Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/IxCnldnDOMG1dYGXi__lfAUeaTM.roa
File:                     IxCnldnDOMG1dYGXi__lfAUeaTM.roa (raw, json)
Hash identifier:          0gZ37nXDpyRyZ+EliKdN3PD5SnjroudaL5zuwyDSSCk=
Subject key identifier:   23:10:A7:95:D9:C3:38:C1:B5:75:81:97:8B:FF:E5:7C:05:1E:69:33
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       01930203C4CCFEE701A70AA443AF92EA26C6
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/IxCnldnDOMG1dYGXi__lfAUeaTM.roa
Signing time:             Wed 06 Nov 2024 15:07:01 +0000
ROA not before:           Wed 06 Nov 2024 15:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203
IP address blocks:        185.168.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:02:03:c4:cc:fe:e7:01:a7:0a:a4:43:af:92:ea:26:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Nov  6 15:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2310a795d9c338c1b57581978bffe57c051e6933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ed:f2:33:04:5e:ae:c9:91:7c:84:3b:2a:52:
                    f0:03:52:0f:fe:1b:3e:61:99:e6:19:61:7e:41:24:
                    87:85:5d:cd:47:49:8e:bf:b9:bc:1c:68:35:37:65:
                    ae:b0:ed:55:d1:df:bb:b4:5d:c7:d1:5e:26:8e:3d:
                    27:9e:e0:7f:9d:9a:88:20:15:ff:98:3c:ea:45:d2:
                    e7:77:dc:d8:84:ce:21:fc:60:6f:5b:88:6d:b8:9f:
                    b1:65:28:1c:1f:27:9f:fc:c4:6d:c5:1b:66:a1:54:
                    0e:f7:64:1b:52:f6:89:df:e3:9e:62:25:96:66:a7:
                    69:4d:d6:75:03:e7:3e:5a:26:0f:9b:5a:e9:55:56:
                    66:57:05:5a:d1:c4:8c:de:4c:5d:e5:86:43:4c:cd:
                    42:b3:ca:cf:69:b0:f2:af:98:5c:1c:c2:19:b0:14:
                    ec:80:d4:f5:93:ad:9b:26:e7:1d:3a:8d:50:4f:e1:
                    0b:12:e1:86:04:9c:51:51:87:c4:34:e8:f5:1a:7e:
                    ef:a2:21:9a:45:46:6e:31:47:6d:9b:a3:84:c6:12:
                    39:f0:4f:5d:b5:67:df:58:a0:ff:17:fc:88:6c:d5:
                    2d:23:f0:07:09:73:91:8b:f4:ac:f1:73:7c:55:25:
                    f5:af:10:cf:a5:c4:37:79:1b:fb:70:b2:a8:79:9a:
                    70:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:10:A7:95:D9:C3:38:C1:B5:75:81:97:8B:FF:E5:7C:05:1E:69:33
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/IxCnldnDOMG1dYGXi__lfAUeaTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:85:96:d1:77:3c:52:e8:37:c0:cd:48:e4:56:68:f7:15:5d:
         a4:df:80:f1:26:eb:04:4f:37:7e:42:e4:8d:55:c9:5e:1b:ed:
         90:bd:55:d4:28:47:78:ae:ee:f8:1e:21:9a:11:7c:6e:80:ce:
         87:1f:e9:31:42:f2:2c:f3:41:04:f4:86:17:1a:5d:68:35:9a:
         cc:9f:65:09:9c:33:87:61:f1:3c:d0:13:9f:70:b2:9a:30:57:
         05:1e:7c:a8:6d:a3:3d:a1:74:b7:19:49:d0:63:3b:7d:e7:4f:
         92:47:5a:28:fe:25:c2:63:f9:a0:08:75:98:aa:9f:64:be:f2:
         d3:26:aa:d4:dd:1f:02:c2:b4:b3:1a:28:0a:03:e1:ec:62:d9:
         ba:45:2c:c8:bb:bd:84:bf:d5:b1:03:2f:55:3c:32:a6:26:a3:
         3d:ff:f2:ed:fe:47:dc:a2:b2:7d:f1:a1:96:58:17:17:a1:7e:
         8b:45:54:71:b1:0d:7f:46:f1:0a:86:ed:3b:8a:70:70:5f:a7:
         7d:2d:d2:f9:50:fa:c5:07:a2:41:c0:61:d8:fd:99:5e:36:46:
         38:19:e0:d5:f3:a9:c5:3a:3d:8f:33:b4:a2:9d:0c:f7:8a:b5:
         87:1b:3b:ca:4a:5b:61:82:2f:ff:b9:3e:0c:98:42:bd:fa:ac:
         69:e0:88:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMCA8TM/ucBpwqkQ6+S6ibGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjQxMTA2MTUwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzEwYTc5NWQ5YzMzOGMxYjU3NTgxOTc4YmZmZTU3YzA1MWU2OTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+3yMwRersmRfIQ7KlLwA1IP/hs+
YZnmGWF+QSSHhV3NR0mOv7m8HGg1N2WusO1V0d+7tF3H0V4mjj0nnuB/nZqIIBX/
mDzqRdLnd9zYhM4h/GBvW4htuJ+xZSgcHyef/MRtxRtmoVQO92QbUvaJ3+OeYiWW
ZqdpTdZ1A+c+WiYPm1rpVVZmVwVa0cSM3kxd5YZDTM1Cs8rPabDyr5hcHMIZsBTs
gNT1k62bJucdOo1QT+ELEuGGBJxRUYfENOj1Gn7voiGaRUZuMUdtm6OExhI58E9d
tWffWKD/F/yIbNUtI/AHCXORi/Ss8XN8VSX1rxDPpcQ3eRv7cLKoeZpwIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMQp5XZwzjBtXWBl4v/5XwFHmkzMB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvSXhDbmxkbkRPTUcxZFlHWGlfX2xmQVVlYVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagKMA0G
CSqGSIb3DQEBCwUAA4IBAQCnhZbRdzxS6DfAzUjkVmj3FV2k34DxJusETzd+QuSN
VcleG+2QvVXUKEd4ru74HiGaEXxugM6HH+kxQvIs80EE9IYXGl1oNZrMn2UJnDOH
YfE80BOfcLKaMFcFHnyobaM9oXS3GUnQYzt950+SR1oo/iXCY/mgCHWYqp9kvvLT
JqrU3R8CwrSzGigKA+HsYtm6RSzIu72Ev9WxAy9VPDKmJqM9//Lt/kfcorJ98aGW
WBcXoX6LRVRxsQ1/RvEKhu07inBwX6d9LdL5UPrFB6JBwGHY/ZleNkY4GeDV86nF
Oj2PM7SinQz3irWHGzvKSlthgi//uT4MmEK9+qxp4Igw
-----END CERTIFICATE-----