3E:DC:10:D2:3B:BE:DA:91:D7:93:20:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFOob9MIG4A-3BDSO77akdeTICU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/i6vy6H4xpx_igFLk_XHPv6V16x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/225af9-f3f5-49e4-ba10-f5ea012b84fc/1/tFOob9MIG4A-3BDSO77akdeTICU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.32.0-193.22.49.255

    Signature Algorithm: sha256WithRSAEncryption
         1c:b6:e9:ce:f3:49:79:45:28:7f:84:73:1f:1f:8c:8e:36:49:
         00:da:13:ff:6b:c1:4b:16:47:96:f9:6e:1e:e4:f2:db:42:48:
         bf:48:df:eb:0f:2d:0a:1f:c1:a3:5f:14:74:f3:bc:7b:99:e8:
         3a:81:69:88:c5:4d:b8:f7:d0:75:20:3c:47:60:6d:b9:9c:75:
         1c:1c:f3:b3:c0:cf:5f:28:1e:d7:77:ed:eb:67:46:ad:9b:8b:
         f9:30:11:8c:33:5e:8c:e3:70:f4:ab:c2:d5:6c:0b:11:f4:3d:
         9d:ad:3f:ac:45:23:d7:e3:50:2a:c0:ad:83:67:a4:64:0a:a4:
         58:8f:6e:b1:b8:9f:af:6c:06:b7:0f:66:13:24:2b:67:04:1c:
         94:0d:d7:1c:13:0b:9e:77:d2:a3:bd:85:e0:bb:a9:e7:02:95:
         a1:06:f9:35:9e:d2:cf:61:21:d3:24:c3:7a:26:07:21:fb:28:
         21:9e:7f:7b:3b:13:c6:09:4d:9e:38:3f:3e:76:ac:76:e6:b4:
         a6:13:c4:ca:66:c0:b3:e0:9a:00:e9:27:59:f4:e4:0e:d6:96:
         e9:f2:6c:ba:fe:6d:ea:24:34:11:1d:0f:c2:73:63:6c:3f:b8:
         7c:a7:51:69:60:70:79:62:04:b6:8a:84:45:7c:e7:00:a6:44:
         f6:47:70:ec
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC21K0npj0svJiU7mfYOwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTNhODZmZDMwODFiODAzZWRjMTBkMjNiYmVkYTkxZDc5
MzIwMjUwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFiZjJlODdlMzFhNzFmZTI4MDUyZTRmZDcxY2ZiZmE1NzVlYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjKnrC9JNgFP8W9sKtHmbAaBbps2
JeQhO3igorIE9nlKCqrSDU1E+sTQxu+W9vQ6gFftUxkawEoCNesEcWIC3TCQcK4u
1TwYeOJj59sdrESc20eTmMWUOCBegvq95ScQuZEXXxGywwuOdIZYX+O1aM+l34pu
klN1aqG6KA40tvOX/vrUZ4B9a7uJuYNTsF/JY5osknbUll2VwlQmph2wRkormW+2
u1kerFt7FjSV1dtM0cFKLalk9PJnnDQWPdTECXcJNZkYLg9y98TXcYSlIYGeJNJU
t3h2FhZsG9+mfBglB832upNZIdZGlV8a7McLk1jFzQlEd+EzJrTh78aIbwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIur8uh+Macf4oBS5P1xz7+ldesfMB8GA1UdIwQY
MBaAFLRTqG/TCBuAPtwQ0ju+2pHXkyAlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZPb2I5TUlHNEEtM0JEU083N2FrZGVUSUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yMjVhZjktZjNmNS00OWU0LWJhMTAt
ZjVlYTAxMmI4NGZjLzEvaTZ2eTZINHhweF9pZ0ZMa19YSFB2NlYxNng4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yMjVhZjktZjNmNS00OWU0LWJhMTAtZjVlYTAxMmI4NGZj
LzEvdEZPb2I5TUlHNEEtM0JEU083N2FrZGVUSUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXBFiAD
BAHBFjAwDQYJKoZIhvcNAQELBQADggEBABy26c7zSXlFKH+Ecx8fjI42SQDaE/9r
wUsWR5b5bh7k8ttCSL9I3+sPLQofwaNfFHTzvHuZ6DqBaYjFTbj30HUgPEdgbbmc
dRwc87PAz18oHtd37etnRq2bi/kwEYwzXozjcPSrwtVsCxH0PZ2tP6xFI9fjUCrA
rYNnpGQKpFiPbrG4n69sBrcPZhMkK2cEHJQN1xwTC5530qO9heC7qecClaEG+TWe
0s9hIdMkw3omByH7KCGef3s7E8YJTZ44Pz52rHbmtKYTxMpmwLPgmgDpJ1n05A7W
lunybLr+beokNBEdD8JzY2w/uHynUWlgcHliBLaKhEV85wCmRPZHcOw=
-----END CERTIFICATE-----