Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/IJIp3BqyH5oBA5-a43wXM6qgocc.roa
File:                     IJIp3BqyH5oBA5-a43wXM6qgocc.roa (raw, json)
Hash identifier:          sAyfPqjMpamGu6EyaeKsKbZD96yqFqbnTBaN7Y+ctE8=
Subject key identifier:   20:92:29:DC:1A:B2:1F:9A:01:03:9F:9A:E3:7C:17:33:AA:A0:A1:C7
Certificate issuer:       /CN=25e8277d1feab52387eab26f8dcca9260c258a3d
Certificate serial:       018CC425583B7F23ACCF760E7A9C9120C186
Authority key identifier: 25:E8:27:7D:1F:EA:B5:23:87:EA:B2:6F:8D:CC:A9:26:0C:25:8A:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JegnfR_qtSOH6rJvjcypJgwlij0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/IJIp3BqyH5oBA5-a43wXM6qgocc.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50239
IP address blocks:        109.196.0.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/JegnfR_qtSOH6rJvjcypJgwlij0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/JegnfR_qtSOH6rJvjcypJgwlij0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JegnfR_qtSOH6rJvjcypJgwlij0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:58:3b:7f:23:ac:cf:76:0e:7a:9c:91:20:c1:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e8277d1feab52387eab26f8dcca9260c258a3d
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=209229dc1ab21f9a01039f9ae37c1733aaa0a1c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e6:8f:73:bd:26:45:02:17:22:0d:a2:6c:54:
                    8c:e6:e5:ae:34:89:7e:75:3a:d3:34:4b:df:51:9a:
                    f3:1d:cf:fd:0f:56:26:cc:85:62:d4:bb:28:18:c1:
                    a7:c7:65:e1:56:b1:44:6b:93:0c:ad:06:08:57:6a:
                    67:68:f4:6f:0e:1c:17:6e:d2:4f:34:28:27:16:9b:
                    e5:fa:73:b5:ae:cb:fc:0b:a8:93:3a:7f:66:e3:d0:
                    bc:33:74:1a:ba:b5:d1:03:b9:6b:a3:c5:35:76:ac:
                    61:e1:4d:1e:ec:08:6e:a4:b0:70:91:ab:99:97:de:
                    2d:7a:5b:5b:cd:c4:a0:3b:af:4d:15:86:0e:a8:5a:
                    6f:25:3b:e9:8f:bc:80:12:3b:d4:f6:42:3a:b3:12:
                    49:21:27:d7:e3:53:22:72:1b:31:d7:ed:1b:93:e4:
                    c2:60:89:8d:88:40:fb:11:96:ff:46:92:6d:eb:7d:
                    44:2e:05:fe:ab:40:89:b2:1e:27:1d:72:e8:89:02:
                    8a:05:10:f1:fb:2d:7d:f9:fe:35:5e:7a:78:b0:9a:
                    40:d9:0c:45:30:fb:49:64:0d:81:30:dc:2f:7e:04:
                    5f:38:6b:d9:f3:6a:86:e4:35:53:dc:67:30:1f:ca:
                    d4:5c:4d:f6:61:bb:5d:73:82:5a:f4:97:99:9e:4c:
                    cb:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:92:29:DC:1A:B2:1F:9A:01:03:9F:9A:E3:7C:17:33:AA:A0:A1:C7
            X509v3 Authority Key Identifier:
                keyid:25:E8:27:7D:1F:EA:B5:23:87:EA:B2:6F:8D:CC:A9:26:0C:25:8A:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JegnfR_qtSOH6rJvjcypJgwlij0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/IJIp3BqyH5oBA5-a43wXM6qgocc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/ce0edd-80d4-4af6-baec-baf2572e8093/1/JegnfR_qtSOH6rJvjcypJgwlij0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.196.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2e:ff:f4:02:bb:f0:d8:f8:2e:d2:8f:b0:8c:31:dc:3b:36:45:
         90:2b:9a:60:4d:4b:f6:2d:ff:a8:2d:18:68:96:43:02:46:59:
         16:f8:af:f3:60:7d:f8:59:fb:3c:c4:67:dd:e2:57:28:4c:85:
         a1:bb:2f:5a:d8:0b:0c:f0:88:a8:78:64:a7:40:da:63:19:4e:
         31:64:eb:df:eb:1a:82:24:f1:a2:1a:4e:9a:20:58:fa:7e:42:
         31:b0:3e:13:73:5c:2e:92:b5:b3:71:c0:ce:11:02:db:1d:e5:
         5c:bf:e5:ee:b7:06:c6:3c:84:31:50:d1:75:7a:2b:3a:85:b6:
         7a:52:b7:a9:e3:b8:3a:94:12:49:82:6a:32:c2:d5:e4:0a:71:
         c2:90:7c:04:c9:81:ef:ff:88:29:bc:42:b3:28:c4:0a:1e:a7:
         46:b6:25:71:94:91:a2:62:68:98:83:ab:54:ed:ed:e3:6a:3e:
         5f:d3:14:96:4a:86:66:ab:26:66:ac:5b:4f:2c:ab:dc:b4:bc:
         51:a4:1d:37:8b:ce:78:55:be:d8:1b:d0:b8:46:9d:c2:d0:d1:
         d3:9d:0b:77:63:5e:17:06:b8:2d:85:3d:e1:d4:16:c8:aa:dc:
         f5:db:e3:7b:bb:db:99:3a:35:ae:b9:86:a1:3c:cb:bf:db:9e:
         ce:0e:55:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVg7fyOsz3YOepyRIMGGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTgyNzdkMWZlYWI1MjM4N2VhYjI2ZjhkY2NhOTI2MGMy
NThhM2QwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDkyMjlkYzFhYjIxZjlhMDEwMzlmOWFlMzdjMTczM2FhYTBhMWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOaPc70mRQIXIg2ibFSM5uWuNIl+
dTrTNEvfUZrzHc/9D1YmzIVi1LsoGMGnx2XhVrFEa5MMrQYIV2pnaPRvDhwXbtJP
NCgnFpvl+nO1rsv8C6iTOn9m49C8M3QaurXRA7lro8U1dqxh4U0e7AhupLBwkauZ
l94teltbzcSgO69NFYYOqFpvJTvpj7yAEjvU9kI6sxJJISfX41Michsx1+0bk+TC
YImNiED7EZb/RpJt631ELgX+q0CJsh4nHXLoiQKKBRDx+y19+f41Xnp4sJpA2QxF
MPtJZA2BMNwvfgRfOGvZ82qG5DVT3GcwH8rUXE32Ybtdc4Ja9JeZnkzL9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCSKdwash+aAQOfmuN8FzOqoKHHMB8GA1UdIwQY
MBaAFCXoJ30f6rUjh+qyb43MqSYMJYo9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVnbmZSX3F0U09INnJKdmpjeXBKZ3dsaWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9jZTBlZGQtODBkNC00YWY2LWJhZWMt
YmFmMjU3MmU4MDkzLzEvSUpJcDNCcXlINW9CQTUtYTQzd1hNNnFnb2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9jZTBlZGQtODBkNC00YWY2LWJhZWMtYmFmMjU3MmU4MDkz
LzEvSmVnbmZSX3F0U09INnJKdmpjeXBKZ3dsaWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEbcQAMA0G
CSqGSIb3DQEBCwUAA4IBAQAu//QCu/DY+C7Sj7CMMdw7NkWQK5pgTUv2Lf+oLRho
lkMCRlkW+K/zYH34Wfs8xGfd4lcoTIWhuy9a2AsM8IioeGSnQNpjGU4xZOvf6xqC
JPGiGk6aIFj6fkIxsD4Tc1wukrWzccDOEQLbHeVcv+XutwbGPIQxUNF1eis6hbZ6
Urep47g6lBJJgmoywtXkCnHCkHwEyYHv/4gpvEKzKMQKHqdGtiVxlJGiYmiYg6tU
7e3jaj5f0xSWSoZmqyZmrFtPLKvctLxRpB03i854Vb7YG9C4Rp3C0NHTnQt3Y14X
BrgthT3h1BbIqtz12+N7u9uZOjWuuYahPMu/257ODlUc
-----END CERTIFICATE-----