Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/iGksZEIMtuJZNC9O0H-Kiggvfdc.roa
File:                     iGksZEIMtuJZNC9O0H-Kiggvfdc.roa (raw, json)
Hash identifier:          L/8khsLhPbnMbKmbGuohMmqVrxXU+NBHfE75uRG1G70=
Subject key identifier:   88:69:2C:64:42:0C:B6:E2:59:34:2F:4E:D0:7F:8A:8A:08:2F:7D:D7
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64ADD946CE6960A5B71CD46B9A66E0F
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/iGksZEIMtuJZNC9O0H-Kiggvfdc.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44103
IP address blocks:        185.150.96.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 23:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:94:6c:e6:96:0a:5b:71:cd:46:b9:a6:6e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88692c64420cb6e259342f4ed07f8a8a082f7dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:23:5c:7c:7f:6b:13:46:15:f2:69:e3:a2:18:
                    6d:31:1c:5a:f0:e3:77:a2:d8:56:f0:c3:33:a2:7d:
                    83:3f:96:07:eb:bf:88:92:4c:42:9f:12:b9:32:6c:
                    27:87:04:a7:fc:fd:01:05:d3:eb:6d:26:26:56:8e:
                    5a:e7:4e:5f:55:c6:57:93:28:ea:d0:6b:bd:de:bb:
                    69:dd:0a:79:c8:06:f7:57:37:6c:d0:b3:2a:0d:d1:
                    88:4a:c0:80:b9:6b:c1:5d:bc:39:f3:b4:20:e1:28:
                    07:27:fe:11:7e:3c:c7:66:c0:d8:b7:80:59:28:7c:
                    ec:65:4c:2b:63:0d:02:62:20:03:1e:97:96:b0:38:
                    5b:ef:12:8b:aa:1f:02:d7:38:e3:d2:5c:60:79:a0:
                    d2:34:a5:d8:cb:2e:6e:52:98:25:c5:4a:b7:2a:59:
                    03:e3:63:90:d0:c8:fc:29:da:c6:62:59:ba:ce:64:
                    16:a7:ff:44:ba:07:ca:4b:40:20:fa:4a:66:20:12:
                    a0:6d:b2:bc:3d:3a:f3:7d:2f:51:66:d2:a9:d4:bd:
                    28:a9:f9:e2:ce:7f:d7:0d:d5:2c:bb:95:aa:66:45:
                    af:b7:f6:bc:7d:dc:44:cb:a6:2e:9b:8f:2d:a4:48:
                    d6:cb:ce:21:e8:0a:74:03:1b:d9:06:fa:29:50:2e:
                    28:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:69:2C:64:42:0C:B6:E2:59:34:2F:4E:D0:7F:8A:8A:08:2F:7D:D7
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/iGksZEIMtuJZNC9O0H-Kiggvfdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:6e:8b:be:c3:7f:1d:ca:c0:49:09:55:65:72:71:95:a0:9e:
         d6:82:3d:f7:79:5d:ed:c4:2d:8f:c7:55:f7:43:7f:a0:bc:8c:
         58:d0:65:b7:a2:84:fc:4f:6c:be:08:5f:7a:cf:5d:a8:83:40:
         48:fc:16:96:64:79:da:51:63:05:31:1d:ab:c7:e1:91:8d:c8:
         b3:76:81:82:b0:94:6a:d2:db:da:de:f6:f7:4e:f0:1d:ba:5f:
         65:90:cd:bc:c4:cc:31:19:c5:c1:fc:8b:9d:ce:d1:29:bd:27:
         30:19:98:c2:6f:0b:4d:28:d6:b3:2c:ca:3d:87:9c:fc:aa:8b:
         eb:19:52:96:f6:84:ac:3a:58:f0:5d:16:02:31:8e:41:c9:b1:
         3d:c8:67:50:67:3a:b5:a3:69:de:11:de:e6:96:63:6f:85:6e:
         8a:55:c0:d0:f9:e9:59:5b:20:f7:d7:06:22:04:30:78:0e:a0:
         e8:e5:37:6b:65:34:79:32:43:e0:a1:13:e8:e8:d9:97:c6:08:
         6e:05:60:61:b7:e3:a3:23:58:e5:de:44:c0:a2:b6:03:cc:83:
         fe:1a:79:d7:eb:05:26:b5:ae:6e:d0:de:b9:e8:22:56:bb:52:
         29:b4:a2:9a:0a:70:d1:46:ab:8b:10:d6:da:82:f8:03:18:1c:
         d2:91:74:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt2UbOaWCltxzUa5pm4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODY5MmM2NDQyMGNiNmUyNTkzNDJmNGVkMDdmOGE4YTA4MmY3ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiNcfH9rE0YV8mnjohhtMRxa8ON3
othW8MMzon2DP5YH67+IkkxCnxK5MmwnhwSn/P0BBdPrbSYmVo5a505fVcZXkyjq
0Gu93rtp3Qp5yAb3Vzds0LMqDdGISsCAuWvBXbw587Qg4SgHJ/4RfjzHZsDYt4BZ
KHzsZUwrYw0CYiADHpeWsDhb7xKLqh8C1zjj0lxgeaDSNKXYyy5uUpglxUq3KlkD
42OQ0Mj8KdrGYlm6zmQWp/9EugfKS0Ag+kpmIBKgbbK8PTrzfS9RZtKp1L0oqfni
zn/XDdUsu5WqZkWvt/a8fdxEy6Yum48tpEjWy84h6Ap0AxvZBvopUC4o4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhpLGRCDLbiWTQvTtB/iooIL33XMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvaUdrc1pFSU10dUpaTkM5TzBILUtpZ2d2ZmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZZgMA0G
CSqGSIb3DQEBCwUAA4IBAQBnbou+w38dysBJCVVlcnGVoJ7Wgj33eV3txC2Px1X3
Q3+gvIxY0GW3ooT8T2y+CF96z12og0BI/BaWZHnaUWMFMR2rx+GRjcizdoGCsJRq
0tva3vb3TvAdul9lkM28xMwxGcXB/IudztEpvScwGZjCbwtNKNazLMo9h5z8qovr
GVKW9oSsOljwXRYCMY5BybE9yGdQZzq1o2neEd7mlmNvhW6KVcDQ+elZWyD31wYi
BDB4DqDo5TdrZTR5MkPgoRPo6NmXxghuBWBht+OjI1jl3kTAorYDzIP+GnnX6wUm
ta5u0N656CJWu1IptKKaCnDRRquLENbagvgDGBzSkXR8
-----END CERTIFICATE-----