Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/iCZ5LkRRabrQM8eb0h1397FNbPc.roa
File:                     iCZ5LkRRabrQM8eb0h1397FNbPc.roa (raw, json)
Hash identifier:          /PXtPb3g/8dNDvzzTJMTXsHm+K21xBEsZZ9tlSPaX0E=
Subject key identifier:   88:26:79:2E:44:51:69:BA:D0:33:C7:9B:D2:1D:77:F7:B1:4D:6C:F7
Certificate issuer:       /CN=1366b960a6f1f04439f09186f9ecf531a9ce2648
Certificate serial:       0194236A4970E403F8ED9E57BEABE6193694
Authority key identifier: 13:66:B9:60:A6:F1:F0:44:39:F0:91:86:F9:EC:F5:31:A9:CE:26:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/iCZ5LkRRabrQM8eb0h1397FNbPc.roa
Signing time:             Wed 01 Jan 2025 19:49:15 +0000
ROA not before:           Wed 01 Jan 2025 19:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        193.109.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:49:70:e4:03:f8:ed:9e:57:be:ab:e6:19:36:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1366b960a6f1f04439f09186f9ecf531a9ce2648
        Validity
            Not Before: Jan  1 19:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8826792e445169bad033c79bd21d77f7b14d6cf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2c:75:30:4f:fc:b3:ad:09:6e:64:3e:0d:ad:
                    1b:25:ca:ff:6a:91:41:67:46:7d:19:27:c8:1f:58:
                    e0:5f:74:48:ab:1e:a8:5c:84:c4:91:ed:d4:40:e3:
                    de:95:9c:9d:04:ac:70:63:2a:42:dd:91:76:51:83:
                    f3:70:e0:99:ab:d4:f8:f5:68:75:37:86:5b:41:e3:
                    1f:bf:8f:05:11:ca:a1:f9:d1:34:ff:30:1c:13:88:
                    c1:28:f9:7a:2a:3b:1c:5d:5c:6a:7c:10:f8:c4:c5:
                    24:97:6c:5e:1f:07:d1:00:41:08:11:70:b5:8d:3c:
                    98:fc:53:37:fe:3c:70:0f:45:18:c0:0a:06:a7:a0:
                    19:4e:a5:bb:d0:59:c4:31:7d:67:54:41:4a:5a:98:
                    7c:c2:2d:cb:7f:47:4a:30:2e:a4:78:6e:39:77:b0:
                    99:55:fc:4a:3a:be:cc:32:51:a9:fb:0e:61:e0:a2:
                    f4:1a:64:91:64:de:61:7f:6b:c1:e8:80:c8:d5:c4:
                    09:20:cb:37:7f:d0:43:e0:9c:f5:58:46:17:f0:51:
                    8f:a1:ce:df:98:91:5b:b6:79:0a:9a:e9:8e:52:be:
                    f3:6c:a1:3a:d9:47:69:7a:f0:55:7a:95:16:ca:a5:
                    e0:a5:f8:fe:5a:36:57:50:f9:b6:cb:de:94:c5:32:
                    48:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:26:79:2E:44:51:69:BA:D0:33:C7:9B:D2:1D:77:F7:B1:4D:6C:F7
            X509v3 Authority Key Identifier:
                keyid:13:66:B9:60:A6:F1:F0:44:39:F0:91:86:F9:EC:F5:31:A9:CE:26:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E2a5YKbx8EQ58JGG-ez1ManOJkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/iCZ5LkRRabrQM8eb0h1397FNbPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4402b0-2eca-4836-bf22-a967159f887d/1/E2a5YKbx8EQ58JGG-ez1ManOJkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:d3:37:a5:95:78:02:b7:53:8d:77:91:49:3f:69:d7:08:e7:
         c8:8c:21:26:f2:c1:b8:18:d0:61:41:c8:56:57:4e:b0:40:d6:
         91:47:d1:4b:ed:01:0b:84:f2:78:91:70:3f:42:e3:ff:5b:10:
         cb:80:2b:f0:d0:b2:59:83:76:78:be:f9:fb:30:52:68:6a:26:
         c4:04:03:ab:28:fc:46:02:44:45:e8:ce:69:bf:f2:b6:76:13:
         40:b7:f0:83:0d:d5:75:95:b7:dc:3f:51:b6:da:9b:3d:80:8e:
         7a:b5:18:fd:67:55:45:ce:a8:50:79:ea:e3:57:d9:61:d4:06:
         bf:bb:6d:b3:36:bc:6d:fa:96:a6:1f:a8:2d:15:31:ca:04:b2:
         89:27:9d:43:e8:56:05:7a:2d:7c:c0:d4:dd:89:a0:b7:da:75:
         99:a7:84:da:34:33:3b:c3:3a:96:2c:69:89:5a:99:5c:8b:d1:
         da:d4:11:05:cc:bf:80:e3:1e:11:42:a3:51:97:e0:b3:a3:24:
         2c:cf:34:41:93:2f:ea:12:62:4d:49:b8:00:32:73:6b:ba:25:
         50:cd:15:74:e8:79:44:10:64:b3:a9:c6:3f:92:80:5f:80:ca:
         f7:e5:86:b6:f5:21:a6:12:14:25:9e:84:61:60:83:b3:d2:56:
         0d:f0:02:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaklw5AP47Z5XvqvmGTaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNjZiOTYwYTZmMWYwNDQzOWYwOTE4NmY5ZWNmNTMxYTlj
ZTI2NDgwHhcNMjUwMTAxMTk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI2NzkyZTQ0NTE2OWJhZDAzM2M3OWJkMjFkNzdmN2IxNGQ2Y2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSx1ME/8s60JbmQ+Da0bJcr/apFB
Z0Z9GSfIH1jgX3RIqx6oXITEke3UQOPelZydBKxwYypC3ZF2UYPzcOCZq9T49Wh1
N4ZbQeMfv48FEcqh+dE0/zAcE4jBKPl6KjscXVxqfBD4xMUkl2xeHwfRAEEIEXC1
jTyY/FM3/jxwD0UYwAoGp6AZTqW70FnEMX1nVEFKWph8wi3Lf0dKMC6keG45d7CZ
VfxKOr7MMlGp+w5h4KL0GmSRZN5hf2vB6IDI1cQJIMs3f9BD4Jz1WEYX8FGPoc7f
mJFbtnkKmumOUr7zbKE62UdpevBVepUWyqXgpfj+WjZXUPm2y96UxTJI2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgmeS5EUWm60DPHm9Idd/exTWz3MB8GA1UdIwQY
MBaAFBNmuWCm8fBEOfCRhvns9TGpziZIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTJhNVlLYng4RVE1OEpHRy1lejFNYW5PSmtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80NDAyYjAtMmVjYS00ODM2LWJmMjIt
YTk2NzE1OWY4ODdkLzEvaUNaNUxrUlJhYnJRTThlYjBoMTM5N0ZOYlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80NDAyYjAtMmVjYS00ODM2LWJmMjItYTk2NzE1OWY4ODdk
LzEvRTJhNVlLYng4RVE1OEpHRy1lejFNYW5PSmtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW2oMA0G
CSqGSIb3DQEBCwUAA4IBAQAe0zellXgCt1ONd5FJP2nXCOfIjCEm8sG4GNBhQchW
V06wQNaRR9FL7QELhPJ4kXA/QuP/WxDLgCvw0LJZg3Z4vvn7MFJoaibEBAOrKPxG
AkRF6M5pv/K2dhNAt/CDDdV1lbfcP1G22ps9gI56tRj9Z1VFzqhQeerjV9lh1Aa/
u22zNrxt+pamH6gtFTHKBLKJJ51D6FYFei18wNTdiaC32nWZp4TaNDM7wzqWLGmJ
Wplci9Ha1BEFzL+A4x4RQqNRl+CzoyQszzRBky/qEmJNSbgAMnNruiVQzRV06HlE
EGSzqcY/koBfgMr35Ya29SGmEhQlnoRhYIOz0lYN8AIt
-----END CERTIFICATE-----