Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/IbOY8Ni_ZbRII-pOmchjAxAe1eg.roa
File:                     IbOY8Ni_ZbRII-pOmchjAxAe1eg.roa (raw, json)
Hash identifier:          2Fu+OC2U9xtHpUmIcqmaK2ruSG2iseSpWMKJU3QXqIE=
Subject key identifier:   21:B3:98:F0:D8:BF:65:B4:48:23:EA:4E:99:C8:63:03:10:1E:D5:E8
Certificate issuer:       /CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
Certificate serial:       018CC801FB75091AE457DCD85F4A779734B7
Authority key identifier: 00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/IbOY8Ni_ZbRII-pOmchjAxAe1eg.roa
Signing time:             Tue 02 Jan 2024 02:30:22 +0000
ROA not before:           Tue 02 Jan 2024 02:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8609
IP address blocks:        158.162.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:fb:75:09:1a:e4:57:dc:d8:5f:4a:77:97:34:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
        Validity
            Not Before: Jan  2 02:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21b398f0d8bf65b44823ea4e99c86303101ed5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d6:34:80:7d:86:f5:8c:d9:9b:08:df:67:9b:
                    8a:e9:89:46:b9:37:2d:9b:6b:87:a2:c0:95:b6:4b:
                    3e:bc:97:f3:d8:49:eb:99:15:de:e0:23:53:1e:8d:
                    70:8e:cc:00:13:cb:21:70:4c:a2:69:dd:68:f6:42:
                    a1:26:d5:a4:10:5b:bf:59:76:99:08:5e:15:f2:83:
                    7a:b5:59:cf:f4:c4:8f:25:a7:38:58:7d:9e:b9:3d:
                    79:ce:97:89:d8:e0:c9:a3:61:ff:fd:2e:ae:5e:ce:
                    4f:10:5e:1e:bb:cc:97:e1:27:d6:8b:fb:f8:53:1e:
                    da:ae:d0:c6:68:de:8d:43:de:89:65:b2:0d:1c:59:
                    f6:c3:58:d2:bd:5d:a3:6e:2f:9b:35:06:ba:41:c0:
                    f6:7d:30:39:34:80:69:c9:3a:2a:72:25:d4:0d:0b:
                    f9:7e:01:03:42:2e:ab:78:96:a9:4f:8c:68:27:28:
                    b1:64:05:21:b1:67:ef:aa:96:f8:2d:bc:e4:bc:5e:
                    38:b4:33:2d:79:d8:21:b5:ba:ed:d8:eb:44:f6:33:
                    6f:99:15:7e:eb:5f:d8:47:2c:e8:9d:60:89:63:c2:
                    d4:82:f8:10:b5:4d:46:02:99:69:7d:58:49:88:42:
                    1a:49:ad:44:7a:cd:95:da:41:85:c3:7e:75:83:01:
                    d2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B3:98:F0:D8:BF:65:B4:48:23:EA:4E:99:C8:63:03:10:1E:D5:E8
            X509v3 Authority Key Identifier:
                keyid:00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/IbOY8Ni_ZbRII-pOmchjAxAe1eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.162.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:c7:5a:8a:f5:41:8e:8f:00:86:c9:f9:c3:6e:78:0c:0e:1e:
         b4:27:77:0c:30:e5:43:46:6b:6e:60:70:3f:f5:bb:2f:e9:dc:
         45:27:c0:a3:c4:01:83:6c:b3:07:78:1b:88:83:06:38:3d:02:
         1e:80:7c:f5:7e:76:a6:d7:62:3c:e4:2f:ae:79:05:db:85:65:
         8f:ed:c8:d2:81:35:19:f5:50:21:4f:5f:68:07:e3:c1:72:75:
         f5:12:b6:0e:4e:51:72:88:53:9d:97:d5:1b:f2:23:d7:78:f5:
         b5:5e:ac:ec:85:5d:a8:8b:66:13:18:34:c1:3f:dd:1e:2f:1f:
         e5:8a:a2:4d:c7:7f:a5:28:d0:3e:ea:76:67:28:04:af:18:c2:
         92:a6:b6:d2:77:3f:78:c3:84:72:db:1f:a0:8b:75:01:23:df:
         a1:15:02:41:51:f4:7a:12:5f:55:30:3d:ae:a2:9e:7e:61:b9:
         21:b5:f1:fe:e4:00:ec:00:89:81:e1:81:42:04:b8:a1:a3:9b:
         45:01:8e:35:8b:60:d8:40:58:b1:c7:f0:8c:ae:c0:cc:15:c6:
         14:c0:c1:4d:2b:77:3e:eb:76:7e:31:a3:05:2b:bd:2d:d6:9c:
         7f:b9:39:5e:e4:fa:c8:6e:42:df:31:02:9a:e3:4d:77:e9:71:
         82:e8:69:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAft1CRrkV9zYX0p3lzS3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjRjYzQxMmNjMzBmYjJmOWY3YzM3YzNlMzkwYmVjNWU2
MjU2YjAwHhcNMjQwMTAyMDIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWIzOThmMGQ4YmY2NWI0NDgyM2VhNGU5OWM4NjMwMzEwMWVkNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9Y0gH2G9YzZmwjfZ5uK6YlGuTct
m2uHosCVtks+vJfz2EnrmRXe4CNTHo1wjswAE8shcEyiad1o9kKhJtWkEFu/WXaZ
CF4V8oN6tVnP9MSPJac4WH2euT15zpeJ2ODJo2H//S6uXs5PEF4eu8yX4SfWi/v4
Ux7artDGaN6NQ96JZbINHFn2w1jSvV2jbi+bNQa6QcD2fTA5NIBpyToqciXUDQv5
fgEDQi6reJapT4xoJyixZAUhsWfvqpb4LbzkvF44tDMtedghtbrt2OtE9jNvmRV+
61/YRyzonWCJY8LUgvgQtU1GAplpfVhJiEIaSa1Ees2V2kGFw351gwHSAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGzmPDYv2W0SCPqTpnIYwMQHtXoMB8GA1UdIwQY
MBaAFAD0zEEsww+y+ffDfD45C+xeYlawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEt
NWYxNDVjZmQyMDcwLzEvSWJPWThOaV9aYlJJSS1wT21jaGpBeEFlMWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEtNWYxNDVjZmQyMDcw
LzEvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCnqJ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAsx1qK9UGOjwCGyfnDbngMDh60J3cMMOVDRmtuYHA/
9bsv6dxFJ8CjxAGDbLMHeBuIgwY4PQIegHz1fnam12I85C+ueQXbhWWP7cjSgTUZ
9VAhT19oB+PBcnX1ErYOTlFyiFOdl9Ub8iPXePW1XqzshV2oi2YTGDTBP90eLx/l
iqJNx3+lKNA+6nZnKASvGMKSprbSdz94w4Ry2x+gi3UBI9+hFQJBUfR6El9VMD2u
op5+YbkhtfH+5ADsAImB4YFCBLiho5tFAY41i2DYQFixx/CMrsDMFcYUwMFNK3c+
63Z+MaMFK70t1px/uTle5PrIbkLfMQKa40136XGC6GnL
-----END CERTIFICATE-----