Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/IzqHLbMV3quTOHbWC-5Dp-qMCOY.roa
File:                     IzqHLbMV3quTOHbWC-5Dp-qMCOY.roa (raw, json)
Hash identifier:          in4cAdy5FV8BhF570JweXekuIvEzPng1Yb2z80jHScI=
Subject key identifier:   23:3A:87:2D:B3:15:DE:AB:93:38:76:D6:0B:EE:43:A7:EA:8C:08:E6
Certificate issuer:       /CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
Certificate serial:       018F9A4CF052FE99E60FF5012CABEC8EFBAE
Authority key identifier: 11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/IzqHLbMV3quTOHbWC-5Dp-qMCOY.roa
Signing time:             Tue 21 May 2024 08:38:04 +0000
ROA not before:           Tue 21 May 2024 08:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31898
IP address blocks:        185.125.42.0/24 maxlen: 24
                          2a06:b7c2::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:4c:f0:52:fe:99:e6:0f:f5:01:2c:ab:ec:8e:fb:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
        Validity
            Not Before: May 21 08:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=233a872db315deab933876d60bee43a7ea8c08e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c9:b7:56:ec:75:01:99:42:52:5a:cb:71:dc:
                    8b:97:58:5c:55:48:74:27:81:5e:38:0c:c5:87:09:
                    ea:5f:51:24:99:fc:26:68:63:62:67:db:39:8e:cf:
                    84:8a:a3:f6:6e:76:95:42:a1:75:8f:2c:04:ad:41:
                    12:d5:77:cc:dc:de:ae:01:e6:39:d5:31:e5:70:59:
                    83:ad:3f:4a:1e:ab:cf:a6:d9:f5:a4:74:98:d9:31:
                    65:2d:10:ba:28:d9:0b:5c:b7:d6:cf:55:2e:1e:71:
                    44:c9:57:f3:be:3c:13:96:70:03:7a:55:9e:0f:7c:
                    5f:b0:fd:c2:e8:ad:fb:ef:9f:65:f8:4a:a9:18:0a:
                    27:b7:e6:24:0b:32:31:29:f1:d3:dc:67:ec:ef:dd:
                    ac:9a:c4:23:e9:85:6a:89:52:1d:63:8e:25:15:e9:
                    2c:9e:9d:3b:e7:40:57:1c:b7:bd:b9:8f:bd:d6:05:
                    69:78:b7:77:e9:cb:21:9c:7a:45:e2:b1:a2:e5:30:
                    ba:6f:4a:7b:92:6b:30:c2:9f:cd:0a:f0:bb:c9:78:
                    c2:84:98:ef:5d:eb:ba:2b:fb:66:fa:33:b1:f7:78:
                    a5:10:7f:4c:16:9a:8f:c0:4d:67:9f:7d:c8:d9:bb:
                    11:1e:76:3c:2d:c4:8d:cf:92:29:4e:e6:99:c5:4a:
                    2c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:3A:87:2D:B3:15:DE:AB:93:38:76:D6:0B:EE:43:A7:EA:8C:08:E6
            X509v3 Authority Key Identifier:
                keyid:11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/IzqHLbMV3quTOHbWC-5Dp-qMCOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.42.0/24
                IPv6:
                  2a06:b7c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:3a:af:26:41:7d:26:91:2e:55:eb:fe:87:87:1a:95:1c:c2:
         e4:00:d5:f8:97:41:4d:23:5b:a3:ed:10:a7:26:61:a3:59:e3:
         b5:30:12:29:1c:e5:d8:48:d1:e6:12:a0:c1:c9:a3:b5:ce:67:
         44:d8:bc:e9:bd:8d:bc:59:3e:7f:a0:8b:af:4e:88:37:c2:a4:
         0a:a4:e0:34:2c:c3:3f:8b:69:de:d9:c1:47:f6:6f:7a:08:24:
         04:11:b5:ae:4a:7a:79:ed:f9:c7:6e:72:c7:5e:0d:46:62:1c:
         d9:58:1c:df:bf:8d:28:c2:43:b9:85:e5:9a:60:30:a2:f0:4b:
         5f:9f:38:ce:76:f9:6d:fc:76:82:d5:ba:8e:eb:dc:ff:1b:98:
         85:16:1a:4a:54:f2:92:51:82:ad:1f:6f:5d:39:6b:67:12:e9:
         f0:29:02:fd:e9:9b:11:7f:b3:ee:ff:db:1e:08:44:dd:57:ec:
         6f:08:c9:e8:7a:e7:e1:07:0f:ff:20:88:e7:57:91:68:dd:ac:
         9f:55:a6:c3:c6:3e:eb:e2:9a:7e:5d:e2:3c:76:2e:e5:bb:28:
         8f:7d:e5:81:55:44:bd:77:ee:07:1d:b6:65:51:c4:0f:c7:3f:
         09:fb:79:d8:61:c1:de:7c:91:41:12:9e:d0:6c:01:7e:02:68:
         87:24:5f:10
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+aTPBS/pnmD/UBLKvsjvuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWUwY2JiZTVkMWMwYTA5NDY1MDk1ZTQ0NGZiYzFjNzkz
MmM2ODMwHhcNMjQwNTIxMDgzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzNhODcyZGIzMTVkZWFiOTMzODc2ZDYwYmVlNDNhN2VhOGMwOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8m3Vux1AZlCUlrLcdyLl1hcVUh0
J4FeOAzFhwnqX1EkmfwmaGNiZ9s5js+EiqP2bnaVQqF1jywErUES1XfM3N6uAeY5
1THlcFmDrT9KHqvPptn1pHSY2TFlLRC6KNkLXLfWz1UuHnFEyVfzvjwTlnADelWe
D3xfsP3C6K37759l+EqpGAont+YkCzIxKfHT3Gfs792smsQj6YVqiVIdY44lFeks
np0750BXHLe9uY+91gVpeLd36cshnHpF4rGi5TC6b0p7kmswwp/NCvC7yXjChJjv
Xeu6K/tm+jOx93ilEH9MFpqPwE1nn33I2bsRHnY8LcSNz5IpTuaZxUosLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCM6hy2zFd6rkzh21gvuQ6fqjAjmMB8GA1UdIwQY
MBaAFBEeDLvl0cCglGUJXkRPvBx5MsaDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3Nzgt
ZDE1ZTUxNmRjNDVjLzEvSXpxSExiTVYzcXVUT0hiV0MtNURwLXFNQ09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3NzgtZDE1ZTUxNmRjNDVj
LzEvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuX0qMA0E
AgACMAcDBQAqBrfCMA0GCSqGSIb3DQEBCwUAA4IBAQBQOq8mQX0mkS5V6/6HhxqV
HMLkANX4l0FNI1uj7RCnJmGjWeO1MBIpHOXYSNHmEqDByaO1zmdE2LzpvY28WT5/
oIuvTog3wqQKpOA0LMM/i2ne2cFH9m96CCQEEbWuSnp57fnHbnLHXg1GYhzZWBzf
v40owkO5heWaYDCi8EtfnzjOdvlt/HaC1bqO69z/G5iFFhpKVPKSUYKtH29dOWtn
EunwKQL96ZsRf7Pu/9seCETdV+xvCMnoeufhBw//IIjnV5Fo3ayfVabDxj7r4pp+
XeI8di7luyiPfeWBVUS9d+4HHbZlUcQPxz8J+3nYYcHefJFBEp7QbAF+AmiHJF8Q
-----END CERTIFICATE-----