Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/I0A1XZK20LeCGssZOLkyFq_tvvI.roa
File:                     I0A1XZK20LeCGssZOLkyFq_tvvI.roa (raw, json)
Hash identifier:          ufBL4WGCjF4KzpmIfQd90cJFkWevLZg5H6nEN9/ucUc=
Subject key identifier:   23:40:35:5D:92:B6:D0:B7:82:1A:CB:19:38:B9:32:16:AF:ED:BE:F2
Certificate issuer:       /CN=500db1715052253bf523f140b9f5637a11d5e9af
Certificate serial:       018CC64B187BB2EC43A5897D66BD1A37BF39
Authority key identifier: 50:0D:B1:71:50:52:25:3B:F5:23:F1:40:B9:F5:63:7A:11:D5:E9:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UA2xcVBSJTv1I_FAufVjehHV6a8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/I0A1XZK20LeCGssZOLkyFq_tvvI.roa
Signing time:             Mon 01 Jan 2024 18:30:59 +0000
ROA not before:           Mon 01 Jan 2024 18:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197981
IP address blocks:        176.67.88.0/21 maxlen: 25
                          185.103.64.0/22 maxlen: 22
                          2a00:89c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/UA2xcVBSJTv1I_FAufVjehHV6a8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/UA2xcVBSJTv1I_FAufVjehHV6a8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UA2xcVBSJTv1I_FAufVjehHV6a8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:18:7b:b2:ec:43:a5:89:7d:66:bd:1a:37:bf:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=500db1715052253bf523f140b9f5637a11d5e9af
        Validity
            Not Before: Jan  1 18:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2340355d92b6d0b7821acb1938b93216afedbef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8e:4f:a7:16:bd:e6:2d:69:11:19:9f:53:49:
                    e4:39:0f:9f:e0:eb:da:7c:9f:91:4d:88:c8:85:b7:
                    82:af:17:14:ba:f0:0d:51:5f:d9:2e:55:fd:ed:65:
                    24:73:76:df:a0:e4:48:7c:b4:da:95:f5:e4:9f:58:
                    a9:bb:aa:0f:60:2e:ab:5c:93:e9:29:1f:9f:a2:40:
                    09:e7:ba:bd:0c:ab:f7:62:bf:70:6b:ad:2a:10:5d:
                    53:8c:a8:14:3f:e0:f8:98:e2:f9:46:a2:c0:8c:6d:
                    79:36:6b:5c:ef:3b:6b:0e:97:46:61:24:f0:6f:81:
                    df:3c:d7:cf:41:10:64:35:ee:f8:47:16:09:56:17:
                    5b:61:e7:a6:76:31:39:3c:31:a2:08:ed:36:1b:06:
                    2a:2a:0a:09:2f:d4:86:a6:dd:03:f9:a2:76:ee:e4:
                    a6:d3:3e:c5:8a:c9:9f:1f:c4:93:f9:00:c8:8e:d1:
                    50:52:de:4c:54:11:09:20:95:36:61:51:02:76:df:
                    55:44:94:55:e0:d3:61:01:f7:c9:b4:5b:7b:e1:23:
                    92:fc:2c:2b:62:b1:0b:bc:e6:37:13:c3:92:e4:73:
                    1f:6e:ea:08:43:67:73:02:cd:cc:16:41:b3:ff:6d:
                    cb:c8:16:81:a0:5f:11:49:ae:c5:2f:da:98:8c:dd:
                    64:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:40:35:5D:92:B6:D0:B7:82:1A:CB:19:38:B9:32:16:AF:ED:BE:F2
            X509v3 Authority Key Identifier:
                keyid:50:0D:B1:71:50:52:25:3B:F5:23:F1:40:B9:F5:63:7A:11:D5:E9:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UA2xcVBSJTv1I_FAufVjehHV6a8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/I0A1XZK20LeCGssZOLkyFq_tvvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/1f7bad-e5dd-4e52-b0d4-8f5c9867e998/1/UA2xcVBSJTv1I_FAufVjehHV6a8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.67.88.0/21
                  185.103.64.0/22
                IPv6:
                  2a00:89c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:80:fb:ea:27:fe:2f:ea:f0:4a:d1:b7:fb:e1:0c:3a:4f:d4:
         d8:e7:58:5d:b0:90:38:94:84:c5:24:1d:0e:f4:6a:fe:61:ad:
         98:de:c1:b4:42:bb:91:b9:9f:c6:d0:2b:ed:03:19:22:0f:5d:
         6d:c6:74:40:17:12:4c:ea:93:99:e9:e9:99:dc:22:be:7e:8c:
         d3:eb:f0:0a:8d:2c:d3:84:7e:1b:2d:54:2c:0b:e7:cb:c4:83:
         3f:c3:db:e7:e4:65:74:7d:12:25:50:b6:0a:e4:c4:fb:10:c0:
         d4:ae:6f:d7:eb:5a:65:5c:94:0d:a8:ab:2b:b7:c8:d5:cb:64:
         df:91:7d:63:0c:3a:9b:86:20:10:80:63:6f:58:5d:d3:ec:f9:
         d8:f7:67:13:b6:0a:84:a9:c9:17:c4:6d:91:f2:81:e5:42:3e:
         cd:36:3f:7c:46:53:b9:1a:00:dc:63:fe:ef:6b:11:59:fe:b2:
         00:75:5d:b2:2b:e7:6e:52:7a:e9:c2:48:05:d6:44:cb:4c:db:
         35:a9:b4:37:df:b1:7e:c2:f5:9f:5e:7f:dd:14:c9:76:ae:32:
         44:9f:ad:58:bb:85:ee:f0:49:44:92:3f:da:35:4d:35:4a:16:
         7a:f2:73:9b:9f:61:e3:df:c1:a1:66:85:9b:89:3f:e9:97:82:
         cc:19:e9:4d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGSxh7suxDpYl9Zr0aN785MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMGRiMTcxNTA1MjI1M2JmNTIzZjE0MGI5ZjU2MzdhMTFk
NWU5YWYwHhcNMjQwMTAxMTgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQwMzU1ZDkyYjZkMGI3ODIxYWNiMTkzOGI5MzIxNmFmZWRiZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoo5Ppxa95i1pERmfU0nkOQ+f4Ova
fJ+RTYjIhbeCrxcUuvANUV/ZLlX97WUkc3bfoORIfLTalfXkn1ipu6oPYC6rXJPp
KR+fokAJ57q9DKv3Yr9wa60qEF1TjKgUP+D4mOL5RqLAjG15Nmtc7ztrDpdGYSTw
b4HfPNfPQRBkNe74RxYJVhdbYeemdjE5PDGiCO02GwYqKgoJL9SGpt0D+aJ27uSm
0z7FismfH8ST+QDIjtFQUt5MVBEJIJU2YVECdt9VRJRV4NNhAffJtFt74SOS/Cwr
YrELvOY3E8OS5HMfbuoIQ2dzAs3MFkGz/23LyBaBoF8RSa7FL9qYjN1klwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCNANV2SttC3ghrLGTi5Mhav7b7yMB8GA1UdIwQY
MBaAFFANsXFQUiU79SPxQLn1Y3oR1emvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUEyeGNWQlNKVHYxSV9GQXVmVmplaEhWNmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xZjdiYWQtZTVkZC00ZTUyLWIwZDQt
OGY1Yzk4NjdlOTk4LzEvSTBBMVhaSzIwTGVDR3NzWk9Ma3lGcV90dnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xZjdiYWQtZTVkZC00ZTUyLWIwZDQtOGY1Yzk4NjdlOTk4
LzEvVUEyeGNWQlNKVHYxSV9GQXVmVmplaEhWNmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsENYAwQC
uWdAMA0EAgACMAcDBQAqAInAMA0GCSqGSIb3DQEBCwUAA4IBAQAOgPvqJ/4v6vBK
0bf74Qw6T9TY51hdsJA4lITFJB0O9Gr+Ya2Y3sG0QruRuZ/G0CvtAxkiD11txnRA
FxJM6pOZ6emZ3CK+fozT6/AKjSzThH4bLVQsC+fLxIM/w9vn5GV0fRIlULYK5MT7
EMDUrm/X61plXJQNqKsrt8jVy2TfkX1jDDqbhiAQgGNvWF3T7PnY92cTtgqEqckX
xG2R8oHlQj7NNj98RlO5GgDcY/7vaxFZ/rIAdV2yK+duUnrpwkgF1kTLTNs1qbQ3
37F+wvWfXn/dFMl2rjJEn61Yu4Xu8ElEkj/aNU01ShZ68nObn2Hj38GhZoWbiT/p
l4LMGelN
-----END CERTIFICATE-----