Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a34200-4b9b-4334-a159-9cb296301e64/1/IGOFZ7PaFmhSQSKeLheMepQeagw.roa
File:                     IGOFZ7PaFmhSQSKeLheMepQeagw.roa (raw, json)
Hash identifier:          wZUI8nDrqD+pxFD+rBhdT+FVXKXWQtry1jovEL/zXJA=
Subject key identifier:   20:63:85:67:B3:DA:16:68:52:41:22:9E:2E:17:8C:7A:94:1E:6A:0C
Certificate issuer:       /CN=e33d9ffdac58e7612b095144fec06ba2585aa6a8
Certificate serial:       018CC94DA6E14D4DD3564CCEAC132AF2C7C8
Authority key identifier: E3:3D:9F:FD:AC:58:E7:61:2B:09:51:44:FE:C0:6B:A2:58:5A:A6:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4z2f_axY52ErCVFE_sBrolhapqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a34200-4b9b-4334-a159-9cb296301e64/1/IGOFZ7PaFmhSQSKeLheMepQeagw.roa
Signing time:             Tue 02 Jan 2024 08:32:38 +0000
ROA not before:           Tue 02 Jan 2024 08:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3215
IP address blocks:        193.163.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/a34200-4b9b-4334-a159-9cb296301e64/1/4z2f_axY52ErCVFE_sBrolhapqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/a34200-4b9b-4334-a159-9cb296301e64/1/4z2f_axY52ErCVFE_sBrolhapqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4z2f_axY52ErCVFE_sBrolhapqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a6:e1:4d:4d:d3:56:4c:ce:ac:13:2a:f2:c7:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e33d9ffdac58e7612b095144fec06ba2585aa6a8
        Validity
            Not Before: Jan  2 08:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20638567b3da16685241229e2e178c7a941e6a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a5:b0:ac:a1:32:d3:67:3f:79:b7:06:67:04:
                    ac:55:3d:6c:e5:8e:85:10:44:28:42:42:5a:57:8f:
                    59:a8:6d:13:4b:be:dd:28:02:fc:44:9b:3c:05:89:
                    23:a3:01:ea:26:19:3f:a6:33:2f:8d:f5:85:55:65:
                    85:be:da:6f:da:eb:e6:d4:4b:4d:48:84:0a:33:0d:
                    9b:d5:22:f2:2a:c1:93:6f:92:fc:ff:41:87:16:d8:
                    5a:37:b2:1e:c7:f6:8f:0d:78:53:35:e5:34:94:fc:
                    04:14:c9:cc:01:aa:5a:38:bb:33:a0:d8:46:64:d3:
                    51:52:62:72:13:86:08:5f:fc:86:0a:b0:65:a1:6c:
                    d8:17:8a:b4:52:b3:b9:28:77:9f:33:fc:ec:05:f3:
                    93:57:8f:33:d6:ed:5c:af:16:fb:f4:16:1f:a3:11:
                    26:f0:f6:27:a7:95:f4:9b:bf:6b:49:39:02:5c:0c:
                    a5:51:08:83:54:76:d7:92:bb:93:6f:07:46:b7:e6:
                    3d:ee:d5:b5:f7:8e:28:36:fb:e7:01:f7:11:cd:d1:
                    8f:14:9e:83:93:de:71:92:0e:df:00:8d:1e:6a:6d:
                    dd:b4:83:36:2e:46:ae:4d:23:79:ac:47:28:b3:be:
                    7c:2e:36:53:f0:85:81:f7:08:fd:cb:64:73:ce:ba:
                    32:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:63:85:67:B3:DA:16:68:52:41:22:9E:2E:17:8C:7A:94:1E:6A:0C
            X509v3 Authority Key Identifier:
                keyid:E3:3D:9F:FD:AC:58:E7:61:2B:09:51:44:FE:C0:6B:A2:58:5A:A6:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4z2f_axY52ErCVFE_sBrolhapqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a34200-4b9b-4334-a159-9cb296301e64/1/IGOFZ7PaFmhSQSKeLheMepQeagw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a34200-4b9b-4334-a159-9cb296301e64/1/4z2f_axY52ErCVFE_sBrolhapqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:30:6c:89:4b:de:d0:ba:0f:9c:0a:4e:93:f9:71:04:ca:95:
         88:95:76:e9:8d:30:fc:b9:10:d9:22:6c:97:7b:06:50:5d:0a:
         59:da:d8:34:77:57:b4:2f:46:76:43:42:97:fc:ac:23:e1:98:
         91:52:64:07:e4:30:bc:28:45:a7:44:f0:3c:8c:01:47:3d:c0:
         27:a7:61:10:77:da:c2:8f:dc:7b:49:00:c9:45:ef:5e:1c:85:
         20:65:7d:e6:66:da:86:58:62:74:5b:1f:75:f6:d6:fb:32:24:
         58:a2:e6:a9:e1:7a:83:57:35:fc:95:65:4d:29:a4:1d:53:58:
         52:26:d3:bb:5f:88:7c:c8:86:29:9d:24:ac:00:ce:ec:ae:37:
         c5:e1:1d:1e:b9:d5:f5:91:5a:73:48:4b:0a:5c:cf:4c:f8:90:
         9e:07:29:cd:6e:d0:d1:38:26:7a:7c:02:60:90:0e:35:f3:1c:
         ef:4b:82:32:73:d7:c7:4f:72:bb:ed:92:aa:0c:bb:17:7b:b7:
         ba:1b:f2:77:27:0e:16:f8:ee:08:87:2d:80:a4:c2:63:87:cf:
         6e:94:bf:00:fb:c2:e5:00:1c:3b:80:14:e5:ad:ec:c7:10:ba:
         0b:8c:a1:d8:78:ae:33:08:a8:b0:3e:60:b9:07:fa:9e:48:33:
         23:b2:f2:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTabhTU3TVkzOrBMq8sfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzM2Q5ZmZkYWM1OGU3NjEyYjA5NTE0NGZlYzA2YmEyNTg1
YWE2YTgwHhcNMjQwMTAyMDgzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDYzODU2N2IzZGExNjY4NTI0MTIyOWUyZTE3OGM3YTk0MWU2YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqWwrKEy02c/ebcGZwSsVT1s5Y6F
EEQoQkJaV49ZqG0TS77dKAL8RJs8BYkjowHqJhk/pjMvjfWFVWWFvtpv2uvm1EtN
SIQKMw2b1SLyKsGTb5L8/0GHFthaN7Iex/aPDXhTNeU0lPwEFMnMAapaOLszoNhG
ZNNRUmJyE4YIX/yGCrBloWzYF4q0UrO5KHefM/zsBfOTV48z1u1crxb79BYfoxEm
8PYnp5X0m79rSTkCXAylUQiDVHbXkruTbwdGt+Y97tW1944oNvvnAfcRzdGPFJ6D
k95xkg7fAI0eam3dtIM2LkauTSN5rEcos758LjZT8IWB9wj9y2Rzzroy3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBjhWez2hZoUkEini4XjHqUHmoMMB8GA1UdIwQY
MBaAFOM9n/2sWOdhKwlRRP7Aa6JYWqaoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHoyZl9heFk1MkVyQ1ZGRV9zQnJvbGhhcHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hMzQyMDAtNGI5Yi00MzM0LWExNTkt
OWNiMjk2MzAxZTY0LzEvSUdPRlo3UGFGbWhTUVNLZUxoZU1lcFFlYWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hMzQyMDAtNGI5Yi00MzM0LWExNTktOWNiMjk2MzAxZTY0
LzEvNHoyZl9heFk1MkVyQ1ZGRV9zQnJvbGhhcHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaNjMA0G
CSqGSIb3DQEBCwUAA4IBAQDRMGyJS97Qug+cCk6T+XEEypWIlXbpjTD8uRDZImyX
ewZQXQpZ2tg0d1e0L0Z2Q0KX/Kwj4ZiRUmQH5DC8KEWnRPA8jAFHPcAnp2EQd9rC
j9x7SQDJRe9eHIUgZX3mZtqGWGJ0Wx919tb7MiRYouap4XqDVzX8lWVNKaQdU1hS
JtO7X4h8yIYpnSSsAM7srjfF4R0eudX1kVpzSEsKXM9M+JCeBynNbtDROCZ6fAJg
kA418xzvS4Iyc9fHT3K77ZKqDLsXe7e6G/J3Jw4W+O4Ihy2ApMJjh89ulL8A+8Ll
ABw7gBTlrezHELoLjKHYeK4zCKiwPmC5B/qeSDMjsvJv
-----END CERTIFICATE-----