Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/iY3et5_qCmfHpDxIMDVtH8XeefI.roa
File:                     iY3et5_qCmfHpDxIMDVtH8XeefI.roa (raw, json)
Hash identifier:          E5gGK8Afp5xLD1HyORonjNCAOpRF1Yc+zmd5NEplloI=
Subject key identifier:   89:8D:DE:B7:9F:EA:0A:67:C7:A4:3C:48:30:35:6D:1F:C5:DE:79:F2
Certificate issuer:       /CN=9eb3143a2e73f209e69d97c4b8f78cda5f437005
Certificate serial:       018CC94C083FD23108B2436D5B2102BC75C4
Authority key identifier: 9E:B3:14:3A:2E:73:F2:09:E6:9D:97:C4:B8:F7:8C:DA:5F:43:70:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/iY3et5_qCmfHpDxIMDVtH8XeefI.roa
Signing time:             Tue 02 Jan 2024 08:30:52 +0000
ROA not before:           Tue 02 Jan 2024 08:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25577
IP address blocks:        185.229.20.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:08:3f:d2:31:08:b2:43:6d:5b:21:02:bc:75:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eb3143a2e73f209e69d97c4b8f78cda5f437005
        Validity
            Not Before: Jan  2 08:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=898ddeb79fea0a67c7a43c4830356d1fc5de79f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ac:db:30:c2:d9:a3:9c:3d:fd:ab:dc:3a:a8:
                    f4:79:a8:b0:67:82:b9:44:56:a9:53:35:a4:41:b0:
                    fe:ad:13:e3:42:a9:c4:d7:82:18:32:56:17:b6:36:
                    8c:69:d5:17:9f:44:23:59:8c:91:68:e8:0b:12:42:
                    f1:bc:a7:fc:61:00:f0:28:6a:b9:14:6f:92:48:f4:
                    58:83:1c:6f:00:14:c4:4c:74:47:dc:66:49:36:e2:
                    05:be:9b:e0:eb:f5:1a:4e:e7:4e:f3:01:25:8a:61:
                    2f:58:e4:d6:ab:57:65:0a:76:4f:1f:71:f1:89:5d:
                    84:c5:0e:69:21:7d:57:44:bd:da:8f:20:96:10:4a:
                    82:52:a0:69:87:6a:12:ab:97:7e:6c:e3:5a:94:d8:
                    90:ff:2e:17:5a:a9:46:cf:5f:b7:1e:f4:36:1b:f2:
                    c9:9c:84:5d:20:e2:23:36:aa:ef:29:d4:7f:5f:47:
                    0d:72:3b:21:2b:a5:d4:b7:e2:28:55:71:96:2a:f5:
                    c0:f8:14:6a:6e:2e:f5:24:37:66:83:29:e8:e8:e4:
                    f7:b9:e2:eb:d3:0a:40:f1:94:3c:28:25:e7:ab:89:
                    9b:98:e6:1b:40:92:26:af:59:7b:ec:91:64:6b:9b:
                    f9:b9:20:4f:42:85:ae:03:bf:4f:34:64:bb:4d:83:
                    12:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8D:DE:B7:9F:EA:0A:67:C7:A4:3C:48:30:35:6D:1F:C5:DE:79:F2
            X509v3 Authority Key Identifier:
                keyid:9E:B3:14:3A:2E:73:F2:09:E6:9D:97:C4:B8:F7:8C:DA:5F:43:70:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nrMUOi5z8gnmnZfEuPeM2l9DcAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/iY3et5_qCmfHpDxIMDVtH8XeefI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9faf24-05e1-4db9-9aaf-501618411c76/1/nrMUOi5z8gnmnZfEuPeM2l9DcAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:6f:54:77:0a:8b:b1:f3:c3:e3:40:8c:f2:7c:89:11:1b:35:
         f6:67:a2:e0:d3:bf:2e:0e:96:44:70:9d:22:58:c1:96:eb:5e:
         60:8a:9b:13:7e:5c:31:3d:1b:0b:17:e4:4e:c0:3d:b3:8c:e7:
         95:16:52:a5:1f:72:3e:17:ce:7c:45:5f:b0:ba:ba:22:fa:67:
         40:71:2a:5e:7b:33:ed:98:48:67:71:77:20:bf:3e:94:9a:a0:
         6a:8a:c3:0f:77:bb:bf:ec:73:97:a2:4a:1c:80:d2:27:bf:95:
         a3:aa:ae:33:be:07:1b:f3:5f:35:21:0e:0e:47:c2:d9:f5:22:
         17:d1:37:b9:62:25:2d:f2:e4:65:e1:94:be:01:87:9d:68:c8:
         4d:78:4f:d6:b2:17:3a:d0:85:e5:00:83:2a:5b:96:2c:b1:35:
         79:0e:86:68:6a:2a:0e:6f:dc:a0:bb:6c:a5:38:85:69:e5:7d:
         75:e6:56:8f:c7:3e:b2:2c:87:6d:38:97:85:f9:e8:2a:ff:68:
         cb:06:ef:ee:ed:f1:df:5b:a6:a3:39:bb:7b:d6:72:ba:33:50:
         4f:a1:ec:a6:94:e6:26:b5:e1:c7:7a:25:a5:d7:2c:ba:00:a1:
         94:1c:6f:97:f2:05:5d:d1:db:79:ca:3a:58:75:fb:44:28:61:
         2e:e6:c9:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTAg/0jEIskNtWyECvHXEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYjMxNDNhMmU3M2YyMDllNjlkOTdjNGI4Zjc4Y2RhNWY0
MzcwMDUwHhcNMjQwMTAyMDgzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OThkZGViNzlmZWEwYTY3YzdhNDNjNDgzMDM1NmQxZmM1ZGU3OWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6zbMMLZo5w9/avcOqj0eaiwZ4K5
RFapUzWkQbD+rRPjQqnE14IYMlYXtjaMadUXn0QjWYyRaOgLEkLxvKf8YQDwKGq5
FG+SSPRYgxxvABTETHRH3GZJNuIFvpvg6/UaTudO8wElimEvWOTWq1dlCnZPH3Hx
iV2ExQ5pIX1XRL3ajyCWEEqCUqBph2oSq5d+bONalNiQ/y4XWqlGz1+3HvQ2G/LJ
nIRdIOIjNqrvKdR/X0cNcjshK6XUt+IoVXGWKvXA+BRqbi71JDdmgyno6OT3ueLr
0wpA8ZQ8KCXnq4mbmOYbQJImr1l77JFka5v5uSBPQoWuA79PNGS7TYMSvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImN3ref6gpnx6Q8SDA1bR/F3nnyMB8GA1UdIwQY
MBaAFJ6zFDouc/IJ5p2XxLj3jNpfQ3AFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnJNVU9pNXo4Z25tblpmRXVQZU0ybDlEY0FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZmFmMjQtMDVlMS00ZGI5LTlhYWYt
NTAxNjE4NDExYzc2LzEvaVkzZXQ1X3FDbWZIcER4SU1EVnRIOFhlZWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZmFmMjQtMDVlMS00ZGI5LTlhYWYtNTAxNjE4NDExYzc2
LzEvbnJNVU9pNXo4Z25tblpmRXVQZU0ybDlEY0FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueUUMA0G
CSqGSIb3DQEBCwUAA4IBAQAab1R3Coux88PjQIzyfIkRGzX2Z6Lg078uDpZEcJ0i
WMGW615gipsTflwxPRsLF+ROwD2zjOeVFlKlH3I+F858RV+wuroi+mdAcSpeezPt
mEhncXcgvz6UmqBqisMPd7u/7HOXokocgNInv5Wjqq4zvgcb8181IQ4OR8LZ9SIX
0Te5YiUt8uRl4ZS+AYedaMhNeE/Wshc60IXlAIMqW5YssTV5DoZoaioOb9ygu2yl
OIVp5X115laPxz6yLIdtOJeF+egq/2jLBu/u7fHfW6ajObt71nK6M1BPoeymlOYm
teHHeiWl1yy6AKGUHG+X8gVd0dt5yjpYdftEKGEu5snZ
-----END CERTIFICATE-----