Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/IX0IzEXZdHidCQlPhgjFnyxrH3U.roa
File:                     IX0IzEXZdHidCQlPhgjFnyxrH3U.roa (raw, json)
Hash identifier:          2UXXvCn1/AaF0T26YbHg5kbLe+cfLuGvbDXvvGPw8I8=
Subject key identifier:   21:7D:08:CC:45:D9:74:78:9D:09:09:4F:86:08:C5:9F:2C:6B:1F:75
Certificate issuer:       /CN=b6b726f0592b504e723305f67bab5147d4ea696d
Certificate serial:       018CC7958EF3EF9424718DA74E97893A0128
Authority key identifier: B6:B7:26:F0:59:2B:50:4E:72:33:05:F6:7B:AB:51:47:D4:EA:69:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/trcm8FkrUE5yMwX2e6tRR9TqaW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/IX0IzEXZdHidCQlPhgjFnyxrH3U.roa
Signing time:             Tue 02 Jan 2024 00:31:56 +0000
ROA not before:           Tue 02 Jan 2024 00:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50506
IP address blocks:        195.191.94.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/trcm8FkrUE5yMwX2e6tRR9TqaW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/trcm8FkrUE5yMwX2e6tRR9TqaW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/trcm8FkrUE5yMwX2e6tRR9TqaW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8e:f3:ef:94:24:71:8d:a7:4e:97:89:3a:01:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6b726f0592b504e723305f67bab5147d4ea696d
        Validity
            Not Before: Jan  2 00:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=217d08cc45d974789d09094f8608c59f2c6b1f75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0c:bd:de:e2:a5:d0:51:53:9f:b9:53:98:b7:
                    f7:1d:bc:41:b3:1c:3c:f2:91:57:f4:bf:a2:df:b6:
                    97:2f:cb:af:cd:9f:3f:82:59:54:19:17:97:27:e4:
                    47:cd:1e:a7:98:d6:7c:45:c0:af:80:fc:f0:f5:5f:
                    59:97:67:50:4c:ce:c3:ea:60:f7:44:cb:13:d5:07:
                    7b:7c:25:28:2f:83:dd:18:09:45:4f:98:2f:0f:66:
                    54:8f:d1:ae:93:b8:65:00:a0:57:b4:c3:b2:ae:89:
                    f4:3a:17:4b:0c:aa:05:b4:75:ef:5f:fd:f6:92:f8:
                    50:0f:ca:65:25:0d:69:30:3b:1e:9d:62:c0:5b:50:
                    5b:86:d1:4a:43:83:ae:53:6a:d2:4e:e1:8e:b7:0f:
                    b7:2e:59:2d:07:3d:b0:6d:f3:60:86:19:b4:69:ba:
                    53:d6:5a:86:83:fe:44:ef:a2:5b:d5:c7:4d:b0:d1:
                    fa:0e:17:9c:56:c2:2d:4b:56:03:59:20:63:bb:98:
                    e2:e0:dd:8e:33:20:4d:0f:92:97:4c:1e:2e:65:a3:
                    08:9b:33:22:e7:7b:4a:0d:fb:c2:93:36:f0:04:b9:
                    e8:71:fc:57:94:b7:28:99:84:f3:50:6e:10:3e:8a:
                    ff:d3:d7:8c:5f:39:31:f1:c4:42:19:b9:99:71:11:
                    a3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:7D:08:CC:45:D9:74:78:9D:09:09:4F:86:08:C5:9F:2C:6B:1F:75
            X509v3 Authority Key Identifier:
                keyid:B6:B7:26:F0:59:2B:50:4E:72:33:05:F6:7B:AB:51:47:D4:EA:69:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/trcm8FkrUE5yMwX2e6tRR9TqaW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/IX0IzEXZdHidCQlPhgjFnyxrH3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/trcm8FkrUE5yMwX2e6tRR9TqaW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:56:e5:f0:d1:48:36:bb:4e:64:e3:c2:3f:db:09:fc:8c:65:
         e8:ec:00:69:41:75:2c:91:fa:32:b1:0d:99:26:39:19:e4:a7:
         b2:f5:78:70:61:22:36:a8:03:7f:a4:18:70:95:e9:46:e4:fb:
         12:ab:52:63:06:1f:b1:cc:a3:f1:90:2e:37:a4:6d:5f:2c:b8:
         91:87:69:1a:61:97:96:f2:db:35:1f:24:b9:0b:f2:b2:26:22:
         c4:37:dc:29:2c:a3:8c:fd:c9:69:79:f7:e4:da:40:b5:91:99:
         18:e3:a5:31:3b:84:37:db:2b:c5:2f:f0:b0:69:d3:42:7e:a6:
         c6:61:b3:83:41:69:69:50:b6:c4:f5:99:97:22:31:11:99:65:
         13:26:d6:dd:eb:da:dc:cc:77:31:b6:3b:95:f2:70:ee:01:06:
         31:7e:06:26:4b:7e:87:af:5d:38:60:31:9b:ce:93:04:5d:a2:
         e9:2c:a9:16:0d:e2:e6:90:f1:65:ad:9a:ab:43:ab:07:20:f3:
         57:30:64:79:dc:ff:e0:a4:c3:0a:8e:27:38:bc:07:93:77:d2:
         25:22:91:6b:99:b5:bc:68:9b:c1:34:b2:3b:b9:4d:e3:24:ab:
         2c:c4:d3:cc:6e:35:40:b3:63:0a:1a:16:ff:16:34:ef:d2:a9:
         52:5f:f4:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlY7z75QkcY2nTpeJOgEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YjcyNmYwNTkyYjUwNGU3MjMzMDVmNjdiYWI1MTQ3ZDRl
YTY5NmQwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTdkMDhjYzQ1ZDk3NDc4OWQwOTA5NGY4NjA4YzU5ZjJjNmIxZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgy93uKl0FFTn7lTmLf3HbxBsxw8
8pFX9L+i37aXL8uvzZ8/gllUGReXJ+RHzR6nmNZ8RcCvgPzw9V9Zl2dQTM7D6mD3
RMsT1Qd7fCUoL4PdGAlFT5gvD2ZUj9Guk7hlAKBXtMOyron0OhdLDKoFtHXvX/32
kvhQD8plJQ1pMDsenWLAW1BbhtFKQ4OuU2rSTuGOtw+3LlktBz2wbfNghhm0abpT
1lqGg/5E76Jb1cdNsNH6DhecVsItS1YDWSBju5ji4N2OMyBND5KXTB4uZaMImzMi
53tKDfvCkzbwBLnocfxXlLcomYTzUG4QPor/09eMXzkx8cRCGbmZcRGjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCF9CMxF2XR4nQkJT4YIxZ8sax91MB8GA1UdIwQY
MBaAFLa3JvBZK1BOcjMF9nurUUfU6mltMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHJjbThGa3JVRTV5TXdYMmU2dFJSOVRxYVcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hNWMzZGQtOWY5OC00YzdmLWFmNDMt
NGNlYzcxMjEwNzM0LzEvSVgwSXpFWFpkSGlkQ1FsUGhnakZueXhySDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hNWMzZGQtOWY5OC00YzdmLWFmNDMtNGNlYzcxMjEwNzM0
LzEvdHJjbThGa3JVRTV5TXdYMmU2dFJSOVRxYVcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw79eMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVuXw0Ug2u05k48I/2wn8jGXo7ABpQXUskfoysQ2Z
JjkZ5Key9XhwYSI2qAN/pBhwlelG5PsSq1JjBh+xzKPxkC43pG1fLLiRh2kaYZeW
8ts1HyS5C/KyJiLEN9wpLKOM/clpeffk2kC1kZkY46UxO4Q32yvFL/CwadNCfqbG
YbODQWlpULbE9ZmXIjERmWUTJtbd69rczHcxtjuV8nDuAQYxfgYmS36Hr104YDGb
zpMEXaLpLKkWDeLmkPFlrZqrQ6sHIPNXMGR53P/gpMMKjic4vAeTd9IlIpFrmbW8
aJvBNLI7uU3jJKssxNPMbjVAs2MKGhb/FjTv0qlSX/TO
-----END CERTIFICATE-----