Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/iGsK_B5kc7f5LtdtrLxtSL9ku54.roa
File:                     iGsK_B5kc7f5LtdtrLxtSL9ku54.roa (raw, json)
Hash identifier:          raQtWkSW1CK//C2quX0UqsJsM/839tIzJbksWP0Gq+o=
Subject key identifier:   88:6B:0A:FC:1E:64:73:B7:F9:2E:D7:6D:AC:BC:6D:48:BF:64:BB:9E
Certificate issuer:       /CN=e180ebbbca0f890de353891421a83dd5b653d940
Certificate serial:       019426D960D21A75757D2638FA46F202DD79
Authority key identifier: E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/iGsK_B5kc7f5LtdtrLxtSL9ku54.roa
Signing time:             Thu 02 Jan 2025 11:49:27 +0000
ROA not before:           Thu 02 Jan 2025 11:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35608
IP address blocks:        194.67.69.0/24 maxlen: 24
                          194.67.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:60:d2:1a:75:75:7d:26:38:fa:46:f2:02:dd:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e180ebbbca0f890de353891421a83dd5b653d940
        Validity
            Not Before: Jan  2 11:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=886b0afc1e6473b7f92ed76dacbc6d48bf64bb9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:75:2f:c3:29:69:c4:9e:61:fe:3b:c3:83:49:
                    dd:6f:3e:cd:52:0c:db:0a:00:3d:d8:ca:d7:4f:1a:
                    cc:bc:be:1b:6d:52:55:27:27:db:a1:42:bc:74:f9:
                    1a:67:3d:9d:f1:b9:44:5a:a5:d7:54:05:66:16:65:
                    07:22:b6:70:24:e9:a3:ad:58:99:b7:50:05:d7:b1:
                    99:0b:41:4f:08:9b:65:a7:57:d5:12:3c:8f:4a:0e:
                    70:2f:0d:26:8c:44:a5:46:ac:8b:9c:cb:30:ac:59:
                    4a:fd:24:7b:64:d4:76:48:ce:f1:95:3b:87:eb:94:
                    f8:4c:1d:29:31:9a:70:f0:2e:aa:c8:ae:9f:74:3d:
                    58:00:2f:d2:24:aa:7e:69:02:7c:cc:82:70:28:88:
                    20:be:27:e5:1c:a5:56:59:c9:5f:f9:30:42:64:03:
                    4f:ae:2f:16:f2:60:71:60:48:02:4c:81:9e:61:2d:
                    b6:23:56:38:33:14:e8:82:1b:f6:1b:83:0a:e0:97:
                    5f:0c:fa:cb:b9:a7:46:f3:b1:d2:44:cf:f7:74:60:
                    47:f7:cc:31:6d:5b:68:f6:9e:2f:02:93:58:64:8d:
                    ce:e1:69:6a:d2:46:2e:46:e1:c4:95:6e:07:1a:6a:
                    f5:a9:07:30:2b:eb:8e:e7:d3:2f:7e:c8:50:aa:75:
                    06:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:6B:0A:FC:1E:64:73:B7:F9:2E:D7:6D:AC:BC:6D:48:BF:64:BB:9E
            X509v3 Authority Key Identifier:
                keyid:E1:80:EB:BB:CA:0F:89:0D:E3:53:89:14:21:A8:3D:D5:B6:53:D9:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YDru8oPiQ3jU4kUIag91bZT2UA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/iGsK_B5kc7f5LtdtrLxtSL9ku54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/a18cf1-a080-4945-8b21-05556959c455/1/4YDru8oPiQ3jU4kUIag91bZT2UA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.67.69.0-194.67.70.255

    Signature Algorithm: sha256WithRSAEncryption
         9f:ea:cb:32:47:c7:2b:e4:a0:07:9d:73:b9:ac:3a:5d:b1:59:
         48:f8:aa:57:99:a8:2b:cb:52:5b:e3:05:6c:43:ea:cf:74:7a:
         20:63:e0:76:0b:20:6f:c3:d8:c2:9f:33:fc:e6:73:1b:af:3b:
         54:0e:95:c3:17:3f:8d:80:9e:b2:35:bb:f1:77:f9:3d:f9:22:
         33:15:9c:1e:46:ef:74:ea:35:db:8b:a2:22:36:35:f5:30:05:
         2f:0b:4c:26:22:71:11:b7:17:f9:77:86:7d:ff:29:46:d4:00:
         84:17:a2:21:c9:33:f6:47:21:38:cb:c2:28:2d:36:60:41:a3:
         b9:27:c0:99:84:5b:7f:c0:68:00:dc:bf:14:3c:87:97:b3:72:
         7b:ca:46:0f:1d:fd:16:34:7c:ea:aa:d6:3c:6a:91:9a:14:1c:
         5a:1e:78:92:57:3b:05:cf:bd:6c:d2:d8:5c:d4:62:25:68:ff:
         c8:27:2b:8c:7c:df:15:a0:98:a1:3e:22:3f:60:08:d1:99:f0:
         d1:65:38:4d:b8:69:3c:f1:5e:4f:24:61:bc:ea:86:75:6f:ec:
         d4:1f:a2:ba:e2:bd:2d:d7:62:06:06:b2:31:de:ed:e2:9d:1b:
         4c:a8:fa:cb:ff:9a:83:b8:1c:4b:3b:5b:ee:23:7a:6b:16:2d:
         86:85:0c:b3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQm2WDSGnV1fSY4+kbyAt15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODBlYmJiY2EwZjg5MGRlMzUzODkxNDIxYTgzZGQ1YjY1
M2Q5NDAwHhcNMjUwMTAyMTE0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODZiMGFmYzFlNjQ3M2I3ZjkyZWQ3NmRhY2JjNmQ0OGJmNjRiYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXUvwylpxJ5h/jvDg0ndbz7NUgzb
CgA92MrXTxrMvL4bbVJVJyfboUK8dPkaZz2d8blEWqXXVAVmFmUHIrZwJOmjrViZ
t1AF17GZC0FPCJtlp1fVEjyPSg5wLw0mjESlRqyLnMswrFlK/SR7ZNR2SM7xlTuH
65T4TB0pMZpw8C6qyK6fdD1YAC/SJKp+aQJ8zIJwKIggviflHKVWWclf+TBCZANP
ri8W8mBxYEgCTIGeYS22I1Y4MxToghv2G4MK4JdfDPrLuadG87HSRM/3dGBH98wx
bVto9p4vApNYZI3O4Wlq0kYuRuHElW4HGmr1qQcwK+uO59MvfshQqnUG0wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIhrCvweZHO3+S7Xbay8bUi/ZLueMB8GA1UdIwQY
MBaAFOGA67vKD4kN41OJFCGoPdW2U9lAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEt
MDU1NTY5NTljNDU1LzEvaUdzS19CNWtjN2Y1THRkdHJMeHRTTDlrdTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9hMThjZjEtYTA4MC00OTQ1LThiMjEtMDU1NTY5NTljNDU1
LzEvNFlEcnU4b1BpUTNqVTRrVUlhZzkxYlpUMlVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCQ0UD
BADCQ0YwDQYJKoZIhvcNAQELBQADggEBAJ/qyzJHxyvkoAedc7msOl2xWUj4qleZ
qCvLUlvjBWxD6s90eiBj4HYLIG/D2MKfM/zmcxuvO1QOlcMXP42AnrI1u/F3+T35
IjMVnB5G73TqNduLoiI2NfUwBS8LTCYicRG3F/l3hn3/KUbUAIQXoiHJM/ZHITjL
wigtNmBBo7knwJmEW3/AaADcvxQ8h5ezcnvKRg8d/RY0fOqq1jxqkZoUHFoeeJJX
OwXPvWzS2FzUYiVo/8gnK4x83xWgmKE+Ij9gCNGZ8NFlOE24aTzxXk8kYbzqhnVv
7NQforrivS3XYgYGsjHe7eKdG0yo+sv/moO4HEs7W+4jemsWLYaFDLM=
-----END CERTIFICATE-----