Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/iPJble0T4IN3YY5OvjYwX1J7U0k.roa
File:                     iPJble0T4IN3YY5OvjYwX1J7U0k.roa (raw, json)
Hash identifier:          ETOi9KQ3T1wkXHiRjZ7vnX7PfzVFPcgVOFCJGNGZ8jI=
Subject key identifier:   88:F2:5B:95:ED:13:E0:83:77:61:8E:4E:BE:36:30:5F:52:7B:53:49
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018D8E5F70442DE48DE3077839A1EBE97E0B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/iPJble0T4IN3YY5OvjYwX1J7U0k.roa
Signing time:             Fri 09 Feb 2024 14:57:15 +0000
ROA not before:           Fri 09 Feb 2024 14:57:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        185.194.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:5f:70:44:2d:e4:8d:e3:07:78:39:a1:eb:e9:7e:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb  9 14:57:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88f25b95ed13e08377618e4ebe36305f527b5349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f3:36:12:24:bf:73:25:4e:27:7b:c8:50:b4:
                    3a:f9:da:41:04:25:6a:d8:e9:a5:87:39:91:8b:f7:
                    ec:d6:7f:cf:bc:07:ae:02:77:aa:14:4b:2a:c5:a2:
                    f5:5d:7c:bf:ff:64:cc:d1:b7:7a:67:a8:db:55:72:
                    a0:04:b8:bd:80:a1:94:24:80:a5:94:39:5f:28:26:
                    11:2c:58:4a:70:9c:22:ef:b3:98:b8:86:9d:48:48:
                    bc:12:08:0c:8b:f0:8d:24:80:87:56:8c:00:98:b4:
                    c5:32:47:1e:5e:83:54:bc:cb:48:32:0e:1f:e2:ec:
                    c0:1f:dc:ce:82:bf:e4:f5:fd:2f:80:39:db:46:f0:
                    db:f7:18:e1:8f:bb:23:35:70:06:c5:58:de:41:a6:
                    a2:80:d0:8b:c0:c1:af:6e:a0:09:36:c9:2e:77:38:
                    d4:46:c7:cf:e1:36:30:60:6a:48:7f:2a:29:92:70:
                    9f:0c:ce:43:e7:0d:41:7e:92:8d:e6:e9:69:c7:ff:
                    19:15:a0:45:59:8b:5f:07:0d:64:aa:42:c1:63:7b:
                    32:f7:a2:6e:93:c8:f5:e8:1a:7e:ed:ea:b7:62:b1:
                    6c:4e:f0:9a:e5:be:e4:43:54:28:ab:5e:40:36:95:
                    ea:cb:2a:82:bd:83:d3:f3:51:fd:4c:01:00:fd:32:
                    c3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F2:5B:95:ED:13:E0:83:77:61:8E:4E:BE:36:30:5F:52:7B:53:49
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/iPJble0T4IN3YY5OvjYwX1J7U0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:1b:70:7f:72:ac:cc:e5:62:ba:cf:dd:d7:90:05:a5:71:13:
         15:9f:7a:00:25:2e:f3:46:eb:8d:16:6d:ac:e1:29:03:30:1a:
         97:4c:78:f1:64:be:4b:f4:22:0a:4b:53:e1:da:05:1d:cb:e8:
         20:60:85:0b:24:cc:ba:23:86:3e:5d:4a:f0:95:82:2d:00:8b:
         a6:8b:c7:00:dd:3a:b1:f7:c5:70:39:7d:50:b3:cc:5b:be:9a:
         53:53:9a:61:ac:3c:c4:4a:87:54:06:f9:cb:69:21:97:8a:d2:
         1a:ec:2d:af:cd:9c:85:74:8c:ec:54:ca:db:90:b4:e2:76:9c:
         e6:81:8f:b8:5f:dd:04:45:e5:ce:e0:9e:fc:df:25:85:29:58:
         bc:ec:b7:6f:84:3b:45:40:72:5d:84:88:28:21:5c:75:4f:27:
         3a:61:84:1b:91:2d:ef:c7:17:1d:0d:36:aa:94:23:47:4b:c5:
         0b:65:77:cd:c6:9d:82:6a:43:0f:67:68:ce:c3:f8:8e:1f:57:
         eb:e9:cd:d8:9c:7a:c8:ab:a4:23:e3:ad:0f:73:3b:b5:6c:ed:
         53:79:d1:69:9f:c5:62:c3:29:de:38:26:5a:ca:81:43:c7:0c:
         9f:65:84:7a:2d:76:2a:9f:22:85:7c:65:f6:69:46:3a:9b:38:
         29:bc:5c:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2OX3BELeSN4wd4OaHr6X4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjA5MTQ1NzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGYyNWI5NWVkMTNlMDgzNzc2MThlNGViZTM2MzA1ZjUyN2I1MzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPM2EiS/cyVOJ3vIULQ6+dpBBCVq
2OmlhzmRi/fs1n/PvAeuAneqFEsqxaL1XXy//2TM0bd6Z6jbVXKgBLi9gKGUJICl
lDlfKCYRLFhKcJwi77OYuIadSEi8EggMi/CNJICHVowAmLTFMkceXoNUvMtIMg4f
4uzAH9zOgr/k9f0vgDnbRvDb9xjhj7sjNXAGxVjeQaaigNCLwMGvbqAJNskudzjU
RsfP4TYwYGpIfyopknCfDM5D5w1BfpKN5ulpx/8ZFaBFWYtfBw1kqkLBY3sy96Ju
k8j16Bp+7eq3YrFsTvCa5b7kQ1Qoq15ANpXqyyqCvYPT81H9TAEA/TLDiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjyW5XtE+CDd2GOTr42MF9Se1NJMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvaVBKYmxlMFQ0SU4zWVk1T3ZqWXdYMUo3VTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucKwMA0G
CSqGSIb3DQEBCwUAA4IBAQBPG3B/cqzM5WK6z93XkAWlcRMVn3oAJS7zRuuNFm2s
4SkDMBqXTHjxZL5L9CIKS1Ph2gUdy+ggYIULJMy6I4Y+XUrwlYItAIumi8cA3Tqx
98VwOX1Qs8xbvppTU5phrDzESodUBvnLaSGXitIa7C2vzZyFdIzsVMrbkLTidpzm
gY+4X90EReXO4J783yWFKVi87LdvhDtFQHJdhIgoIVx1Tyc6YYQbkS3vxxcdDTaq
lCNHS8ULZXfNxp2CakMPZ2jOw/iOH1fr6c3YnHrIq6Qj460Pczu1bO1TedFpn8Vi
wyneOCZayoFDxwyfZYR6LXYqnyKFfGX2aUY6mzgpvFxs
-----END CERTIFICATE-----