Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/IICQjXJW2EEkB1v0o8BM6izDgbM.roa
File:                     IICQjXJW2EEkB1v0o8BM6izDgbM.roa (raw, json)
Hash identifier:          7Xb1rw7YXZ8yAd+5aXbmrrlzp2Uxli0xSynXq48MEYc=
Subject key identifier:   20:80:90:8D:72:56:D8:41:24:07:5B:F4:A3:C0:4C:EA:2C:C3:81:B3
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       0194221FB464D9D905D7C72E7F7B41773AFA
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/IICQjXJW2EEkB1v0o8BM6izDgbM.roa
Signing time:             Wed 01 Jan 2025 13:48:10 +0000
ROA not before:           Wed 01 Jan 2025 13:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23344
IP address blocks:        157.23.224.0/20 maxlen: 24
                          2a0e:bbc0:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b4:64:d9:d9:05:d7:c7:2e:7f:7b:41:77:3a:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  1 13:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2080908d7256d84124075bf4a3c04cea2cc381b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f1:63:36:af:b5:86:bb:90:64:ec:e9:dd:fb:
                    8f:5f:45:51:48:4e:c7:7e:0b:2e:16:d9:a1:b7:07:
                    57:51:84:8f:56:e0:44:38:d7:61:2a:9c:26:21:af:
                    8d:b3:6d:d7:35:c0:44:b1:19:ec:dc:a9:33:78:c7:
                    4f:16:72:58:0e:ed:3d:f1:d7:75:fa:91:a2:a3:8b:
                    64:f2:2f:07:b0:9f:85:6a:58:b9:cb:8f:79:f7:b8:
                    c6:cb:8b:d1:31:ba:a7:a1:64:66:d4:24:9e:3e:2e:
                    34:35:91:3e:94:d8:4b:ca:a9:f3:bb:be:25:fc:70:
                    1a:f9:e5:49:4f:67:ac:67:e1:d4:9d:a8:bd:e2:f8:
                    cc:b6:f3:64:50:c4:56:e6:20:cf:fd:72:de:4e:76:
                    5c:69:1b:e1:ad:14:1f:28:85:33:22:58:a1:30:1c:
                    fe:be:10:48:15:e5:88:33:7e:89:04:5a:2f:9e:33:
                    76:e7:ae:3c:3d:58:78:0b:4d:10:4d:41:1b:ba:9a:
                    28:ad:6e:3d:f3:39:da:d6:fa:22:7c:d4:0f:ee:a7:
                    9b:10:4c:fa:5d:9c:42:29:27:9d:d9:83:6c:3c:e2:
                    91:93:50:0e:7f:58:3c:70:62:8e:6b:c4:a7:df:bf:
                    9f:af:3a:56:ca:1c:55:e4:4e:3f:1c:f6:de:a3:63:
                    cf:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:80:90:8D:72:56:D8:41:24:07:5B:F4:A3:C0:4C:EA:2C:C3:81:B3
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/IICQjXJW2EEkB1v0o8BM6izDgbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.224.0/20
                IPv6:
                  2a0e:bbc0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:4f:f8:2b:f8:a0:b2:2e:f2:ec:9e:73:8b:f1:b6:99:18:d2:
         1c:31:4f:c7:58:63:fa:91:d5:f6:63:9d:a5:07:f7:a0:3a:da:
         9a:84:2b:6a:60:d8:06:b1:24:70:25:84:47:c1:5d:1d:5d:3f:
         bc:d8:e0:1e:f8:09:11:7b:e1:f3:e0:f5:42:15:3d:c1:56:6e:
         be:78:e0:9d:92:1a:10:ab:f1:7f:5b:eb:9e:86:f0:fc:d3:e3:
         2b:39:56:97:8b:3d:63:d8:1d:9e:2a:6d:95:0a:8d:a1:11:85:
         90:81:4b:2a:5e:ae:25:83:b8:2d:14:e7:96:e3:16:de:c1:37:
         c2:62:8a:e5:a3:4d:eb:ea:ff:f7:36:10:02:46:70:7e:d9:11:
         95:ec:e0:d1:88:3b:13:fe:0f:f8:9e:59:dc:48:4e:3f:4f:f1:
         db:b7:b0:42:ce:c5:54:3d:af:c5:27:88:be:72:ad:a5:df:b4:
         57:49:01:a7:6c:9a:c9:91:a3:ac:88:c5:00:b9:0d:00:28:4a:
         4a:5e:12:e7:38:34:b4:bb:17:90:3a:23:93:51:df:51:1b:c9:
         25:5b:89:0c:fe:18:05:27:d0:a8:30:7e:ed:30:a8:44:5a:45:
         93:32:71:70:78:bf:d4:42:27:01:31:e4:0e:c2:16:2c:76:7b:
         ad:f0:f5:a8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQiH7Rk2dkF18cuf3tBdzr6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjUwMTAxMTM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDgwOTA4ZDcyNTZkODQxMjQwNzViZjRhM2MwNGNlYTJjYzM4MWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PFjNq+1hruQZOzp3fuPX0VRSE7H
fgsuFtmhtwdXUYSPVuBEONdhKpwmIa+Ns23XNcBEsRns3KkzeMdPFnJYDu098dd1
+pGio4tk8i8HsJ+Fali5y49597jGy4vRMbqnoWRm1CSePi40NZE+lNhLyqnzu74l
/HAa+eVJT2esZ+HUnai94vjMtvNkUMRW5iDP/XLeTnZcaRvhrRQfKIUzIlihMBz+
vhBIFeWIM36JBFovnjN25648PVh4C00QTUEbupoorW498zna1voifNQP7qebEEz6
XZxCKSed2YNsPOKRk1AOf1g8cGKOa8Sn37+frzpWyhxV5E4/HPbeo2PPVwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCCAkI1yVthBJAdb9KPATOosw4GzMB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvSUlDUWpYSlcyRUVrQjF2MG84Qk02aXpEZ2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQEnRfgMA4E
AgACMAgDBgAqDrvAgDANBgkqhkiG9w0BAQsFAAOCAQEAY0/4K/igsi7y7J5zi/G2
mRjSHDFPx1hj+pHV9mOdpQf3oDramoQramDYBrEkcCWER8FdHV0/vNjgHvgJEXvh
8+D1QhU9wVZuvnjgnZIaEKvxf1vrnobw/NPjKzlWl4s9Y9gdniptlQqNoRGFkIFL
Kl6uJYO4LRTnluMW3sE3wmKK5aNN6+r/9zYQAkZwftkRlezg0Yg7E/4P+J5Z3EhO
P0/x27ewQs7FVD2vxSeIvnKtpd+0V0kBp2yayZGjrIjFALkNAChKSl4S5zg0tLsX
kDojk1HfURvJJVuJDP4YBSfQqDB+7TCoRFpFkzJxcHi/1EInATHkDsIWLHZ7rfD1
qA==
-----END CERTIFICATE-----