Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/IjUSPtuKW2-qqGTN7sdrChjNeu4.roa
File:                     IjUSPtuKW2-qqGTN7sdrChjNeu4.roa (raw, json)
Hash identifier:          dVVPyP1U635x3RDupixZPrAEQ4wZS3apZGSSR5cmZNY=
Subject key identifier:   22:35:12:3E:DB:8A:5B:6F:AA:A8:64:CD:EE:C7:6B:0A:18:CD:7A:EE
Certificate issuer:       /CN=f5346d3edbec6da72780722c0a41abeea63661d8
Certificate serial:       018CC9BC53B675B743B5D243B974F96F08C3
Authority key identifier: F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/IjUSPtuKW2-qqGTN7sdrChjNeu4.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.57.216.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 16:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:53:b6:75:b7:43:b5:d2:43:b9:74:f9:6f:08:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5346d3edbec6da72780722c0a41abeea63661d8
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2235123edb8a5b6faaa864cdeec76b0a18cd7aee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c1:b8:07:ce:c1:e6:4f:c8:22:75:d3:69:a7:
                    cd:61:28:59:ea:52:d0:00:e6:2d:2c:83:6b:96:ad:
                    03:24:fa:fc:c8:b5:60:86:a1:60:29:92:1c:e3:82:
                    6a:e6:e7:29:f4:8d:71:f1:f0:12:ec:f3:ba:ff:b9:
                    59:e5:80:c4:b4:3c:e4:e1:0c:49:40:2a:d1:26:c2:
                    11:8b:91:13:51:37:45:82:19:66:23:0c:ad:f1:c7:
                    09:9c:f4:3d:09:32:f9:43:f6:4e:ab:9f:79:f9:ad:
                    8f:9c:ba:15:c9:50:88:2f:a3:22:25:d3:e7:a4:96:
                    b8:84:10:6d:bb:09:94:d4:8e:2a:00:ca:02:d5:00:
                    de:66:96:9a:bb:7d:24:aa:0c:a3:b9:20:bc:42:3c:
                    60:b8:9d:f0:64:be:70:42:fa:00:e2:29:76:7a:96:
                    72:d5:a0:fe:f9:30:88:f6:a4:f0:f1:db:a3:22:ee:
                    f0:ec:70:a6:2c:39:8a:7c:ce:3e:42:d4:1f:fb:ac:
                    af:82:0a:24:70:4f:d4:f4:58:bd:49:f5:01:dc:84:
                    18:1a:1b:fa:e9:fb:f4:d4:ce:e8:71:7a:a4:04:93:
                    e1:ab:73:dd:09:77:37:29:5a:eb:c2:ec:1b:31:90:
                    37:2c:eb:23:7b:bf:6b:22:44:71:e3:c2:1b:30:c4:
                    03:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:35:12:3E:DB:8A:5B:6F:AA:A8:64:CD:EE:C7:6B:0A:18:CD:7A:EE
            X509v3 Authority Key Identifier:
                keyid:F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/IjUSPtuKW2-qqGTN7sdrChjNeu4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:f3:d7:f5:d6:ed:a5:d3:1e:ce:94:b9:06:2b:b1:96:f5:af:
         a0:03:8e:d4:93:97:fd:eb:14:0f:2d:8f:75:bf:c8:58:0c:51:
         f0:6d:1c:7b:bf:e5:58:d0:35:fe:22:23:25:78:47:0c:18:b5:
         04:55:34:bf:84:ce:93:1b:46:26:3e:71:5c:05:84:9a:6b:8c:
         0e:ac:ee:32:de:25:fd:89:b2:e2:c8:2c:9c:12:ed:7f:a6:f8:
         45:fd:14:95:54:5b:b0:48:36:31:81:7b:f7:0f:bd:27:5a:0c:
         f2:3e:fb:b6:4f:23:e2:b2:99:d0:50:84:04:75:d5:99:74:4a:
         6c:7d:2a:af:b3:82:21:87:d1:a8:d7:67:7a:b0:f1:8b:46:77:
         bd:06:1e:25:ca:22:70:61:41:21:62:da:95:9c:b9:0e:37:d2:
         3f:ce:ad:d6:ee:fb:ad:e9:ed:32:35:db:f9:ca:e8:e3:d2:43:
         04:fe:83:b8:20:26:e3:82:24:99:4a:1a:b5:c9:1b:52:6b:7b:
         e5:94:e6:1a:aa:5e:0b:fe:56:3c:6d:c3:48:f2:bb:b5:05:c4:
         b0:f5:aa:18:cb:eb:b2:fa:f0:a1:7e:cb:75:ae:58:02:6b:8b:
         ca:eb:08:43:fb:a0:f4:db:eb:02:98:05:86:69:b2:54:e8:0b:
         06:55:cd:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFO2dbdDtdJDuXT5bwjDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzQ2ZDNlZGJlYzZkYTcyNzgwNzIyYzBhNDFhYmVlYTYz
NjYxZDgwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjM1MTIzZWRiOGE1YjZmYWFhODY0Y2RlZWM3NmIwYTE4Y2Q3YWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8G4B87B5k/IInXTaafNYShZ6lLQ
AOYtLINrlq0DJPr8yLVghqFgKZIc44Jq5ucp9I1x8fAS7PO6/7lZ5YDEtDzk4QxJ
QCrRJsIRi5ETUTdFghlmIwyt8ccJnPQ9CTL5Q/ZOq595+a2PnLoVyVCIL6MiJdPn
pJa4hBBtuwmU1I4qAMoC1QDeZpaau30kqgyjuSC8QjxguJ3wZL5wQvoA4il2epZy
1aD++TCI9qTw8dujIu7w7HCmLDmKfM4+QtQf+6yvggokcE/U9Fi9SfUB3IQYGhv6
6fv01M7ocXqkBJPhq3PdCXc3KVrrwuwbMZA3LOsje79rIkRx48IbMMQDfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCI1Ej7biltvqqhkze7HawoYzXruMB8GA1UdIwQY
MBaAFPU0bT7b7G2nJ4ByLApBq+6mNmHYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQt
ZmE3MGJkOTBlODk0LzEvSWpVU1B0dUtXMi1xcUdUTjdzZHJDaGpOZXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQtZmE3MGJkOTBlODk0
LzEvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTnYMA0G
CSqGSIb3DQEBCwUAA4IBAQAA89f11u2l0x7OlLkGK7GW9a+gA47Uk5f96xQPLY91
v8hYDFHwbRx7v+VY0DX+IiMleEcMGLUEVTS/hM6TG0YmPnFcBYSaa4wOrO4y3iX9
ibLiyCycEu1/pvhF/RSVVFuwSDYxgXv3D70nWgzyPvu2TyPispnQUIQEddWZdEps
fSqvs4Ihh9Go12d6sPGLRne9Bh4lyiJwYUEhYtqVnLkON9I/zq3W7vut6e0yNdv5
yujj0kME/oO4ICbjgiSZShq1yRtSa3vllOYaql4L/lY8bcNI8ru1BcSw9aoYy+uy
+vChfst1rlgCa4vK6whD+6D02+sCmAWGabJU6AsGVc1X
-----END CERTIFICATE-----