Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/IQ9mkXsk_VOOFgsv0t7hacRUbKA.roa
File:                     IQ9mkXsk_VOOFgsv0t7hacRUbKA.roa (raw, json)
Hash identifier:          qwhUX4sWkekXHdNCZorv7/myQdgQ4C6MzSsXdZ5LuRo=
Subject key identifier:   21:0F:66:91:7B:24:FD:53:8E:16:0B:2F:D2:DE:E1:69:C4:54:6C:A0
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       018CC64A7350EFD8D4A7EA0FE05532B2FF43
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/IQ9mkXsk_VOOFgsv0t7hacRUbKA.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     158
IP address blocks:        194.237.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:73:50:ef:d8:d4:a7:ea:0f:e0:55:32:b2:ff:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=210f66917b24fd538e160b2fd2dee169c4546ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d1:1f:ad:2b:6d:ee:d9:24:e7:2c:2f:07:fc:
                    ee:c7:f7:69:85:06:91:6b:40:4c:83:e9:38:76:f8:
                    8f:b6:b1:5a:ca:95:67:0a:fd:50:ba:e6:40:9e:f7:
                    b4:e0:0c:11:ba:0f:0b:50:7e:bc:be:d7:a6:49:5e:
                    2f:40:79:56:4e:ff:9a:26:2d:e5:3e:f4:5d:4e:f3:
                    17:c6:ff:b0:59:29:e4:94:4e:bd:19:94:18:63:f6:
                    19:07:b0:66:5f:4c:3b:4a:f3:07:f5:ab:97:29:d9:
                    97:3c:b1:b2:ea:f7:2d:9e:0e:ee:5a:57:69:f1:19:
                    7f:27:9e:18:02:3d:e4:35:0a:35:d2:f8:56:7c:9f:
                    5a:dc:19:34:7f:cb:af:e6:e3:8b:90:a3:f6:d3:1e:
                    22:d6:6b:bf:9d:64:c0:22:f9:2d:f8:b8:f6:14:cd:
                    ba:da:22:a4:75:82:f6:b5:20:7d:8b:35:aa:01:f0:
                    81:35:f0:99:2e:5b:3a:43:86:98:94:b5:88:b3:92:
                    12:40:9d:87:6a:64:08:f8:73:6b:33:62:02:50:6c:
                    2f:41:66:87:a5:73:15:3d:e8:b9:ce:14:bf:cc:68:
                    0a:58:d5:8c:a9:3b:8d:c6:84:e0:3a:ec:aa:ca:84:
                    8a:af:64:47:a9:9e:01:3d:b4:1d:d0:0e:5a:ab:4b:
                    8f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0F:66:91:7B:24:FD:53:8E:16:0B:2F:D2:DE:E1:69:C4:54:6C:A0
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/IQ9mkXsk_VOOFgsv0t7hacRUbKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.237.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:40:39:fa:16:1e:6f:0d:69:6a:ee:3b:b2:e7:b5:e4:b0:18:
         25:e6:0b:fa:39:a2:99:92:62:dd:7f:05:6f:cc:82:ee:38:b1:
         8c:ef:3b:54:6e:71:b6:a1:30:7f:46:9b:4d:f9:8b:c0:ff:4e:
         45:2f:10:dd:0d:38:b6:25:84:42:5f:85:75:c0:30:c2:b3:75:
         e7:e3:45:4d:d3:16:5c:a8:f6:5b:e9:ad:2d:88:09:24:98:be:
         38:59:04:16:3c:fa:ae:cf:ed:11:ee:45:91:ad:77:fe:9b:c2:
         69:52:59:be:72:ba:c6:4e:13:10:90:ef:2c:db:df:ec:ba:cb:
         2a:b0:bf:0f:dc:df:91:e8:d8:2a:a3:94:3b:d4:b3:a4:fd:97:
         da:eb:b4:e9:15:17:b0:7b:08:e2:ee:cd:d9:9f:35:78:86:db:
         af:d2:bf:b8:1d:e8:ff:51:40:ec:6c:48:4b:28:93:2c:92:3f:
         b9:9f:0e:6e:b7:09:c9:55:06:d6:22:72:d0:55:99:10:b6:25:
         98:ce:31:13:84:05:f4:80:b4:58:45:67:59:39:f2:6a:97:30:
         69:22:f9:e1:9f:a5:d3:d7:48:0d:4f:0e:14:f3:a1:7f:d4:32:
         44:e2:74:46:5b:d5:19:f6:08:b6:a2:36:15:6b:a9:14:57:cb:
         8d:83:ab:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnNQ79jUp+oP4FUysv9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBmNjY5MTdiMjRmZDUzOGUxNjBiMmZkMmRlZTE2OWM0NTQ2Y2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntEfrStt7tkk5ywvB/zux/dphQaR
a0BMg+k4dviPtrFaypVnCv1QuuZAnve04AwRug8LUH68vtemSV4vQHlWTv+aJi3l
PvRdTvMXxv+wWSnklE69GZQYY/YZB7BmX0w7SvMH9auXKdmXPLGy6vctng7uWldp
8Rl/J54YAj3kNQo10vhWfJ9a3Bk0f8uv5uOLkKP20x4i1mu/nWTAIvkt+Lj2FM26
2iKkdYL2tSB9izWqAfCBNfCZLls6Q4aYlLWIs5ISQJ2HamQI+HNrM2ICUGwvQWaH
pXMVPei5zhS/zGgKWNWMqTuNxoTgOuyqyoSKr2RHqZ4BPbQd0A5aq0uPNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEPZpF7JP1TjhYLL9Le4WnEVGygMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvSVE5bWtYc2tfVk9PRmdzdjB0N2hhY1JVYktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwu2OMA0G
CSqGSIb3DQEBCwUAA4IBAQA2QDn6Fh5vDWlq7juy57XksBgl5gv6OaKZkmLdfwVv
zILuOLGM7ztUbnG2oTB/RptN+YvA/05FLxDdDTi2JYRCX4V1wDDCs3Xn40VN0xZc
qPZb6a0tiAkkmL44WQQWPPquz+0R7kWRrXf+m8JpUlm+crrGThMQkO8s29/sussq
sL8P3N+R6Ngqo5Q71LOk/Zfa67TpFRewewji7s3ZnzV4htuv0r+4Hej/UUDsbEhL
KJMskj+5nw5utwnJVQbWInLQVZkQtiWYzjEThAX0gLRYRWdZOfJqlzBpIvnhn6XT
10gNTw4U86F/1DJE4nRGW9UZ9gi2ojYVa6kUV8uNg6sf
-----END CERTIFICATE-----