Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/IkGf_Ad5vsQ1yqo72Pc4iX1pzx0.roa
File:                     IkGf_Ad5vsQ1yqo72Pc4iX1pzx0.roa (raw, json)
Hash identifier:          I+OEtSqVAD807ouxw2MT2F4b0jXbKPh43zC1MCnJCjk=
Subject key identifier:   22:41:9F:FC:07:79:BE:C4:35:CA:AA:3B:D8:F7:38:89:7D:69:CF:1D
Certificate issuer:       /CN=d947b281348abdac24c2bd16da06775ca755f410
Certificate serial:       018CC726C5A0FD069D61D165DEE1A7650ECC
Authority key identifier: D9:47:B2:81:34:8A:BD:AC:24:C2:BD:16:DA:06:77:5C:A7:55:F4:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/IkGf_Ad5vsQ1yqo72Pc4iX1pzx0.roa
Signing time:             Mon 01 Jan 2024 22:30:56 +0000
ROA not before:           Mon 01 Jan 2024 22:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44350
IP address blocks:        185.161.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c5:a0:fd:06:9d:61:d1:65:de:e1:a7:65:0e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d947b281348abdac24c2bd16da06775ca755f410
        Validity
            Not Before: Jan  1 22:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22419ffc0779bec435caaa3bd8f738897d69cf1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:12:a2:fc:39:35:af:a7:87:2c:ac:29:df:95:
                    03:9a:9f:df:4c:35:51:74:af:58:5d:5c:75:b1:24:
                    64:28:5e:8e:56:31:66:63:0b:fd:86:b1:8d:57:2a:
                    9b:d4:26:03:6a:cc:d3:ba:e5:ac:95:e6:03:62:06:
                    2a:be:7a:0f:23:f0:95:69:40:72:d0:4d:3e:91:36:
                    54:f5:5f:e7:c1:95:e8:48:17:90:09:d6:fb:12:52:
                    93:43:a7:97:ab:79:f4:0d:44:09:dd:fb:53:db:e3:
                    22:7b:1d:54:ff:c7:dd:1b:6d:15:78:01:d5:fa:c8:
                    dd:30:c6:40:ee:79:6a:0b:8d:c9:fc:5b:45:e3:fd:
                    6a:d2:70:5c:6b:67:c1:c7:d2:74:32:84:c0:15:b3:
                    e0:1a:0f:e9:7b:d1:32:41:d0:b3:5d:40:e0:a8:81:
                    14:d6:76:d9:84:64:da:54:74:4a:17:43:2c:55:4f:
                    88:92:89:4a:d6:af:4f:3a:e5:b8:c2:d7:ce:06:18:
                    09:34:8a:37:51:68:be:3c:3c:4b:7b:52:b8:4f:91:
                    e5:84:4d:fe:bf:dd:5e:27:0b:fe:da:82:fd:82:47:
                    00:43:71:df:d9:93:41:b3:0a:ed:5e:5a:c3:b1:af:
                    0f:2c:8c:92:88:52:b6:0e:d2:b9:6c:9a:c7:bb:f1:
                    63:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:41:9F:FC:07:79:BE:C4:35:CA:AA:3B:D8:F7:38:89:7D:69:CF:1D
            X509v3 Authority Key Identifier:
                keyid:D9:47:B2:81:34:8A:BD:AC:24:C2:BD:16:DA:06:77:5C:A7:55:F4:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2UeygTSKvawkwr0W2gZ3XKdV9BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/IkGf_Ad5vsQ1yqo72Pc4iX1pzx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/d69830-ccb1-4675-ad2f-66ac0dba5bf2/1/2UeygTSKvawkwr0W2gZ3XKdV9BA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:55:0a:7a:06:62:30:dd:41:7d:7b:66:7b:cb:34:02:af:93:
         21:4b:dc:f4:f2:39:d1:3c:06:40:df:78:2a:bd:3c:d9:12:fb:
         b5:b8:ea:f3:35:1a:78:5c:42:fd:bb:7c:ae:bb:6c:27:91:3e:
         79:bc:e1:fe:73:13:d0:dd:a2:7f:ac:24:00:a2:34:b1:6d:b3:
         d8:f9:eb:b3:c2:dc:5b:52:43:c5:73:ec:97:80:c5:c6:8f:20:
         92:5a:24:cb:be:52:54:0d:09:35:c2:fd:46:2b:aa:44:7c:ae:
         40:9a:bb:bc:bd:98:64:fe:05:ee:32:e8:47:ad:c8:5f:2a:56:
         6b:f6:73:b9:d3:70:7a:d0:2c:28:45:91:2a:e6:e7:62:31:d2:
         93:fe:00:5f:a3:85:a8:e2:eb:a9:43:8f:52:bf:8d:30:40:69:
         e6:26:96:71:76:80:97:18:54:cf:2c:8c:82:a7:c0:b2:a2:f5:
         0f:5f:57:1a:03:b2:a4:9a:c4:50:22:43:f8:d6:b6:ee:e3:56:
         f3:fa:ac:a2:c4:05:30:4e:38:db:2d:28:88:e2:9e:ab:c1:55:
         a8:79:58:9d:f3:71:b7:c1:a1:99:61:d4:87:7a:da:18:03:35:
         92:fa:f2:f2:8d:c0:39:ce:bc:c3:d4:98:a7:db:22:6b:25:e5:
         b5:7b:8a:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJsWg/QadYdFl3uGnZQ7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NDdiMjgxMzQ4YWJkYWMyNGMyYmQxNmRhMDY3NzVjYTc1
NWY0MTAwHhcNMjQwMTAxMjIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjQxOWZmYzA3NzliZWM0MzVjYWFhM2JkOGY3Mzg4OTdkNjljZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxKi/Dk1r6eHLKwp35UDmp/fTDVR
dK9YXVx1sSRkKF6OVjFmYwv9hrGNVyqb1CYDaszTuuWsleYDYgYqvnoPI/CVaUBy
0E0+kTZU9V/nwZXoSBeQCdb7ElKTQ6eXq3n0DUQJ3ftT2+Miex1U/8fdG20VeAHV
+sjdMMZA7nlqC43J/FtF4/1q0nBca2fBx9J0MoTAFbPgGg/pe9EyQdCzXUDgqIEU
1nbZhGTaVHRKF0MsVU+IkolK1q9POuW4wtfOBhgJNIo3UWi+PDxLe1K4T5HlhE3+
v91eJwv+2oL9gkcAQ3Hf2ZNBswrtXlrDsa8PLIySiFK2DtK5bJrHu/FjGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJBn/wHeb7ENcqqO9j3OIl9ac8dMB8GA1UdIwQY
MBaAFNlHsoE0ir2sJMK9FtoGd1ynVfQQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlVleWdUU0t2YXdrd3IwVzJnWjNYS2RWOUJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9kNjk4MzAtY2NiMS00Njc1LWFkMmYt
NjZhYzBkYmE1YmYyLzEvSWtHZl9BZDV2c1ExeXFvNzJQYzRpWDFwengwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9kNjk4MzAtY2NiMS00Njc1LWFkMmYtNjZhYzBkYmE1YmYy
LzEvMlVleWdUU0t2YXdrd3IwVzJnWjNYS2RWOUJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaGhMA0G
CSqGSIb3DQEBCwUAA4IBAQCHVQp6BmIw3UF9e2Z7yzQCr5MhS9z08jnRPAZA33gq
vTzZEvu1uOrzNRp4XEL9u3yuu2wnkT55vOH+cxPQ3aJ/rCQAojSxbbPY+euzwtxb
UkPFc+yXgMXGjyCSWiTLvlJUDQk1wv1GK6pEfK5Amru8vZhk/gXuMuhHrchfKlZr
9nO503B60CwoRZEq5udiMdKT/gBfo4Wo4uupQ49Sv40wQGnmJpZxdoCXGFTPLIyC
p8CyovUPX1caA7KkmsRQIkP41rbu41bz+qyixAUwTjjbLSiI4p6rwVWoeVid83G3
waGZYdSHetoYAzWS+vLyjcA5zrzD1Jin2yJrJeW1e4q9
-----END CERTIFICATE-----