Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/ce69ca-ca64-4e2e-9c08-b5f405946d4f/1/ikfKkUKp3pNwl9mlo0yips61A-U.roa
File:                     ikfKkUKp3pNwl9mlo0yips61A-U.roa (raw, json)
Hash identifier:          KeOz/jZwjv24/wcyGXp5M4RM5ZJUAjxIuhwSNin2A8U=
Subject key identifier:   8A:47:CA:91:42:A9:DE:93:70:97:D9:A5:A3:4C:A2:A6:CE:B5:03:E5
Certificate issuer:       /CN=05592d788f179cc11ae11580225aebfef5bd8858
Certificate serial:       018CC725AAA97266FF44CCC85145525A2D32
Authority key identifier: 05:59:2D:78:8F:17:9C:C1:1A:E1:15:80:22:5A:EB:FE:F5:BD:88:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVkteI8XnMEa4RWAIlrr_vW9iFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/ce69ca-ca64-4e2e-9c08-b5f405946d4f/1/ikfKkUKp3pNwl9mlo0yips61A-U.roa
Signing time:             Mon 01 Jan 2024 22:29:43 +0000
ROA not before:           Mon 01 Jan 2024 22:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15626
IP address blocks:        171.33.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/ce69ca-ca64-4e2e-9c08-b5f405946d4f/1/BVkteI8XnMEa4RWAIlrr_vW9iFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/ce69ca-ca64-4e2e-9c08-b5f405946d4f/1/BVkteI8XnMEa4RWAIlrr_vW9iFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVkteI8XnMEa4RWAIlrr_vW9iFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:aa:a9:72:66:ff:44:cc:c8:51:45:52:5a:2d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05592d788f179cc11ae11580225aebfef5bd8858
        Validity
            Not Before: Jan  1 22:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a47ca9142a9de937097d9a5a34ca2a6ceb503e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7a:da:a5:9b:21:b6:92:ff:10:6d:34:50:66:
                    4a:bd:ef:3e:97:85:ca:87:16:59:9f:78:46:49:28:
                    7d:c8:90:44:db:9f:df:b0:81:cb:d9:18:33:a5:1c:
                    a3:a2:d3:20:79:08:c9:c5:e7:84:c0:8d:73:c8:dd:
                    59:a4:15:cf:53:03:65:a9:04:4c:f9:d7:62:56:6c:
                    4b:91:8b:2f:7b:04:f6:42:78:16:5d:31:ec:71:4a:
                    c7:9a:be:ef:27:cc:55:2c:ad:4d:1a:2e:8e:c5:ff:
                    0d:9e:52:95:1d:9e:7a:02:77:08:f8:86:45:5c:66:
                    16:ab:21:56:38:93:06:69:70:41:fa:36:71:99:e1:
                    4c:f5:e8:35:68:aa:32:e1:60:fd:46:6a:f7:d0:49:
                    64:50:8d:3f:be:cc:ca:f6:56:ae:be:12:2c:bd:40:
                    49:da:19:e3:fa:aa:15:a8:1c:08:a2:c6:db:0f:a6:
                    0f:bd:72:6e:b4:d5:47:db:7a:2c:d0:9a:fa:a0:1e:
                    89:04:64:ec:dd:00:b9:c7:9e:24:d2:6c:9d:3f:e3:
                    97:5d:fa:63:12:9a:b7:b8:f5:0f:67:c8:47:8d:97:
                    e9:1b:fe:01:88:98:ca:4b:54:30:3d:f9:1e:f3:3d:
                    c3:e3:64:6f:cd:78:36:0d:63:61:d3:00:56:d7:70:
                    f3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:47:CA:91:42:A9:DE:93:70:97:D9:A5:A3:4C:A2:A6:CE:B5:03:E5
            X509v3 Authority Key Identifier:
                keyid:05:59:2D:78:8F:17:9C:C1:1A:E1:15:80:22:5A:EB:FE:F5:BD:88:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVkteI8XnMEa4RWAIlrr_vW9iFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/ce69ca-ca64-4e2e-9c08-b5f405946d4f/1/ikfKkUKp3pNwl9mlo0yips61A-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/ce69ca-ca64-4e2e-9c08-b5f405946d4f/1/BVkteI8XnMEa4RWAIlrr_vW9iFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.33.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:b5:92:10:96:38:c3:ba:2e:49:b8:ac:57:d8:f2:32:24:50:
         de:8f:8c:f9:3d:dc:5c:4f:e4:95:23:47:ae:83:b2:e7:6e:72:
         9d:dd:84:21:b9:16:44:21:28:9b:60:98:a0:05:05:d0:da:b9:
         a8:70:03:ab:0b:05:e4:82:b1:12:86:af:5f:6a:28:90:73:98:
         a4:44:52:b2:1a:74:7f:79:4e:67:a4:66:75:25:ba:a5:69:a4:
         03:d6:9a:44:e0:23:17:c8:ce:ce:23:03:80:6f:68:ea:64:dc:
         64:54:cb:e5:4a:19:c6:8d:10:5b:74:a5:7a:93:fc:28:7c:1a:
         62:e6:93:f7:09:79:7b:3f:b3:61:b3:cd:b9:96:56:47:67:d2:
         d2:64:ee:8a:a0:6f:d3:d7:45:71:b7:02:24:21:e8:f4:76:1c:
         ee:be:b1:9d:55:7f:6c:24:54:0f:ee:6e:cd:a6:a8:be:f3:69:
         28:7b:89:f5:0c:65:f4:3d:1d:9e:67:27:08:8d:24:45:82:06:
         09:45:e4:2f:da:31:a8:5e:ba:c6:42:25:6d:be:ce:c2:c2:82:
         08:b5:fe:70:72:f6:4a:72:94:d9:64:5d:cc:20:1a:43:4b:d3:
         1c:f5:7a:7a:2d:f5:d0:65:75:33:5d:69:20:5a:26:26:6b:3d:
         bf:b4:aa:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJaqpcmb/RMzIUUVSWi0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTkyZDc4OGYxNzljYzExYWUxMTU4MDIyNWFlYmZlZjVi
ZDg4NTgwHhcNMjQwMTAxMjIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ3Y2E5MTQyYTlkZTkzNzA5N2Q5YTVhMzRjYTJhNmNlYjUwM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnrapZshtpL/EG00UGZKve8+l4XK
hxZZn3hGSSh9yJBE25/fsIHL2RgzpRyjotMgeQjJxeeEwI1zyN1ZpBXPUwNlqQRM
+ddiVmxLkYsvewT2QngWXTHscUrHmr7vJ8xVLK1NGi6Oxf8NnlKVHZ56AncI+IZF
XGYWqyFWOJMGaXBB+jZxmeFM9eg1aKoy4WD9Rmr30ElkUI0/vszK9lauvhIsvUBJ
2hnj+qoVqBwIosbbD6YPvXJutNVH23os0Jr6oB6JBGTs3QC5x54k0mydP+OXXfpj
Epq3uPUPZ8hHjZfpG/4BiJjKS1QwPfke8z3D42RvzXg2DWNh0wBW13DzVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpHypFCqd6TcJfZpaNMoqbOtQPlMB8GA1UdIwQY
MBaAFAVZLXiPF5zBGuEVgCJa6/71vYhYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZrdGVJOFhuTUVhNFJXQUlscnJfdlc5aUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jZTY5Y2EtY2E2NC00ZTJlLTljMDgt
YjVmNDA1OTQ2ZDRmLzEvaWtmS2tVS3AzcE53bDltbG8weWlwczYxQS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jZTY5Y2EtY2E2NC00ZTJlLTljMDgtYjVmNDA1OTQ2ZDRm
LzEvQlZrdGVJOFhuTUVhNFJXQUlscnJfdlc5aUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqyHxMA0G
CSqGSIb3DQEBCwUAA4IBAQAPtZIQljjDui5JuKxX2PIyJFDej4z5PdxcT+SVI0eu
g7LnbnKd3YQhuRZEISibYJigBQXQ2rmocAOrCwXkgrEShq9faiiQc5ikRFKyGnR/
eU5npGZ1JbqlaaQD1ppE4CMXyM7OIwOAb2jqZNxkVMvlShnGjRBbdKV6k/wofBpi
5pP3CXl7P7Nhs825llZHZ9LSZO6KoG/T10VxtwIkIej0dhzuvrGdVX9sJFQP7m7N
pqi+82koe4n1DGX0PR2eZycIjSRFggYJReQv2jGoXrrGQiVtvs7CwoIItf5wcvZK
cpTZZF3MIBpDS9Mc9Xp6LfXQZXUzXWkgWiYmaz2/tKrw
-----END CERTIFICATE-----