Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/2084c5-4eba-4457-a8ec-32471c5908a2/1/iMMH1Fgw9EttOFfxgbHxGk2m0Bg.roa
File:                     iMMH1Fgw9EttOFfxgbHxGk2m0Bg.roa (raw, json)
Hash identifier:          mY2YPs4rCSz69TeCgeSjqpo/A4eB0i+BtIFSmaMNwyA=
Subject key identifier:   88:C3:07:D4:58:30:F4:4B:6D:38:57:F1:81:B1:F1:1A:4D:A6:D0:18
Certificate issuer:       /CN=081cb333913cf413bbafd9277937b3061a61817c
Certificate serial:       018E659D55EF8D85B69C54BD0692B0A7CD23
Authority key identifier: 08:1C:B3:33:91:3C:F4:13:BB:AF:D9:27:79:37:B3:06:1A:61:81:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CByzM5E89BO7r9kneTezBhphgXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/2084c5-4eba-4457-a8ec-32471c5908a2/1/iMMH1Fgw9EttOFfxgbHxGk2m0Bg.roa
Signing time:             Fri 22 Mar 2024 10:03:13 +0000
ROA not before:           Fri 22 Mar 2024 10:03:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44939
IP address blocks:        193.142.196.0/22 maxlen: 24
                          2a0d:2740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/2084c5-4eba-4457-a8ec-32471c5908a2/1/CByzM5E89BO7r9kneTezBhphgXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/2084c5-4eba-4457-a8ec-32471c5908a2/1/CByzM5E89BO7r9kneTezBhphgXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CByzM5E89BO7r9kneTezBhphgXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:9d:55:ef:8d:85:b6:9c:54:bd:06:92:b0:a7:cd:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=081cb333913cf413bbafd9277937b3061a61817c
        Validity
            Not Before: Mar 22 10:03:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88c307d45830f44b6d3857f181b1f11a4da6d018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:30:3d:76:aa:6d:a8:a9:fb:bf:17:f5:bd:12:
                    b9:24:f7:b0:10:75:5d:dd:81:02:c1:a2:fb:02:ec:
                    15:db:37:2a:08:c8:be:e4:4f:1b:cf:f7:fa:76:83:
                    9a:52:a3:de:59:66:c9:4c:ba:cd:80:c4:2c:35:e7:
                    67:25:ad:09:1d:a2:25:07:c4:73:f0:dd:70:08:ab:
                    0a:97:c9:92:0b:b2:15:6b:92:8a:3d:e8:fb:77:3b:
                    5d:b7:f8:d8:a1:f7:e6:5d:4a:fb:72:d3:7e:e2:20:
                    9d:39:93:cd:c2:35:d9:ea:a9:a2:42:db:70:a9:37:
                    d0:f9:9f:0f:85:55:6c:ee:95:10:d0:b1:9e:ca:70:
                    f3:af:c5:7e:70:a7:0d:38:79:93:aa:b1:c0:4d:ce:
                    9a:2c:1a:1d:9c:e1:65:62:c0:92:94:25:58:e8:9d:
                    ef:9f:60:25:74:cd:3a:78:f6:38:b1:3c:3c:51:60:
                    d7:c2:0b:5d:be:1f:cf:dc:95:a6:33:8b:87:5b:19:
                    c2:5f:83:7d:2c:ee:4f:64:30:78:04:4b:01:ce:12:
                    21:5d:07:28:19:f3:e9:23:67:fb:f4:40:22:5e:6a:
                    5c:c2:8b:4f:f2:24:01:96:1f:b6:cf:63:97:34:ae:
                    af:1a:33:46:73:7c:03:23:6c:a7:03:b1:a7:31:99:
                    0f:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C3:07:D4:58:30:F4:4B:6D:38:57:F1:81:B1:F1:1A:4D:A6:D0:18
            X509v3 Authority Key Identifier:
                keyid:08:1C:B3:33:91:3C:F4:13:BB:AF:D9:27:79:37:B3:06:1A:61:81:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CByzM5E89BO7r9kneTezBhphgXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/2084c5-4eba-4457-a8ec-32471c5908a2/1/iMMH1Fgw9EttOFfxgbHxGk2m0Bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/2084c5-4eba-4457-a8ec-32471c5908a2/1/CByzM5E89BO7r9kneTezBhphgXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.196.0/22
                IPv6:
                  2a0d:2740::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:8d:2e:d2:7b:f0:a9:38:34:9d:19:f8:90:d4:28:4a:38:6e:
         fc:14:70:81:3b:7a:00:87:bc:0d:7b:2f:6c:b9:40:f2:57:86:
         46:28:b9:30:a4:00:d8:94:a8:37:7a:d2:8a:76:fe:58:8b:33:
         5b:29:88:08:e5:2f:e8:db:aa:59:35:87:09:9d:41:e0:ff:18:
         24:03:dd:0e:76:0f:45:32:f5:54:6d:17:f8:0c:43:31:07:89:
         4e:34:23:5e:1c:2a:fe:06:db:61:da:54:bb:ec:ba:ec:20:5a:
         7c:b6:b4:cc:ec:85:07:fa:72:e9:43:fc:92:7f:f8:35:6a:3e:
         42:14:f7:7e:1e:cd:cf:21:04:97:25:ac:60:5b:02:d0:3d:57:
         92:c2:5f:1a:78:13:bf:57:b4:1f:41:0e:5e:b3:7a:9c:53:a3:
         a7:a1:2d:2a:bc:ae:df:d5:7b:86:7b:ed:f8:c0:64:dd:1f:b5:
         70:fd:a8:07:df:6a:37:4e:81:b4:06:9c:bc:a8:8b:b5:2e:66:
         8b:e6:3e:e7:99:bd:27:5c:71:db:26:c3:fb:5f:37:93:e9:26:
         1d:9f:f9:85:dc:f0:b2:22:59:eb:c1:ad:ef:66:e3:18:20:32:
         98:23:7e:bc:33:eb:8e:2a:5f:f1:1b:c6:17:9a:7d:64:da:5f:
         72:bf:e3:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5lnVXvjYW2nFS9BpKwp80jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MWNiMzMzOTEzY2Y0MTNiYmFmZDkyNzc5MzdiMzA2MWE2
MTgxN2MwHhcNMjQwMzIyMTAwMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGMzMDdkNDU4MzBmNDRiNmQzODU3ZjE4MWIxZjExYTRkYTZkMDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujA9dqptqKn7vxf1vRK5JPewEHVd
3YECwaL7AuwV2zcqCMi+5E8bz/f6doOaUqPeWWbJTLrNgMQsNednJa0JHaIlB8Rz
8N1wCKsKl8mSC7IVa5KKPej7dztdt/jYoffmXUr7ctN+4iCdOZPNwjXZ6qmiQttw
qTfQ+Z8PhVVs7pUQ0LGeynDzr8V+cKcNOHmTqrHATc6aLBodnOFlYsCSlCVY6J3v
n2AldM06ePY4sTw8UWDXwgtdvh/P3JWmM4uHWxnCX4N9LO5PZDB4BEsBzhIhXQco
GfPpI2f79EAiXmpcwotP8iQBlh+2z2OXNK6vGjNGc3wDI2ynA7GnMZkPJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIjDB9RYMPRLbThX8YGx8RpNptAYMB8GA1UdIwQY
MBaAFAgcszORPPQTu6/ZJ3k3swYaYYF8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0J5ek01RTg5Qk83cjlrbmVUZXpCaHBoZ1h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8yMDg0YzUtNGViYS00NDU3LWE4ZWMt
MzI0NzFjNTkwOGEyLzEvaU1NSDFGZ3c5RXR0T0ZmeGdiSHhHazJtMEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8yMDg0YzUtNGViYS00NDU3LWE4ZWMtMzI0NzFjNTkwOGEy
LzEvQ0J5ek01RTg5Qk83cjlrbmVUZXpCaHBoZ1h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwY7EMA0E
AgACMAcDBQMqDSdAMA0GCSqGSIb3DQEBCwUAA4IBAQBujS7Se/CpODSdGfiQ1ChK
OG78FHCBO3oAh7wNey9suUDyV4ZGKLkwpADYlKg3etKKdv5YizNbKYgI5S/o26pZ
NYcJnUHg/xgkA90Odg9FMvVUbRf4DEMxB4lONCNeHCr+Btth2lS77LrsIFp8trTM
7IUH+nLpQ/ySf/g1aj5CFPd+Hs3PIQSXJaxgWwLQPVeSwl8aeBO/V7QfQQ5es3qc
U6OnoS0qvK7f1XuGe+34wGTdH7Vw/agH32o3ToG0Bpy8qIu1LmaL5j7nmb0nXHHb
JsP7XzeT6SYdn/mF3PCyIlnrwa3vZuMYIDKYI368M+uOKl/xG8YXmn1k2l9yv+My
-----END CERTIFICATE-----