Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/Iwka6VTLPTh8G_8RsqnH19JEdNI.roa
File:                     Iwka6VTLPTh8G_8RsqnH19JEdNI.roa (raw, json)
Hash identifier:          cr7P8F8Z+vWoF5l813j1XOlhhf0ax9Q6W1pZU6ey2PY=
Subject key identifier:   23:09:1A:E9:54:CB:3D:38:7C:1B:FF:11:B2:A9:C7:D7:D2:44:74:D2
Certificate issuer:       /CN=ce8a8d40e437adf4acd7cdb38e0402477a2e51a6
Certificate serial:       018CC86F9B0B7B66FA2548A0F7A683AAD16C
Authority key identifier: CE:8A:8D:40:E4:37:AD:F4:AC:D7:CD:B3:8E:04:02:47:7A:2E:51:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zoqNQOQ3rfSs182zjgQCR3ouUaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/Iwka6VTLPTh8G_8RsqnH19JEdNI.roa
Signing time:             Tue 02 Jan 2024 04:30:06 +0000
ROA not before:           Tue 02 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42808
IP address blocks:        194.26.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zoqNQOQ3rfSs182zjgQCR3ouUaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:9b:0b:7b:66:fa:25:48:a0:f7:a6:83:aa:d1:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce8a8d40e437adf4acd7cdb38e0402477a2e51a6
        Validity
            Not Before: Jan  2 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23091ae954cb3d387c1bff11b2a9c7d7d24474d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7d:40:b3:f8:20:a1:83:78:97:c9:01:0e:d6:
                    2d:94:7d:b5:61:5a:c1:96:29:9e:ea:8d:6a:c0:83:
                    be:43:c5:dc:7a:b5:27:bb:d5:c0:e4:bf:93:66:a3:
                    82:bc:3b:3d:e3:e7:23:a3:dd:b7:ba:b3:6b:4e:27:
                    dc:1e:57:11:c1:34:1f:49:93:cd:f6:f9:d4:cb:10:
                    c8:07:2e:eb:c2:6a:89:1d:6e:cd:88:0d:c3:32:74:
                    ae:b3:88:a5:9f:49:da:2a:bc:a0:2e:24:18:6e:67:
                    f1:c3:70:a3:14:73:e2:39:7c:c2:5e:28:d1:92:e4:
                    e7:cf:22:93:d4:e2:20:a0:c2:3b:a1:35:05:ab:be:
                    2e:29:39:bb:7f:6e:46:06:67:6e:71:85:b9:06:8b:
                    00:d5:d8:7d:ab:2d:68:29:15:a1:e5:b0:d7:a1:2e:
                    f9:7a:b6:34:ca:30:6d:d0:52:35:bd:34:0f:87:df:
                    29:80:6e:97:7c:63:0c:9d:cc:96:ff:34:0f:67:7a:
                    2e:0c:8b:06:de:fe:92:23:18:20:6a:f2:25:cb:b6:
                    41:be:4b:2a:5c:15:df:e8:ff:52:05:3c:f0:fe:ae:
                    41:36:16:bc:50:f6:3c:95:9c:41:4a:d3:a7:57:ef:
                    ef:a3:3e:9c:20:e3:f4:be:0f:a2:ae:83:0e:9e:3d:
                    8a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:09:1A:E9:54:CB:3D:38:7C:1B:FF:11:B2:A9:C7:D7:D2:44:74:D2
            X509v3 Authority Key Identifier:
                keyid:CE:8A:8D:40:E4:37:AD:F4:AC:D7:CD:B3:8E:04:02:47:7A:2E:51:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zoqNQOQ3rfSs182zjgQCR3ouUaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/Iwka6VTLPTh8G_8RsqnH19JEdNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/822b22-8ca3-469d-9083-345b2ab0db18/1/zoqNQOQ3rfSs182zjgQCR3ouUaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:17:d5:d1:bc:f5:66:c5:ec:a2:d8:43:fd:ba:08:36:bc:d8:
         95:32:bc:26:a5:14:fb:d4:e9:d8:4f:8b:c9:da:22:e2:95:ab:
         4a:61:f8:73:43:53:55:85:4d:be:b6:14:98:c5:c4:5d:5c:a2:
         c2:74:6b:ad:a4:83:41:24:b3:73:99:44:4b:ce:94:50:82:ce:
         1e:95:ff:bf:89:5c:94:c4:66:98:97:93:c2:0e:98:89:1d:3c:
         54:ab:51:be:bc:89:69:6e:06:3e:eb:0f:eb:1a:51:21:e0:8a:
         23:66:48:5e:a3:7c:b0:b7:8f:cf:1e:10:eb:0d:04:aa:4b:c6:
         92:c9:a0:aa:11:c4:9d:be:f3:74:cd:99:e0:34:1e:b4:02:dd:
         65:35:1f:cb:b1:b1:30:9e:7c:61:e3:c2:bb:4d:0a:43:e7:66:
         20:fa:ce:59:87:91:c8:6a:a1:03:bc:50:e5:f3:86:b5:66:9a:
         dd:51:53:79:55:ef:e9:2c:66:01:7e:ef:24:91:19:d6:03:0c:
         24:5b:89:97:02:a3:3e:c0:ef:a7:3c:05:2c:89:c4:a2:7c:b5:
         a5:db:cf:b5:d9:5c:ed:2e:49:c4:1e:1e:87:88:ce:0c:5a:6b:
         60:f7:65:99:03:8e:67:83:db:a6:1a:93:b1:93:22:9d:a7:48:
         f8:7e:ae:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5sLe2b6JUig96aDqtFsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOGE4ZDQwZTQzN2FkZjRhY2Q3Y2RiMzhlMDQwMjQ3N2Ey
ZTUxYTYwHhcNMjQwMTAyMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzA5MWFlOTU0Y2IzZDM4N2MxYmZmMTFiMmE5YzdkN2QyNDQ3NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy31As/ggoYN4l8kBDtYtlH21YVrB
lime6o1qwIO+Q8XcerUnu9XA5L+TZqOCvDs94+cjo923urNrTifcHlcRwTQfSZPN
9vnUyxDIBy7rwmqJHW7NiA3DMnSus4iln0naKrygLiQYbmfxw3CjFHPiOXzCXijR
kuTnzyKT1OIgoMI7oTUFq74uKTm7f25GBmducYW5BosA1dh9qy1oKRWh5bDXoS75
erY0yjBt0FI1vTQPh98pgG6XfGMMncyW/zQPZ3ouDIsG3v6SIxggavIly7ZBvksq
XBXf6P9SBTzw/q5BNha8UPY8lZxBStOnV+/voz6cIOP0vg+iroMOnj2KwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMJGulUyz04fBv/EbKpx9fSRHTSMB8GA1UdIwQY
MBaAFM6KjUDkN630rNfNs44EAkd6LlGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem9xTlFPUTNyZlNzMTgyempnUUNSM291VWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS84MjJiMjItOGNhMy00NjlkLTkwODMt
MzQ1YjJhYjBkYjE4LzEvSXdrYTZWVExQVGg4R184UnNxbkgxOUpFZE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS84MjJiMjItOGNhMy00NjlkLTkwODMtMzQ1YjJhYjBkYjE4
LzEvem9xTlFPUTNyZlNzMTgyempnUUNSM291VWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhp2MA0G
CSqGSIb3DQEBCwUAA4IBAQAzF9XRvPVmxeyi2EP9ugg2vNiVMrwmpRT71OnYT4vJ
2iLilatKYfhzQ1NVhU2+thSYxcRdXKLCdGutpINBJLNzmURLzpRQgs4elf+/iVyU
xGaYl5PCDpiJHTxUq1G+vIlpbgY+6w/rGlEh4IojZkheo3ywt4/PHhDrDQSqS8aS
yaCqEcSdvvN0zZngNB60At1lNR/LsbEwnnxh48K7TQpD52Yg+s5Zh5HIaqEDvFDl
84a1ZprdUVN5Ve/pLGYBfu8kkRnWAwwkW4mXAqM+wO+nPAUsicSifLWl28+12Vzt
LknEHh6HiM4MWmtg92WZA45ng9umGpOxkyKdp0j4fq5A
-----END CERTIFICATE-----