Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/8b50e6-927a-4d3b-9422-e57fbdae5903/1/1tz66VRzT3ksgBHezpDP-dWydtI.roa
File:                     1tz66VRzT3ksgBHezpDP-dWydtI.roa (raw, json)
Hash identifier:          2aYx7cEdS5mEmOCtCGZr4szy4XXnCbKjEdXlmLb9uMQ=
Subject key identifier:   D6:DC:FA:E9:54:73:4F:79:2C:80:11:DE:CE:90:CF:F9:D5:B2:76:D2
Certificate issuer:       /CN=bc9ec8db59726075ee29f5efc90b61e73c07f7af
Certificate serial:       018CC6B8B803DB02329B6D7BD85D14A727DD
Authority key identifier: BC:9E:C8:DB:59:72:60:75:EE:29:F5:EF:C9:0B:61:E7:3C:07:F7:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJ7I21lyYHXuKfXvyQth5zwH968.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/8b50e6-927a-4d3b-9422-e57fbdae5903/1/1tz66VRzT3ksgBHezpDP-dWydtI.roa
Signing time:             Mon 01 Jan 2024 20:30:43 +0000
ROA not before:           Mon 01 Jan 2024 20:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1926
IP address blocks:        153.1.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/8b50e6-927a-4d3b-9422-e57fbdae5903/1/vJ7I21lyYHXuKfXvyQth5zwH968.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/8b50e6-927a-4d3b-9422-e57fbdae5903/1/vJ7I21lyYHXuKfXvyQth5zwH968.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJ7I21lyYHXuKfXvyQth5zwH968.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:b8:03:db:02:32:9b:6d:7b:d8:5d:14:a7:27:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc9ec8db59726075ee29f5efc90b61e73c07f7af
        Validity
            Not Before: Jan  1 20:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6dcfae954734f792c8011dece90cff9d5b276d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:aa:f7:ad:04:68:b8:5b:03:bb:1c:4f:f8:20:
                    0f:c3:a9:24:08:4a:78:2e:97:1f:ad:1e:e5:1f:69:
                    8a:46:86:88:79:9a:94:84:4b:76:90:6c:31:35:b3:
                    a9:ab:07:fb:5f:4c:ed:47:18:5d:c8:5e:6a:73:a3:
                    80:dd:45:c9:34:9c:11:22:2d:21:20:06:3a:8d:59:
                    51:86:a4:c9:f7:15:0d:d4:42:b6:10:57:9b:67:68:
                    48:59:73:53:fe:29:3e:29:23:26:ee:be:51:42:45:
                    c6:8c:3a:13:1b:78:71:c8:96:2d:59:19:05:fe:b4:
                    48:a9:5e:17:8e:8c:79:6f:b2:05:60:a2:48:db:a3:
                    9b:b0:45:84:c5:96:e8:73:5a:b9:c7:67:49:1e:ba:
                    42:4f:5b:4c:4f:43:70:ae:81:41:2d:b1:be:c5:d3:
                    68:3e:0c:b2:56:af:e6:df:57:46:0d:db:05:48:c5:
                    8e:4a:77:42:4b:a2:7f:05:c3:c2:9a:41:e5:32:93:
                    51:30:62:a8:6f:51:f3:dc:b4:9d:42:3a:20:a3:60:
                    67:fe:5c:21:90:7c:5c:b2:bc:59:aa:72:db:49:0a:
                    3c:c2:f8:40:5a:2c:21:0a:b1:a5:b1:a9:17:db:b4:
                    6c:bf:68:cb:d2:e0:b3:a4:f8:71:03:c6:0f:22:e6:
                    98:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:DC:FA:E9:54:73:4F:79:2C:80:11:DE:CE:90:CF:F9:D5:B2:76:D2
            X509v3 Authority Key Identifier:
                keyid:BC:9E:C8:DB:59:72:60:75:EE:29:F5:EF:C9:0B:61:E7:3C:07:F7:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJ7I21lyYHXuKfXvyQth5zwH968.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/8b50e6-927a-4d3b-9422-e57fbdae5903/1/1tz66VRzT3ksgBHezpDP-dWydtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/8b50e6-927a-4d3b-9422-e57fbdae5903/1/vJ7I21lyYHXuKfXvyQth5zwH968.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.1.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1a:6f:24:72:b4:78:ef:ff:34:9c:26:32:a0:1d:6f:a5:69:37:
         e6:7b:bf:71:2a:da:29:44:12:fd:d5:34:fb:f9:6d:40:ea:4f:
         25:92:d9:89:fb:f5:7e:17:49:04:4f:0b:10:1f:f5:34:8a:8b:
         ee:e5:5e:29:9b:b9:9e:ce:09:4a:79:87:99:64:ea:e5:8e:82:
         99:dd:a4:ec:5f:3e:91:2b:69:1e:19:be:db:c5:b7:da:02:ee:
         f2:cb:a9:73:de:46:ff:da:ce:47:39:75:70:b0:8b:9a:5f:0d:
         a5:c2:59:ae:22:9d:4b:23:44:27:d1:ef:d7:2e:5c:17:bf:b0:
         89:ab:23:cf:85:c9:4b:f7:3e:8d:1e:e3:32:06:24:bb:e4:24:
         6f:5d:9c:a9:d1:b3:6e:03:fc:88:9e:fb:bf:21:4a:e3:0a:ce:
         75:0d:c9:dd:0a:b0:f5:2c:a8:22:ef:68:83:54:eb:6e:cf:d5:
         5e:74:ed:df:e7:d5:e8:a5:2d:27:26:23:59:e5:26:ed:3a:3a:
         66:eb:8a:4b:4c:a1:33:ee:aa:80:63:f8:11:37:95:cc:86:51:
         34:72:22:56:12:81:22:19:af:f9:8a:ac:56:89:44:1f:a2:22:
         31:8f:1c:3e:26:a3:98:4d:14:0e:6d:b9:30:3b:ea:c0:b5:ec:
         79:bf:f3:58
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGuLgD2wIym2172F0UpyfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOWVjOGRiNTk3MjYwNzVlZTI5ZjVlZmM5MGI2MWU3M2Mw
N2Y3YWYwHhcNMjQwMTAxMjAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmRjZmFlOTU0NzM0Zjc5MmM4MDExZGVjZTkwY2ZmOWQ1YjI3NmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKr3rQRouFsDuxxP+CAPw6kkCEp4
LpcfrR7lH2mKRoaIeZqUhEt2kGwxNbOpqwf7X0ztRxhdyF5qc6OA3UXJNJwRIi0h
IAY6jVlRhqTJ9xUN1EK2EFebZ2hIWXNT/ik+KSMm7r5RQkXGjDoTG3hxyJYtWRkF
/rRIqV4Xjox5b7IFYKJI26ObsEWExZboc1q5x2dJHrpCT1tMT0NwroFBLbG+xdNo
PgyyVq/m31dGDdsFSMWOSndCS6J/BcPCmkHlMpNRMGKob1Hz3LSdQjogo2Bn/lwh
kHxcsrxZqnLbSQo8wvhAWiwhCrGlsakX27Rsv2jL0uCzpPhxA8YPIuaYfwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNbc+ulUc095LIAR3s6Qz/nVsnbSMB8GA1UdIwQY
MBaAFLyeyNtZcmB17in178kLYec8B/evMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdko3STIxbHlZSFh1S2ZYdnlRdGg1endIOTY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS84YjUwZTYtOTI3YS00ZDNiLTk0MjIt
ZTU3ZmJkYWU1OTAzLzEvMXR6NjZWUnpUM2tzZ0JIZXpwRFAtZFd5ZHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS84YjUwZTYtOTI3YS00ZDNiLTk0MjItZTU3ZmJkYWU1OTAz
LzEvdko3STIxbHlZSFh1S2ZYdnlRdGg1endIOTY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmQEwDQYJ
KoZIhvcNAQELBQADggEBABpvJHK0eO//NJwmMqAdb6VpN+Z7v3Eq2ilEEv3VNPv5
bUDqTyWS2Yn79X4XSQRPCxAf9TSKi+7lXimbuZ7OCUp5h5lk6uWOgpndpOxfPpEr
aR4ZvtvFt9oC7vLLqXPeRv/azkc5dXCwi5pfDaXCWa4inUsjRCfR79cuXBe/sImr
I8+FyUv3Po0e4zIGJLvkJG9dnKnRs24D/Iie+78hSuMKznUNyd0KsPUsqCLvaINU
627P1V507d/n1eilLScmI1nlJu06OmbriktMoTPuqoBj+BE3lcyGUTRyIlYSgSIZ
r/mKrFaJRB+iIjGPHD4mo5hNFA5tuTA76sC17Hm/81g=
-----END CERTIFICATE-----