Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/IkxqtZx761Ddz28CKebW5_RIGFQ.roa
File:                     IkxqtZx761Ddz28CKebW5_RIGFQ.roa (raw, json)
Hash identifier:          9U6P2CL3lpuZskZ/unMUjh4/W1bmMomSHjNoos/B1mo=
Subject key identifier:   22:4C:6A:B5:9C:7B:EB:50:DD:CF:6F:02:29:E6:D6:E7:F4:48:18:54
Certificate issuer:       /CN=e4d608e0f7a1086c8451de5d637847b52217abb4
Certificate serial:       018FA06B12625072D87FA03D90B2125DE8C4
Authority key identifier: E4:D6:08:E0:F7:A1:08:6C:84:51:DE:5D:63:78:47:B5:22:17:AB:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5NYI4PehCGyEUd5dY3hHtSIXq7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/IkxqtZx761Ddz28CKebW5_RIGFQ.roa
Signing time:             Wed 22 May 2024 13:08:42 +0000
ROA not before:           Wed 22 May 2024 13:08:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214977
IP address blocks:        194.11.239.0/24 maxlen: 24
                          2a14:4800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/5NYI4PehCGyEUd5dY3hHtSIXq7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/5NYI4PehCGyEUd5dY3hHtSIXq7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5NYI4PehCGyEUd5dY3hHtSIXq7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:6b:12:62:50:72:d8:7f:a0:3d:90:b2:12:5d:e8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4d608e0f7a1086c8451de5d637847b52217abb4
        Validity
            Not Before: May 22 13:08:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=224c6ab59c7beb50ddcf6f0229e6d6e7f4481854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:22:5a:0e:01:aa:4b:58:c4:7e:7f:bf:78:48:
                    bb:49:c8:33:e1:43:99:fe:2f:16:32:ed:9f:bf:47:
                    ee:d7:df:ad:cc:8f:ea:91:d7:c4:b1:be:ab:88:e5:
                    ba:b9:3d:97:a9:d5:76:be:b4:71:d3:3a:6e:18:bc:
                    f9:44:46:9f:62:1e:1a:6e:d2:83:7b:27:4b:c8:ae:
                    60:87:2b:eb:cd:bb:2f:f1:cd:44:26:44:0d:15:c0:
                    e6:ce:9e:c9:a1:20:75:ce:80:1c:74:c5:57:18:81:
                    6b:c0:ac:17:9f:54:1d:87:6b:fd:e3:73:fc:1e:5f:
                    04:91:1a:be:07:27:3e:e3:99:54:25:f3:28:a8:d2:
                    84:b7:a1:8b:be:83:40:82:30:6b:a5:f4:1d:d2:10:
                    63:30:13:9b:eb:ae:67:e0:f7:71:92:31:2f:53:3c:
                    8b:1d:0a:e9:b3:47:d2:1d:f8:95:d8:91:25:30:73:
                    6b:6c:bc:1d:7b:6a:b2:d9:bb:ca:7c:3c:2f:44:87:
                    ed:76:4b:33:fc:f6:9a:0e:d9:eb:54:8d:55:44:d9:
                    a3:ae:b4:18:92:ac:73:53:ff:f3:c2:92:79:60:62:
                    ef:3b:95:6e:ce:21:31:81:ff:96:7b:45:ec:b8:10:
                    5a:db:ab:e5:75:70:5e:ce:5f:15:23:8d:7e:a4:24:
                    ab:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4C:6A:B5:9C:7B:EB:50:DD:CF:6F:02:29:E6:D6:E7:F4:48:18:54
            X509v3 Authority Key Identifier:
                keyid:E4:D6:08:E0:F7:A1:08:6C:84:51:DE:5D:63:78:47:B5:22:17:AB:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5NYI4PehCGyEUd5dY3hHtSIXq7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/IkxqtZx761Ddz28CKebW5_RIGFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/eec70a-aa9f-42ae-8ad6-b7bbf5a1ac73/1/5NYI4PehCGyEUd5dY3hHtSIXq7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.239.0/24
                IPv6:
                  2a14:4800::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:50:c8:3e:9d:23:e0:f8:11:22:ef:9e:bf:aa:75:3d:b8:52:
         f2:25:35:a9:75:25:cc:e7:32:1f:85:c4:f2:ad:ae:19:b2:3e:
         1e:13:dc:44:be:0f:c2:9f:bf:d0:fe:a1:29:2e:3b:b3:23:5a:
         37:4e:a7:d0:ef:3a:4f:cf:94:3e:bc:7b:7a:f3:19:6e:40:53:
         2f:84:63:7c:27:ef:7d:e1:d7:3a:63:6f:1b:8b:ff:dc:46:52:
         a4:1a:a9:34:22:89:02:27:ec:6e:72:79:21:ba:59:5a:a1:0a:
         8c:1e:7d:4a:50:97:2f:ac:79:8a:0a:c3:10:c1:7e:4c:74:87:
         94:1d:b3:08:93:61:7e:bc:34:7a:4c:5f:ae:4b:a8:bc:fa:24:
         97:3f:62:d8:01:a5:ee:de:e0:d5:84:28:81:85:ac:61:00:7c:
         5c:16:8f:05:86:77:92:cb:a8:29:ca:d6:36:8a:c3:8c:f0:f2:
         6c:84:f3:5d:81:80:36:be:9f:72:74:64:16:a9:78:28:09:f9:
         11:3e:68:f4:a9:a0:cd:dc:73:26:c7:95:45:e8:0d:6d:a7:cc:
         95:4e:be:48:16:df:d4:32:c0:ec:5b:d7:d8:ea:97:e2:50:25:
         97:d3:66:9e:e0:6c:f3:f2:34:60:17:df:f8:cd:4f:86:df:71:
         8b:e5:52:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+gaxJiUHLYf6A9kLISXejEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZDYwOGUwZjdhMTA4NmM4NDUxZGU1ZDYzNzg0N2I1MjIx
N2FiYjQwHhcNMjQwNTIyMTMwODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjRjNmFiNTljN2JlYjUwZGRjZjZmMDIyOWU2ZDZlN2Y0NDgxODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviJaDgGqS1jEfn+/eEi7Scgz4UOZ
/i8WMu2fv0fu19+tzI/qkdfEsb6riOW6uT2XqdV2vrRx0zpuGLz5REafYh4abtKD
eydLyK5ghyvrzbsv8c1EJkQNFcDmzp7JoSB1zoAcdMVXGIFrwKwXn1Qdh2v943P8
Hl8EkRq+Byc+45lUJfMoqNKEt6GLvoNAgjBrpfQd0hBjMBOb665n4PdxkjEvUzyL
HQrps0fSHfiV2JElMHNrbLwde2qy2bvKfDwvRIftdksz/PaaDtnrVI1VRNmjrrQY
kqxzU//zwpJ5YGLvO5VuziExgf+We0XsuBBa26vldXBezl8VI41+pCSrOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCJMarWce+tQ3c9vAinm1uf0SBhUMB8GA1UdIwQY
MBaAFOTWCOD3oQhshFHeXWN4R7UiF6u0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU5ZSTRQZWhDR3lFVWQ1ZFkzaEh0U0lYcTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lZWM3MGEtYWE5Zi00MmFlLThhZDYt
YjdiYmY1YTFhYzczLzEvSWt4cXRaeDc2MURkejI4Q0tlYlc1X1JJR0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lZWM3MGEtYWE5Zi00MmFlLThhZDYtYjdiYmY1YTFhYzcz
LzEvNU5ZSTRQZWhDR3lFVWQ1ZFkzaEh0U0lYcTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgvvMA0E
AgACMAcDBQMqFEgAMA0GCSqGSIb3DQEBCwUAA4IBAQA7UMg+nSPg+BEi756/qnU9
uFLyJTWpdSXM5zIfhcTyra4Zsj4eE9xEvg/Cn7/Q/qEpLjuzI1o3TqfQ7zpPz5Q+
vHt68xluQFMvhGN8J+994dc6Y28bi//cRlKkGqk0IokCJ+xucnkhullaoQqMHn1K
UJcvrHmKCsMQwX5MdIeUHbMIk2F+vDR6TF+uS6i8+iSXP2LYAaXu3uDVhCiBhaxh
AHxcFo8FhneSy6gpytY2isOM8PJshPNdgYA2vp9ydGQWqXgoCfkRPmj0qaDN3HMm
x5VF6A1tp8yVTr5IFt/UMsDsW9fY6pfiUCWX02ae4Gzz8jRgF9/4zU+G33GL5VK8
-----END CERTIFICATE-----