Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/ikbS_HKMwPSlg3MbxLYJZmBMNfk.roa
File:                     ikbS_HKMwPSlg3MbxLYJZmBMNfk.roa (raw, json)
Hash identifier:          xQnzNYA7fV/5hC/1x7Sjg4rqjdZ4jj0P+/his4ijUe0=
Subject key identifier:   8A:46:D2:FC:72:8C:C0:F4:A5:83:73:1B:C4:B6:09:66:60:4C:35:F9
Certificate issuer:       /CN=ef4e1ea65287a24e20c663b5161c1513f00c8a8d
Certificate serial:       018E7D643EEF7C2B4F2B71B960A1F1CBC617
Authority key identifier: EF:4E:1E:A6:52:87:A2:4E:20:C6:63:B5:16:1C:15:13:F0:0C:8A:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/704eplKHok4gxmO1FhwVE_AMio0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/ikbS_HKMwPSlg3MbxLYJZmBMNfk.roa
Signing time:             Wed 27 Mar 2024 00:51:45 +0000
ROA not before:           Wed 27 Mar 2024 00:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1273
IP address blocks:        193.33.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/704eplKHok4gxmO1FhwVE_AMio0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/704eplKHok4gxmO1FhwVE_AMio0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/704eplKHok4gxmO1FhwVE_AMio0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7d:64:3e:ef:7c:2b:4f:2b:71:b9:60:a1:f1:cb:c6:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef4e1ea65287a24e20c663b5161c1513f00c8a8d
        Validity
            Not Before: Mar 27 00:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a46d2fc728cc0f4a583731bc4b60966604c35f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:54:0f:8b:ad:db:fe:7e:09:da:02:e2:1e:d4:
                    58:09:30:83:1c:aa:75:3e:e8:21:b2:94:76:4c:f1:
                    12:1b:a9:b3:32:42:36:fc:66:67:91:0e:b6:f1:cb:
                    09:49:87:1c:75:a6:ac:a2:23:f6:e8:9e:fc:5c:fc:
                    75:23:c8:6f:fd:7c:10:79:ea:6e:80:b8:cf:f2:af:
                    fc:41:1e:60:2c:5a:53:c9:dc:03:65:10:15:e0:81:
                    ca:82:69:e6:40:5f:0e:63:4f:1f:13:47:5c:e2:4e:
                    b6:69:69:37:c2:37:f0:96:99:80:5e:ed:0b:e9:ba:
                    03:c7:c2:11:ac:8f:5d:9a:84:f4:68:77:a0:31:d2:
                    2d:ff:61:da:67:19:26:e8:35:68:48:fe:41:cf:93:
                    b4:3a:79:7f:44:c3:3d:0c:2f:8e:c2:2e:f8:10:cf:
                    45:7d:70:5c:a0:fa:aa:e0:2f:64:26:48:34:d7:ee:
                    16:b6:a4:1f:32:ae:93:f1:dc:fa:72:16:cf:49:5e:
                    c0:61:35:1a:d3:64:01:d6:97:18:f9:0d:30:cf:99:
                    81:c8:09:8b:7f:ab:4c:87:0e:d1:37:e8:f4:66:20:
                    6c:ea:a2:61:26:ac:a4:7f:69:45:54:06:d2:74:5e:
                    14:34:c6:c7:7e:f1:8f:d4:dc:95:3e:90:c9:fd:3b:
                    aa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:46:D2:FC:72:8C:C0:F4:A5:83:73:1B:C4:B6:09:66:60:4C:35:F9
            X509v3 Authority Key Identifier:
                keyid:EF:4E:1E:A6:52:87:A2:4E:20:C6:63:B5:16:1C:15:13:F0:0C:8A:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/704eplKHok4gxmO1FhwVE_AMio0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/ikbS_HKMwPSlg3MbxLYJZmBMNfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/a52ceb-c8c8-4236-a037-60a5743e6e1f/1/704eplKHok4gxmO1FhwVE_AMio0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:20:f2:8d:e8:9d:11:47:78:48:84:b8:a3:e9:71:47:cf:4d:
         c7:2a:0f:7d:25:1d:c7:79:68:da:84:17:8e:8e:b2:e8:8f:52:
         53:b8:a1:f6:90:51:16:ac:5c:f4:a3:86:60:d2:2f:55:4a:c9:
         a8:a6:28:86:65:dc:d9:1c:cd:5f:b6:25:56:b8:27:31:a2:67:
         12:de:1f:6a:66:3e:7a:cc:da:2a:fa:83:9a:9c:67:12:79:ca:
         59:7e:b5:94:b1:64:97:65:14:50:bb:1b:91:c4:51:1e:0e:38:
         2e:85:08:02:ae:5e:de:5a:f6:97:63:a6:50:bf:8b:6d:2b:9a:
         2b:0c:27:09:06:37:b8:5f:34:f9:5b:ba:03:a8:63:b1:09:01:
         c9:f1:42:f8:74:30:42:74:70:01:54:37:44:bb:1b:2e:50:71:
         92:de:ad:f6:03:22:49:28:6f:3c:17:8a:dc:7c:a1:34:5d:b9:
         45:6d:a9:dc:96:47:9a:a6:b7:8a:ae:09:f7:e7:c5:63:bc:41:
         67:98:f5:da:d8:be:e7:2b:b7:25:50:40:e6:26:82:21:fe:b8:
         c9:ca:02:21:cf:22:72:56:a6:75:5a:eb:57:cb:6b:5d:c9:7e:
         b8:f8:34:07:29:6b:e7:8e:f1:a2:92:cc:fa:15:9f:c7:8d:63:
         86:4c:88:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY59ZD7vfCtPK3G5YKHxy8YXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNGUxZWE2NTI4N2EyNGUyMGM2NjNiNTE2MWMxNTEzZjAw
YzhhOGQwHhcNMjQwMzI3MDA1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ2ZDJmYzcyOGNjMGY0YTU4MzczMWJjNGI2MDk2NjYwNGMzNWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVQPi63b/n4J2gLiHtRYCTCDHKp1
PughspR2TPESG6mzMkI2/GZnkQ628csJSYccdaasoiP26J78XPx1I8hv/XwQeepu
gLjP8q/8QR5gLFpTydwDZRAV4IHKgmnmQF8OY08fE0dc4k62aWk3wjfwlpmAXu0L
6boDx8IRrI9dmoT0aHegMdIt/2HaZxkm6DVoSP5Bz5O0Onl/RMM9DC+Owi74EM9F
fXBcoPqq4C9kJkg01+4WtqQfMq6T8dz6chbPSV7AYTUa02QB1pcY+Q0wz5mByAmL
f6tMhw7RN+j0ZiBs6qJhJqykf2lFVAbSdF4UNMbHfvGP1NyVPpDJ/TuqiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpG0vxyjMD0pYNzG8S2CWZgTDX5MB8GA1UdIwQY
MBaAFO9OHqZSh6JOIMZjtRYcFRPwDIqNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzA0ZXBsS0hvazRneG1PMUZod1ZFX0FNaW8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9hNTJjZWItYzhjOC00MjM2LWEwMzct
NjBhNTc0M2U2ZTFmLzEvaWtiU19IS013UFNsZzNNYnhMWUpabUJNTmZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9hNTJjZWItYzhjOC00MjM2LWEwMzctNjBhNTc0M2U2ZTFm
LzEvNzA0ZXBsS0hvazRneG1PMUZod1ZFX0FNaW8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSFsMA0G
CSqGSIb3DQEBCwUAA4IBAQClIPKN6J0RR3hIhLij6XFHz03HKg99JR3HeWjahBeO
jrLoj1JTuKH2kFEWrFz0o4Zg0i9VSsmopiiGZdzZHM1ftiVWuCcxomcS3h9qZj56
zNoq+oOanGcSecpZfrWUsWSXZRRQuxuRxFEeDjguhQgCrl7eWvaXY6ZQv4ttK5or
DCcJBje4XzT5W7oDqGOxCQHJ8UL4dDBCdHABVDdEuxsuUHGS3q32AyJJKG88F4rc
fKE0XblFbanclkeapreKrgn358VjvEFnmPXa2L7nK7clUEDmJoIh/rjJygIhzyJy
VqZ1WutXy2tdyX64+DQHKWvnjvGiksz6FZ/HjWOGTIgJ
-----END CERTIFICATE-----