Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/a3d8f5-0d3c-42fa-8c69-b9c0df70ad3f/1/iN8BBLwmfe7UCPC0pMUlxs-iT0w.roa
File:                     iN8BBLwmfe7UCPC0pMUlxs-iT0w.roa (raw, json)
Hash identifier:          w4CwpS1jS4Nnf6pQrwwC5qLyyv+UyMClkhaHkyIdjMk=
Subject key identifier:   88:DF:01:04:BC:26:7D:EE:D4:08:F0:B4:A4:C5:25:C6:CF:A2:4F:4C
Certificate issuer:       /CN=a40043b3e13aed397f8932cf5d13ff4f4aafe6ba
Certificate serial:       018CC56DE5F6682703F7B33E1A96F9B22F42
Authority key identifier: A4:00:43:B3:E1:3A:ED:39:7F:89:32:CF:5D:13:FF:4F:4A:AF:E6:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pABDs-E67Tl_iTLPXRP_T0qv5ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/a3d8f5-0d3c-42fa-8c69-b9c0df70ad3f/1/iN8BBLwmfe7UCPC0pMUlxs-iT0w.roa
Signing time:             Mon 01 Jan 2024 14:29:22 +0000
ROA not before:           Mon 01 Jan 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204285
IP address blocks:        185.254.117.0/24 maxlen: 24
                          185.254.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/a3d8f5-0d3c-42fa-8c69-b9c0df70ad3f/1/pABDs-E67Tl_iTLPXRP_T0qv5ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/a3d8f5-0d3c-42fa-8c69-b9c0df70ad3f/1/pABDs-E67Tl_iTLPXRP_T0qv5ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pABDs-E67Tl_iTLPXRP_T0qv5ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e5:f6:68:27:03:f7:b3:3e:1a:96:f9:b2:2f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a40043b3e13aed397f8932cf5d13ff4f4aafe6ba
        Validity
            Not Before: Jan  1 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88df0104bc267deed408f0b4a4c525c6cfa24f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9d:c3:b8:64:38:61:50:47:54:50:21:f0:1e:
                    0a:b6:ac:27:d8:d8:ae:f4:2d:f7:94:76:1f:59:65:
                    88:5e:92:f6:a7:3e:14:f5:de:65:c0:df:06:67:8e:
                    3e:22:2f:73:a1:87:58:64:b3:f8:fb:76:79:4b:98:
                    4a:0a:ff:02:3b:54:15:25:b2:f9:54:e9:1e:fc:a4:
                    da:0d:c8:46:eb:74:1b:67:e4:45:1a:90:fd:10:7d:
                    98:f5:3a:01:1d:97:65:75:e0:b1:b9:7a:77:b1:54:
                    04:44:1a:83:8b:6d:d3:98:1c:8d:30:eb:de:fa:b4:
                    0a:55:05:a8:c1:69:35:9d:9e:4f:b3:ff:cb:7a:25:
                    86:92:55:d9:c8:96:c9:81:a6:30:7e:e0:cb:14:ae:
                    fa:d2:65:e8:af:b4:94:83:df:39:b8:08:de:aa:6a:
                    6e:d8:71:21:01:71:4b:7d:d9:88:2c:0a:ba:d9:19:
                    09:9f:cb:6a:78:47:c0:f4:0f:86:c8:4b:4e:c0:2f:
                    05:f2:b9:98:4d:0e:ab:72:85:6c:96:55:4f:4f:85:
                    26:6d:f8:6d:8d:bd:73:68:a6:39:3f:67:77:56:7e:
                    35:9c:d1:7a:59:24:cc:4a:73:04:bf:04:43:a8:b1:
                    85:b2:b3:c8:cc:ff:41:a9:35:32:a3:09:3b:26:9a:
                    44:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:DF:01:04:BC:26:7D:EE:D4:08:F0:B4:A4:C5:25:C6:CF:A2:4F:4C
            X509v3 Authority Key Identifier:
                keyid:A4:00:43:B3:E1:3A:ED:39:7F:89:32:CF:5D:13:FF:4F:4A:AF:E6:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pABDs-E67Tl_iTLPXRP_T0qv5ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a3d8f5-0d3c-42fa-8c69-b9c0df70ad3f/1/iN8BBLwmfe7UCPC0pMUlxs-iT0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a3d8f5-0d3c-42fa-8c69-b9c0df70ad3f/1/pABDs-E67Tl_iTLPXRP_T0qv5ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:b1:be:c6:a4:4d:0b:25:8c:a5:55:f7:56:83:e9:7e:3c:54:
         89:d9:cd:aa:1f:f7:3a:21:ab:c3:64:c6:ce:67:e7:0b:a6:0d:
         86:67:14:b5:b0:ef:e0:a7:2b:d4:71:27:b7:11:30:c8:1c:d0:
         b0:b7:e1:c6:03:1c:d9:58:92:90:68:ff:97:02:c9:b6:35:96:
         fe:bb:f0:71:29:07:14:79:dc:15:70:11:57:ab:77:5d:0f:9e:
         6f:2a:c9:e9:22:03:15:f7:b0:b5:42:fa:5a:b8:a5:92:e5:7f:
         fe:df:0f:01:5e:9c:dc:50:98:6b:2a:43:24:c0:3f:0a:e5:37:
         ba:ef:54:a9:87:a9:41:10:44:b3:5d:e9:66:01:24:14:d5:ff:
         40:e5:75:54:4b:42:61:56:34:c9:21:62:02:b5:1f:33:53:00:
         6a:11:59:79:c3:ae:d6:37:2e:45:ba:0e:43:2c:fa:30:d7:f1:
         9f:da:4c:50:16:04:ac:2b:47:66:71:12:43:fb:c4:40:c4:6f:
         37:db:73:c3:94:34:ac:97:6a:8d:b1:d8:2c:7d:8f:d2:91:b2:
         f0:3a:4c:a9:7e:a5:ff:6b:28:da:01:1d:30:f8:ee:f4:80:17:
         84:b9:3b:88:b2:a5:cd:ad:a6:ab:7e:7e:94:69:0d:1d:01:b5:
         cb:ab:39:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeX2aCcD97M+Gpb5si9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MDA0M2IzZTEzYWVkMzk3Zjg5MzJjZjVkMTNmZjRmNGFh
ZmU2YmEwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGRmMDEwNGJjMjY3ZGVlZDQwOGYwYjRhNGM1MjVjNmNmYTI0ZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhp3DuGQ4YVBHVFAh8B4Ktqwn2Niu
9C33lHYfWWWIXpL2pz4U9d5lwN8GZ44+Ii9zoYdYZLP4+3Z5S5hKCv8CO1QVJbL5
VOke/KTaDchG63QbZ+RFGpD9EH2Y9ToBHZdldeCxuXp3sVQERBqDi23TmByNMOve
+rQKVQWowWk1nZ5Ps//LeiWGklXZyJbJgaYwfuDLFK760mXor7SUg985uAjeqmpu
2HEhAXFLfdmILAq62RkJn8tqeEfA9A+GyEtOwC8F8rmYTQ6rcoVsllVPT4Umbfht
jb1zaKY5P2d3Vn41nNF6WSTMSnMEvwRDqLGFsrPIzP9BqTUyowk7JppEpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjfAQS8Jn3u1AjwtKTFJcbPok9MMB8GA1UdIwQY
MBaAFKQAQ7PhOu05f4kyz10T/09Kr+a6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEFCRHMtRTY3VGxfaVRMUFhSUF9UMHF2NXJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9hM2Q4ZjUtMGQzYy00MmZhLThjNjkt
YjljMGRmNzBhZDNmLzEvaU44QkJMd21mZTdVQ1BDMHBNVWx4cy1pVDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9hM2Q4ZjUtMGQzYy00MmZhLThjNjktYjljMGRmNzBhZDNm
LzEvcEFCRHMtRTY3VGxfaVRMUFhSUF9UMHF2NXJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuf50MA0G
CSqGSIb3DQEBCwUAA4IBAQA9sb7GpE0LJYylVfdWg+l+PFSJ2c2qH/c6IavDZMbO
Z+cLpg2GZxS1sO/gpyvUcSe3ETDIHNCwt+HGAxzZWJKQaP+XAsm2NZb+u/BxKQcU
edwVcBFXq3ddD55vKsnpIgMV97C1QvpauKWS5X/+3w8BXpzcUJhrKkMkwD8K5Te6
71Sph6lBEESzXelmASQU1f9A5XVUS0JhVjTJIWICtR8zUwBqEVl5w67WNy5Fug5D
LPow1/Gf2kxQFgSsK0dmcRJD+8RAxG8323PDlDSsl2qNsdgsfY/SkbLwOkypfqX/
ayjaAR0w+O70gBeEuTuIsqXNraarfn6UaQ0dAbXLqzn3
-----END CERTIFICATE-----