Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/33fb90-189b-4e31-b92a-0c18d8597328/1/IvhsguSvRJBn9msutzOif8QTQGw.roa
File:                     IvhsguSvRJBn9msutzOif8QTQGw.roa (raw, json)
Hash identifier:          lc9Q4tSAFqRYBisGAkegcvO3Q2xLC84rQKnj7W9rufU=
Subject key identifier:   22:F8:6C:82:E4:AF:44:90:67:F6:6B:2E:B7:33:A2:7F:C4:13:40:6C
Certificate issuer:       /CN=af02fb56b459c7a21a79b68b4e118ab876fc96a5
Certificate serial:       018CC5DC5A65B762883034E2F17CDEC2411C
Authority key identifier: AF:02:FB:56:B4:59:C7:A2:1A:79:B6:8B:4E:11:8A:B8:76:FC:96:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rwL7VrRZx6IaebaLThGKuHb8lqU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/33fb90-189b-4e31-b92a-0c18d8597328/1/IvhsguSvRJBn9msutzOif8QTQGw.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39460
IP address blocks:        195.66.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/33fb90-189b-4e31-b92a-0c18d8597328/1/rwL7VrRZx6IaebaLThGKuHb8lqU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/33fb90-189b-4e31-b92a-0c18d8597328/1/rwL7VrRZx6IaebaLThGKuHb8lqU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rwL7VrRZx6IaebaLThGKuHb8lqU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5a:65:b7:62:88:30:34:e2:f1:7c:de:c2:41:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af02fb56b459c7a21a79b68b4e118ab876fc96a5
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22f86c82e4af449067f66b2eb733a27fc413406c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:38:d0:4b:ba:73:4e:d3:be:12:95:87:0f:02:
                    43:2d:ce:4e:ec:ea:ef:3e:91:e3:7a:99:f5:7d:e0:
                    09:c0:56:22:70:98:ac:10:35:60:c0:c9:ce:3b:64:
                    2c:c1:13:68:48:1e:d7:d3:b9:33:c9:9a:7c:48:36:
                    3e:ec:a9:c8:86:f4:0b:e2:89:88:40:bc:25:d9:90:
                    fe:57:dc:a8:d4:f8:23:01:70:4e:07:f4:3f:f0:0d:
                    c4:d9:45:c5:97:fa:84:b5:65:2f:80:4f:a2:1a:50:
                    2a:78:82:1a:d8:5e:7f:80:07:d8:56:0a:b3:3b:a6:
                    d3:fd:9c:e2:d2:e6:e5:84:54:a5:cc:c4:b5:7e:aa:
                    d7:0c:85:d8:e0:2c:67:90:23:41:c8:18:42:bd:e9:
                    9b:44:8e:04:50:a3:f5:9e:57:ad:f8:22:3a:ef:04:
                    ab:bb:08:a7:5b:09:85:8e:8f:55:fb:07:28:26:75:
                    bb:5e:6c:65:e8:77:dd:12:fc:53:2d:e5:14:0f:74:
                    5a:87:f0:6d:9d:84:ce:e6:68:a1:a5:c2:e0:89:80:
                    38:7b:57:4d:6e:fb:6b:f2:43:2e:44:72:34:e5:87:
                    a8:f7:f2:ff:54:93:d0:c8:0f:75:bd:73:88:38:4f:
                    d8:ba:03:72:a6:67:53:8e:ce:11:a5:66:7c:6c:3a:
                    3d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F8:6C:82:E4:AF:44:90:67:F6:6B:2E:B7:33:A2:7F:C4:13:40:6C
            X509v3 Authority Key Identifier:
                keyid:AF:02:FB:56:B4:59:C7:A2:1A:79:B6:8B:4E:11:8A:B8:76:FC:96:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rwL7VrRZx6IaebaLThGKuHb8lqU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/33fb90-189b-4e31-b92a-0c18d8597328/1/IvhsguSvRJBn9msutzOif8QTQGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/33fb90-189b-4e31-b92a-0c18d8597328/1/rwL7VrRZx6IaebaLThGKuHb8lqU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:f6:4e:8b:92:cb:de:cc:22:a8:aa:b1:b2:5b:a0:7e:96:95:
         f1:fa:72:b0:50:5e:05:06:12:25:d9:2c:74:02:00:f3:45:d0:
         26:eb:7a:b1:fd:60:b5:13:6e:71:7e:d2:54:a6:e6:2d:1d:55:
         5c:d9:ba:7e:26:d1:bf:83:ff:77:60:30:98:5c:ff:38:10:c3:
         4a:ee:4d:03:b7:37:aa:8b:b6:0a:a9:9b:86:aa:f0:41:59:df:
         89:a4:2d:d9:25:8b:05:df:b1:c0:bc:79:13:c3:ee:8b:31:7d:
         e7:e5:79:db:9e:b3:08:4f:c4:16:35:f1:86:f8:d4:cd:4a:82:
         7d:f5:64:37:b8:31:46:b3:f4:96:4d:2f:ca:92:69:75:46:ee:
         dc:24:76:07:8f:76:e3:39:05:f8:dc:4c:a5:bd:f7:63:91:5d:
         f0:79:49:07:2b:74:bd:73:36:5c:a3:b7:33:8c:5d:1f:4c:fc:
         13:33:d5:53:e6:2d:38:4a:7a:44:c3:b8:f9:ec:55:e9:cf:da:
         d2:2b:98:16:cf:cc:2e:bc:59:66:88:bc:ae:ec:51:fa:33:f5:
         c6:4b:45:80:e7:49:37:38:48:85:89:75:80:f1:bd:ab:35:4a:
         ff:0c:2f:f3:c1:6b:c3:08:d1:b8:7e:f9:71:bc:38:d6:4c:35:
         71:a0:6f:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Fplt2KIMDTi8XzewkEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMDJmYjU2YjQ1OWM3YTIxYTc5YjY4YjRlMTE4YWI4NzZm
Yzk2YTUwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY4NmM4MmU0YWY0NDkwNjdmNjZiMmViNzMzYTI3ZmM0MTM0MDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzjQS7pzTtO+EpWHDwJDLc5O7Orv
PpHjepn1feAJwFYicJisEDVgwMnOO2QswRNoSB7X07kzyZp8SDY+7KnIhvQL4omI
QLwl2ZD+V9yo1PgjAXBOB/Q/8A3E2UXFl/qEtWUvgE+iGlAqeIIa2F5/gAfYVgqz
O6bT/Zzi0ublhFSlzMS1fqrXDIXY4CxnkCNByBhCvembRI4EUKP1nlet+CI67wSr
uwinWwmFjo9V+wcoJnW7Xmxl6HfdEvxTLeUUD3Rah/BtnYTO5mihpcLgiYA4e1dN
bvtr8kMuRHI05Yeo9/L/VJPQyA91vXOIOE/YugNypmdTjs4RpWZ8bDo9mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCL4bILkr0SQZ/ZrLrczon/EE0BsMB8GA1UdIwQY
MBaAFK8C+1a0WceiGnm2i04Rirh2/JalMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcndMN1ZyUlp4NklhZWJhTFRoR0t1SGI4bHFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zM2ZiOTAtMTg5Yi00ZTMxLWI5MmEt
MGMxOGQ4NTk3MzI4LzEvSXZoc2d1U3ZSSkJuOW1zdXR6T2lmOFFUUUd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zM2ZiOTAtMTg5Yi00ZTMxLWI5MmEtMGMxOGQ4NTk3MzI4
LzEvcndMN1ZyUlp4NklhZWJhTFRoR0t1SGI4bHFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JcMA0G
CSqGSIb3DQEBCwUAA4IBAQBk9k6LksvezCKoqrGyW6B+lpXx+nKwUF4FBhIl2Sx0
AgDzRdAm63qx/WC1E25xftJUpuYtHVVc2bp+JtG/g/93YDCYXP84EMNK7k0Dtzeq
i7YKqZuGqvBBWd+JpC3ZJYsF37HAvHkTw+6LMX3n5XnbnrMIT8QWNfGG+NTNSoJ9
9WQ3uDFGs/SWTS/Kkml1Ru7cJHYHj3bjOQX43EylvfdjkV3weUkHK3S9czZco7cz
jF0fTPwTM9VT5i04SnpEw7j57FXpz9rSK5gWz8wuvFlmiLyu7FH6M/XGS0WA50k3
OEiFiXWA8b2rNUr/DC/zwWvDCNG4fvlxvDjWTDVxoG84
-----END CERTIFICATE-----