Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/I1UtTKdBH2HAxszqJU2L6SgMBqk.roa
File:                     I1UtTKdBH2HAxszqJU2L6SgMBqk.roa (raw, json)
Hash identifier:          rgi5RjvynIRdVPHA9w1DugTgyBqgl3uk7/Z8g+9yrFU=
Subject key identifier:   23:55:2D:4C:A7:41:1F:61:C0:C6:CC:EA:25:4D:8B:E9:28:0C:06:A9
Certificate issuer:       /CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
Certificate serial:       018CC7933EB37217DDE3C3C754C359B73191
Authority key identifier: E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/I1UtTKdBH2HAxszqJU2L6SgMBqk.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44307
IP address blocks:        96.125.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3e:b3:72:17:dd:e3:c3:c7:54:c3:59:b7:31:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d0c49a0e97e0d5f3ced3b7b6b9f72ca0cb53d6
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23552d4ca7411f61c0c6ccea254d8be9280c06a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1c:2c:f8:b6:15:99:8a:00:23:1a:20:da:a4:
                    60:b3:23:91:9e:63:9d:24:64:2a:cf:c0:06:4a:2c:
                    e3:58:c8:2b:5a:fd:09:7f:42:9f:c2:26:7c:93:b3:
                    ae:24:27:69:95:90:cc:e4:c5:59:5d:8a:e3:1e:f9:
                    ea:9a:11:a6:6f:0b:88:e1:34:20:22:a8:db:46:75:
                    3f:78:bd:4b:32:82:c3:01:17:9e:87:21:7d:61:f0:
                    29:57:32:d3:39:77:b0:53:b9:b3:dd:65:0b:49:b0:
                    d9:85:ed:f5:f8:24:5c:94:7f:71:20:bd:d4:a7:85:
                    06:e6:9e:bc:2c:f2:52:71:9c:41:5f:f0:30:71:cf:
                    fb:e6:26:3a:c5:4d:c4:38:48:7e:dc:6d:9b:29:1d:
                    d3:68:f6:3a:59:11:6d:fd:b2:f6:e0:7b:74:5d:3b:
                    43:ea:94:55:63:64:aa:b9:b3:aa:be:0c:27:e8:40:
                    12:b6:67:e6:9c:ca:14:56:1e:bb:b9:f0:fd:d1:9e:
                    98:18:ea:c8:52:38:2f:9a:65:9c:50:77:de:fa:3e:
                    8f:ec:8c:f3:36:3c:74:e0:52:55:bf:1a:43:3a:cb:
                    1c:ae:b4:4d:a4:02:07:f6:0f:f7:57:a1:9d:f3:d5:
                    86:d6:cd:fa:8d:84:77:40:86:45:64:4d:b3:63:75:
                    33:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:55:2D:4C:A7:41:1F:61:C0:C6:CC:EA:25:4D:8B:E9:28:0C:06:A9
            X509v3 Authority Key Identifier:
                keyid:E2:D0:C4:9A:0E:97:E0:D5:F3:CE:D3:B7:B6:B9:F7:2C:A0:CB:53:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tDEmg6X4NXzztO3trn3LKDLU9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/I1UtTKdBH2HAxszqJU2L6SgMBqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/9f0f7a-11eb-4383-bc6a-4690a007141f/1/4tDEmg6X4NXzztO3trn3LKDLU9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.125.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         62:04:91:ba:70:44:ee:1b:4e:7d:c9:28:e5:0b:56:ae:7c:75:
         32:c8:d8:e1:e1:f0:a9:53:ab:b7:82:78:7a:82:19:81:46:63:
         da:68:7a:68:9b:3d:c2:15:ba:b9:5c:ba:ad:c9:a4:bf:d1:16:
         d7:64:a8:70:65:3c:b6:6d:74:99:53:23:d8:00:52:3e:4e:ce:
         88:fc:f8:14:6a:da:c4:b8:04:b3:dd:28:da:cf:63:f3:01:dd:
         71:6e:6e:aa:ff:fd:a5:44:06:fe:91:3a:27:37:67:bb:bc:e0:
         2e:e7:3f:73:df:ee:8e:89:7a:b4:72:7e:90:c0:0e:1f:a5:ef:
         a3:bb:5e:3d:e1:69:29:9e:db:f9:df:22:af:e0:3f:35:2e:98:
         c9:21:f7:85:b2:f6:fc:fe:97:89:97:a8:24:23:e7:f2:61:da:
         f3:22:fe:0e:af:db:74:3d:a3:7d:8f:e1:fc:ce:79:95:69:f1:
         a7:3a:fa:cf:9d:6d:94:7a:13:6b:10:f6:f5:12:65:6b:c2:8a:
         e5:90:bd:92:f8:83:13:0d:6d:bd:8a:8c:6a:91:49:99:a3:4e:
         1d:f8:09:31:11:05:c4:65:c2:bd:03:2e:1e:5e:4d:08:5c:b0:
         29:c8:19:d6:46:5d:04:02:1a:bd:1c:42:cf:b6:65:ba:7c:e2:
         34:66:e7:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkz6zchfd48PHVMNZtzGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDBjNDlhMGU5N2UwZDVmM2NlZDNiN2I2YjlmNzJjYTBj
YjUzZDYwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU1MmQ0Y2E3NDExZjYxYzBjNmNjZWEyNTRkOGJlOTI4MGMwNmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxws+LYVmYoAIxog2qRgsyORnmOd
JGQqz8AGSizjWMgrWv0Jf0KfwiZ8k7OuJCdplZDM5MVZXYrjHvnqmhGmbwuI4TQg
IqjbRnU/eL1LMoLDAReehyF9YfApVzLTOXewU7mz3WULSbDZhe31+CRclH9xIL3U
p4UG5p68LPJScZxBX/Awcc/75iY6xU3EOEh+3G2bKR3TaPY6WRFt/bL24Ht0XTtD
6pRVY2SqubOqvgwn6EAStmfmnMoUVh67ufD90Z6YGOrIUjgvmmWcUHfe+j6P7Izz
Njx04FJVvxpDOsscrrRNpAIH9g/3V6Gd89WG1s36jYR3QIZFZE2zY3UzLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNVLUynQR9hwMbM6iVNi+koDAapMB8GA1UdIwQY
MBaAFOLQxJoOl+DV887Tt7a59yygy1PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEt
NDY5MGEwMDcxNDFmLzEvSTFVdFRLZEJIMkhBeHN6cUpVMkw2U2dNQnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85ZjBmN2EtMTFlYi00MzgzLWJjNmEtNDY5MGEwMDcxNDFm
LzEvNHRERW1nNlg0Tlh6enRPM3RybjNMS0RMVTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEYH2QMA0G
CSqGSIb3DQEBCwUAA4IBAQBiBJG6cETuG059ySjlC1aufHUyyNjh4fCpU6u3gnh6
ghmBRmPaaHpomz3CFbq5XLqtyaS/0RbXZKhwZTy2bXSZUyPYAFI+Ts6I/PgUatrE
uASz3Sjaz2PzAd1xbm6q//2lRAb+kTonN2e7vOAu5z9z3+6OiXq0cn6QwA4fpe+j
u1494Wkpntv53yKv4D81LpjJIfeFsvb8/peJl6gkI+fyYdrzIv4Or9t0PaN9j+H8
znmVafGnOvrPnW2UehNrEPb1EmVrworlkL2S+IMTDW29ioxqkUmZo04d+AkxEQXE
ZcK9Ay4eXk0IXLApyBnWRl0EAhq9HELPtmW6fOI0Zuee
-----END CERTIFICATE-----