Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c5bb6b-6425-453a-b942-89c53d630765/1/ixQgI5YjtTLfgJuOGhz9L-NB540.roa
File:                     ixQgI5YjtTLfgJuOGhz9L-NB540.roa (raw, json)
Hash identifier:          FyfM+JWLBLwPxBXmSfGR5UKDIaXEuKYXhf8m7vi1mok=
Subject key identifier:   8B:14:20:23:96:23:B5:32:DF:80:9B:8E:1A:1C:FD:2F:E3:41:E7:8D
Certificate issuer:       /CN=53550b2382e00fa7df194e6485fe1425836213ff
Certificate serial:       018CCA991FD09501D7D92B18B17AE35CF127
Authority key identifier: 53:55:0B:23:82:E0:0F:A7:DF:19:4E:64:85:FE:14:25:83:62:13:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U1ULI4LgD6ffGU5khf4UJYNiE_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c5bb6b-6425-453a-b942-89c53d630765/1/ixQgI5YjtTLfgJuOGhz9L-NB540.roa
Signing time:             Tue 02 Jan 2024 14:34:41 +0000
ROA not before:           Tue 02 Jan 2024 14:34:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13244
IP address blocks:        194.153.171.0/24 maxlen: 24
                          194.9.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/c5bb6b-6425-453a-b942-89c53d630765/1/U1ULI4LgD6ffGU5khf4UJYNiE_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/c5bb6b-6425-453a-b942-89c53d630765/1/U1ULI4LgD6ffGU5khf4UJYNiE_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U1ULI4LgD6ffGU5khf4UJYNiE_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:1f:d0:95:01:d7:d9:2b:18:b1:7a:e3:5c:f1:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53550b2382e00fa7df194e6485fe1425836213ff
        Validity
            Not Before: Jan  2 14:34:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b1420239623b532df809b8e1a1cfd2fe341e78d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6a:cc:87:e8:f7:2e:15:50:75:9c:2d:de:d2:
                    c3:63:c7:15:ab:6a:37:59:f5:88:a1:c2:e5:30:67:
                    7c:4c:f4:6c:73:d2:b5:8f:26:1f:fa:38:a9:00:04:
                    1a:8a:22:1d:ce:17:46:58:1a:6a:f1:70:53:db:c1:
                    e2:d0:f6:c0:41:b5:5f:8a:5f:e6:d2:4e:79:e1:bc:
                    40:38:3d:bf:15:dc:3b:46:ab:e1:03:98:9c:4f:7c:
                    78:84:dd:28:57:fc:d3:e9:ee:2d:40:f6:11:b0:b5:
                    11:cf:29:7c:d2:fd:02:eb:a7:31:fd:55:0c:ed:2a:
                    3c:d7:16:73:e8:05:f4:b6:73:31:5c:a7:ca:fa:4d:
                    07:71:bb:68:f9:16:2a:53:7c:dc:f4:3b:aa:75:42:
                    0a:73:77:fa:ff:5f:92:86:6c:f7:96:43:31:d0:15:
                    9e:92:e8:ac:0c:b4:1f:97:78:e5:6a:4c:de:3f:b6:
                    11:46:75:6e:b7:3b:d9:a4:b1:47:f3:19:29:c2:de:
                    77:34:68:9a:c4:9a:92:07:2a:83:3f:63:e4:57:6c:
                    57:bc:99:6e:89:d5:73:1d:95:13:46:47:1e:3d:0b:
                    f5:f0:b5:1a:d0:1c:1e:45:af:55:8d:0a:f1:2c:de:
                    02:7e:6a:32:74:98:53:2d:09:81:cd:f6:4c:10:a2:
                    45:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:14:20:23:96:23:B5:32:DF:80:9B:8E:1A:1C:FD:2F:E3:41:E7:8D
            X509v3 Authority Key Identifier:
                keyid:53:55:0B:23:82:E0:0F:A7:DF:19:4E:64:85:FE:14:25:83:62:13:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1ULI4LgD6ffGU5khf4UJYNiE_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c5bb6b-6425-453a-b942-89c53d630765/1/ixQgI5YjtTLfgJuOGhz9L-NB540.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c5bb6b-6425-453a-b942-89c53d630765/1/U1ULI4LgD6ffGU5khf4UJYNiE_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.170.0/24
                  194.153.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:63:cd:17:a9:c8:00:b9:85:20:7d:fc:2e:b7:52:28:b3:8a:
         9c:b3:b5:8d:42:6a:26:0b:cf:e5:d4:db:4f:af:60:7a:8f:68:
         13:8e:a9:95:88:58:1a:90:4f:01:37:c3:63:57:b8:45:72:9b:
         8c:fe:f3:4f:db:94:08:85:56:44:72:51:21:4c:14:0c:9a:40:
         7d:f5:69:bb:75:4c:66:00:ec:8a:d4:5a:6d:01:b2:78:4e:44:
         28:03:ba:aa:e4:cd:53:17:39:bf:83:7c:a1:8a:ec:81:3b:97:
         c6:db:5f:1d:62:99:82:fa:dd:44:5b:2e:63:86:2d:68:9b:26:
         d6:cb:52:98:91:c6:1b:a8:71:34:ff:e2:52:19:98:1c:83:28:
         3c:ce:7c:8e:aa:35:fe:be:73:f1:21:ab:5f:ce:c5:fd:73:49:
         fa:22:d0:c3:2b:7c:b2:a1:e5:99:ca:08:40:20:88:59:1c:d9:
         1d:de:55:ed:96:a4:b9:4d:cd:b0:cf:81:2b:34:f0:b0:21:d4:
         13:d0:b2:fe:ba:ac:5c:d6:43:19:b0:4c:45:24:58:ca:5b:d1:
         30:b9:b9:b5:5c:71:31:db:ea:a6:1e:2a:9f:25:f0:58:71:40:
         ef:76:8f:55:ab:19:2d:b6:f6:97:05:7b:6d:06:b0:5b:0f:76:
         79:3c:df:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmR/QlQHX2SsYsXrjXPEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTUwYjIzODJlMDBmYTdkZjE5NGU2NDg1ZmUxNDI1ODM2
MjEzZmYwHhcNMjQwMTAyMTQzNDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjE0MjAyMzk2MjNiNTMyZGY4MDliOGUxYTFjZmQyZmUzNDFlNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGrMh+j3LhVQdZwt3tLDY8cVq2o3
WfWIocLlMGd8TPRsc9K1jyYf+jipAAQaiiIdzhdGWBpq8XBT28Hi0PbAQbVfil/m
0k554bxAOD2/Fdw7RqvhA5icT3x4hN0oV/zT6e4tQPYRsLURzyl80v0C66cx/VUM
7So81xZz6AX0tnMxXKfK+k0Hcbto+RYqU3zc9DuqdUIKc3f6/1+Shmz3lkMx0BWe
kuisDLQfl3jlakzeP7YRRnVutzvZpLFH8xkpwt53NGiaxJqSByqDP2PkV2xXvJlu
idVzHZUTRkcePQv18LUa0BweRa9VjQrxLN4CfmoydJhTLQmBzfZMEKJFNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIsUICOWI7Uy34Cbjhoc/S/jQeeNMB8GA1UdIwQY
MBaAFFNVCyOC4A+n3xlOZIX+FCWDYhP/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFVTEk0TGdENmZmR1U1a2hmNFVKWU5pRV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jNWJiNmItNjQyNS00NTNhLWI5NDIt
ODljNTNkNjMwNzY1LzEvaXhRZ0k1WWp0VExmZ0p1T0doejlMLU5CNTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jNWJiNmItNjQyNS00NTNhLWI5NDItODljNTNkNjMwNzY1
LzEvVTFVTEk0TGdENmZmR1U1a2hmNFVKWU5pRV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwgmqAwQA
wpmrMA0GCSqGSIb3DQEBCwUAA4IBAQBeY80XqcgAuYUgffwut1Ios4qcs7WNQmom
C8/l1NtPr2B6j2gTjqmViFgakE8BN8NjV7hFcpuM/vNP25QIhVZEclEhTBQMmkB9
9Wm7dUxmAOyK1FptAbJ4TkQoA7qq5M1TFzm/g3yhiuyBO5fG218dYpmC+t1EWy5j
hi1omybWy1KYkcYbqHE0/+JSGZgcgyg8znyOqjX+vnPxIatfzsX9c0n6ItDDK3yy
oeWZyghAIIhZHNkd3lXtlqS5Tc2wz4ErNPCwIdQT0LL+uqxc1kMZsExFJFjKW9Ew
ubm1XHEx2+qmHiqfJfBYcUDvdo9VqxkttvaXBXttBrBbD3Z5PN9x
-----END CERTIFICATE-----