Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/0c96d4-c760-4aa6-85db-42c79b03b4df/1/IVI6eXmvEdZhS51kPMGX3KPCXKg.roa
File:                     IVI6eXmvEdZhS51kPMGX3KPCXKg.roa (raw, json)
Hash identifier:          7p8MD2m9ICr+ncDOqOfs3Bt2eIaSl201DHjAsQIoYms=
Subject key identifier:   21:52:3A:79:79:AF:11:D6:61:4B:9D:64:3C:C1:97:DC:A3:C2:5C:A8
Certificate issuer:       /CN=ddc88232c07de2cdcb96eaf9e751550baa66c588
Certificate serial:       018CC9BBBA7AA08C07221E2A5A057F8E3F31
Authority key identifier: DD:C8:82:32:C0:7D:E2:CD:CB:96:EA:F9:E7:51:55:0B:AA:66:C5:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ciCMsB94s3Llur551FVC6pmxYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/0c96d4-c760-4aa6-85db-42c79b03b4df/1/IVI6eXmvEdZhS51kPMGX3KPCXKg.roa
Signing time:             Tue 02 Jan 2024 10:32:52 +0000
ROA not before:           Tue 02 Jan 2024 10:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8538
IP address blocks:        192.162.104.0/22 maxlen: 22
                          195.8.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/0c96d4-c760-4aa6-85db-42c79b03b4df/1/3ciCMsB94s3Llur551FVC6pmxYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/0c96d4-c760-4aa6-85db-42c79b03b4df/1/3ciCMsB94s3Llur551FVC6pmxYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ciCMsB94s3Llur551FVC6pmxYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ba:7a:a0:8c:07:22:1e:2a:5a:05:7f:8e:3f:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddc88232c07de2cdcb96eaf9e751550baa66c588
        Validity
            Not Before: Jan  2 10:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21523a7979af11d6614b9d643cc197dca3c25ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:37:97:fa:a5:a4:c8:7d:82:4c:7e:93:a2:e0:
                    09:e7:56:92:ae:f5:0b:de:b1:b4:06:5c:a5:42:cf:
                    36:17:c2:48:50:60:35:86:f1:de:ca:45:c1:02:4d:
                    6d:5f:aa:34:e7:8e:49:1a:c5:26:2f:9c:10:c3:f6:
                    06:48:71:45:79:90:4e:44:83:71:e9:25:2f:b8:05:
                    51:de:7d:61:5f:fc:00:c4:2b:39:a6:04:0f:aa:31:
                    c6:25:e4:99:94:79:af:b6:44:56:77:47:d5:b3:17:
                    3e:85:18:99:4f:04:48:1f:0f:6b:01:02:07:e7:53:
                    7a:22:c9:4d:10:3b:c5:73:a7:5a:f7:00:0b:66:9b:
                    e4:63:00:cb:5c:b8:3d:e9:52:d9:b0:06:4d:9a:08:
                    1f:dc:4e:69:65:5f:f6:82:8e:00:fe:f1:96:f7:5b:
                    d7:40:37:ab:22:ab:fa:2c:e7:ae:51:1c:18:57:ca:
                    ee:b1:57:25:00:db:ea:e5:ac:05:b6:5b:d9:6e:da:
                    35:61:4c:74:87:7b:ab:0e:ea:d1:59:df:3e:e5:eb:
                    3c:c3:eb:3c:ae:67:c9:1c:e3:76:c9:9a:f8:00:45:
                    cd:40:3a:df:08:67:52:fe:f4:9e:bd:71:4e:d5:75:
                    ee:98:c3:cd:97:ea:e8:12:cf:de:d8:8b:14:bd:c6:
                    99:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:52:3A:79:79:AF:11:D6:61:4B:9D:64:3C:C1:97:DC:A3:C2:5C:A8
            X509v3 Authority Key Identifier:
                keyid:DD:C8:82:32:C0:7D:E2:CD:CB:96:EA:F9:E7:51:55:0B:AA:66:C5:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ciCMsB94s3Llur551FVC6pmxYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/0c96d4-c760-4aa6-85db-42c79b03b4df/1/IVI6eXmvEdZhS51kPMGX3KPCXKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/0c96d4-c760-4aa6-85db-42c79b03b4df/1/3ciCMsB94s3Llur551FVC6pmxYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.104.0/22
                  195.8.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:27:e0:c8:43:48:89:a8:be:80:91:ec:37:b7:a8:fe:3b:42:
         e3:d7:65:29:da:93:52:a8:1e:65:6b:3c:2a:0d:39:63:4c:db:
         ac:76:6a:f3:1e:f9:c2:f3:8f:57:f5:ae:f0:e8:c0:9e:bf:ca:
         c3:aa:1d:c0:06:17:dd:cb:ce:5e:cc:00:af:d0:f4:4a:3b:da:
         ad:e4:8d:fa:a9:1a:fd:62:69:ac:15:f7:d7:ae:be:e7:9f:7c:
         a0:1e:d0:de:4c:8e:9b:13:c7:e6:4e:5c:2b:24:8a:89:7e:64:
         c0:83:76:ad:10:b5:36:f4:68:be:2d:b0:9f:1b:f9:b1:68:c0:
         55:46:93:67:9f:dd:00:a4:ac:bd:52:e4:04:ea:eb:c7:ec:cf:
         cf:0c:c3:ac:44:63:8a:66:ca:12:ee:7a:f8:63:43:c1:25:a6:
         da:66:0c:2a:f1:c9:49:8e:7b:05:0c:1a:77:50:1a:39:4c:36:
         5e:1f:f4:fa:0e:e4:3c:b0:35:43:ed:45:ed:23:52:1e:c5:12:
         14:6e:cb:b8:07:49:b9:e8:32:1a:79:8b:91:d5:01:ee:e6:ca:
         85:5c:54:04:ad:ca:4c:21:86:e5:5a:4a:ac:0b:3b:3b:a9:ab:
         a7:04:3a:2a:92:dd:3a:e9:89:d1:bc:bc:a5:18:01:90:31:d2:
         1d:e3:d4:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJu7p6oIwHIh4qWgV/jj8xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYzg4MjMyYzA3ZGUyY2RjYjk2ZWFmOWU3NTE1NTBiYWE2
NmM1ODgwHhcNMjQwMTAyMTAzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTUyM2E3OTc5YWYxMWQ2NjE0YjlkNjQzY2MxOTdkY2EzYzI1Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTeX+qWkyH2CTH6TouAJ51aSrvUL
3rG0BlylQs82F8JIUGA1hvHeykXBAk1tX6o0545JGsUmL5wQw/YGSHFFeZBORINx
6SUvuAVR3n1hX/wAxCs5pgQPqjHGJeSZlHmvtkRWd0fVsxc+hRiZTwRIHw9rAQIH
51N6IslNEDvFc6da9wALZpvkYwDLXLg96VLZsAZNmggf3E5pZV/2go4A/vGW91vX
QDerIqv6LOeuURwYV8rusVclANvq5awFtlvZbto1YUx0h3urDurRWd8+5es8w+s8
rmfJHON2yZr4AEXNQDrfCGdS/vSevXFO1XXumMPNl+roEs/e2IsUvcaZ+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCFSOnl5rxHWYUudZDzBl9yjwlyoMB8GA1UdIwQY
MBaAFN3IgjLAfeLNy5bq+edRVQuqZsWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2NpQ01zQjk0czNMbHVyNTUxRlZDNnBteFlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wYzk2ZDQtYzc2MC00YWE2LTg1ZGIt
NDJjNzliMDNiNGRmLzEvSVZJNmVYbXZFZFpoUzUxa1BNR1gzS1BDWEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wYzk2ZDQtYzc2MC00YWE2LTg1ZGItNDJjNzliMDNiNGRm
LzEvM2NpQ01zQjk0czNMbHVyNTUxRlZDNnBteFlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwKJoAwQA
wwhzMA0GCSqGSIb3DQEBCwUAA4IBAQAHJ+DIQ0iJqL6Akew3t6j+O0Lj12Up2pNS
qB5lazwqDTljTNusdmrzHvnC849X9a7w6MCev8rDqh3ABhfdy85ezACv0PRKO9qt
5I36qRr9YmmsFffXrr7nn3ygHtDeTI6bE8fmTlwrJIqJfmTAg3atELU29Gi+LbCf
G/mxaMBVRpNnn90ApKy9UuQE6uvH7M/PDMOsRGOKZsoS7nr4Y0PBJabaZgwq8clJ
jnsFDBp3UBo5TDZeH/T6DuQ8sDVD7UXtI1IexRIUbsu4B0m56DIaeYuR1QHu5sqF
XFQErcpMIYblWkqsCzs7qaunBDoqkt066YnRvLylGAGQMdId49Tq
-----END CERTIFICATE-----