Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/33ad44-786c-4643-9de2-34f722b08def/1/IyaPOy7oGAJNhefGcOcZN1-tfGs.roa
File:                     IyaPOy7oGAJNhefGcOcZN1-tfGs.roa (raw, json)
Hash identifier:          FHZu5bPM+rKsk4OyHGPH7dd0SQVOW3boG3f0zNL5824=
Subject key identifier:   23:26:8F:3B:2E:E8:18:02:4D:85:E7:C6:70:E7:19:37:5F:AD:7C:6B
Certificate issuer:       /CN=aefcb6441d70d2eb10d7633da7319a3d3ff977ae
Certificate serial:       01918E94810CC221D87E5E8295E691539F08
Authority key identifier: AE:FC:B6:44:1D:70:D2:EB:10:D7:63:3D:A7:31:9A:3D:3F:F9:77:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rvy2RB1w0usQ12M9pzGaPT_5d64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/33ad44-786c-4643-9de2-34f722b08def/1/IyaPOy7oGAJNhefGcOcZN1-tfGs.roa
Signing time:             Mon 26 Aug 2024 12:06:22 +0000
ROA not before:           Mon 26 Aug 2024 12:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39257
IP address blocks:        194.48.242.0/24 maxlen: 24
                          2a13:d500::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/33ad44-786c-4643-9de2-34f722b08def/1/rvy2RB1w0usQ12M9pzGaPT_5d64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/33ad44-786c-4643-9de2-34f722b08def/1/rvy2RB1w0usQ12M9pzGaPT_5d64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rvy2RB1w0usQ12M9pzGaPT_5d64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:94:81:0c:c2:21:d8:7e:5e:82:95:e6:91:53:9f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefcb6441d70d2eb10d7633da7319a3d3ff977ae
        Validity
            Not Before: Aug 26 12:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23268f3b2ee818024d85e7c670e719375fad7c6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8f:bf:8a:88:26:8a:f9:68:8a:51:20:4b:7c:
                    99:84:0e:e6:95:92:c5:39:2b:73:7f:b5:3b:53:cb:
                    12:3e:ef:11:6d:fa:26:fa:49:75:c3:3a:b3:2e:a8:
                    f0:62:24:a7:ea:2a:f8:97:69:c5:df:09:21:1c:59:
                    1e:58:57:37:a1:60:fa:84:23:0b:7b:85:49:2c:e8:
                    a4:a1:a5:27:f7:85:06:be:36:71:b6:d0:6f:fc:b7:
                    2d:93:95:f7:58:61:61:09:8f:42:17:3d:fb:0b:b4:
                    ce:53:a3:e4:d0:b1:dd:d9:e6:2e:30:28:8e:f8:08:
                    26:b4:fe:14:ed:a4:d0:f9:01:ea:1a:a7:2a:c9:dd:
                    d0:63:4b:04:67:6d:dd:ab:cc:ef:aa:f1:fe:3a:e5:
                    84:b3:c0:af:45:17:f7:c9:c3:21:ab:56:0f:a0:a7:
                    6d:a8:6f:81:d2:48:7f:e7:cc:f6:74:1e:56:13:de:
                    a3:c2:e1:a5:4c:8c:65:b1:88:5b:3c:73:fb:9e:0a:
                    9c:f8:3f:0f:0f:7e:de:2d:29:72:17:9c:d6:8b:96:
                    2c:33:81:5b:fa:75:65:2b:a7:82:8d:a1:b3:09:de:
                    6f:b6:29:e3:a6:04:e6:2d:07:c0:da:41:bf:9f:52:
                    e6:66:02:2d:2b:30:88:ba:36:97:63:f3:e5:82:e1:
                    ac:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:26:8F:3B:2E:E8:18:02:4D:85:E7:C6:70:E7:19:37:5F:AD:7C:6B
            X509v3 Authority Key Identifier:
                keyid:AE:FC:B6:44:1D:70:D2:EB:10:D7:63:3D:A7:31:9A:3D:3F:F9:77:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rvy2RB1w0usQ12M9pzGaPT_5d64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/33ad44-786c-4643-9de2-34f722b08def/1/IyaPOy7oGAJNhefGcOcZN1-tfGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/33ad44-786c-4643-9de2-34f722b08def/1/rvy2RB1w0usQ12M9pzGaPT_5d64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.242.0/24
                IPv6:
                  2a13:d500::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:96:29:0f:92:5e:37:9e:fa:a6:e5:24:d7:a7:c6:83:1b:f8:
         e3:94:eb:bb:7d:30:68:e3:1e:7d:fd:55:b1:92:66:68:f4:db:
         f2:60:05:67:1c:28:89:4f:e8:10:5c:d6:b5:8c:b3:05:2c:0c:
         09:66:ee:f3:17:67:81:4b:62:bf:25:1d:87:db:06:c1:35:8d:
         fd:8e:65:d0:dd:0e:55:ac:2f:0b:eb:d5:fb:b5:fb:ff:77:a7:
         7e:12:8d:d0:b6:ec:7f:3d:5d:6a:96:90:0c:c4:4b:93:3d:f5:
         4a:22:06:f1:35:15:52:41:91:5e:2c:d1:26:20:e9:f4:75:6d:
         20:95:4e:73:e9:3f:25:f6:23:2c:99:3f:f0:38:2c:88:f8:b8:
         8f:c6:00:c6:91:26:6b:14:86:a3:f8:2a:4d:9c:a3:e2:a9:4d:
         be:43:98:c4:30:5b:4f:33:83:2c:2f:48:0d:1f:15:07:9d:21:
         e9:71:ee:53:e9:70:bd:72:fa:19:42:7a:1a:fc:91:1b:4b:01:
         21:08:c2:f0:c6:8f:d4:88:d2:b5:ee:88:11:96:1d:58:83:15:
         89:88:b0:ba:f4:1d:96:24:43:8f:5b:4a:ea:75:c5:b6:33:24:
         ed:03:71:3b:04:e3:c7:53:fe:cd:50:b9:84:fa:9b:16:0a:35:
         93:8c:ad:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZGOlIEMwiHYfl6CleaRU58IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmNiNjQ0MWQ3MGQyZWIxMGQ3NjMzZGE3MzE5YTNkM2Zm
OTc3YWUwHhcNMjQwODI2MTIwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI2OGYzYjJlZTgxODAyNGQ4NWU3YzY3MGU3MTkzNzVmYWQ3YzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjI+/iogmivloilEgS3yZhA7mlZLF
OStzf7U7U8sSPu8Rbfom+kl1wzqzLqjwYiSn6ir4l2nF3wkhHFkeWFc3oWD6hCML
e4VJLOikoaUn94UGvjZxttBv/Lctk5X3WGFhCY9CFz37C7TOU6Pk0LHd2eYuMCiO
+AgmtP4U7aTQ+QHqGqcqyd3QY0sEZ23dq8zvqvH+OuWEs8CvRRf3ycMhq1YPoKdt
qG+B0kh/58z2dB5WE96jwuGlTIxlsYhbPHP7ngqc+D8PD37eLSlyF5zWi5YsM4Fb
+nVlK6eCjaGzCd5vtinjpgTmLQfA2kG/n1LmZgItKzCIujaXY/PlguGskQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCMmjzsu6BgCTYXnxnDnGTdfrXxrMB8GA1UdIwQY
MBaAFK78tkQdcNLrENdjPacxmj0/+XeuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnZ5MlJCMXcwdXNRMTJNOXB6R2FQVF81ZDY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8zM2FkNDQtNzg2Yy00NjQzLTlkZTIt
MzRmNzIyYjA4ZGVmLzEvSXlhUE95N29HQUpOaGVmR2NPY1pOMS10ZkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8zM2FkNDQtNzg2Yy00NjQzLTlkZTItMzRmNzIyYjA4ZGVm
LzEvcnZ5MlJCMXcwdXNRMTJNOXB6R2FQVF81ZDY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwjDyMA0E
AgACMAcDBQAqE9UAMA0GCSqGSIb3DQEBCwUAA4IBAQCAlikPkl43nvqm5STXp8aD
G/jjlOu7fTBo4x59/VWxkmZo9NvyYAVnHCiJT+gQXNa1jLMFLAwJZu7zF2eBS2K/
JR2H2wbBNY39jmXQ3Q5VrC8L69X7tfv/d6d+Eo3Qtux/PV1qlpAMxEuTPfVKIgbx
NRVSQZFeLNEmIOn0dW0glU5z6T8l9iMsmT/wOCyI+LiPxgDGkSZrFIaj+CpNnKPi
qU2+Q5jEMFtPM4MsL0gNHxUHnSHpce5T6XC9cvoZQnoa/JEbSwEhCMLwxo/UiNK1
7ogRlh1YgxWJiLC69B2WJEOPW0rqdcW2MyTtA3E7BOPHU/7NULmE+psWCjWTjK1X
-----END CERTIFICATE-----