Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iKB0ZFFRlU4NJ__3F1818Rjk1xE.roa
File:                     iKB0ZFFRlU4NJ__3F1818Rjk1xE.roa (raw, json)
Hash identifier:          rGa1j9VArH2zu8KtDTzAg0gKF9jutcrQp6bSktJz+vI=
Subject key identifier:   88:A0:74:64:51:51:95:4E:0D:27:FF:F7:17:5F:35:F1:18:E4:D7:11
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F9B383CF25A79328F744458C2ECC88BA1
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iKB0ZFFRlU4NJ__3F1818Rjk1xE.roa
Signing time:             Tue 21 May 2024 12:55:04 +0000
ROA not before:           Tue 21 May 2024 12:55:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        109.176.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9b:38:3c:f2:5a:79:32:8f:74:44:58:c2:ec:c8:8b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May 21 12:55:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88a074645151954e0d27fff7175f35f118e4d711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1c:fb:1d:ee:29:ad:e6:81:9a:c5:81:64:72:
                    30:96:c9:c5:c3:4a:3d:a7:f6:de:14:9d:b4:c2:88:
                    97:aa:47:2d:2d:db:7e:48:be:76:16:88:69:26:e2:
                    37:27:e2:dd:44:d3:10:f4:0a:36:2a:79:7f:42:0e:
                    c7:f3:b2:e0:3a:83:25:fa:e8:c6:9d:f1:e4:95:25:
                    f1:ba:05:ca:3b:58:01:7a:d7:91:40:c0:2f:e8:2e:
                    d7:77:41:6f:4a:44:08:d0:2b:d0:13:9b:5c:eb:4e:
                    e5:c1:12:97:2c:53:ab:9b:5b:55:d6:a6:08:28:6f:
                    44:b3:45:10:eb:f7:c3:4a:42:b5:71:fc:7f:11:3d:
                    30:16:79:fa:aa:4d:df:64:53:f0:59:df:dd:81:87:
                    68:7a:fc:13:3f:61:24:7f:e5:1f:7b:40:81:c5:d1:
                    26:ef:b2:fa:3a:aa:49:22:d1:bb:1c:7c:cf:cd:ea:
                    cb:ef:60:79:ab:93:90:c6:cb:9f:74:22:39:66:25:
                    3c:ea:a7:9a:54:82:66:15:69:51:e8:47:be:ac:32:
                    45:4c:59:db:fd:41:b1:5b:bc:da:29:23:28:e9:11:
                    ce:b4:be:d7:0a:12:b8:c3:02:ae:f3:2e:ec:13:a0:
                    92:e3:b1:b9:3e:fa:6e:d6:4e:dc:42:61:13:e4:64:
                    86:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A0:74:64:51:51:95:4E:0D:27:FF:F7:17:5F:35:F1:18:E4:D7:11
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/iKB0ZFFRlU4NJ__3F1818Rjk1xE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:3c:15:42:89:0d:c0:e7:bb:bb:d2:0b:e0:8c:76:fb:bd:69:
         d7:94:27:29:0d:76:64:06:8a:bb:cc:bb:33:c6:07:03:c0:54:
         67:c8:d8:4f:6e:f6:07:c3:31:7f:ee:5e:51:70:94:fe:59:af:
         1a:61:36:d7:ab:92:64:5d:61:0b:ed:db:97:4e:a0:9f:92:47:
         a5:ba:06:24:9c:5d:02:2f:66:96:60:72:66:be:1b:07:98:13:
         a5:86:44:be:bf:e4:d2:9d:dd:ed:ce:c5:16:70:46:d7:83:cd:
         c6:0c:2b:7f:1f:a7:d0:ee:fe:90:e1:e3:f4:24:74:35:6c:34:
         80:11:a2:84:d2:33:aa:f8:c7:08:21:0a:00:d7:2e:1a:1e:44:
         ee:6b:f1:07:da:33:dd:43:40:f2:87:a0:db:c1:4a:d0:d4:f7:
         a0:95:3b:fc:8f:2a:0b:9a:2a:c8:e6:c2:55:82:40:bf:80:b4:
         2a:ec:9c:a6:82:15:4d:07:ee:c0:16:61:1d:87:f2:e0:a9:32:
         7c:02:57:e8:de:bc:ed:f0:9b:d8:c3:cd:8c:47:0e:3b:2a:6a:
         dd:cb:90:43:32:fc:bf:ec:97:c1:ab:c1:ce:22:80:70:77:1d:
         27:83:c0:e0:bd:33:02:97:b8:36:87:9b:44:51:db:4f:1e:a9:
         3b:b7:65:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+bODzyWnkyj3REWMLsyIuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTIxMTI1NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEwNzQ2NDUxNTE5NTRlMGQyN2ZmZjcxNzVmMzVmMTE4ZTRkNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhz7He4preaBmsWBZHIwlsnFw0o9
p/beFJ20woiXqkctLdt+SL52FohpJuI3J+LdRNMQ9Ao2Knl/Qg7H87LgOoMl+ujG
nfHklSXxugXKO1gBeteRQMAv6C7Xd0FvSkQI0CvQE5tc607lwRKXLFOrm1tV1qYI
KG9Es0UQ6/fDSkK1cfx/ET0wFnn6qk3fZFPwWd/dgYdoevwTP2Ekf+Ufe0CBxdEm
77L6OqpJItG7HHzPzerL72B5q5OQxsufdCI5ZiU86qeaVIJmFWlR6Ee+rDJFTFnb
/UGxW7zaKSMo6RHOtL7XChK4wwKu8y7sE6CS47G5Pvpu1k7cQmET5GSGzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIigdGRRUZVODSf/9xdfNfEY5NcRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvaUtCMFpGRlJsVTROSl9fM0YxODE4UmprMXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD6MA0G
CSqGSIb3DQEBCwUAA4IBAQBjPBVCiQ3A57u70gvgjHb7vWnXlCcpDXZkBoq7zLsz
xgcDwFRnyNhPbvYHwzF/7l5RcJT+Wa8aYTbXq5JkXWEL7duXTqCfkkelugYknF0C
L2aWYHJmvhsHmBOlhkS+v+TSnd3tzsUWcEbXg83GDCt/H6fQ7v6Q4eP0JHQ1bDSA
EaKE0jOq+McIIQoA1y4aHkTua/EH2jPdQ0Dyh6DbwUrQ1PeglTv8jyoLmirI5sJV
gkC/gLQq7JymghVNB+7AFmEdh/LgqTJ8Alfo3rzt8JvYw82MRw47Kmrdy5BDMvy/
7JfBq8HOIoBwdx0ng8DgvTMCl7g2h5tEUdtPHqk7t2Us
-----END CERTIFICATE-----