Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/0143cd-a814-4d48-a87c-d7c0e9393ea0/1/ch1KpBgRu3ljafWy2V7pY_YI2M4.roa
File:                     ch1KpBgRu3ljafWy2V7pY_YI2M4.roa (raw, json)
Hash identifier:          ms8ZB4OSeZ322kYbRZpkd1MuHt48+zlVIWdiu6MuxZk=
Subject key identifier:   72:1D:4A:A4:18:11:BB:79:63:69:F5:B2:D9:5E:E9:63:F6:08:D8:CE
Certificate issuer:       /CN=18dc2352117602322d741c51368ca8b8dd1a3eaa
Certificate serial:       019421445431C3D0D171274C3D978FB85DB3
Authority key identifier: 18:DC:23:52:11:76:02:32:2D:74:1C:51:36:8C:A8:B8:DD:1A:3E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GNwjUhF2AjItdBxRNoyouN0aPqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/0143cd-a814-4d48-a87c-d7c0e9393ea0/1/ch1KpBgRu3ljafWy2V7pY_YI2M4.roa
Signing time:             Wed 01 Jan 2025 09:48:33 +0000
ROA not before:           Wed 01 Jan 2025 09:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30821
IP address blocks:        185.134.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/0143cd-a814-4d48-a87c-d7c0e9393ea0/1/GNwjUhF2AjItdBxRNoyouN0aPqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/0143cd-a814-4d48-a87c-d7c0e9393ea0/1/GNwjUhF2AjItdBxRNoyouN0aPqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GNwjUhF2AjItdBxRNoyouN0aPqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:54:31:c3:d0:d1:71:27:4c:3d:97:8f:b8:5d:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18dc2352117602322d741c51368ca8b8dd1a3eaa
        Validity
            Not Before: Jan  1 09:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=721d4aa41811bb796369f5b2d95ee963f608d8ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:20:97:3e:ba:68:51:34:24:2d:73:98:97:50:
                    9a:29:68:11:67:dd:a2:f7:7a:dd:c6:9a:e7:6e:4c:
                    12:dc:db:67:d2:df:c1:ee:ba:c9:72:3c:b1:d7:22:
                    0a:89:b7:b5:ab:be:b3:fb:dc:0f:fc:96:28:7b:dd:
                    40:30:c8:70:41:04:1c:74:90:fc:d8:bd:0f:0a:ce:
                    68:6e:a7:46:a8:2e:ad:92:6b:22:51:f5:78:54:1b:
                    43:97:18:79:35:b6:00:f7:b2:8a:e6:9d:de:dd:96:
                    78:9d:c1:9d:be:3c:0a:79:ad:8c:86:67:7b:d3:e1:
                    67:8f:8a:b8:79:c0:e3:fc:71:39:2a:24:df:06:05:
                    e6:31:ce:20:dc:b4:41:32:08:07:1e:2d:be:2b:6c:
                    7c:b4:11:48:08:11:98:9f:88:dd:0a:54:b8:29:18:
                    27:2b:54:82:33:7a:d5:2a:e6:d6:52:cf:a7:63:e4:
                    4c:e1:b4:1f:40:df:14:74:90:82:67:be:31:71:06:
                    40:21:60:be:ed:00:cd:53:39:96:6f:ee:2f:e8:21:
                    f5:74:f4:7f:fd:f9:ea:58:d7:f6:db:71:be:fa:e8:
                    2b:e2:13:97:90:88:15:9b:01:db:a7:64:cb:9c:9b:
                    1c:06:d5:99:70:0b:7f:fe:ff:8f:b9:2c:80:31:f0:
                    26:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:1D:4A:A4:18:11:BB:79:63:69:F5:B2:D9:5E:E9:63:F6:08:D8:CE
            X509v3 Authority Key Identifier:
                keyid:18:DC:23:52:11:76:02:32:2D:74:1C:51:36:8C:A8:B8:DD:1A:3E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GNwjUhF2AjItdBxRNoyouN0aPqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/0143cd-a814-4d48-a87c-d7c0e9393ea0/1/ch1KpBgRu3ljafWy2V7pY_YI2M4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/0143cd-a814-4d48-a87c-d7c0e9393ea0/1/GNwjUhF2AjItdBxRNoyouN0aPqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:b2:e0:60:70:d6:94:64:d5:d4:41:4b:24:44:35:be:11:1b:
         02:13:03:7c:40:5a:2f:cf:bf:a0:01:75:d4:a8:f8:d8:ce:fe:
         b7:cb:c5:18:8a:54:10:92:7e:41:61:af:7d:c0:eb:a0:c7:be:
         c9:4f:3b:83:eb:84:5e:d5:54:98:2b:c4:ae:86:cb:37:19:c1:
         6c:d3:7d:51:fb:7a:52:54:89:aa:3e:ba:a2:43:b2:00:5c:4c:
         aa:c7:bf:49:74:85:5e:de:3f:bd:fc:bc:e3:8e:af:30:1e:84:
         af:88:54:78:cf:b7:23:ac:e7:3e:a0:2c:b9:f6:76:41:10:9c:
         3d:8d:51:65:9d:20:91:55:6e:dc:16:9a:99:34:a3:6b:ec:c4:
         24:60:59:7d:97:a0:20:f9:47:84:a8:4f:6c:42:92:5d:c6:18:
         14:91:f4:a7:ae:81:0f:5d:de:7a:64:c1:db:2c:9b:12:71:a7:
         9d:46:57:75:d4:08:25:6b:8f:bc:15:eb:84:17:f0:f8:dd:79:
         a0:23:72:ba:8b:8b:8e:2e:41:93:5f:db:c6:2b:1e:a8:53:c5:
         95:e8:9d:70:91:9a:a3:e1:46:f1:39:32:7c:9e:fe:7e:dc:3c:
         da:03:ec:82:fa:6d:37:0f:bc:dc:96:d7:8d:70:6f:46:33:31:
         ee:62:cb:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRFQxw9DRcSdMPZePuF2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZGMyMzUyMTE3NjAyMzIyZDc0MWM1MTM2OGNhOGI4ZGQx
YTNlYWEwHhcNMjUwMTAxMDk0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjFkNGFhNDE4MTFiYjc5NjM2OWY1YjJkOTVlZTk2M2Y2MDhkOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CCXPrpoUTQkLXOYl1CaKWgRZ92i
93rdxprnbkwS3Ntn0t/B7rrJcjyx1yIKibe1q76z+9wP/JYoe91AMMhwQQQcdJD8
2L0PCs5obqdGqC6tkmsiUfV4VBtDlxh5NbYA97KK5p3e3ZZ4ncGdvjwKea2Mhmd7
0+Fnj4q4ecDj/HE5KiTfBgXmMc4g3LRBMggHHi2+K2x8tBFICBGYn4jdClS4KRgn
K1SCM3rVKubWUs+nY+RM4bQfQN8UdJCCZ74xcQZAIWC+7QDNUzmWb+4v6CH1dPR/
/fnqWNf223G++ugr4hOXkIgVmwHbp2TLnJscBtWZcAt//v+PuSyAMfAmkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIdSqQYEbt5Y2n1stle6WP2CNjOMB8GA1UdIwQY
MBaAFBjcI1IRdgIyLXQcUTaMqLjdGj6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR053alVoRjJBakl0ZEJ4Uk5veW91TjBhUHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8wMTQzY2QtYTgxNC00ZDQ4LWE4N2Mt
ZDdjMGU5MzkzZWEwLzEvY2gxS3BCZ1J1M2xqYWZXeTJWN3BZX1lJMk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8wMTQzY2QtYTgxNC00ZDQ4LWE4N2MtZDdjMGU5MzkzZWEw
LzEvR053alVoRjJBakl0ZEJ4Uk5veW91TjBhUHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYYQMA0G
CSqGSIb3DQEBCwUAA4IBAQAcsuBgcNaUZNXUQUskRDW+ERsCEwN8QFovz7+gAXXU
qPjYzv63y8UYilQQkn5BYa99wOugx77JTzuD64Re1VSYK8Suhss3GcFs031R+3pS
VImqPrqiQ7IAXEyqx79JdIVe3j+9/Lzjjq8wHoSviFR4z7cjrOc+oCy59nZBEJw9
jVFlnSCRVW7cFpqZNKNr7MQkYFl9l6Ag+UeEqE9sQpJdxhgUkfSnroEPXd56ZMHb
LJsScaedRld11Agla4+8FeuEF/D43XmgI3K6i4uOLkGTX9vGKx6oU8WV6J1wkZqj
4UbxOTJ8nv5+3DzaA+yC+m03D7zclteNcG9GMzHuYssz
-----END CERTIFICATE-----