Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/IbrZwl2n5IYDkHWeTnnEevzphQc.roa
File:                     IbrZwl2n5IYDkHWeTnnEevzphQc.roa (raw, json)
Hash identifier:          b1fQ3soIwAiNc4DdsoMpPaJhCnM+WfgOAAQJ3B4KaGs=
Subject key identifier:   21:BA:D9:C2:5D:A7:E4:86:03:90:75:9E:4E:79:C4:7A:FC:E9:85:07
Certificate issuer:       /CN=24d906b90c1d856673e414f39805be583d230ba7
Certificate serial:       018CCA2A7FDC9B308E4BA5B5B9CF84FD2C55
Authority key identifier: 24:D9:06:B9:0C:1D:85:66:73:E4:14:F3:98:05:BE:58:3D:23:0B:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JNkGuQwdhWZz5BTzmAW-WD0jC6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/IbrZwl2n5IYDkHWeTnnEevzphQc.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48435
IP address blocks:        195.254.184.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/JNkGuQwdhWZz5BTzmAW-WD0jC6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/JNkGuQwdhWZz5BTzmAW-WD0jC6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JNkGuQwdhWZz5BTzmAW-WD0jC6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7f:dc:9b:30:8e:4b:a5:b5:b9:cf:84:fd:2c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24d906b90c1d856673e414f39805be583d230ba7
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21bad9c25da7e4860390759e4e79c47afce98507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f3:90:dc:7d:be:b2:c9:61:65:a1:7f:04:f4:
                    e7:92:fe:df:fa:86:4c:ec:e3:dd:90:0f:90:4d:91:
                    86:cc:b9:2d:1a:fc:e8:e2:6d:81:fd:9e:de:06:42:
                    dd:73:1e:22:d7:df:18:9b:4f:26:93:2d:96:37:8f:
                    c6:e0:1c:fe:84:a6:4c:4f:90:4c:b8:8e:00:fd:ac:
                    b1:f7:7e:90:e3:6d:a5:42:d7:f3:92:cb:65:85:4f:
                    cd:ff:82:07:16:08:f6:61:3a:9e:3b:b6:20:40:4f:
                    88:bb:88:e7:b8:d3:7f:da:e4:e0:4b:b7:76:0c:8b:
                    39:3e:85:c3:d4:8f:82:4e:9c:f4:b3:d4:68:32:8a:
                    6d:df:e0:ed:fc:0f:f6:24:52:71:e8:2a:c5:db:ca:
                    0b:3d:87:4d:fd:4c:d1:9b:65:1a:0a:5f:4a:9d:80:
                    72:69:01:5c:81:21:ad:6d:e7:89:f0:8a:ee:14:a3:
                    55:4f:28:56:00:34:11:2f:82:00:bf:37:0a:1c:f6:
                    e2:09:66:53:5a:8b:ed:27:94:c7:9a:e0:63:87:c7:
                    0e:5d:7b:ff:a0:4c:7c:b5:9b:d2:fd:db:5c:f7:77:
                    93:2b:77:17:4e:ed:ad:8c:5a:93:5e:30:78:c2:c6:
                    88:d8:a8:ed:51:55:3a:bb:48:65:2f:ef:e0:ff:6c:
                    6a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:BA:D9:C2:5D:A7:E4:86:03:90:75:9E:4E:79:C4:7A:FC:E9:85:07
            X509v3 Authority Key Identifier:
                keyid:24:D9:06:B9:0C:1D:85:66:73:E4:14:F3:98:05:BE:58:3D:23:0B:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JNkGuQwdhWZz5BTzmAW-WD0jC6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/IbrZwl2n5IYDkHWeTnnEevzphQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b53db1-1e0e-44d0-a131-4fc28e5098c7/1/JNkGuQwdhWZz5BTzmAW-WD0jC6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:77:c0:65:df:e0:21:b6:e5:3a:dd:6a:81:d1:f9:71:49:6d:
         80:e2:29:89:0d:09:f3:bd:a4:1a:87:9b:e7:1f:5a:a2:fb:65:
         e8:39:4b:72:a3:e8:d3:98:7c:12:d7:7f:7e:8c:75:10:e7:33:
         d2:f3:bb:c8:c8:d8:0d:9a:fa:80:7f:a1:d5:65:59:35:0e:c6:
         6b:eb:c2:d6:cb:ec:bc:04:4b:c3:ee:6b:6e:6b:6a:e3:e7:ed:
         63:2d:df:61:3f:b9:25:1c:24:6f:b4:dc:67:63:54:2c:5b:ea:
         ce:c4:ce:21:bd:80:98:f4:69:79:0c:3b:23:bf:0e:71:f0:a0:
         f6:91:52:81:ac:f9:13:9d:68:b5:f9:8f:2b:16:b0:ae:b0:07:
         a2:d9:b5:df:45:e1:a0:e9:8f:a4:d8:cf:d4:a2:6d:19:3f:de:
         d5:e5:eb:c8:ce:0f:a4:e5:aa:07:81:cc:11:1f:6b:6c:38:a3:
         cb:f0:9f:25:14:a2:ba:3a:6c:db:5b:11:26:a7:63:f4:b2:2e:
         41:c6:64:a2:60:5c:af:ba:8e:21:ef:81:6f:d8:8e:2e:18:d1:
         04:47:4a:5e:2f:5f:49:c1:11:c6:04:0a:7e:1e:d7:07:87:9e:
         a2:3d:2b:b0:cc:5e:64:66:e4:ff:5b:86:fe:95:40:3b:a9:6c:
         c1:f2:f3:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKn/cmzCOS6W1uc+E/SxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZDkwNmI5MGMxZDg1NjY3M2U0MTRmMzk4MDViZTU4M2Qy
MzBiYTcwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWJhZDljMjVkYTdlNDg2MDM5MDc1OWU0ZTc5YzQ3YWZjZTk4NTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPOQ3H2+sslhZaF/BPTnkv7f+oZM
7OPdkA+QTZGGzLktGvzo4m2B/Z7eBkLdcx4i198Ym08mky2WN4/G4Bz+hKZMT5BM
uI4A/ayx936Q422lQtfzkstlhU/N/4IHFgj2YTqeO7YgQE+Iu4jnuNN/2uTgS7d2
DIs5PoXD1I+CTpz0s9RoMopt3+Dt/A/2JFJx6CrF28oLPYdN/UzRm2UaCl9KnYBy
aQFcgSGtbeeJ8IruFKNVTyhWADQRL4IAvzcKHPbiCWZTWovtJ5THmuBjh8cOXXv/
oEx8tZvS/dtc93eTK3cXTu2tjFqTXjB4wsaI2KjtUVU6u0hlL+/g/2xqlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCG62cJdp+SGA5B1nk55xHr86YUHMB8GA1UdIwQY
MBaAFCTZBrkMHYVmc+QU85gFvlg9IwunMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk5rR3VRd2RoV1p6NUJUem1BVy1XRDBqQzZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iNTNkYjEtMWUwZS00NGQwLWExMzEt
NGZjMjhlNTA5OGM3LzEvSWJyWndsMm41SVlEa0hXZVRubkVldnpwaFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iNTNkYjEtMWUwZS00NGQwLWExMzEtNGZjMjhlNTA5OGM3
LzEvSk5rR3VRd2RoV1p6NUJUem1BVy1XRDBqQzZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/64MA0G
CSqGSIb3DQEBCwUAA4IBAQB7d8Bl3+AhtuU63WqB0flxSW2A4imJDQnzvaQah5vn
H1qi+2XoOUtyo+jTmHwS139+jHUQ5zPS87vIyNgNmvqAf6HVZVk1DsZr68LWy+y8
BEvD7mtua2rj5+1jLd9hP7klHCRvtNxnY1QsW+rOxM4hvYCY9Gl5DDsjvw5x8KD2
kVKBrPkTnWi1+Y8rFrCusAei2bXfReGg6Y+k2M/Uom0ZP97V5evIzg+k5aoHgcwR
H2tsOKPL8J8lFKK6OmzbWxEmp2P0si5BxmSiYFyvuo4h74Fv2I4uGNEER0peL19J
wRHGBAp+HtcHh56iPSuwzF5kZuT/W4b+lUA7qWzB8vOg
-----END CERTIFICATE-----