Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/1pItkF34I0T0XrYWSJRD7pj_ja0.roa
File:                     1pItkF34I0T0XrYWSJRD7pj_ja0.roa (raw, json)
Hash identifier:          xX/gcWJfZ1minzry/xWMxIOizMCvErT51ZVCYZljegM=
Subject key identifier:   D6:92:2D:90:5D:F8:23:44:F4:5E:B6:16:48:94:43:EE:98:FF:8D:AD
Certificate issuer:       /CN=918316ab4ea13ebb54560c1a67042d47e966d823
Certificate serial:       01941F8C8833C3AFE26F2D1F8DD265395F96
Authority key identifier: 91:83:16:AB:4E:A1:3E:BB:54:56:0C:1A:67:04:2D:47:E9:66:D8:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kYMWq06hPrtUVgwaZwQtR-lm2CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/1pItkF34I0T0XrYWSJRD7pj_ja0.roa
Signing time:             Wed 01 Jan 2025 01:48:10 +0000
ROA not before:           Wed 01 Jan 2025 01:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2635
IP address blocks:        195.234.108.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/kYMWq06hPrtUVgwaZwQtR-lm2CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/kYMWq06hPrtUVgwaZwQtR-lm2CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kYMWq06hPrtUVgwaZwQtR-lm2CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:88:33:c3:af:e2:6f:2d:1f:8d:d2:65:39:5f:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918316ab4ea13ebb54560c1a67042d47e966d823
        Validity
            Not Before: Jan  1 01:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6922d905df82344f45eb616489443ee98ff8dad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0e:4a:38:c9:40:e7:e6:48:c4:94:bb:80:a6:
                    16:49:0b:de:22:42:b0:2a:48:9c:0b:23:7e:35:51:
                    a0:bd:76:82:94:49:c8:dc:e4:53:30:a7:fb:60:fd:
                    60:3c:23:5b:25:fc:00:c6:6f:49:df:89:76:d2:ff:
                    78:b5:d2:ba:82:cf:8c:be:2a:51:84:5d:66:f9:06:
                    95:5e:96:c9:e2:ba:2b:3e:c0:f8:80:b8:16:5a:a8:
                    b2:00:74:08:11:12:99:9a:05:47:29:b2:a5:6f:cd:
                    dc:a4:13:a3:eb:8e:0e:43:53:4f:2c:d3:df:14:46:
                    0c:37:b8:c5:df:78:f5:09:c8:68:08:f2:46:87:46:
                    97:b5:5c:89:8c:9e:5f:94:3b:14:f0:73:21:19:f9:
                    6b:98:4e:09:29:8c:f3:50:a7:82:8b:b0:9f:f8:e3:
                    aa:dc:fa:b9:e8:9d:c7:95:2c:c8:e4:65:43:be:d2:
                    68:03:bc:86:9d:d9:84:f9:52:92:70:37:cc:c6:67:
                    ac:ac:a2:37:82:ef:51:83:bc:75:d2:15:d8:f9:2e:
                    bd:2f:bb:52:e5:18:30:50:d9:fe:46:bf:53:b0:d1:
                    e4:87:19:2e:bf:ce:eb:3e:69:c7:a5:8f:56:e7:6d:
                    b5:b6:d7:ba:76:7a:5b:a0:63:7c:b2:a7:e8:7e:37:
                    a0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:92:2D:90:5D:F8:23:44:F4:5E:B6:16:48:94:43:EE:98:FF:8D:AD
            X509v3 Authority Key Identifier:
                keyid:91:83:16:AB:4E:A1:3E:BB:54:56:0C:1A:67:04:2D:47:E9:66:D8:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kYMWq06hPrtUVgwaZwQtR-lm2CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/1pItkF34I0T0XrYWSJRD7pj_ja0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/89fb99-9049-482f-95dc-9e3cd0d9d77a/1/kYMWq06hPrtUVgwaZwQtR-lm2CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:41:47:43:b5:55:9c:6d:fc:77:98:2a:ff:cb:48:14:a6:01:
         3f:3a:4d:11:aa:7c:df:3d:ae:eb:a9:79:23:64:30:cc:40:b0:
         e6:63:0f:1b:a7:fd:c8:a5:04:21:ba:bb:b4:de:b7:dc:4b:b3:
         8f:86:25:e7:83:41:4a:fd:e2:82:f2:7b:05:dc:c8:fd:8e:bf:
         36:d1:0c:ee:28:3e:13:76:eb:a1:1a:70:bc:7c:98:e1:1a:e8:
         3a:26:64:b5:54:30:7e:45:de:be:9e:e6:e1:ba:1d:50:c2:63:
         d5:4c:bb:2c:d2:07:e2:0e:75:9f:d0:8a:5f:ba:43:74:31:0c:
         16:f9:a5:10:78:3a:4b:eb:8c:f3:68:8f:e2:ed:52:e1:cf:ba:
         fe:2f:1d:6a:ed:0d:8d:f3:af:ca:c6:f0:f6:3d:e3:73:66:89:
         68:51:35:47:5b:1a:87:3b:6c:d1:b1:d0:cf:67:17:74:51:76:
         ea:a0:94:b7:02:4e:fd:f1:5e:ad:38:ae:26:48:52:5b:cd:ca:
         b5:49:f2:1c:5c:75:e2:57:a0:49:55:18:6b:44:0f:dc:56:5d:
         b8:1c:63:e0:5d:69:04:79:14:a8:6b:f4:76:70:16:74:3b:f4:
         83:39:50:2b:d1:60:cd:a9:e9:57:5b:a8:83:20:05:65:0e:3b:
         e6:bd:4a:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIgzw6/iby0fjdJlOV+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxODMxNmFiNGVhMTNlYmI1NDU2MGMxYTY3MDQyZDQ3ZTk2
NmQ4MjMwHhcNMjUwMTAxMDE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjkyMmQ5MDVkZjgyMzQ0ZjQ1ZWI2MTY0ODk0NDNlZTk4ZmY4ZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog5KOMlA5+ZIxJS7gKYWSQveIkKw
KkicCyN+NVGgvXaClEnI3ORTMKf7YP1gPCNbJfwAxm9J34l20v94tdK6gs+MvipR
hF1m+QaVXpbJ4rorPsD4gLgWWqiyAHQIERKZmgVHKbKlb83cpBOj644OQ1NPLNPf
FEYMN7jF33j1CchoCPJGh0aXtVyJjJ5flDsU8HMhGflrmE4JKYzzUKeCi7Cf+OOq
3Pq56J3HlSzI5GVDvtJoA7yGndmE+VKScDfMxmesrKI3gu9Rg7x10hXY+S69L7tS
5RgwUNn+Rr9TsNHkhxkuv87rPmnHpY9W5221tte6dnpboGN8sqfofjeggwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaSLZBd+CNE9F62FkiUQ+6Y/42tMB8GA1UdIwQY
MBaAFJGDFqtOoT67VFYMGmcELUfpZtgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1lNV3EwNmhQcnRVVmd3YVp3UXRSLWxtMkNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84OWZiOTktOTA0OS00ODJmLTk1ZGMt
OWUzY2QwZDlkNzdhLzEvMXBJdGtGMzRJMFQwWHJZV1NKUkQ3cGpfamEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84OWZiOTktOTA0OS00ODJmLTk1ZGMtOWUzY2QwZDlkNzdh
LzEva1lNV3EwNmhQcnRVVmd3YVp3UXRSLWxtMkNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+psMA0G
CSqGSIb3DQEBCwUAA4IBAQBAQUdDtVWcbfx3mCr/y0gUpgE/Ok0RqnzfPa7rqXkj
ZDDMQLDmYw8bp/3IpQQhuru03rfcS7OPhiXng0FK/eKC8nsF3Mj9jr820QzuKD4T
duuhGnC8fJjhGug6JmS1VDB+Rd6+nubhuh1QwmPVTLss0gfiDnWf0IpfukN0MQwW
+aUQeDpL64zzaI/i7VLhz7r+Lx1q7Q2N86/KxvD2PeNzZoloUTVHWxqHO2zRsdDP
Zxd0UXbqoJS3Ak798V6tOK4mSFJbzcq1SfIcXHXiV6BJVRhrRA/cVl24HGPgXWkE
eRSoa/R2cBZ0O/SDOVAr0WDNqelXW6iDIAVlDjvmvUrb
-----END CERTIFICATE-----