Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/ILThCOCpErOQb-supIADyc39xtY.roa
File:                     ILThCOCpErOQb-supIADyc39xtY.roa (raw, json)
Hash identifier:          3pdy7GWwFOcxzdTcQpTtqFO+LZlFalCQpc2NqixpU8Q=
Subject key identifier:   20:B4:E1:08:E0:A9:12:B3:90:6F:EB:2E:A4:80:03:C9:CD:FD:C6:D6
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       01930203C6AC3B55020F7E906E7DD4AFD4B2
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/ILThCOCpErOQb-supIADyc39xtY.roa
Signing time:             Wed 06 Nov 2024 15:07:01 +0000
ROA not before:           Wed 06 Nov 2024 15:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21267
IP address blocks:        185.168.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:03:c6:ac:3b:55:02:0f:7e:90:6e:7d:d4:af:d4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Nov  6 15:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20b4e108e0a912b3906feb2ea48003c9cdfdc6d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:8b:9e:9a:f5:0f:07:17:1c:72:bc:2c:83:09:
                    97:74:0f:f1:95:48:49:ed:c1:07:d7:38:4d:b2:45:
                    05:63:8e:60:8c:9a:e6:2f:d1:61:67:64:b2:0d:c6:
                    65:f8:eb:0d:b3:15:76:e6:59:65:41:1b:85:5b:ad:
                    b6:18:83:00:aa:6a:a0:56:30:75:d3:7d:1a:bc:5d:
                    69:24:68:20:ac:16:c2:bc:ae:37:58:1c:52:f4:e1:
                    10:61:0e:9c:68:03:60:f1:d9:4b:2b:9c:e6:f8:f1:
                    14:77:7c:1f:7f:c2:9e:9c:aa:d1:93:a6:4b:25:97:
                    19:72:19:60:4e:8b:26:ec:3f:f0:e8:d2:a5:cc:85:
                    77:05:9d:92:f6:d9:6e:16:fe:99:59:b4:5b:ce:01:
                    39:2d:39:cc:4a:e6:66:c1:d7:e8:3e:57:5c:0f:8a:
                    37:77:92:10:87:67:fe:7d:ce:f9:5d:8f:af:76:91:
                    59:a0:d3:fc:16:44:d1:ca:33:72:9c:e0:7c:92:77:
                    18:a1:34:4a:91:3d:08:bd:ad:42:b3:60:15:ec:1d:
                    b6:1f:5e:99:2c:b2:4f:98:c7:0b:02:56:ea:ab:61:
                    8c:17:e8:8e:f4:dc:9e:0a:c5:3b:c6:43:cc:17:84:
                    21:be:bb:21:d8:bb:21:5f:0a:46:d8:c1:33:fb:36:
                    0e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:B4:E1:08:E0:A9:12:B3:90:6F:EB:2E:A4:80:03:C9:CD:FD:C6:D6
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/ILThCOCpErOQb-supIADyc39xtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:ac:ca:bc:86:91:67:0a:72:77:f5:19:3f:3f:a3:87:3a:16:
         38:2e:9f:94:d1:3b:b3:00:d0:5e:0c:1b:1c:c7:b4:66:68:5f:
         3b:a8:7c:f6:9e:8e:34:a9:ae:e3:50:02:97:60:48:ea:d3:6e:
         35:8e:69:88:8f:82:95:2d:2a:22:42:7e:f0:da:9f:cd:2f:06:
         3f:47:e8:6b:4b:3b:05:52:16:f6:6d:36:7d:aa:d7:cd:9b:22:
         68:2e:84:bb:c3:1e:14:92:85:ec:12:7c:80:bf:bd:e2:ba:b2:
         dc:fa:8a:db:c4:17:cf:33:35:2b:28:62:19:80:c8:17:e2:49:
         c9:e1:d7:59:c7:2e:24:70:37:bf:5c:30:08:b2:bc:c8:65:a5:
         a9:1b:cb:3f:26:7f:48:a6:cd:87:12:d7:1f:23:ce:74:7d:d4:
         fc:7a:71:fe:15:31:0d:d9:2d:93:54:3b:c2:97:de:e8:15:f0:
         6d:a3:35:21:2c:f7:02:50:b1:f1:47:e1:26:3d:32:66:8c:45:
         b9:44:47:c1:12:1f:fc:55:4b:fe:fc:5a:e6:f4:a8:e8:2a:6d:
         0e:f8:c9:66:65:14:c8:0d:1e:c6:80:e8:81:8e:db:23:b5:ad:
         58:cd:97:f2:03:98:9f:75:49:14:7a:d0:a8:ac:9e:96:c0:a9:
         80:c1:ab:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMCA8asO1UCD36Qbn3Ur9SyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjQxMTA2MTUwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGI0ZTEwOGUwYTkxMmIzOTA2ZmViMmVhNDgwMDNjOWNkZmRjNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4uemvUPBxcccrwsgwmXdA/xlUhJ
7cEH1zhNskUFY45gjJrmL9FhZ2SyDcZl+OsNsxV25lllQRuFW622GIMAqmqgVjB1
030avF1pJGggrBbCvK43WBxS9OEQYQ6caANg8dlLK5zm+PEUd3wff8KenKrRk6ZL
JZcZchlgTosm7D/w6NKlzIV3BZ2S9tluFv6ZWbRbzgE5LTnMSuZmwdfoPldcD4o3
d5IQh2f+fc75XY+vdpFZoNP8FkTRyjNynOB8kncYoTRKkT0Iva1Cs2AV7B22H16Z
LLJPmMcLAlbqq2GMF+iO9NyeCsU7xkPMF4Qhvrsh2LshXwpG2MEz+zYOTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC04QjgqRKzkG/rLqSAA8nN/cbWMB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvSUxUaENPQ3BFck9RYi1zdXBJQUR5YzM5eHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagKMA0G
CSqGSIb3DQEBCwUAA4IBAQCCrMq8hpFnCnJ39Rk/P6OHOhY4Lp+U0TuzANBeDBsc
x7RmaF87qHz2no40qa7jUAKXYEjq0241jmmIj4KVLSoiQn7w2p/NLwY/R+hrSzsF
Uhb2bTZ9qtfNmyJoLoS7wx4UkoXsEnyAv73iurLc+orbxBfPMzUrKGIZgMgX4knJ
4ddZxy4kcDe/XDAIsrzIZaWpG8s/Jn9Ips2HEtcfI850fdT8enH+FTEN2S2TVDvC
l97oFfBtozUhLPcCULHxR+EmPTJmjEW5REfBEh/8VUv+/Frm9KjoKm0O+MlmZRTI
DR7GgOiBjtsjta1YzZfyA5ifdUkUetCorJ6WwKmAwavb
-----END CERTIFICATE-----