Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/0f1pNyRjkr6LuXeiWR_ZFzD9cIs.roa
File:                     0f1pNyRjkr6LuXeiWR_ZFzD9cIs.roa (raw, json)
Hash identifier:          E58rMSzWjOx0DKpJmLklvsGVpXNmsw44mKJzkwToRo8=
Subject key identifier:   D1:FD:69:37:24:63:92:BE:8B:B9:77:A2:59:1F:D9:17:30:FD:70:8B
Certificate issuer:       /CN=ae83f7879c2c74a11652b5e08af64aac90800b04
Certificate serial:       018CC26D152D5651E9641365595DF18EF1EF
Authority key identifier: AE:83:F7:87:9C:2C:74:A1:16:52:B5:E0:8A:F6:4A:AC:90:80:0B:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/0f1pNyRjkr6LuXeiWR_ZFzD9cIs.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1213
IP address blocks:        136.206.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:15:2d:56:51:e9:64:13:65:59:5d:f1:8e:f1:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae83f7879c2c74a11652b5e08af64aac90800b04
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1fd6937246392be8bb977a2591fd91730fd708b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1a:94:cd:97:b0:86:f4:cc:67:d4:76:b6:db:
                    e7:5b:b5:7a:ca:87:d5:b8:72:e5:4b:6e:b2:42:15:
                    ca:3e:96:6b:c7:3c:aa:81:07:8b:e0:c0:eb:e2:77:
                    2e:f9:a5:28:e8:c8:ec:08:a4:83:18:27:2e:fc:ee:
                    b4:68:39:99:f5:d3:d7:c7:80:fd:01:10:f8:3d:93:
                    5d:b9:0f:12:3d:66:64:2a:71:be:f4:4a:66:05:2e:
                    85:59:1c:5c:5c:d4:f6:e6:cd:95:a9:65:e4:77:33:
                    12:c5:28:49:d2:c5:e1:62:f0:48:7f:87:81:4d:78:
                    9c:50:de:a0:1c:56:04:20:4b:e8:1d:28:e1:43:9d:
                    c0:37:93:c5:c6:01:25:0f:92:ed:7d:85:0d:71:58:
                    0d:37:ad:e2:2c:c6:d9:79:31:16:35:e1:19:40:a8:
                    54:36:e3:6a:70:0c:8a:58:94:d2:8c:61:6b:38:0b:
                    01:a4:45:41:77:4a:7c:58:b2:73:d5:6a:c8:05:4b:
                    bd:c5:d8:31:46:b1:b9:1d:49:f8:50:15:5a:f9:08:
                    3d:73:15:d6:32:8a:c7:69:f8:98:0f:f8:11:a5:fe:
                    a5:f5:fa:ae:50:c8:74:ac:37:b1:e8:70:63:e6:6f:
                    79:76:f3:8a:79:a5:dd:15:f8:ea:2c:d7:59:d8:ad:
                    7c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:FD:69:37:24:63:92:BE:8B:B9:77:A2:59:1F:D9:17:30:FD:70:8B
            X509v3 Authority Key Identifier:
                keyid:AE:83:F7:87:9C:2C:74:A1:16:52:B5:E0:8A:F6:4A:AC:90:80:0B:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/roP3h5wsdKEWUrXgivZKrJCACwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/0f1pNyRjkr6LuXeiWR_ZFzD9cIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/84d026-17e4-4787-a439-473d74a5e20f/1/roP3h5wsdKEWUrXgivZKrJCACwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:ec:fe:1b:bb:61:f3:f9:ab:11:34:7e:82:3a:3a:bf:19:11:
         43:04:45:c9:40:00:99:d4:3d:56:fa:f9:48:58:05:3c:d2:e7:
         93:89:63:e2:4d:18:63:08:f9:98:df:46:b2:cc:46:69:db:fa:
         1a:e3:c5:d9:18:59:4e:7a:1c:13:f4:1c:8e:c4:9f:b2:91:bc:
         bd:f1:2d:00:59:8c:42:55:89:be:d4:21:42:bf:36:3b:7c:77:
         df:bc:95:8c:fe:69:74:23:fc:d7:c9:f5:90:33:df:e9:de:85:
         3f:21:fb:dc:12:a9:54:b2:58:8d:17:d4:86:48:6e:de:2a:65:
         8f:ba:fe:91:89:08:47:24:fa:13:bc:d6:e8:03:fe:31:7a:5d:
         73:de:ac:b6:96:dc:5c:96:d9:f5:ec:08:a1:7b:3d:17:53:ba:
         fa:d7:24:c2:fc:65:d0:d1:69:e4:72:db:0d:ed:01:ff:38:ff:
         11:bf:91:2a:6f:18:b2:a3:66:5d:1c:e8:55:79:06:e4:5a:7c:
         7f:bc:41:46:54:e7:3b:94:29:9d:1b:20:ba:99:ae:b7:c5:19:
         5c:d5:76:a9:01:b5:db:77:6a:fc:dc:bf:06:cf:df:be:26:b2:
         5a:7c:1a:18:63:f4:53:2d:78:93:ce:82:a2:1c:d0:89:76:5b:
         97:36:3e:d7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbRUtVlHpZBNlWV3xjvHvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlODNmNzg3OWMyYzc0YTExNjUyYjVlMDhhZjY0YWFjOTA4
MDBiMDQwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWZkNjkzNzI0NjM5MmJlOGJiOTc3YTI1OTFmZDkxNzMwZmQ3MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRqUzZewhvTMZ9R2ttvnW7V6yofV
uHLlS26yQhXKPpZrxzyqgQeL4MDr4ncu+aUo6MjsCKSDGCcu/O60aDmZ9dPXx4D9
ARD4PZNduQ8SPWZkKnG+9EpmBS6FWRxcXNT25s2VqWXkdzMSxShJ0sXhYvBIf4eB
TXicUN6gHFYEIEvoHSjhQ53AN5PFxgElD5LtfYUNcVgNN63iLMbZeTEWNeEZQKhU
NuNqcAyKWJTSjGFrOAsBpEVBd0p8WLJz1WrIBUu9xdgxRrG5HUn4UBVa+Qg9cxXW
MorHafiYD/gRpf6l9fquUMh0rDex6HBj5m95dvOKeaXdFfjqLNdZ2K187QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNH9aTckY5K+i7l3olkf2Rcw/XCLMB8GA1UdIwQY
MBaAFK6D94ecLHShFlK14Ir2SqyQgAsEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm9QM2g1d3NkS0VXVXJYZ2l2WktySkNBQ3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84NGQwMjYtMTdlNC00Nzg3LWE0Mzkt
NDczZDc0YTVlMjBmLzEvMGYxcE55UmprcjZMdVhlaVdSX1pGekQ5Y0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84NGQwMjYtMTdlNC00Nzg3LWE0MzktNDczZDc0YTVlMjBm
LzEvcm9QM2g1d3NkS0VXVXJYZ2l2WktySkNBQ3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiM4wDQYJ
KoZIhvcNAQELBQADggEBAArs/hu7YfP5qxE0foI6Or8ZEUMERclAAJnUPVb6+UhY
BTzS55OJY+JNGGMI+ZjfRrLMRmnb+hrjxdkYWU56HBP0HI7En7KRvL3xLQBZjEJV
ib7UIUK/Njt8d9+8lYz+aXQj/NfJ9ZAz3+nehT8h+9wSqVSyWI0X1IZIbt4qZY+6
/pGJCEck+hO81ugD/jF6XXPerLaW3FyW2fXsCKF7PRdTuvrXJML8ZdDRaeRy2w3t
Af84/xG/kSpvGLKjZl0c6FV5BuRafH+8QUZU5zuUKZ0bILqZrrfFGVzVdqkBtdt3
avzcvwbP374mslp8Ghhj9FMteJPOgqIc0Il2W5c2Ptc=
-----END CERTIFICATE-----