Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/IOSllibqV1VAtKi4pcCBq6THH8Y.roa
File:                     IOSllibqV1VAtKi4pcCBq6THH8Y.roa (raw, json)
Hash identifier:          vQbnF2tURsvf7YkEYySUaBeQjumx095cllV+EVDhqdg=
Subject key identifier:   20:E4:A5:96:26:EA:57:55:40:B4:A8:B8:A5:C0:81:AB:A4:C7:1F:C6
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       018CC94CDCF954A165066B1C47FE5D7C0C68
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/IOSllibqV1VAtKi4pcCBq6THH8Y.roa
Signing time:             Tue 02 Jan 2024 08:31:46 +0000
ROA not before:           Tue 02 Jan 2024 08:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35545
IP address blocks:        185.42.222.0/24 maxlen: 24
                          2a06:bdc7::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:dc:f9:54:a1:65:06:6b:1c:47:fe:5d:7c:0c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  2 08:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20e4a59626ea575540b4a8b8a5c081aba4c71fc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1d:f5:6e:c3:6b:8e:09:c7:49:67:32:df:9f:
                    fb:85:74:64:8b:6c:26:dd:30:4c:84:b8:ea:1a:a3:
                    ad:22:19:0a:cf:8d:66:60:f9:a9:74:c8:64:02:e5:
                    7f:cc:28:61:56:0c:55:ba:e1:33:5f:20:ae:f8:06:
                    73:ab:1f:4f:99:95:c9:73:ce:aa:54:71:76:db:77:
                    dc:11:8e:5b:84:cb:cc:80:e2:d2:f2:3f:62:3f:b6:
                    6c:00:ff:39:ba:d9:33:50:5b:f0:02:67:03:a4:d5:
                    45:c0:2d:3b:56:53:1a:8d:41:65:27:61:44:90:15:
                    5f:02:2f:5a:7b:3d:a6:fc:91:c8:ef:c2:37:2e:8b:
                    05:b0:4e:d3:1e:a1:07:4d:3a:a8:ea:08:fe:33:b8:
                    7c:ae:6c:11:b3:32:c1:2d:b2:8a:da:0a:0d:fa:80:
                    ec:16:b2:53:17:53:61:31:83:98:f2:65:ea:28:36:
                    b4:d2:0e:e7:14:b6:73:b7:ac:60:f2:b2:33:04:fd:
                    2a:2a:eb:d6:ff:d4:81:f7:d6:63:99:9a:41:e2:9b:
                    62:b8:4b:86:89:85:4c:d0:9b:0c:ba:05:85:95:e2:
                    c8:8f:c0:b6:8d:d3:97:a4:76:96:ed:30:95:c7:21:
                    8c:dc:d0:bd:a6:5e:11:e6:bc:9f:8e:2b:fe:d7:96:
                    ac:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:E4:A5:96:26:EA:57:55:40:B4:A8:B8:A5:C0:81:AB:A4:C7:1F:C6
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/IOSllibqV1VAtKi4pcCBq6THH8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.222.0/24
                IPv6:
                  2a06:bdc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:dc:bd:fa:e3:1a:c4:ab:81:5d:40:d6:b8:fd:e7:c9:7f:af:
         6e:9e:3d:79:15:a8:a2:75:5a:e9:7c:60:17:a3:c2:89:71:14:
         fe:3f:9c:80:44:9e:4d:31:03:ea:9a:05:53:97:10:2f:01:e3:
         82:9c:48:4e:92:84:d9:c5:3b:f0:19:3c:0b:1b:49:a5:a3:f1:
         5c:12:52:fe:d1:c3:1d:db:79:be:3b:99:93:98:69:df:55:0d:
         8f:30:91:7c:15:f0:5e:12:ea:88:15:e2:4c:75:89:cd:52:61:
         b2:bf:81:04:61:15:4f:0e:e6:79:42:9f:28:5c:37:f0:9e:f5:
         54:f7:00:b1:37:80:03:2c:d1:2b:3d:50:99:3a:8c:31:f7:fc:
         82:82:6e:d2:ee:c6:e3:9f:47:64:01:0b:a6:c8:54:14:72:57:
         f6:54:15:77:08:00:c3:cd:76:a8:36:16:4c:c0:d2:e0:b7:4c:
         b6:80:c5:d5:3e:20:c9:87:04:ea:ed:99:e8:de:ff:cd:12:8b:
         ae:6a:65:e5:dc:ae:d0:d1:ee:5a:8d:9f:51:c3:62:8b:23:4d:
         02:89:a9:aa:cd:8d:98:58:c3:57:ed:ee:66:e2:f4:00:cd:05:
         fa:1d:26:44:3f:a7:b5:8d:f4:2b:20:81:98:bc:41:a0:31:45:
         2d:f0:ed:4e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTNz5VKFlBmscR/5dfAxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjQwMTAyMDgzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGU0YTU5NjI2ZWE1NzU1NDBiNGE4YjhhNWMwODFhYmE0YzcxZmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB31bsNrjgnHSWcy35/7hXRki2wm
3TBMhLjqGqOtIhkKz41mYPmpdMhkAuV/zChhVgxVuuEzXyCu+AZzqx9PmZXJc86q
VHF223fcEY5bhMvMgOLS8j9iP7ZsAP85utkzUFvwAmcDpNVFwC07VlMajUFlJ2FE
kBVfAi9aez2m/JHI78I3LosFsE7THqEHTTqo6gj+M7h8rmwRszLBLbKK2goN+oDs
FrJTF1NhMYOY8mXqKDa00g7nFLZzt6xg8rIzBP0qKuvW/9SB99ZjmZpB4ptiuEuG
iYVM0JsMugWFleLIj8C2jdOXpHaW7TCVxyGM3NC9pl4R5ryfjiv+15aswwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCDkpZYm6ldVQLSouKXAgaukxx/GMB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvSU9TbGxpYnFWMVZBdEtpNHBjQ0JxNlRISDhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSreMA0E
AgACMAcDBQAqBr3HMA0GCSqGSIb3DQEBCwUAA4IBAQBU3L364xrEq4FdQNa4/efJ
f69unj15FaiidVrpfGAXo8KJcRT+P5yARJ5NMQPqmgVTlxAvAeOCnEhOkoTZxTvw
GTwLG0mlo/FcElL+0cMd23m+O5mTmGnfVQ2PMJF8FfBeEuqIFeJMdYnNUmGyv4EE
YRVPDuZ5Qp8oXDfwnvVU9wCxN4ADLNErPVCZOowx9/yCgm7S7sbjn0dkAQumyFQU
clf2VBV3CADDzXaoNhZMwNLgt0y2gMXVPiDJhwTq7Zno3v/NEouuamXl3K7Q0e5a
jZ9Rw2KLI00CiamqzY2YWMNX7e5m4vQAzQX6HSZEP6e1jfQrIIGYvEGgMUUt8O1O
-----END CERTIFICATE-----