Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/43d508-d19e-4f66-ae85-f805ab3a327e/1/IRlpu7LqAELyw5oyPu2jL_iQOvI.roa
File:                     IRlpu7LqAELyw5oyPu2jL_iQOvI.roa (raw, json)
Hash identifier:          SqOv9Gq8bJnQYzfXnmYE9BsbWHRFyitsP1MvnfmuGJY=
Subject key identifier:   21:19:69:BB:B2:EA:00:42:F2:C3:9A:32:3E:ED:A3:2F:F8:90:3A:F2
Certificate issuer:       /CN=97d9ef7bd30324dedf70bace4bbda5760c326b1a
Certificate serial:       018CC348C50B58E94DC415D5A738958FF3A5
Authority key identifier: 97:D9:EF:7B:D3:03:24:DE:DF:70:BA:CE:4B:BD:A5:76:0C:32:6B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l9nve9MDJN7fcLrOS72ldgwyaxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/43d508-d19e-4f66-ae85-f805ab3a327e/1/IRlpu7LqAELyw5oyPu2jL_iQOvI.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203637
IP address blocks:        185.127.190.0/24 maxlen: 24
                          185.127.189.0/24 maxlen: 24
                          185.127.188.0/24 maxlen: 24
                          185.127.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/43d508-d19e-4f66-ae85-f805ab3a327e/1/l9nve9MDJN7fcLrOS72ldgwyaxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/43d508-d19e-4f66-ae85-f805ab3a327e/1/l9nve9MDJN7fcLrOS72ldgwyaxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l9nve9MDJN7fcLrOS72ldgwyaxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:0b:58:e9:4d:c4:15:d5:a7:38:95:8f:f3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97d9ef7bd30324dedf70bace4bbda5760c326b1a
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=211969bbb2ea0042f2c39a323eeda32ff8903af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:ef:45:67:d3:d4:17:76:7f:d7:ff:a2:c8:46:
                    3d:30:3d:66:0b:3c:3a:74:85:e3:e7:a1:76:3d:8c:
                    02:31:2c:dd:11:4c:f2:5c:6d:61:10:75:20:d6:74:
                    c6:85:ba:23:af:66:6a:b6:81:8e:14:2a:44:a8:6b:
                    5e:57:9c:d9:7c:eb:8a:67:a1:b6:94:24:f3:4c:67:
                    74:44:30:c5:b2:01:d9:85:50:e2:1c:93:29:52:cb:
                    9e:1d:70:66:02:a5:89:9b:1f:66:3e:45:6d:ed:84:
                    96:81:6d:58:f8:5c:13:fd:bc:7f:eb:e1:c6:61:30:
                    6c:97:da:b0:ad:ae:3a:9d:08:4e:8f:c7:0b:6f:20:
                    df:5d:27:e4:97:3a:d9:79:74:7c:0c:ea:42:15:98:
                    11:e8:f0:7e:b4:0b:33:c4:25:05:91:58:94:74:0b:
                    a1:0c:b6:4e:31:48:ba:98:38:4a:cf:7e:83:eb:b9:
                    e6:ef:58:61:1d:0e:92:52:75:4c:a9:3e:7e:a8:bb:
                    58:69:31:34:79:48:fb:3e:f0:20:85:e7:07:dc:54:
                    ab:df:f3:83:4b:eb:f8:87:b1:a3:cc:91:d4:b7:0f:
                    99:18:52:70:28:db:67:43:5a:90:d4:68:4a:aa:d0:
                    d8:12:03:08:1c:9c:a7:13:81:bb:94:76:43:dd:23:
                    ca:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:19:69:BB:B2:EA:00:42:F2:C3:9A:32:3E:ED:A3:2F:F8:90:3A:F2
            X509v3 Authority Key Identifier:
                keyid:97:D9:EF:7B:D3:03:24:DE:DF:70:BA:CE:4B:BD:A5:76:0C:32:6B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l9nve9MDJN7fcLrOS72ldgwyaxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/43d508-d19e-4f66-ae85-f805ab3a327e/1/IRlpu7LqAELyw5oyPu2jL_iQOvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/43d508-d19e-4f66-ae85-f805ab3a327e/1/l9nve9MDJN7fcLrOS72ldgwyaxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:f0:4c:a7:7b:ec:de:ce:cc:46:36:a7:e3:af:7e:24:90:70:
         c5:4a:fe:73:6e:10:b8:68:da:e5:49:a2:52:90:bd:89:1f:a8:
         2a:b8:8c:36:af:ab:c5:12:64:58:33:58:58:e0:04:9a:fe:c4:
         fe:67:7f:4b:88:bd:0f:63:04:c1:30:e3:ac:15:47:20:26:00:
         60:42:81:3f:3a:a1:20:5c:fe:1f:82:6d:df:99:41:8e:84:be:
         14:08:5e:f0:a8:73:35:81:c2:67:a6:4e:96:5d:7d:6e:3c:e2:
         a2:40:50:4a:d9:f5:af:82:ce:87:cf:c1:88:50:ff:54:5b:49:
         77:d3:6b:fa:c6:b5:56:88:2f:22:bd:92:d5:3a:34:73:dd:09:
         64:33:25:cd:eb:0c:73:c9:f8:10:83:58:07:1b:f5:e3:37:e0:
         c0:0b:03:63:ad:c1:4f:b5:39:61:30:59:91:9d:c9:ae:ea:d2:
         5c:97:90:72:f7:ac:e1:60:20:fd:bd:25:da:5b:78:7e:7f:aa:
         18:b6:e3:a3:90:e3:c4:8d:94:10:67:4f:0a:aa:fc:60:e1:88:
         3e:72:e1:48:32:a3:15:8a:2f:2d:f3:3a:ea:4e:2d:2d:ec:29:
         7a:81:53:ab:44:5d:e4:eb:12:6a:60:10:63:97:6a:0a:69:53:
         6d:a9:de:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMULWOlNxBXVpziVj/OlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZDllZjdiZDMwMzI0ZGVkZjcwYmFjZTRiYmRhNTc2MGMz
MjZiMWEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTE5NjliYmIyZWEwMDQyZjJjMzlhMzIzZWVkYTMyZmY4OTAzYWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+9FZ9PUF3Z/1/+iyEY9MD1mCzw6
dIXj56F2PYwCMSzdEUzyXG1hEHUg1nTGhbojr2ZqtoGOFCpEqGteV5zZfOuKZ6G2
lCTzTGd0RDDFsgHZhVDiHJMpUsueHXBmAqWJmx9mPkVt7YSWgW1Y+FwT/bx/6+HG
YTBsl9qwra46nQhOj8cLbyDfXSfklzrZeXR8DOpCFZgR6PB+tAszxCUFkViUdAuh
DLZOMUi6mDhKz36D67nm71hhHQ6SUnVMqT5+qLtYaTE0eUj7PvAghecH3FSr3/OD
S+v4h7GjzJHUtw+ZGFJwKNtnQ1qQ1GhKqtDYEgMIHJynE4G7lHZD3SPKUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEZabuy6gBC8sOaMj7toy/4kDryMB8GA1UdIwQY
MBaAFJfZ73vTAyTe33C6zku9pXYMMmsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDludmU5TURKTjdmY0xyT1M3MmxkZ3d5YXhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS80M2Q1MDgtZDE5ZS00ZjY2LWFlODUt
ZjgwNWFiM2EzMjdlLzEvSVJscHU3THFBRUx5dzVveVB1MmpMX2lRT3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS80M2Q1MDgtZDE5ZS00ZjY2LWFlODUtZjgwNWFiM2EzMjdl
LzEvbDludmU5TURKTjdmY0xyT1M3MmxkZ3d5YXhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX+8MA0G
CSqGSIb3DQEBCwUAA4IBAQAL8Eyne+zezsxGNqfjr34kkHDFSv5zbhC4aNrlSaJS
kL2JH6gquIw2r6vFEmRYM1hY4ASa/sT+Z39LiL0PYwTBMOOsFUcgJgBgQoE/OqEg
XP4fgm3fmUGOhL4UCF7wqHM1gcJnpk6WXX1uPOKiQFBK2fWvgs6Hz8GIUP9UW0l3
02v6xrVWiC8ivZLVOjRz3QlkMyXN6wxzyfgQg1gHG/XjN+DACwNjrcFPtTlhMFmR
ncmu6tJcl5By96zhYCD9vSXaW3h+f6oYtuOjkOPEjZQQZ08Kqvxg4Yg+cuFIMqMV
ii8t8zrqTi0t7Cl6gVOrRF3k6xJqYBBjl2oKaVNtqd7X
-----END CERTIFICATE-----