Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/IgJxqx1RDSYiq7prAwWjxvcNkwQ.roa
File:                     IgJxqx1RDSYiq7prAwWjxvcNkwQ.roa (raw, json)
Hash identifier:          1pwbbPa/AeitnQajY0szeg2zYFAQpPzuEHRIYfExT4Y=
Subject key identifier:   22:02:71:AB:1D:51:0D:26:22:AB:BA:6B:03:05:A3:C6:F7:0D:93:04
Certificate issuer:       /CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
Certificate serial:       018CCA2B2895A678B136C9987669F519A192
Authority key identifier: 90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/IgJxqx1RDSYiq7prAwWjxvcNkwQ.roa
Signing time:             Tue 02 Jan 2024 12:34:35 +0000
ROA not before:           Tue 02 Jan 2024 12:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42532
IP address blocks:        94.158.218.0/24 maxlen: 24
                          94.158.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:28:95:a6:78:b1:36:c9:98:76:69:f5:19:a1:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
        Validity
            Not Before: Jan  2 12:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=220271ab1d510d2622abba6b0305a3c6f70d9304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:32:be:c4:29:8c:88:53:86:f4:39:fb:69:33:
                    bc:fd:3e:ec:46:cc:99:bc:4c:17:ab:d7:d6:32:0b:
                    90:60:3a:ef:86:b6:ef:08:c1:43:5c:7d:bc:3c:c5:
                    be:f4:e4:53:6b:07:69:a0:5e:05:63:2e:64:c3:30:
                    a2:e3:29:ea:06:37:5c:ea:8a:1f:21:e7:39:b7:a6:
                    89:20:92:da:70:f6:49:62:d1:df:89:57:3d:fb:37:
                    c0:a7:e7:3a:f5:23:fc:28:07:b5:e6:e5:56:19:6f:
                    cb:0f:3c:f3:cf:0d:72:27:22:92:09:6c:c5:d7:0c:
                    2c:3b:00:f2:a2:d5:07:22:cb:29:d5:0f:92:87:e1:
                    3a:65:96:99:17:30:72:ac:71:8d:59:2d:18:52:4b:
                    b6:c0:39:48:fb:d2:a2:be:d9:a7:24:e5:39:f1:4b:
                    1e:90:34:e8:99:59:e4:e4:68:bf:94:4c:25:0f:59:
                    f9:92:1e:fd:4d:1e:33:b6:ca:57:ac:b9:53:75:82:
                    d8:7b:aa:f6:60:41:61:9c:58:8b:51:4d:1e:d1:00:
                    38:a4:b5:92:9a:d1:5a:4b:a9:54:2d:9b:8e:ba:a8:
                    8c:24:3a:f9:cd:75:ea:48:76:ff:55:a4:5c:0c:41:
                    37:d4:cb:ca:11:76:bf:00:fa:ca:86:13:27:91:32:
                    80:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:02:71:AB:1D:51:0D:26:22:AB:BA:6B:03:05:A3:C6:F7:0D:93:04
            X509v3 Authority Key Identifier:
                keyid:90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/IgJxqx1RDSYiq7prAwWjxvcNkwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:45:93:d2:ee:f9:5c:6a:67:ed:f1:d3:0d:36:8b:9e:4e:03:
         b5:0d:68:5e:58:af:70:a2:5c:7d:c2:d1:e8:e0:89:f1:5b:62:
         cc:c7:7e:04:1a:66:b4:14:b3:1f:22:05:72:47:bc:bb:e0:e1:
         b7:bf:c0:a6:fa:ea:c3:3a:a6:a7:f0:a0:ae:25:a6:dc:6f:c1:
         a5:7b:09:7a:25:f4:bf:82:be:ce:30:c3:aa:4a:1b:f1:b6:06:
         81:9f:f9:7f:7c:f8:16:42:6d:eb:b2:bd:e0:0e:e7:ff:1f:6f:
         83:75:fc:38:26:04:67:34:cd:50:8c:56:e2:52:d8:f2:de:e9:
         0e:91:fb:2a:5e:43:a5:3c:1a:7e:81:21:fc:12:c0:bc:22:b1:
         97:23:6e:3c:45:d9:13:41:73:36:83:5f:96:72:45:b9:46:32:
         60:f9:e8:71:d5:61:8c:57:14:16:0b:7d:57:d4:84:0c:be:ee:
         98:07:ca:48:f6:9d:e0:84:8b:a2:4f:5f:cd:a4:5d:30:c2:0d:
         6b:74:5f:1c:37:96:b0:6d:59:bb:57:64:91:b2:cd:d7:d6:38:
         43:82:bb:bf:55:f8:01:cd:21:57:ab:35:b6:79:f1:d5:93:fa:
         9a:bf:74:5e:be:bf:a5:a4:ae:3f:63:c2:3d:4d:7d:03:65:95:
         23:5b:06:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKyiVpnixNsmYdmn1GaGSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOTgxNTNiZGUwZTM0NTg0YmFjOTFmYTE4NjhkN2VmMjRk
NjhiY2YwHhcNMjQwMTAyMTIzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjAyNzFhYjFkNTEwZDI2MjJhYmJhNmIwMzA1YTNjNmY3MGQ5MzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7TK+xCmMiFOG9Dn7aTO8/T7sRsyZ
vEwXq9fWMguQYDrvhrbvCMFDXH28PMW+9ORTawdpoF4FYy5kwzCi4ynqBjdc6oof
Iec5t6aJIJLacPZJYtHfiVc9+zfAp+c69SP8KAe15uVWGW/LDzzzzw1yJyKSCWzF
1wwsOwDyotUHIssp1Q+Sh+E6ZZaZFzByrHGNWS0YUku2wDlI+9KivtmnJOU58Use
kDTomVnk5Gi/lEwlD1n5kh79TR4ztspXrLlTdYLYe6r2YEFhnFiLUU0e0QA4pLWS
mtFaS6lULZuOuqiMJDr5zXXqSHb/VaRcDEE31MvKEXa/APrKhhMnkTKAswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCICcasdUQ0mIqu6awMFo8b3DZMEMB8GA1UdIwQY
MBaAFJCYFTveDjRYS6yR+hho1+8k1ovPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0Yjct
MmY5MzNkOTg5NmUwLzEvSWdKeHF4MVJEU1lpcTdwckF3V2p4dmNOa3dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0YjctMmY5MzNkOTg5NmUw
LzEva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXp7aMA0G
CSqGSIb3DQEBCwUAA4IBAQCARZPS7vlcamft8dMNNoueTgO1DWheWK9wolx9wtHo
4InxW2LMx34EGma0FLMfIgVyR7y74OG3v8Cm+urDOqan8KCuJabcb8Glewl6JfS/
gr7OMMOqShvxtgaBn/l/fPgWQm3rsr3gDuf/H2+Ddfw4JgRnNM1QjFbiUtjy3ukO
kfsqXkOlPBp+gSH8EsC8IrGXI248RdkTQXM2g1+WckW5RjJg+ehx1WGMVxQWC31X
1IQMvu6YB8pI9p3ghIuiT1/NpF0wwg1rdF8cN5awbVm7V2SRss3X1jhDgru/VfgB
zSFXqzW2efHVk/qav3Revr+lpK4/Y8I9TX0DZZUjWwaW
-----END CERTIFICATE-----