Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/c6efdb-3165-4535-8ab4-fd3cfe601245/1/iIgqDsIH88op7J4GzjX_iDEbkPU.roa
File:                     iIgqDsIH88op7J4GzjX_iDEbkPU.roa (raw, json)
Hash identifier:          DZGyE4qHIE+Cc9e8m9LhQqoSmfKzqQKIzEkOQVtyYU4=
Subject key identifier:   88:88:2A:0E:C2:07:F3:CA:29:EC:9E:06:CE:35:FF:88:31:1B:90:F5
Certificate issuer:       /CN=285feec87d1959340872f8f79831202f24c80c9e
Certificate serial:       018CC424AE21D21133C5869FC56516109FEF
Authority key identifier: 28:5F:EE:C8:7D:19:59:34:08:72:F8:F7:98:31:20:2F:24:C8:0C:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KF_uyH0ZWTQIcvj3mDEgLyTIDJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/c6efdb-3165-4535-8ab4-fd3cfe601245/1/iIgqDsIH88op7J4GzjX_iDEbkPU.roa
Signing time:             Mon 01 Jan 2024 08:29:47 +0000
ROA not before:           Mon 01 Jan 2024 08:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208910
IP address blocks:        83.171.220.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/c6efdb-3165-4535-8ab4-fd3cfe601245/1/KF_uyH0ZWTQIcvj3mDEgLyTIDJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/c6efdb-3165-4535-8ab4-fd3cfe601245/1/KF_uyH0ZWTQIcvj3mDEgLyTIDJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KF_uyH0ZWTQIcvj3mDEgLyTIDJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ae:21:d2:11:33:c5:86:9f:c5:65:16:10:9f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=285feec87d1959340872f8f79831202f24c80c9e
        Validity
            Not Before: Jan  1 08:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88882a0ec207f3ca29ec9e06ce35ff88311b90f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:71:2e:d4:c1:41:3d:c1:cf:de:e6:a2:ab:e7:
                    42:a1:35:07:ba:e8:8c:2b:5d:2e:67:81:67:65:2a:
                    59:56:79:74:18:0e:0c:9a:71:f7:18:51:92:99:7f:
                    8b:f2:ed:ad:f5:02:41:58:1c:9d:cd:cc:cf:59:7a:
                    77:9e:4d:9d:d8:e1:8a:08:87:f7:26:2f:3f:47:59:
                    cf:ac:0a:40:68:95:99:5c:db:a4:de:31:1f:aa:ad:
                    44:2d:a4:23:2a:a4:76:44:c6:f0:d2:bd:34:21:2a:
                    4f:80:9a:07:67:78:ea:2e:6e:ab:8c:d4:03:4e:b2:
                    e1:cb:b1:c8:04:43:dd:eb:81:9e:74:19:50:0e:91:
                    e2:c8:17:17:6f:ed:f8:dd:08:c6:eb:52:29:75:09:
                    b8:77:1a:8d:39:d3:de:4b:ef:6f:11:62:36:25:40:
                    9c:11:69:13:53:ef:75:d2:7e:00:03:32:d3:66:99:
                    51:08:51:08:ed:af:d6:09:ae:9b:33:35:37:48:d9:
                    d1:ae:cc:69:4b:fa:55:c5:3f:7c:5c:c0:db:3f:9b:
                    cb:e2:94:1f:14:08:14:59:2c:7c:06:48:00:1b:b6:
                    2c:58:fa:15:77:c0:8b:cd:15:f7:95:a3:66:d1:09:
                    3e:a8:e3:fe:57:e5:05:8e:a4:1f:21:a4:18:b6:f1:
                    9c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:88:2A:0E:C2:07:F3:CA:29:EC:9E:06:CE:35:FF:88:31:1B:90:F5
            X509v3 Authority Key Identifier:
                keyid:28:5F:EE:C8:7D:19:59:34:08:72:F8:F7:98:31:20:2F:24:C8:0C:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KF_uyH0ZWTQIcvj3mDEgLyTIDJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6efdb-3165-4535-8ab4-fd3cfe601245/1/iIgqDsIH88op7J4GzjX_iDEbkPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6efdb-3165-4535-8ab4-fd3cfe601245/1/KF_uyH0ZWTQIcvj3mDEgLyTIDJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:ce:67:ea:4b:91:01:9d:5a:e4:72:cb:ab:a5:36:73:61:ed:
         b8:5c:16:ec:fb:9e:04:3d:3d:56:4b:e9:e2:40:b4:bf:2f:01:
         14:2f:24:88:3a:73:1b:1a:89:7c:c7:e9:29:ac:d7:52:87:dd:
         56:69:30:61:e0:f5:f1:e4:6c:8f:59:13:c2:33:c8:74:11:61:
         3e:57:0a:b9:e0:24:04:26:df:6d:65:b6:df:bd:1c:07:f5:9f:
         7c:b3:6e:39:9f:54:4d:7b:57:b3:6f:c9:c9:6f:61:20:73:fc:
         8f:82:8f:78:27:b9:74:f0:a3:2d:b3:ee:b5:2a:de:1d:e9:57:
         bc:d1:35:35:51:5d:cd:e3:2d:e7:53:3c:e8:88:6d:33:67:f4:
         0c:dd:fd:44:fb:24:78:f3:11:35:64:86:e9:6d:aa:db:da:80:
         2c:5c:20:aa:ab:b0:e3:52:b4:2a:b9:cc:9a:db:0c:f0:76:6d:
         0a:30:3f:84:23:4c:57:0c:79:5c:df:70:09:0d:da:0d:9a:44:
         07:c0:72:05:e4:ca:b1:65:dc:e1:28:0a:27:b5:f9:db:f1:92:
         3e:37:de:a6:a6:87:c7:6b:f5:8f:ce:38:ae:d6:03:f2:b8:6c:
         f8:62:04:45:db:1e:c1:3d:7f:63:cf:39:9d:1f:9f:5e:5c:c6:
         39:01:9d:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJK4h0hEzxYafxWUWEJ/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NWZlZWM4N2QxOTU5MzQwODcyZjhmNzk4MzEyMDJmMjRj
ODBjOWUwHhcNMjQwMTAxMDgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg4MmEwZWMyMDdmM2NhMjllYzllMDZjZTM1ZmY4ODMxMWI5MGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXEu1MFBPcHP3uaiq+dCoTUHuuiM
K10uZ4FnZSpZVnl0GA4MmnH3GFGSmX+L8u2t9QJBWBydzczPWXp3nk2d2OGKCIf3
Ji8/R1nPrApAaJWZXNuk3jEfqq1ELaQjKqR2RMbw0r00ISpPgJoHZ3jqLm6rjNQD
TrLhy7HIBEPd64GedBlQDpHiyBcXb+343QjG61IpdQm4dxqNOdPeS+9vEWI2JUCc
EWkTU+910n4AAzLTZplRCFEI7a/WCa6bMzU3SNnRrsxpS/pVxT98XMDbP5vL4pQf
FAgUWSx8BkgAG7YsWPoVd8CLzRX3laNm0Qk+qOP+V+UFjqQfIaQYtvGcCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiIKg7CB/PKKeyeBs41/4gxG5D1MB8GA1UdIwQY
MBaAFChf7sh9GVk0CHL495gxIC8kyAyeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0ZfdXlIMFpXVFFJY3ZqM21ERWdMeVRJREo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jNmVmZGItMzE2NS00NTM1LThhYjQt
ZmQzY2ZlNjAxMjQ1LzEvaUlncURzSUg4OG9wN0o0R3pqWF9pREVia1BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jNmVmZGItMzE2NS00NTM1LThhYjQtZmQzY2ZlNjAxMjQ1
LzEvS0ZfdXlIMFpXVFFJY3ZqM21ERWdMeVRJREo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU6vcMA0G
CSqGSIb3DQEBCwUAA4IBAQBSzmfqS5EBnVrkcsurpTZzYe24XBbs+54EPT1WS+ni
QLS/LwEULySIOnMbGol8x+kprNdSh91WaTBh4PXx5GyPWRPCM8h0EWE+Vwq54CQE
Jt9tZbbfvRwH9Z98s245n1RNe1ezb8nJb2Egc/yPgo94J7l08KMts+61Kt4d6Ve8
0TU1UV3N4y3nUzzoiG0zZ/QM3f1E+yR48xE1ZIbpbarb2oAsXCCqq7DjUrQqucya
2wzwdm0KMD+EI0xXDHlc33AJDdoNmkQHwHIF5MqxZdzhKAontfnb8ZI+N96mpofH
a/WPzjiu1gPyuGz4YgRF2x7BPX9jzzmdH59eXMY5AZ2A
-----END CERTIFICATE-----