Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/Iu30C8NZjJrhlk5iOLBdxD1gNAE.roa
File:                     Iu30C8NZjJrhlk5iOLBdxD1gNAE.roa (raw, json)
Hash identifier:          zYqnj8XEd76O8eniyp1E/qfpdHKhjDfUeRtXgH8rWII=
Subject key identifier:   22:ED:F4:0B:C3:59:8C:9A:E1:96:4E:62:38:B0:5D:C4:3D:60:34:01
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       018CC56E7EE89F25FDD133858C2A66D9395E
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/Iu30C8NZjJrhlk5iOLBdxD1gNAE.roa
Signing time:             Mon 01 Jan 2024 14:30:02 +0000
ROA not before:           Mon 01 Jan 2024 14:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        212.23.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:7e:e8:9f:25:fd:d1:33:85:8c:2a:66:d9:39:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 14:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22edf40bc3598c9ae1964e6238b05dc43d603401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:06:bd:5a:0e:58:55:28:3f:29:38:55:90:04:
                    70:58:30:1b:b4:8e:0c:69:73:5b:bc:95:56:57:4a:
                    59:81:7f:ce:ce:8c:cc:15:f8:7c:ae:b7:1c:f2:4c:
                    61:dd:37:61:9f:3f:18:06:b7:52:57:ad:94:e7:93:
                    9f:71:00:95:d7:3c:6c:cf:44:53:31:a1:fa:a9:66:
                    a7:05:81:9e:26:93:41:54:de:92:a1:54:e3:4d:00:
                    b9:11:60:ef:c6:95:97:57:10:27:63:56:fb:32:bc:
                    2e:dd:b1:ec:55:ed:6a:51:42:c1:26:35:35:23:de:
                    84:f7:9a:53:6b:4a:9f:e8:33:3c:32:41:1f:0c:e5:
                    7a:25:fb:8a:95:40:21:81:2d:b5:ae:aa:ea:ec:23:
                    8e:53:99:fa:dc:0e:6f:ca:1a:a6:ed:f4:5a:09:4f:
                    ac:a2:01:1c:a6:6c:93:03:10:17:1f:dd:74:e2:f4:
                    dd:33:08:97:68:0c:b9:54:f3:57:1a:c4:b5:a9:82:
                    c6:e6:94:ae:46:81:33:b0:11:6e:aa:64:82:22:a2:
                    42:3f:de:bd:14:cc:36:05:df:2f:09:5e:3c:ab:d4:
                    7d:cf:74:75:ed:33:01:b2:90:f1:bf:89:e2:73:2a:
                    16:0a:36:c9:57:12:1e:87:1b:13:79:12:1c:ae:d1:
                    92:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:ED:F4:0B:C3:59:8C:9A:E1:96:4E:62:38:B0:5D:C4:3D:60:34:01
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/Iu30C8NZjJrhlk5iOLBdxD1gNAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:76:a2:8e:3a:11:3d:33:7d:59:47:4e:da:5e:04:e9:8f:42:
         75:2d:b0:3a:c7:04:c4:72:bf:04:46:1a:91:57:29:d2:4b:08:
         3e:f3:90:f8:ba:cc:bb:24:90:a2:ff:a8:f9:cc:ff:a5:e9:7b:
         c5:50:17:46:b1:02:27:63:14:97:32:c9:51:01:cd:5f:30:2f:
         4c:92:28:67:44:1b:f3:b2:d7:6d:72:6d:e3:c3:99:99:86:3a:
         91:09:6a:17:80:42:33:f3:71:79:a7:d6:f5:7a:37:85:6d:52:
         1f:12:6d:29:58:23:d4:c6:7e:d4:2b:1e:59:d2:49:0d:e6:06:
         6b:04:79:e9:2a:cc:62:4d:f1:0b:cb:1a:13:f0:82:6c:78:6c:
         0b:3d:0f:d0:32:e9:50:7a:da:8f:9e:2b:a7:35:fd:af:f4:54:
         88:7c:1c:26:65:74:dd:6a:27:71:eb:cd:6d:bf:a0:08:47:b2:
         d2:0a:10:ba:d0:93:64:0e:bc:a0:d3:cf:07:e4:b8:b4:35:c5:
         e4:81:f8:ea:bf:56:07:80:2a:6e:6c:e4:5a:5b:58:48:3a:7e:
         c9:ab:18:48:80:67:a7:54:b4:b8:f5:73:5b:a6:79:73:7f:47:
         d0:ea:53:b2:9e:5d:a6:53:06:59:c8:e3:a8:e0:0d:f3:a5:a8:
         72:c8:dc:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbn7onyX90TOFjCpm2TleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjQwMTAxMTQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmVkZjQwYmMzNTk4YzlhZTE5NjRlNjIzOGIwNWRjNDNkNjAzNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsga9Wg5YVSg/KThVkARwWDAbtI4M
aXNbvJVWV0pZgX/OzozMFfh8rrcc8kxh3Tdhnz8YBrdSV62U55OfcQCV1zxsz0RT
MaH6qWanBYGeJpNBVN6SoVTjTQC5EWDvxpWXVxAnY1b7Mrwu3bHsVe1qUULBJjU1
I96E95pTa0qf6DM8MkEfDOV6JfuKlUAhgS21rqrq7COOU5n63A5vyhqm7fRaCU+s
ogEcpmyTAxAXH9104vTdMwiXaAy5VPNXGsS1qYLG5pSuRoEzsBFuqmSCIqJCP969
FMw2Bd8vCV48q9R9z3R17TMBspDxv4nicyoWCjbJVxIehxsTeRIcrtGSFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLt9AvDWYya4ZZOYjiwXcQ9YDQBMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvSXUzMEM4TlpqSnJobGs1aU9MQmR4RDFnTkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BfGMA0G
CSqGSIb3DQEBCwUAA4IBAQB4dqKOOhE9M31ZR07aXgTpj0J1LbA6xwTEcr8ERhqR
VynSSwg+85D4usy7JJCi/6j5zP+l6XvFUBdGsQInYxSXMslRAc1fMC9MkihnRBvz
stdtcm3jw5mZhjqRCWoXgEIz83F5p9b1ejeFbVIfEm0pWCPUxn7UKx5Z0kkN5gZr
BHnpKsxiTfELyxoT8IJseGwLPQ/QMulQetqPniunNf2v9FSIfBwmZXTdaidx681t
v6AIR7LSChC60JNkDryg088H5Li0NcXkgfjqv1YHgCpubORaW1hIOn7JqxhIgGen
VLS49XNbpnlzf0fQ6lOynl2mUwZZyOOo4A3zpahyyNyP
-----END CERTIFICATE-----