Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/IMig3FVephyRMZLB3jOvSsoGRUo.roa
File:                     IMig3FVephyRMZLB3jOvSsoGRUo.roa (raw, json)
Hash identifier:          hjPKSMHrPsMdbWHbUjZ8dlnNGoHyLSelGmWZJNi3mUM=
Subject key identifier:   20:C8:A0:DC:55:5E:A6:1C:91:31:92:C1:DE:33:AF:4A:CA:06:45:4A
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       018F7BD7B7A72A6E4465F859BA5A35D50824
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/IMig3FVephyRMZLB3jOvSsoGRUo.roa
Signing time:             Wed 15 May 2024 10:41:25 +0000
ROA not before:           Wed 15 May 2024 10:41:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42922
IP address blocks:        94.232.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:d7:b7:a7:2a:6e:44:65:f8:59:ba:5a:35:d5:08:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: May 15 10:41:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20c8a0dc555ea61c913192c1de33af4aca06454a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4f:0d:e5:3c:e9:85:92:7a:fc:7c:07:02:eb:
                    16:81:40:43:9b:d4:20:81:5e:40:aa:97:2f:45:46:
                    43:b0:d8:e1:10:05:d6:f9:78:a7:31:5e:24:fa:07:
                    7e:7d:06:55:ae:1e:6c:de:e7:87:a7:31:c8:2a:72:
                    f4:4e:1d:ae:c4:5a:b4:d4:0c:53:df:b3:34:8d:a5:
                    25:12:78:f2:e3:eb:39:00:18:75:ae:85:f2:b7:45:
                    fb:29:05:49:88:c4:64:2f:17:fb:1f:48:ef:b2:5e:
                    6f:83:87:ba:56:de:e7:b3:45:5a:7a:5f:61:5c:7c:
                    e0:52:a5:22:b4:2a:93:34:09:42:24:f5:ee:51:7f:
                    ba:c8:22:be:3b:e0:3d:ce:63:42:10:3e:61:cc:f1:
                    cc:10:db:7e:7b:c2:24:ba:24:5b:26:aa:fc:f8:10:
                    25:64:e6:f6:79:cc:1c:1c:ba:46:10:fb:cc:91:45:
                    2a:14:d6:b7:4f:03:96:0f:86:6f:5d:71:a7:6b:a2:
                    ad:2c:60:ac:f4:86:08:db:6d:0c:6d:96:f5:2b:e1:
                    6d:d6:22:02:10:bf:93:39:3b:5a:fa:5f:78:e6:d1:
                    af:70:6f:b5:8b:85:bf:ad:81:00:93:28:c3:7d:7a:
                    f1:0e:7f:fd:e2:a3:19:4f:45:f4:50:66:88:95:64:
                    31:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C8:A0:DC:55:5E:A6:1C:91:31:92:C1:DE:33:AF:4A:CA:06:45:4A
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/IMig3FVephyRMZLB3jOvSsoGRUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:68:2b:e2:11:2e:12:a9:b4:08:f8:9c:e9:53:68:1e:5c:d3:
         1e:7c:89:49:35:6c:9a:27:5d:df:65:77:3b:69:9c:ab:fa:d3:
         45:8a:2c:2b:52:2d:11:bb:62:13:c0:5f:37:af:f5:b0:e9:ea:
         21:04:28:79:d8:99:e3:67:2d:bb:93:d7:2a:39:9f:f7:7c:d7:
         47:bf:79:c5:1f:38:2a:33:69:7e:93:fc:51:63:6c:b8:e7:e3:
         44:31:df:83:fe:fa:d1:ab:57:2a:18:02:6a:35:14:21:09:f0:
         f8:e4:cc:47:d7:c2:db:08:a6:4e:9b:c8:dc:72:ae:c0:7c:ca:
         95:a6:79:f6:af:23:dd:56:b6:30:96:5e:bd:91:af:83:87:64:
         50:51:f5:4b:10:56:32:b9:df:5c:e6:37:45:02:b7:ee:77:4f:
         06:46:ae:77:53:d6:b8:9f:d6:5e:b9:72:48:0b:85:9a:e9:61:
         80:66:b1:04:6c:91:38:8e:c5:2f:b9:5f:ca:98:69:14:f6:ab:
         a8:81:e7:40:d1:fc:cd:ff:c0:51:92:f9:01:c6:8a:1c:56:31:
         44:77:cb:a4:4f:40:e6:bb:30:18:fa:04:fa:6a:42:40:32:4d:
         cc:7b:9a:33:55:94:3f:6f:01:5f:21:54:28:1a:5a:f5:bc:ae:
         d9:2e:8e:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9717enKm5EZfhZulo11QgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjQwNTE1MTA0MTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGM4YTBkYzU1NWVhNjFjOTEzMTkyYzFkZTMzYWY0YWNhMDY0NTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU8N5TzphZJ6/HwHAusWgUBDm9Qg
gV5AqpcvRUZDsNjhEAXW+XinMV4k+gd+fQZVrh5s3ueHpzHIKnL0Th2uxFq01AxT
37M0jaUlEnjy4+s5ABh1roXyt0X7KQVJiMRkLxf7H0jvsl5vg4e6Vt7ns0Vael9h
XHzgUqUitCqTNAlCJPXuUX+6yCK+O+A9zmNCED5hzPHMENt+e8IkuiRbJqr8+BAl
ZOb2ecwcHLpGEPvMkUUqFNa3TwOWD4ZvXXGna6KtLGCs9IYI220MbZb1K+Ft1iIC
EL+TOTta+l945tGvcG+1i4W/rYEAkyjDfXrxDn/94qMZT0X0UGaIlWQxEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDIoNxVXqYckTGSwd4zr0rKBkVKMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvSU1pZzNGVmVwaHlSTVpMQjNqT3ZTc29HUlVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuj6MA0G
CSqGSIb3DQEBCwUAA4IBAQCSaCviES4SqbQI+JzpU2geXNMefIlJNWyaJ13fZXc7
aZyr+tNFiiwrUi0Ru2ITwF83r/Ww6eohBCh52JnjZy27k9cqOZ/3fNdHv3nFHzgq
M2l+k/xRY2y45+NEMd+D/vrRq1cqGAJqNRQhCfD45MxH18LbCKZOm8jccq7AfMqV
pnn2ryPdVrYwll69ka+Dh2RQUfVLEFYyud9c5jdFArfud08GRq53U9a4n9ZeuXJI
C4Wa6WGAZrEEbJE4jsUvuV/KmGkU9quogedA0fzN/8BRkvkBxoocVjFEd8ukT0Dm
uzAY+gT6akJAMk3Me5ozVZQ/bwFfIVQoGlr1vK7ZLo69
-----END CERTIFICATE-----