Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/ik0dBfLIH7zcHam4Ghb7aIqA-CU.roa
File:                     ik0dBfLIH7zcHam4Ghb7aIqA-CU.roa (raw, json)
Hash identifier:          8S+xbJMoOWtqH93QFvZ67rXiEnzozVd57YhuJBLg4/w=
Subject key identifier:   8A:4D:1D:05:F2:C8:1F:BC:DC:1D:A9:B8:1A:16:FB:68:8A:80:F8:25
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       018CC871054FF66618E40A177093086249E8
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/ik0dBfLIH7zcHam4Ghb7aIqA-CU.roa
Signing time:             Tue 02 Jan 2024 04:31:39 +0000
ROA not before:           Tue 02 Jan 2024 04:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60252
IP address blocks:        185.33.196.0/22 maxlen: 22
                          2a00:cfe0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:05:4f:f6:66:18:e4:0a:17:70:93:08:62:49:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  2 04:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a4d1d05f2c81fbcdc1da9b81a16fb688a80f825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ec:8b:1d:85:a8:a8:db:70:16:10:83:54:43:
                    07:e5:e6:b8:f5:ec:dc:35:d9:e7:27:67:ad:54:cf:
                    63:b1:92:d7:10:ac:84:17:39:83:f3:d2:3e:7f:59:
                    0e:83:0e:cc:2e:52:cc:34:b6:53:f7:58:bd:b5:46:
                    5e:c4:dc:36:c0:0e:06:6d:0e:e4:77:5c:cc:bc:43:
                    de:ae:6d:a2:17:0c:72:57:60:23:18:fa:f2:f8:96:
                    f5:19:5c:4d:68:12:0e:01:1a:9f:f4:f3:78:09:a5:
                    05:9c:56:24:e9:1a:95:6a:5c:07:58:db:90:b8:04:
                    c7:0a:71:ef:b6:3e:b6:2b:ec:9d:b4:1b:b9:d5:a0:
                    a2:96:ff:56:7a:e0:c8:a2:a0:c2:6f:d8:10:80:21:
                    3f:8c:c8:12:90:eb:ad:89:b7:88:1b:12:ba:2f:59:
                    2d:8f:6d:01:87:b7:20:6a:61:cd:9e:50:53:0f:fd:
                    a3:10:26:ec:bf:40:bf:f5:94:fe:2f:6c:a6:88:83:
                    cb:ba:08:84:aa:82:eb:5f:81:15:f8:cc:80:89:cc:
                    cc:fe:ef:e8:47:b7:96:ca:72:20:34:24:6d:54:f8:
                    01:63:da:8a:9e:d7:4e:7a:33:16:b0:ed:cb:59:cc:
                    c5:fc:8b:03:b0:eb:67:29:d6:94:1d:2c:9c:49:04:
                    cb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:4D:1D:05:F2:C8:1F:BC:DC:1D:A9:B8:1A:16:FB:68:8A:80:F8:25
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/ik0dBfLIH7zcHam4Ghb7aIqA-CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.196.0/22
                IPv6:
                  2a00:cfe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:57:1f:ce:dd:a4:eb:21:a0:2f:60:54:12:5f:d1:96:f8:e0:
         5d:38:9c:c9:8c:3c:01:16:e0:66:11:c1:d9:0c:21:ae:60:9b:
         e9:0f:ab:1d:db:bc:b0:d5:26:cc:c4:22:46:e8:21:c7:5e:7a:
         ae:a0:46:fc:91:00:95:4d:7c:c8:cd:f9:54:1e:28:11:d2:1c:
         b4:42:10:62:b9:5a:1c:c9:7d:69:e4:8c:bf:76:23:c5:84:0a:
         d1:e1:6b:7a:72:0f:c0:e4:22:91:f4:a7:b9:52:21:bb:84:46:
         c9:07:c4:cf:06:64:04:ae:a1:8c:69:c9:d1:47:a3:fc:4a:fb:
         93:dd:f3:40:8d:e5:fe:7a:2e:85:ad:da:5f:c5:8b:d3:35:ce:
         6c:c4:c9:11:d9:f5:1f:e3:cf:33:b5:cf:7e:84:d1:ee:a9:fe:
         f4:8a:3e:77:97:22:16:bf:e7:29:26:22:e6:1a:e8:6a:76:79:
         01:7f:37:b3:94:de:6f:ea:ea:12:cf:6c:c2:b0:34:72:07:a0:
         83:b3:6d:ca:a5:18:f0:ac:86:b2:1f:23:8b:3a:60:03:cb:9d:
         4e:ad:8f:e9:53:a8:5e:b3:7b:c0:57:b4:00:69:56:db:99:4d:
         69:d0:25:0f:d0:8b:36:00:ff:ae:1c:68:aa:aa:ab:54:eb:06:
         46:7a:a9:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcQVP9mYY5AoXcJMIYknoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjQwMTAyMDQzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTRkMWQwNWYyYzgxZmJjZGMxZGE5YjgxYTE2ZmI2ODhhODBmODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluyLHYWoqNtwFhCDVEMH5ea49ezc
NdnnJ2etVM9jsZLXEKyEFzmD89I+f1kOgw7MLlLMNLZT91i9tUZexNw2wA4GbQ7k
d1zMvEPerm2iFwxyV2AjGPry+Jb1GVxNaBIOARqf9PN4CaUFnFYk6RqValwHWNuQ
uATHCnHvtj62K+ydtBu51aCilv9WeuDIoqDCb9gQgCE/jMgSkOutibeIGxK6L1kt
j20Bh7cgamHNnlBTD/2jECbsv0C/9ZT+L2ymiIPLugiEqoLrX4EV+MyAiczM/u/o
R7eWynIgNCRtVPgBY9qKntdOejMWsO3LWczF/IsDsOtnKdaUHSycSQTLEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIpNHQXyyB+83B2puBoW+2iKgPglMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvaWswZEJmTElIN3pjSGFtNEdoYjdhSXFBLUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSHEMA0E
AgACMAcDBQAqAM/gMA0GCSqGSIb3DQEBCwUAA4IBAQAWVx/O3aTrIaAvYFQSX9GW
+OBdOJzJjDwBFuBmEcHZDCGuYJvpD6sd27yw1SbMxCJG6CHHXnquoEb8kQCVTXzI
zflUHigR0hy0QhBiuVocyX1p5Iy/diPFhArR4Wt6cg/A5CKR9Ke5UiG7hEbJB8TP
BmQErqGMacnRR6P8SvuT3fNAjeX+ei6FrdpfxYvTNc5sxMkR2fUf488ztc9+hNHu
qf70ij53lyIWv+cpJiLmGuhqdnkBfzezlN5v6uoSz2zCsDRyB6CDs23KpRjwrIay
HyOLOmADy51OrY/pU6hes3vAV7QAaVbbmU1p0CUP0Is2AP+uHGiqqqtU6wZGeqnu
-----END CERTIFICATE-----