Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/IgEjxACf9MrVS-wP256JW3b7eJs.roa
File:                     IgEjxACf9MrVS-wP256JW3b7eJs.roa (raw, json)
Hash identifier:          L1Fm7PVegB4TDn5da+KEz9erXEqBnriwZ4yECt0mZb4=
Subject key identifier:   22:01:23:C4:00:9F:F4:CA:D5:4B:EC:0F:DB:9E:89:5B:76:FB:78:9B
Certificate issuer:       /CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
Certificate serial:       01926C8C604F9BE2342B7E3961B9FFE53F67
Authority key identifier: 6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/IgEjxACf9MrVS-wP256JW3b7eJs.roa
Signing time:             Tue 08 Oct 2024 14:33:11 +0000
ROA not before:           Tue 08 Oct 2024 14:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.157.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:8c:60:4f:9b:e2:34:2b:7e:39:61:b9:ff:e5:3f:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
        Validity
            Not Before: Oct  8 14:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=220123c4009ff4cad54bec0fdb9e895b76fb789b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:05:c8:b2:52:bb:2f:51:1d:e5:40:63:ef:58:
                    f3:47:fd:03:b1:30:21:10:df:3d:c4:b3:f5:8b:f8:
                    31:ec:df:b5:e9:a8:d9:d1:de:1b:82:62:cc:05:40:
                    77:dd:75:27:73:64:cf:c7:39:6d:22:c1:c9:53:b4:
                    f1:26:ca:b8:51:18:a2:ce:73:08:9b:72:2f:be:36:
                    cc:82:c4:56:c3:35:44:ae:c8:b1:59:70:ad:ad:a9:
                    72:fd:25:b2:4a:45:67:87:85:1c:54:e9:d3:da:3a:
                    fa:19:49:99:8c:5e:5f:16:e9:be:c5:69:4e:83:81:
                    8e:da:bf:e1:06:45:78:06:08:24:5f:7c:c2:6f:d8:
                    93:9c:de:e2:6b:2d:2e:ab:73:58:17:62:d9:7e:f9:
                    52:b3:4d:60:61:7d:58:0e:b4:ef:22:42:9f:84:64:
                    0c:5c:ee:1a:ba:f3:c2:94:e8:e0:42:7b:37:19:fd:
                    30:d1:73:ee:bb:62:de:20:9c:1a:d0:f4:ed:77:f9:
                    fb:39:5f:a9:07:71:84:2c:a2:f4:0e:74:61:96:a3:
                    9f:45:0e:17:5a:0c:91:3e:14:8b:56:e6:75:8b:4f:
                    ea:06:10:f8:7d:a5:70:e0:30:51:44:3f:cc:37:58:
                    dc:52:d9:72:2a:b1:03:5c:d2:5c:ab:c9:2d:dd:31:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:01:23:C4:00:9F:F4:CA:D5:4B:EC:0F:DB:9E:89:5B:76:FB:78:9B
            X509v3 Authority Key Identifier:
                keyid:6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/IgEjxACf9MrVS-wP256JW3b7eJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:6e:07:9c:75:15:2a:8e:60:3a:c1:d9:86:25:4b:88:60:46:
         26:6c:c1:98:5e:93:36:19:4f:13:ca:18:f2:a4:16:63:36:62:
         b5:f6:35:33:ad:38:aa:f0:dc:a6:07:d5:95:45:27:3c:7a:86:
         7f:6d:6e:c9:d8:10:8a:b3:4d:4a:4b:cc:3a:f9:6a:73:63:42:
         90:1f:af:d0:57:46:32:8c:ff:fe:56:62:c2:32:2d:da:21:78:
         73:e8:3b:51:f5:3c:a0:5c:fc:48:d0:51:2e:f6:e3:b5:2d:91:
         bb:5f:39:fe:db:3a:da:3b:db:ac:2e:f8:c5:70:e9:68:93:9b:
         da:65:76:7d:9a:f0:82:65:1e:89:05:f0:6f:d8:05:d6:9f:27:
         63:3e:9b:c7:6e:21:9d:39:9b:98:d4:e2:b6:d4:e1:d7:d6:d0:
         2b:fa:30:0d:28:10:97:a2:95:5e:7f:d4:1b:a6:2c:3d:3a:f6:
         1c:61:57:df:18:35:f2:87:e6:d2:15:7e:06:4b:74:a4:da:73:
         42:0b:71:b5:25:df:2b:e4:27:42:73:20:e6:c1:1f:93:e3:da:
         20:2c:8f:b3:54:17:95:1e:c3:7e:e8:9a:4e:fd:7d:da:f6:0d:
         e1:1a:c4:99:87:c6:56:e0:4f:6c:d9:18:dd:56:f6:9e:52:54:
         72:22:7c:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJsjGBPm+I0K345Ybn/5T9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYTZmOWUzZTI2MjJhNzgxNWEyNTllNThkNTUyNDM5YzI1
NWEzMWIwHhcNMjQxMDA4MTQzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjAxMjNjNDAwOWZmNGNhZDU0YmVjMGZkYjllODk1Yjc2ZmI3ODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAXIslK7L1Ed5UBj71jzR/0DsTAh
EN89xLP1i/gx7N+16ajZ0d4bgmLMBUB33XUnc2TPxzltIsHJU7TxJsq4URiiznMI
m3IvvjbMgsRWwzVErsixWXCtraly/SWySkVnh4UcVOnT2jr6GUmZjF5fFum+xWlO
g4GO2r/hBkV4BggkX3zCb9iTnN7iay0uq3NYF2LZfvlSs01gYX1YDrTvIkKfhGQM
XO4auvPClOjgQns3Gf0w0XPuu2LeIJwa0PTtd/n7OV+pB3GELKL0DnRhlqOfRQ4X
WgyRPhSLVuZ1i0/qBhD4faVw4DBRRD/MN1jcUtlyKrEDXNJcq8kt3TGOAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIBI8QAn/TK1UvsD9ueiVt2+3ibMB8GA1UdIwQY
MBaAFGqm+ePiYip4FaJZ5Y1VJDnCVaMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4Mzct
YzUwNzM0ZDAyMGYwLzEvSWdFanhBQ2Y5TXJWUy13UDI1NkpXM2I3ZUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4MzctYzUwNzM0ZDAyMGYw
LzEvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ3MMA0G
CSqGSIb3DQEBCwUAA4IBAQBxbgecdRUqjmA6wdmGJUuIYEYmbMGYXpM2GU8Tyhjy
pBZjNmK19jUzrTiq8NymB9WVRSc8eoZ/bW7J2BCKs01KS8w6+WpzY0KQH6/QV0Yy
jP/+VmLCMi3aIXhz6DtR9TygXPxI0FEu9uO1LZG7Xzn+2zraO9usLvjFcOlok5va
ZXZ9mvCCZR6JBfBv2AXWnydjPpvHbiGdOZuY1OK21OHX1tAr+jANKBCXopVef9Qb
piw9OvYcYVffGDXyh+bSFX4GS3Sk2nNCC3G1Jd8r5CdCcyDmwR+T49ogLI+zVBeV
HsN+6JpO/X3a9g3hGsSZh8ZW4E9s2RjdVvaeUlRyInyO
-----END CERTIFICATE-----