Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/IlJ-sK-sm_-UA5jinl86V8uUSOM.roa
File:                     IlJ-sK-sm_-UA5jinl86V8uUSOM.roa (raw, json)
Hash identifier:          WRkOAG7C/h1Nr3ssJ90MoM3xzFN7LOldgew2jtO0+nQ=
Subject key identifier:   22:52:7E:B0:AF:AC:9B:FF:94:03:98:E2:9E:5F:3A:57:CB:94:48:E3
Certificate issuer:       /CN=79a304ba34b61a15e3797ffd4d1ae8c218c1c7bf
Certificate serial:       018E46B768D7FF21C6D87F0E6BC59F22BDF3
Authority key identifier: 79:A3:04:BA:34:B6:1A:15:E3:79:7F:FD:4D:1A:E8:C2:18:C1:C7:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/IlJ-sK-sm_-UA5jinl86V8uUSOM.roa
Signing time:             Sat 16 Mar 2024 10:03:28 +0000
ROA not before:           Sat 16 Mar 2024 10:03:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47951
IP address blocks:        185.23.111.0/24 maxlen: 24
                          2a12:c040::/30 maxlen: 30
                          2a12:c044::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:46:b7:68:d7:ff:21:c6:d8:7f:0e:6b:c5:9f:22:bd:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a304ba34b61a15e3797ffd4d1ae8c218c1c7bf
        Validity
            Not Before: Mar 16 10:03:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22527eb0afac9bff940398e29e5f3a57cb9448e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:14:0d:b3:ac:59:35:9e:76:7d:0a:d1:e9:0d:
                    77:8a:76:1b:1c:4f:8f:53:81:9a:6f:c5:69:52:10:
                    6c:31:f5:b3:b3:b3:d1:e5:28:0f:b1:d5:97:7c:d0:
                    83:7c:1e:91:6c:69:4e:c9:64:64:3f:46:8e:6c:8c:
                    cd:b7:7c:b3:d4:6b:7d:89:2b:b2:87:18:8b:45:78:
                    5a:c9:99:d5:98:16:8b:b0:a1:45:6b:fc:bb:4d:04:
                    32:b5:1d:30:a3:ab:34:93:dc:71:83:d2:80:ea:60:
                    fa:23:b3:01:6f:7c:0f:42:49:ef:ad:fa:38:2c:d0:
                    93:2b:45:11:b0:0c:03:42:12:d9:a9:1c:01:9d:ad:
                    48:73:53:89:95:64:d7:47:67:25:52:a9:88:1a:dc:
                    14:d0:8c:43:bb:34:b2:46:94:66:94:7a:d4:37:20:
                    04:99:b2:22:62:7f:cb:68:5c:f4:79:78:08:71:87:
                    7c:6e:72:a7:06:df:9e:73:0f:c5:99:f9:88:1e:ec:
                    36:2f:0a:3e:8f:e3:ae:6f:7e:21:de:b1:e4:99:0a:
                    fa:2f:0a:2a:42:cf:60:04:a7:e2:61:47:bf:4d:0f:
                    7c:2f:0c:ae:04:8a:81:4a:2c:80:a7:c5:50:88:f3:
                    68:dd:42:51:8e:61:b9:39:3f:70:ad:5d:90:c1:2c:
                    c1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:52:7E:B0:AF:AC:9B:FF:94:03:98:E2:9E:5F:3A:57:CB:94:48:E3
            X509v3 Authority Key Identifier:
                keyid:79:A3:04:BA:34:B6:1A:15:E3:79:7F:FD:4D:1A:E8:C2:18:C1:C7:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaMEujS2GhXjeX_9TRrowhjBx78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/IlJ-sK-sm_-UA5jinl86V8uUSOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e60107-19f3-4194-bc2f-99a0d29ba563/1/eaMEujS2GhXjeX_9TRrowhjBx78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.111.0/24
                IPv6:
                  2a12:c040::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:6f:ed:fa:d9:e1:e7:cf:40:e2:99:56:f2:7a:4f:b9:5d:07:
         0c:e9:30:75:4d:3f:fb:16:4c:0a:8a:ac:71:4b:61:87:02:18:
         d2:6a:4a:d3:60:d4:9b:78:ba:87:7c:81:29:d9:09:e5:d3:c9:
         2e:91:df:89:50:72:6d:46:a3:a8:23:ea:1e:73:ce:87:4b:a0:
         73:78:47:3c:b4:d3:7c:f0:32:74:26:ca:62:74:2c:bc:ed:c1:
         b9:5f:36:ab:1a:aa:b1:0d:0b:bc:ad:76:ed:00:a6:0f:d0:b2:
         08:08:f6:04:35:4f:d3:0f:37:d9:3c:5d:5c:a9:ea:29:a3:86:
         19:fe:6b:45:7b:24:b3:f5:b8:fc:78:f5:07:1c:cf:cc:c2:a2:
         f6:3e:72:0e:94:e3:20:e0:c7:99:f3:6a:5d:01:d7:0c:73:b3:
         e2:39:78:40:4c:e5:bf:10:e1:26:b6:b4:78:79:ac:0d:f4:54:
         76:41:c7:68:46:77:72:d4:52:c6:50:87:1f:06:ad:11:47:a5:
         28:8d:92:20:c0:1b:f8:d1:1d:2b:58:90:db:f8:33:ac:01:bd:
         e6:86:d3:27:16:9a:79:32:93:31:4f:fa:01:98:d9:c3:ac:67:
         b3:bc:6e:9f:c3:87:47:e7:67:06:5a:72:a6:a9:13:1f:3c:f2:
         a9:f8:90:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5Gt2jX/yHG2H8Oa8WfIr3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTMwNGJhMzRiNjFhMTVlMzc5N2ZmZDRkMWFlOGMyMThj
MWM3YmYwHhcNMjQwMzE2MTAwMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjUyN2ViMGFmYWM5YmZmOTQwMzk4ZTI5ZTVmM2E1N2NiOTQ0OGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRQNs6xZNZ52fQrR6Q13inYbHE+P
U4Gab8VpUhBsMfWzs7PR5SgPsdWXfNCDfB6RbGlOyWRkP0aObIzNt3yz1Gt9iSuy
hxiLRXhayZnVmBaLsKFFa/y7TQQytR0wo6s0k9xxg9KA6mD6I7MBb3wPQknvrfo4
LNCTK0URsAwDQhLZqRwBna1Ic1OJlWTXR2clUqmIGtwU0IxDuzSyRpRmlHrUNyAE
mbIiYn/LaFz0eXgIcYd8bnKnBt+ecw/FmfmIHuw2Lwo+j+Oub34h3rHkmQr6Lwoq
Qs9gBKfiYUe/TQ98LwyuBIqBSiyAp8VQiPNo3UJRjmG5OT9wrV2QwSzBMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCJSfrCvrJv/lAOY4p5fOlfLlEjjMB8GA1UdIwQY
MBaAFHmjBLo0thoV43l//U0a6MIYwce/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFNRXVqUzJHaFhqZVhfOVRScm93aGpCeDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lNjAxMDctMTlmMy00MTk0LWJjMmYt
OTlhMGQyOWJhNTYzLzEvSWxKLXNLLXNtXy1VQTVqaW5sODZWOHVVU09NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lNjAxMDctMTlmMy00MTk0LWJjMmYtOTlhMGQyOWJhNTYz
LzEvZWFNRXVqUzJHaFhqZVhfOVRScm93aGpCeDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRdvMA0E
AgACMAcDBQMqEsBAMA0GCSqGSIb3DQEBCwUAA4IBAQBib+362eHnz0DimVbyek+5
XQcM6TB1TT/7FkwKiqxxS2GHAhjSakrTYNSbeLqHfIEp2Qnl08kukd+JUHJtRqOo
I+oec86HS6BzeEc8tNN88DJ0JspidCy87cG5XzarGqqxDQu8rXbtAKYP0LIICPYE
NU/TDzfZPF1cqeopo4YZ/mtFeySz9bj8ePUHHM/MwqL2PnIOlOMg4MeZ82pdAdcM
c7PiOXhATOW/EOEmtrR4eawN9FR2QcdoRndy1FLGUIcfBq0RR6UojZIgwBv40R0r
WJDb+DOsAb3mhtMnFpp5MpMxT/oBmNnDrGezvG6fw4dH52cGWnKmqRMfPPKp+JDI
-----END CERTIFICATE-----