Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/d16e3e-eb09-4fb9-9081-bd3e7adde8de/1/IZxZA3pm5OrdkdL1Ys6bqtWPoEo.roa
File:                     IZxZA3pm5OrdkdL1Ys6bqtWPoEo.roa (raw, json)
Hash identifier:          foPYY06M4SInhKrJmFVkPoAH3p1uu5X7njpsjhS8f1Y=
Subject key identifier:   21:9C:59:03:7A:66:E4:EA:DD:91:D2:F5:62:CE:9B:AA:D5:8F:A0:4A
Certificate issuer:       /CN=e20e3805a1b4f5b61cfe73010e838c2f0d25b44b
Certificate serial:       018CC49307C6BE2366021358FA3FCFA06AA8
Authority key identifier: E2:0E:38:05:A1:B4:F5:B6:1C:FE:73:01:0E:83:8C:2F:0D:25:B4:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4g44BaG09bYc_nMBDoOMLw0ltEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/d16e3e-eb09-4fb9-9081-bd3e7adde8de/1/IZxZA3pm5OrdkdL1Ys6bqtWPoEo.roa
Signing time:             Mon 01 Jan 2024 10:30:19 +0000
ROA not before:           Mon 01 Jan 2024 10:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207163
IP address blocks:        185.164.88.0/22 maxlen: 22
                          2a0a:f400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/d16e3e-eb09-4fb9-9081-bd3e7adde8de/1/4g44BaG09bYc_nMBDoOMLw0ltEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/d16e3e-eb09-4fb9-9081-bd3e7adde8de/1/4g44BaG09bYc_nMBDoOMLw0ltEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4g44BaG09bYc_nMBDoOMLw0ltEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:03:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:07:c6:be:23:66:02:13:58:fa:3f:cf:a0:6a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e20e3805a1b4f5b61cfe73010e838c2f0d25b44b
        Validity
            Not Before: Jan  1 10:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=219c59037a66e4eadd91d2f562ce9baad58fa04a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:c4:50:f9:b0:46:8e:7b:e2:7e:ae:6f:4b:c5:
                    08:d0:8c:d4:b9:75:fd:fd:a0:c4:5d:1e:9a:59:1e:
                    b8:c7:e6:35:2b:17:9a:52:83:cf:ae:50:3b:9e:b6:
                    25:34:e8:fe:81:e5:56:86:e3:88:15:79:17:81:fa:
                    0b:60:df:4d:6c:07:1d:13:67:bf:a8:e2:d2:51:85:
                    33:17:3b:72:be:61:6c:8d:55:80:44:95:9e:a2:b2:
                    6d:e7:fd:31:c8:37:76:cd:cb:43:92:17:52:5a:f5:
                    50:27:a1:a5:e9:6e:18:78:2b:5d:21:ce:a9:b8:ff:
                    64:2c:70:7c:75:50:7b:a8:a4:51:b9:9e:e1:b6:97:
                    c4:7e:3c:90:39:82:61:b6:19:88:19:8f:7b:dc:2c:
                    fd:79:b8:2e:47:e8:df:65:92:9e:73:73:f0:01:0f:
                    cd:8e:78:60:5d:9e:b3:d1:12:d6:b0:3a:e6:b6:0a:
                    c8:82:20:6e:4e:cc:e6:2b:fa:55:4a:6b:42:cc:ec:
                    b2:d7:2f:12:1a:2a:82:ba:a5:7f:c3:62:30:21:6a:
                    4c:50:8e:e6:51:c0:2e:b3:9b:61:55:76:5f:9b:0d:
                    12:11:1d:71:22:8d:86:39:21:bb:2e:e6:27:30:57:
                    3a:48:31:a9:97:1a:90:29:40:93:64:eb:47:9b:b0:
                    42:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9C:59:03:7A:66:E4:EA:DD:91:D2:F5:62:CE:9B:AA:D5:8F:A0:4A
            X509v3 Authority Key Identifier:
                keyid:E2:0E:38:05:A1:B4:F5:B6:1C:FE:73:01:0E:83:8C:2F:0D:25:B4:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4g44BaG09bYc_nMBDoOMLw0ltEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/d16e3e-eb09-4fb9-9081-bd3e7adde8de/1/IZxZA3pm5OrdkdL1Ys6bqtWPoEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/d16e3e-eb09-4fb9-9081-bd3e7adde8de/1/4g44BaG09bYc_nMBDoOMLw0ltEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.88.0/22
                IPv6:
                  2a0a:f400::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:d2:92:98:ea:e3:c6:e2:a3:fc:28:67:ed:f1:78:2a:a8:6e:
         49:47:93:29:bd:02:2b:81:2e:6e:88:49:10:6f:0f:b9:2a:eb:
         ec:5b:d1:75:ad:4a:68:04:d6:44:92:22:cb:7f:18:b2:f5:43:
         47:3a:f4:c7:9c:28:29:bb:7d:bc:7b:cc:a5:4f:b2:3d:e2:50:
         68:a5:0a:75:d5:56:df:87:f4:a6:dc:ba:14:df:80:3e:32:e4:
         20:98:fa:a2:48:bc:1d:40:52:67:fa:b0:bc:ec:a3:f1:a2:db:
         30:01:f7:1c:1c:9f:c4:11:83:f5:cb:13:eb:74:b6:c4:dc:16:
         24:02:09:24:d5:22:93:1a:3a:d2:33:72:d5:66:54:0d:ef:9c:
         ef:79:a4:e8:4f:8c:7a:62:55:06:85:7e:24:d7:19:30:bd:09:
         ab:94:c3:ba:35:b3:4b:df:47:cd:60:ce:1f:aa:5a:61:9a:af:
         a7:0d:ee:02:17:67:7a:6b:ea:a0:22:cd:fa:8e:8f:85:a5:34:
         c6:c9:a0:7d:5a:18:6f:91:51:68:c9:49:46:0b:31:d2:7f:b3:
         2e:df:31:58:a3:39:f6:00:af:31:49:37:8a:be:05:c1:70:b1:
         d9:1d:23:be:2c:fe:84:31:06:94:af:ff:e7:bb:28:d3:9f:26:
         e5:7c:2a:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkwfGviNmAhNY+j/PoGqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMGUzODA1YTFiNGY1YjYxY2ZlNzMwMTBlODM4YzJmMGQy
NWI0NGIwHhcNMjQwMTAxMTAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTljNTkwMzdhNjZlNGVhZGQ5MWQyZjU2MmNlOWJhYWQ1OGZhMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8cRQ+bBGjnvifq5vS8UI0IzUuXX9
/aDEXR6aWR64x+Y1KxeaUoPPrlA7nrYlNOj+geVWhuOIFXkXgfoLYN9NbAcdE2e/
qOLSUYUzFztyvmFsjVWARJWeorJt5/0xyDd2zctDkhdSWvVQJ6Gl6W4YeCtdIc6p
uP9kLHB8dVB7qKRRuZ7htpfEfjyQOYJhthmIGY973Cz9ebguR+jfZZKec3PwAQ/N
jnhgXZ6z0RLWsDrmtgrIgiBuTszmK/pVSmtCzOyy1y8SGiqCuqV/w2IwIWpMUI7m
UcAus5thVXZfmw0SER1xIo2GOSG7LuYnMFc6SDGplxqQKUCTZOtHm7BCcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCGcWQN6ZuTq3ZHS9WLOm6rVj6BKMB8GA1UdIwQY
MBaAFOIOOAWhtPW2HP5zAQ6DjC8NJbRLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGc0NEJhRzA5YlljX25NQkRvT01MdzBsdEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9kMTZlM2UtZWIwOS00ZmI5LTkwODEt
YmQzZTdhZGRlOGRlLzEvSVp4WkEzcG01T3Jka2RMMVlzNmJxdFdQb0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9kMTZlM2UtZWIwOS00ZmI5LTkwODEtYmQzZTdhZGRlOGRl
LzEvNGc0NEJhRzA5YlljX25NQkRvT01MdzBsdEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaRYMA0E
AgACMAcDBQMqCvQAMA0GCSqGSIb3DQEBCwUAA4IBAQBd0pKY6uPG4qP8KGft8Xgq
qG5JR5MpvQIrgS5uiEkQbw+5KuvsW9F1rUpoBNZEkiLLfxiy9UNHOvTHnCgpu328
e8ylT7I94lBopQp11Vbfh/Sm3LoU34A+MuQgmPqiSLwdQFJn+rC87KPxotswAfcc
HJ/EEYP1yxPrdLbE3BYkAgkk1SKTGjrSM3LVZlQN75zveaToT4x6YlUGhX4k1xkw
vQmrlMO6NbNL30fNYM4fqlphmq+nDe4CF2d6a+qgIs36jo+FpTTGyaB9WhhvkVFo
yUlGCzHSf7Mu3zFYozn2AK8xSTeKvgXBcLHZHSO+LP6EMQaUr//nuyjTnyblfCpG
-----END CERTIFICATE-----