Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/ItAidq3sGRivBWnzKcWHv-cD7G8.roa
File:                     ItAidq3sGRivBWnzKcWHv-cD7G8.roa (raw, json)
Hash identifier:          72z2D8OfvpJHzui7MX33dOz/z4gXRUgII6B4X4MWPeY=
Subject key identifier:   22:D0:22:76:AD:EC:19:18:AF:05:69:F3:29:C5:87:BF:E7:03:EC:6F
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       018CC5010A575356435C37B759041F03BBF8
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/ItAidq3sGRivBWnzKcWHv-cD7G8.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210340
IP address blocks:        195.114.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0a:57:53:56:43:5c:37:b7:59:04:1f:03:bb:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22d02276adec1918af0569f329c587bfe703ec6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c8:19:92:7a:16:98:24:9a:55:96:03:6d:b4:
                    95:02:10:97:e1:0a:4e:37:39:5b:d8:a8:86:32:a2:
                    3b:4b:54:a0:a8:07:78:bc:2f:a4:62:07:4d:cd:17:
                    1b:3f:72:3f:1b:b6:c0:c1:d6:f3:2d:33:04:cf:f9:
                    05:ba:5d:85:8a:8f:72:35:e5:ed:bf:20:f3:9e:8d:
                    99:0c:91:de:a9:24:64:ac:f4:99:fc:78:f7:9e:a2:
                    fd:e7:d3:ad:56:49:81:29:6d:6d:e2:7d:aa:ae:a1:
                    9b:f8:4e:6d:05:65:5b:9b:04:58:77:f7:24:87:09:
                    f2:6b:5c:23:90:47:63:79:72:80:34:6c:fe:05:45:
                    30:87:02:32:58:82:a3:21:56:aa:a4:0f:a1:1b:77:
                    58:f7:6a:c1:7b:05:f7:a9:12:7e:32:98:00:cd:94:
                    76:79:c0:d9:51:8b:01:9c:ea:7b:32:49:dd:58:44:
                    de:32:54:eb:64:9d:b7:f2:d9:29:2f:11:32:19:23:
                    f7:46:78:7a:e7:66:30:a4:70:c1:dd:f8:eb:de:08:
                    cb:7a:70:18:8e:f0:79:c8:bb:27:f3:2c:77:ea:d9:
                    93:6e:a8:eb:39:0f:63:03:93:57:66:ef:13:9f:9d:
                    f0:5c:a2:89:ec:c2:92:8b:5e:13:3e:2b:3b:0f:55:
                    97:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D0:22:76:AD:EC:19:18:AF:05:69:F3:29:C5:87:BF:E7:03:EC:6F
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/ItAidq3sGRivBWnzKcWHv-cD7G8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ac:40:32:b8:8f:6c:c9:e1:42:3f:55:e9:75:f8:7d:56:42:
         5f:f3:c6:1c:92:04:eb:34:c1:4c:e4:da:30:ff:1c:5b:ab:53:
         b1:e2:f6:17:63:8a:86:48:d0:97:64:21:0b:83:28:19:ae:2e:
         99:94:27:a4:94:59:58:0a:61:79:4a:50:31:9b:61:75:20:eb:
         75:24:78:58:86:cc:a3:d1:e3:89:1a:ac:ab:f3:ab:7f:58:c6:
         75:3b:25:f7:aa:a9:27:66:a2:ab:22:ed:d9:f8:46:ba:72:4e:
         e9:f3:64:e9:dc:ff:68:80:13:55:bc:b3:dd:a8:91:48:5e:a7:
         0a:c8:70:00:75:a4:27:46:ec:1f:a1:32:9a:d1:4d:d0:8c:e0:
         3b:7a:bc:bd:36:e6:c6:7a:41:9a:f5:a4:87:7a:3a:7f:62:83:
         50:02:06:81:e7:94:22:51:1f:fe:40:a7:a3:ce:ba:ca:7c:53:
         7c:6f:31:f4:eb:2b:06:e0:70:24:29:e9:24:05:32:b5:04:e4:
         9d:ba:50:52:e1:a2:4b:99:30:04:eb:86:d7:08:86:d2:db:1b:
         76:c0:23:ab:6a:08:ca:86:29:af:ae:29:00:07:a6:fe:4f:85:
         8d:77:8d:1a:aa:1a:52:c8:07:fc:dd:8c:c9:24:a8:8b:84:fb:
         5d:ef:cb:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQpXU1ZDXDe3WQQfA7v4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQwMjI3NmFkZWMxOTE4YWYwNTY5ZjMyOWM1ODdiZmU3MDNlYzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcgZknoWmCSaVZYDbbSVAhCX4QpO
Nzlb2KiGMqI7S1SgqAd4vC+kYgdNzRcbP3I/G7bAwdbzLTMEz/kFul2Fio9yNeXt
vyDzno2ZDJHeqSRkrPSZ/Hj3nqL959OtVkmBKW1t4n2qrqGb+E5tBWVbmwRYd/ck
hwnya1wjkEdjeXKANGz+BUUwhwIyWIKjIVaqpA+hG3dY92rBewX3qRJ+MpgAzZR2
ecDZUYsBnOp7MkndWETeMlTrZJ238tkpLxEyGSP3Rnh652YwpHDB3fjr3gjLenAY
jvB5yLsn8yx36tmTbqjrOQ9jA5NXZu8Tn53wXKKJ7MKSi14TPis7D1WX5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLQInat7BkYrwVp8ynFh7/nA+xvMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvSXRBaWRxM3NHUml2QlduektjV0h2LWNEN0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KGMA0G
CSqGSIb3DQEBCwUAA4IBAQACrEAyuI9syeFCP1Xpdfh9VkJf88YckgTrNMFM5Now
/xxbq1Ox4vYXY4qGSNCXZCELgygZri6ZlCeklFlYCmF5SlAxm2F1IOt1JHhYhsyj
0eOJGqyr86t/WMZ1OyX3qqknZqKrIu3Z+Ea6ck7p82Tp3P9ogBNVvLPdqJFIXqcK
yHAAdaQnRuwfoTKa0U3QjOA7ery9NubGekGa9aSHejp/YoNQAgaB55QiUR/+QKej
zrrKfFN8bzH06ysG4HAkKekkBTK1BOSdulBS4aJLmTAE64bXCIbS2xt2wCOragjK
himvrikAB6b+T4WNd40aqhpSyAf83YzJJKiLhPtd78tv
-----END CERTIFICATE-----