Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/0a94e4-001c-4d15-91e9-47a412815fb4/1/IxD1mp8vaQhY3xhjXFEXF8jLsrM.roa
File:                     IxD1mp8vaQhY3xhjXFEXF8jLsrM.roa (raw, json)
Hash identifier:          sip53eZPe6STi3qQ8f+32pXvKbENUw2kpoLhpWIxh2w=
Subject key identifier:   23:10:F5:9A:9F:2F:69:08:58:DF:18:63:5C:51:17:17:C8:CB:B2:B3
Certificate issuer:       /CN=9d23c330ebe853e125b0c1ad2b16d79d25e4f3f8
Certificate serial:       018CC49229460C9B478AC45623AFEBACC517
Authority key identifier: 9D:23:C3:30:EB:E8:53:E1:25:B0:C1:AD:2B:16:D7:9D:25:E4:F3:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSPDMOvoU-ElsMGtKxbXnSXk8_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/0a94e4-001c-4d15-91e9-47a412815fb4/1/IxD1mp8vaQhY3xhjXFEXF8jLsrM.roa
Signing time:             Mon 01 Jan 2024 10:29:22 +0000
ROA not before:           Mon 01 Jan 2024 10:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3331
IP address blocks:        185.106.164.0/22 maxlen: 22
                          2a04:ea40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/0a94e4-001c-4d15-91e9-47a412815fb4/1/nSPDMOvoU-ElsMGtKxbXnSXk8_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/0a94e4-001c-4d15-91e9-47a412815fb4/1/nSPDMOvoU-ElsMGtKxbXnSXk8_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSPDMOvoU-ElsMGtKxbXnSXk8_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:29:46:0c:9b:47:8a:c4:56:23:af:eb:ac:c5:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d23c330ebe853e125b0c1ad2b16d79d25e4f3f8
        Validity
            Not Before: Jan  1 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2310f59a9f2f690858df18635c511717c8cbb2b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:01:2b:53:b7:2f:40:b1:62:0f:4b:00:83:4e:
                    a9:2e:8f:44:13:d2:31:31:69:6a:5f:a4:e7:83:14:
                    fd:64:49:5e:32:5f:82:41:7b:8e:34:73:9b:bc:43:
                    dd:b4:ec:b8:9d:06:32:e1:bc:fd:e9:5e:24:48:02:
                    f5:ae:ca:a7:e3:91:80:f1:b2:8b:86:2c:12:c7:ae:
                    ed:18:a4:3c:67:71:00:ec:11:a2:47:a9:22:ae:68:
                    ec:d8:b4:cd:fb:a5:e6:8d:93:a1:27:95:15:10:f9:
                    24:8d:f8:19:e4:f0:83:5a:b1:0d:bf:6e:a2:8b:e8:
                    b4:d5:13:40:23:b1:dc:70:a1:7b:26:93:16:70:5b:
                    2b:8a:47:5d:a3:bd:1a:33:0c:75:41:73:60:5f:bc:
                    c6:ff:38:98:a1:d1:04:20:a9:38:09:4f:d6:7e:36:
                    71:10:a7:e6:82:e0:2f:63:0e:c5:e6:cb:3b:43:37:
                    e3:55:71:b7:03:11:65:f4:36:eb:3a:de:22:63:69:
                    75:25:e7:87:a2:fe:5a:ed:5e:38:3a:e9:ac:e8:6e:
                    e1:ef:d8:5a:95:43:fe:7d:4f:9b:9e:cc:a7:dc:4e:
                    da:11:a7:24:c5:5c:72:39:de:01:e3:ad:9c:67:20:
                    a2:a5:3d:5f:02:bf:e0:00:4f:be:42:55:0c:54:9f:
                    4d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:10:F5:9A:9F:2F:69:08:58:DF:18:63:5C:51:17:17:C8:CB:B2:B3
            X509v3 Authority Key Identifier:
                keyid:9D:23:C3:30:EB:E8:53:E1:25:B0:C1:AD:2B:16:D7:9D:25:E4:F3:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSPDMOvoU-ElsMGtKxbXnSXk8_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/0a94e4-001c-4d15-91e9-47a412815fb4/1/IxD1mp8vaQhY3xhjXFEXF8jLsrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/0a94e4-001c-4d15-91e9-47a412815fb4/1/nSPDMOvoU-ElsMGtKxbXnSXk8_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.164.0/22
                IPv6:
                  2a04:ea40::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:2a:da:b7:17:4e:62:ab:92:41:76:9b:5f:d5:35:60:19:8c:
         af:6f:2f:d4:57:c2:06:0d:08:97:d3:d3:63:f9:f8:c3:f3:3c:
         0d:91:07:71:da:9e:1a:72:00:88:41:f4:86:fc:07:60:2d:11:
         dd:7f:2d:0e:cd:cb:c4:2f:09:c3:33:af:e4:d7:fa:4f:04:89:
         0c:c5:dc:93:0d:ae:10:77:b8:43:f4:69:7e:9f:a5:1d:27:33:
         4d:da:c7:21:de:27:15:3a:d6:11:57:f6:03:bc:6e:e3:21:cd:
         e5:1e:fe:c7:40:36:9b:d9:f3:f0:63:2b:fd:87:90:4f:2e:09:
         d4:5d:ff:dc:6a:cf:2a:b0:d7:c6:9c:db:3d:2e:29:9e:12:6c:
         56:24:a5:ab:6b:65:de:7e:02:96:5b:e1:e4:69:82:b2:fe:99:
         24:f4:53:20:32:38:5d:f9:7b:0e:0e:dc:99:53:21:86:9a:50:
         b4:a2:e5:08:46:85:ea:df:0e:b8:cb:21:fc:40:28:e8:e1:43:
         29:5d:e4:45:ec:41:f6:4c:73:ff:1b:46:6a:82:01:9d:4f:0d:
         99:05:a8:f3:c6:b6:ca:f5:a6:09:75:0a:a7:ad:7d:51:04:99:
         c8:77:51:8c:36:27:a1:a9:02:03:94:4f:01:cc:e9:6f:5f:26:
         5c:87:8d:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkilGDJtHisRWI6/rrMUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjNjMzMwZWJlODUzZTEyNWIwYzFhZDJiMTZkNzlkMjVl
NGYzZjgwHhcNMjQwMTAxMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzEwZjU5YTlmMmY2OTA4NThkZjE4NjM1YzUxMTcxN2M4Y2JiMmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwErU7cvQLFiD0sAg06pLo9EE9Ix
MWlqX6TngxT9ZEleMl+CQXuONHObvEPdtOy4nQYy4bz96V4kSAL1rsqn45GA8bKL
hiwSx67tGKQ8Z3EA7BGiR6kirmjs2LTN+6XmjZOhJ5UVEPkkjfgZ5PCDWrENv26i
i+i01RNAI7HccKF7JpMWcFsrikddo70aMwx1QXNgX7zG/ziYodEEIKk4CU/WfjZx
EKfmguAvYw7F5ss7QzfjVXG3AxFl9DbrOt4iY2l1JeeHov5a7V44Oums6G7h79ha
lUP+fU+bnsyn3E7aEackxVxyOd4B462cZyCipT1fAr/gAE++QlUMVJ9NgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCMQ9ZqfL2kIWN8YY1xRFxfIy7KzMB8GA1UdIwQY
MBaAFJ0jwzDr6FPhJbDBrSsW150l5PP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNQRE1Pdm9VLUVsc01HdEt4YlhuU1hrOF9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8wYTk0ZTQtMDAxYy00ZDE1LTkxZTkt
NDdhNDEyODE1ZmI0LzEvSXhEMW1wOHZhUWhZM3hoalhGRVhGOGpMc3JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8wYTk0ZTQtMDAxYy00ZDE1LTkxZTktNDdhNDEyODE1ZmI0
LzEvblNQRE1Pdm9VLUVsc01HdEt4YlhuU1hrOF9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWqkMA0E
AgACMAcDBQMqBOpAMA0GCSqGSIb3DQEBCwUAA4IBAQCeKtq3F05iq5JBdptf1TVg
GYyvby/UV8IGDQiX09Nj+fjD8zwNkQdx2p4acgCIQfSG/AdgLRHdfy0OzcvELwnD
M6/k1/pPBIkMxdyTDa4Qd7hD9Gl+n6UdJzNN2sch3icVOtYRV/YDvG7jIc3lHv7H
QDab2fPwYyv9h5BPLgnUXf/cas8qsNfGnNs9LimeEmxWJKWra2XefgKWW+HkaYKy
/pkk9FMgMjhd+XsODtyZUyGGmlC0ouUIRoXq3w64yyH8QCjo4UMpXeRF7EH2THP/
G0ZqggGdTw2ZBajzxrbK9aYJdQqnrX1RBJnId1GMNiehqQIDlE8BzOlvXyZch43r
-----END CERTIFICATE-----