Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/IyRYszOs_kAW9DojXcHVxRmKKtU.roa
File:                     IyRYszOs_kAW9DojXcHVxRmKKtU.roa (raw, json)
Hash identifier:          mhg/c58SxWdr0FDAdazWX4zWELDMSMhXJzA6PG06In4=
Subject key identifier:   23:24:58:B3:33:AC:FE:40:16:F4:3A:23:5D:C1:D5:C5:19:8A:2A:D5
Certificate issuer:       /CN=2e6276136254830bb4907e98c258e493b42aaa3a
Certificate serial:       018CC5003A475E559B09E856AA20AA62D71E
Authority key identifier: 2E:62:76:13:62:54:83:0B:B4:90:7E:98:C2:58:E4:93:B4:2A:AA:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/IyRYszOs_kAW9DojXcHVxRmKKtU.roa
Signing time:             Mon 01 Jan 2024 12:29:35 +0000
ROA not before:           Mon 01 Jan 2024 12:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        194.11.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3a:47:5e:55:9b:09:e8:56:aa:20:aa:62:d7:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6276136254830bb4907e98c258e493b42aaa3a
        Validity
            Not Before: Jan  1 12:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=232458b333acfe4016f43a235dc1d5c5198a2ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b8:7e:bd:b5:d7:fa:51:ae:b5:43:a4:4d:5a:
                    36:f2:22:a5:cd:61:80:4f:d7:23:bc:22:41:12:dd:
                    15:e3:2c:06:13:ff:59:c1:1c:81:df:ab:07:a2:cd:
                    9e:55:7b:59:f4:3c:90:2d:1a:52:1d:b3:8c:4d:bd:
                    1f:ae:ef:46:ea:49:22:a1:a3:ca:be:99:2d:bd:7d:
                    51:40:ce:9c:c5:5c:58:10:97:c1:9d:12:9c:c2:86:
                    62:f8:d8:2a:f0:f5:e0:71:6b:f5:36:bf:5b:dc:8b:
                    ac:6a:e4:3f:dc:ff:b9:ab:d0:07:d1:91:b0:c1:f5:
                    64:b4:88:ff:52:6a:f7:39:1c:47:c2:d7:6b:d7:9a:
                    25:61:26:0f:93:60:98:ac:02:62:a9:76:a1:58:15:
                    80:a3:bf:7c:c2:15:85:c0:d1:ba:d1:1c:3a:be:01:
                    e9:53:d1:28:a6:b3:98:2f:8a:be:4a:28:88:10:68:
                    33:21:18:96:8c:70:9c:44:41:f6:bc:6e:ff:3c:bb:
                    61:88:0e:7f:67:2a:b3:4d:7d:6e:3d:aa:2b:f8:4b:
                    c9:00:1f:fc:e1:63:cd:a4:af:1b:f3:98:9d:19:31:
                    83:a0:af:84:d3:b2:9c:d4:66:c8:d2:fe:a8:3b:d8:
                    18:68:5e:fb:bb:88:4f:89:dc:d1:ca:56:86:bb:ea:
                    14:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:24:58:B3:33:AC:FE:40:16:F4:3A:23:5D:C1:D5:C5:19:8A:2A:D5
            X509v3 Authority Key Identifier:
                keyid:2E:62:76:13:62:54:83:0B:B4:90:7E:98:C2:58:E4:93:B4:2A:AA:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/IyRYszOs_kAW9DojXcHVxRmKKtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/6a9b24-d4d3-40c1-8173-93b914701470/1/LmJ2E2JUgwu0kH6Ywljkk7Qqqjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:46:54:01:4e:71:6b:d2:2e:10:5f:be:0c:cd:37:dd:fd:e3:
         53:01:81:b5:e3:1c:88:77:56:2b:77:2f:75:b8:fa:cd:90:b8:
         dc:51:23:7a:63:37:fe:94:14:3d:a8:1e:2a:e2:58:21:10:a2:
         5e:9c:f6:e8:fc:d2:f8:46:15:95:f6:dd:63:be:97:4e:bb:19:
         28:4f:11:1e:25:4b:a5:14:b1:56:9d:d8:a2:a9:78:9a:78:4d:
         ff:a7:10:32:4f:b1:2c:69:af:4d:5c:1d:a4:bd:17:69:72:f5:
         18:38:68:8b:20:e7:2d:42:a4:26:f9:12:3d:cf:f6:06:b2:c3:
         c3:5d:d3:7c:44:62:c9:a1:28:ad:e6:9e:1f:f4:b3:db:cf:69:
         96:a4:d2:c7:3b:32:f4:c2:36:9d:6f:8e:15:89:0e:81:b1:aa:
         76:44:86:f2:47:51:19:a2:ba:6e:7c:32:ad:26:04:f5:6a:e7:
         fc:6e:1b:2b:d5:a6:28:f3:75:83:33:f3:b3:98:08:0f:ee:51:
         d7:9e:20:c0:a7:67:ef:f8:23:02:be:6b:46:c6:48:29:40:1c:
         c8:eb:dd:b0:3f:29:a7:b1:4e:03:4c:ec:51:c7:08:37:22:86:
         92:c1:a1:05:db:59:9c:fb:6d:2b:76:91:1c:40:2c:26:11:db:
         53:20:6f:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADpHXlWbCehWqiCqYtceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNjI3NjEzNjI1NDgzMGJiNDkwN2U5OGMyNThlNDkzYjQy
YWFhM2EwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI0NThiMzMzYWNmZTQwMTZmNDNhMjM1ZGMxZDVjNTE5OGEyYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLh+vbXX+lGutUOkTVo28iKlzWGA
T9cjvCJBEt0V4ywGE/9ZwRyB36sHos2eVXtZ9DyQLRpSHbOMTb0fru9G6kkioaPK
vpktvX1RQM6cxVxYEJfBnRKcwoZi+Ngq8PXgcWv1Nr9b3IusauQ/3P+5q9AH0ZGw
wfVktIj/Umr3ORxHwtdr15olYSYPk2CYrAJiqXahWBWAo798whWFwNG60Rw6vgHp
U9EoprOYL4q+SiiIEGgzIRiWjHCcREH2vG7/PLthiA5/ZyqzTX1uPaor+EvJAB/8
4WPNpK8b85idGTGDoK+E07Kc1GbI0v6oO9gYaF77u4hPidzRylaGu+oUnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMkWLMzrP5AFvQ6I13B1cUZiirVMB8GA1UdIwQY
MBaAFC5idhNiVIMLtJB+mMJY5JO0Kqo6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1KMkUySlVnd3Uwa0g2WXdsamtrN1FxcWpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC82YTliMjQtZDRkMy00MGMxLTgxNzMt
OTNiOTE0NzAxNDcwLzEvSXlSWXN6T3Nfa0FXOURvalhjSFZ4Um1LS3RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC82YTliMjQtZDRkMy00MGMxLTgxNzMtOTNiOTE0NzAxNDcw
LzEvTG1KMkUySlVnd3Uwa0g2WXdsamtrN1FxcWpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgugMA0G
CSqGSIb3DQEBCwUAA4IBAQBXRlQBTnFr0i4QX74MzTfd/eNTAYG14xyId1Yrdy91
uPrNkLjcUSN6Yzf+lBQ9qB4q4lghEKJenPbo/NL4RhWV9t1jvpdOuxkoTxEeJUul
FLFWndiiqXiaeE3/pxAyT7Esaa9NXB2kvRdpcvUYOGiLIOctQqQm+RI9z/YGssPD
XdN8RGLJoSit5p4f9LPbz2mWpNLHOzL0wjadb44ViQ6Bsap2RIbyR1EZorpufDKt
JgT1auf8bhsr1aYo83WDM/OzmAgP7lHXniDAp2fv+CMCvmtGxkgpQBzI692wPymn
sU4DTOxRxwg3IoaSwaEF21mc+20rdpEcQCwmEdtTIG/r
-----END CERTIFICATE-----