Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/IKzHoC6WrY7clVS9C4xc0bcUfhg.roa
File:                     IKzHoC6WrY7clVS9C4xc0bcUfhg.roa (raw, json)
Hash identifier:          cLDRIKI8CLVXOjTVgvitdJDR17FxFsXQyEBe6PUm0vQ=
Subject key identifier:   20:AC:C7:A0:2E:96:AD:8E:DC:95:54:BD:0B:8C:5C:D1:B7:14:7E:18
Certificate issuer:       /CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
Certificate serial:       018CC64B401175449EBF1C0ED064D098658F
Authority key identifier: E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/IKzHoC6WrY7clVS9C4xc0bcUfhg.roa
Signing time:             Mon 01 Jan 2024 18:31:09 +0000
ROA not before:           Mon 01 Jan 2024 18:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34953
IP address blocks:        185.64.96.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 13:03:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:40:11:75:44:9e:bf:1c:0e:d0:64:d0:98:65:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
        Validity
            Not Before: Jan  1 18:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20acc7a02e96ad8edc9554bd0b8c5cd1b7147e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:47:2b:86:1b:a3:a3:35:8c:61:27:8e:d1:d8:
                    1b:19:be:62:46:f5:64:3a:e9:76:a0:3b:93:15:3c:
                    4e:b8:a5:36:95:4f:7c:c8:12:8f:c6:0a:5a:42:a0:
                    57:3b:49:05:e7:c2:be:e0:5e:85:be:16:36:72:64:
                    03:03:41:ee:44:65:fb:e9:cf:16:9f:6e:dd:d9:25:
                    b4:a1:2b:ee:34:f6:19:a7:43:78:88:2e:37:0a:05:
                    73:63:8a:96:f5:2a:df:65:b4:9f:39:8f:ac:a1:4d:
                    97:3f:56:1f:d7:7b:ef:df:1f:dd:75:2d:16:88:e5:
                    d9:e8:71:f5:c9:d7:2f:3f:15:dc:ce:31:18:0b:47:
                    ca:84:b2:9e:6b:5d:3c:f8:42:7a:74:3a:87:50:4b:
                    d5:6b:57:25:ae:78:9f:cb:42:70:7a:42:cb:5d:74:
                    49:50:92:51:00:4a:ad:7f:6e:a1:2d:59:0b:a2:3d:
                    16:ee:9d:29:d3:3a:77:66:5d:24:0a:ad:fe:f2:5c:
                    26:19:3d:78:56:4d:8b:ba:6e:ac:a9:83:90:6d:1c:
                    10:bb:cc:e8:2a:cd:64:63:9f:e4:98:50:88:fe:27:
                    cd:d1:95:31:ac:10:46:ea:a5:31:eb:12:87:ab:2e:
                    21:2d:d3:1b:4b:55:a9:a6:67:fe:e0:3b:cc:34:79:
                    f8:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:AC:C7:A0:2E:96:AD:8E:DC:95:54:BD:0B:8C:5C:D1:B7:14:7E:18
            X509v3 Authority Key Identifier:
                keyid:E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/IKzHoC6WrY7clVS9C4xc0bcUfhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:5e:9b:e8:d2:b0:93:b1:e8:ec:28:57:19:85:be:5d:65:b2:
         d9:36:c4:47:24:39:28:2e:88:03:44:c1:5b:05:f2:c5:78:56:
         f9:a4:e5:64:26:75:26:22:22:41:bb:f1:2d:e8:d5:0f:d5:80:
         32:88:79:5f:14:b9:ba:77:6e:83:4b:bb:2e:35:28:cd:20:d8:
         66:0f:21:80:54:15:16:99:5d:8d:3a:1c:79:78:3d:e3:36:81:
         2a:07:5d:8b:bd:fe:0e:1f:52:78:40:6b:4a:91:48:bd:27:0a:
         b5:b7:0a:46:1c:aa:23:e7:88:b9:cc:55:55:7e:7c:cb:8b:aa:
         17:23:08:16:9b:c2:cf:63:62:40:a7:3e:23:23:d2:b4:2c:96:
         f2:0e:d0:7a:a2:27:54:79:87:60:0b:91:9e:ad:fe:a1:df:9a:
         37:e7:9a:f8:7a:6d:aa:ed:e1:dc:51:81:24:2b:80:44:34:2b:
         d3:75:d8:84:85:9a:4c:18:8e:7c:41:3d:f1:f8:0a:6f:28:f1:
         77:3c:30:d7:b0:2a:53:3f:9a:ca:12:f9:29:bd:29:5f:7c:ac:
         17:67:1c:da:d8:ed:08:16:3f:b3:32:15:cf:f9:6e:90:7d:1e:
         4a:2c:fa:78:48:4e:c9:f5:ac:c7:d4:f2:ce:12:86:17:74:36:
         dd:0e:bb:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0ARdUSevxwO0GTQmGWPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDljZmIwNzhlZGE1ODE2ZmM4MDllOThjMjVjYjcxOTYz
ZTc1YjcwHhcNMjQwMTAxMTgzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGFjYzdhMDJlOTZhZDhlZGM5NTU0YmQwYjhjNWNkMWI3MTQ3ZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUcrhhujozWMYSeO0dgbGb5iRvVk
Oul2oDuTFTxOuKU2lU98yBKPxgpaQqBXO0kF58K+4F6FvhY2cmQDA0HuRGX76c8W
n27d2SW0oSvuNPYZp0N4iC43CgVzY4qW9SrfZbSfOY+soU2XP1Yf13vv3x/ddS0W
iOXZ6HH1ydcvPxXczjEYC0fKhLKea108+EJ6dDqHUEvVa1clrnify0JwekLLXXRJ
UJJRAEqtf26hLVkLoj0W7p0p0zp3Zl0kCq3+8lwmGT14Vk2Lum6sqYOQbRwQu8zo
Ks1kY5/kmFCI/ifN0ZUxrBBG6qUx6xKHqy4hLdMbS1Wppmf+4DvMNHn4RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCsx6Aulq2O3JVUvQuMXNG3FH4YMB8GA1UdIwQY
MBaAFOfZz7B47aWBb8gJ6Ywly3GWPnW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEt
ZmVlZTdjMjlkNGRlLzEvSUt6SG9DNldyWTdjbFZTOUM0eGMwYmNVZmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEtZmVlZTdjMjlkNGRl
LzEvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUBgMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Xpvo0rCTsejsKFcZhb5dZbLZNsRHJDkoLogDRMFb
BfLFeFb5pOVkJnUmIiJBu/Et6NUP1YAyiHlfFLm6d26DS7suNSjNINhmDyGAVBUW
mV2NOhx5eD3jNoEqB12Lvf4OH1J4QGtKkUi9Jwq1twpGHKoj54i5zFVVfnzLi6oX
IwgWm8LPY2JApz4jI9K0LJbyDtB6oidUeYdgC5Gerf6h35o355r4em2q7eHcUYEk
K4BENCvTddiEhZpMGI58QT3x+ApvKPF3PDDXsCpTP5rKEvkpvSlffKwXZxza2O0I
Fj+zMhXP+W6QfR5KLPp4SE7J9azH1PLOEoYXdDbdDrvL
-----END CERTIFICATE-----