Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/IzHwNm-BEQTEBYULoYhnNcicmo0.roa
File:                     IzHwNm-BEQTEBYULoYhnNcicmo0.roa (raw, json)
Hash identifier:          yQ54dHkz7MXvYm3+yZl/AUTutqPwCCn9suLHijKfXJI=
Subject key identifier:   23:31:F0:36:6F:81:11:04:C4:05:85:0B:A1:88:67:35:C8:9C:9A:8D
Certificate issuer:       /CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
Certificate serial:       018CC9BB028D8314F3DB83BD0DE0BD6BBCCC
Authority key identifier: 41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/IzHwNm-BEQTEBYULoYhnNcicmo0.roa
Signing time:             Tue 02 Jan 2024 10:32:05 +0000
ROA not before:           Tue 02 Jan 2024 10:32:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        192.109.200.0/24 maxlen: 24
                          192.109.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:02:8d:83:14:f3:db:83:bd:0d:e0:bd:6b:bc:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
        Validity
            Not Before: Jan  2 10:32:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2331f0366f811104c405850ba1886735c89c9a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:70:29:d9:61:0b:c5:b3:48:6b:10:59:6e:11:
                    dc:50:65:fc:aa:f5:2c:60:9d:f5:24:10:8b:e0:56:
                    fc:3f:e4:32:55:02:f4:53:bd:2e:3d:39:76:fa:1b:
                    ee:11:e5:3b:ed:5d:99:e3:2b:d5:32:c3:fa:3c:65:
                    6c:6c:3a:13:51:f3:22:fa:2d:91:13:97:94:0b:76:
                    69:59:7d:01:0c:29:ec:9d:2b:6c:ac:2e:d1:f3:7d:
                    57:4d:ad:5e:07:16:ce:10:e1:c6:11:9a:34:71:d7:
                    6c:38:d4:26:ce:06:d9:d2:d5:80:1d:a9:42:da:fb:
                    c7:7b:54:5f:2a:d0:fc:f7:38:11:9e:05:72:bb:49:
                    c5:d2:93:9e:13:17:2f:06:43:dc:c5:ab:e3:8e:54:
                    34:81:1b:e6:d8:5a:20:3f:a1:15:6e:f6:5e:f1:38:
                    da:92:ab:be:ab:73:92:1e:c1:7a:37:af:12:14:d3:
                    f3:a7:3b:3e:7d:a6:94:d0:fe:ef:49:42:42:92:a5:
                    e6:3a:0c:0c:56:03:4f:56:08:3d:e8:81:ac:55:80:
                    2f:c3:07:2a:16:d7:50:dd:66:a3:ef:d6:64:b3:f6:
                    eb:84:24:eb:1c:b0:03:3c:6b:9d:ea:68:51:50:d6:
                    a2:54:3b:50:22:06:63:11:e0:a2:34:e4:a5:8b:3c:
                    ca:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:31:F0:36:6F:81:11:04:C4:05:85:0B:A1:88:67:35:C8:9C:9A:8D
            X509v3 Authority Key Identifier:
                keyid:41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/IzHwNm-BEQTEBYULoYhnNcicmo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.139.0/24
                  192.109.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:81:60:37:a4:2c:73:be:f5:01:ae:15:f8:18:57:30:54:6a:
         ff:2f:80:ef:d2:37:76:79:55:14:46:37:72:0d:b6:ad:ad:d3:
         c6:b3:8f:53:7e:62:82:b9:3f:13:8b:d2:ee:71:77:2b:e5:80:
         a8:41:6d:cf:52:fc:b1:a2:30:d5:d7:01:d1:24:5d:89:9d:e9:
         ec:6a:26:04:2b:44:8b:2b:9a:f8:a3:b5:db:c8:a1:fb:e9:9b:
         0a:41:61:70:7e:97:9c:56:03:0b:c7:80:ed:43:9f:32:5b:fc:
         5c:e1:3b:f7:27:e4:86:1a:70:27:a3:1c:39:16:5b:66:e0:80:
         56:d1:0c:21:d9:b5:33:bd:28:6d:d1:06:3a:26:de:b7:a8:c9:
         8d:ca:bf:3c:ce:5b:d3:83:45:33:d2:22:53:be:0b:18:2e:b5:
         1a:21:15:e2:53:8b:80:08:76:89:76:1b:76:d8:d4:ad:82:0a:
         20:49:86:f4:45:5e:a4:c2:0d:40:62:8d:00:45:98:93:81:2e:
         ad:5b:e6:1d:cc:a8:30:e8:93:d5:70:3b:02:af:32:de:73:2a:
         45:91:2c:8c:1a:76:88:ff:37:d6:42:2b:88:9a:2a:af:77:b9:
         0c:93:22:f9:60:ae:55:4c:9f:40:15:57:4e:eb:a2:87:65:95:
         9e:10:73:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJuwKNgxTz24O9DeC9a7zMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZjVhMTBlNGZkMjY1NWFkYmJiNDBlZGUxOGIyNjE1YWM1
NThlYTkwHhcNMjQwMTAyMTAzMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzMxZjAzNjZmODExMTA0YzQwNTg1MGJhMTg4NjczNWM4OWM5YThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3Ap2WELxbNIaxBZbhHcUGX8qvUs
YJ31JBCL4Fb8P+QyVQL0U70uPTl2+hvuEeU77V2Z4yvVMsP6PGVsbDoTUfMi+i2R
E5eUC3ZpWX0BDCnsnStsrC7R831XTa1eBxbOEOHGEZo0cddsONQmzgbZ0tWAHalC
2vvHe1RfKtD89zgRngVyu0nF0pOeExcvBkPcxavjjlQ0gRvm2FogP6EVbvZe8Tja
kqu+q3OSHsF6N68SFNPzpzs+faaU0P7vSUJCkqXmOgwMVgNPVgg96IGsVYAvwwcq
FtdQ3Waj79Zks/brhCTrHLADPGud6mhRUNaiVDtQIgZjEeCiNOSlizzKmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCMx8DZvgREExAWFC6GIZzXInJqNMB8GA1UdIwQY
MBaAFEH1oQ5P0mVa27tA7eGLJhWsVY6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUt
ODc5MDIwNmYwZDc0LzEvSXpId05tLUJFUVRFQllVTG9ZaG5OY2ljbW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUtODc5MDIwNmYwZDc0
LzEvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwG2LAwQA
wG3IMA0GCSqGSIb3DQEBCwUAA4IBAQBMgWA3pCxzvvUBrhX4GFcwVGr/L4Dv0jd2
eVUURjdyDbatrdPGs49TfmKCuT8Ti9LucXcr5YCoQW3PUvyxojDV1wHRJF2Jnens
aiYEK0SLK5r4o7XbyKH76ZsKQWFwfpecVgMLx4DtQ58yW/xc4Tv3J+SGGnAnoxw5
Fltm4IBW0Qwh2bUzvSht0QY6Jt63qMmNyr88zlvTg0Uz0iJTvgsYLrUaIRXiU4uA
CHaJdht22NStggogSYb0RV6kwg1AYo0ARZiTgS6tW+YdzKgw6JPVcDsCrzLecypF
kSyMGnaI/zfWQiuImiqvd7kMkyL5YK5VTJ9AFVdO66KHZZWeEHOF
-----END CERTIFICATE-----