Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/1-t_f3zq83mTDYljiIjLDgCjWfIU.roa
File:                     1-t_f3zq83mTDYljiIjLDgCjWfIU.roa (raw, json)
Hash identifier:          L1sflEACERYqktzUVTdZCvjtSLNk6lBpifL3uBl7bbs=
Subject key identifier:   FA:DF:DF:DF:3A:BC:DE:64:C3:62:58:E2:22:32:C3:80:28:D6:7C:85
Certificate issuer:       /CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
Certificate serial:       018CC8DE5878CF89479B2148F8845DF38615
Authority key identifier: 08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/1-t_f3zq83mTDYljiIjLDgCjWfIU.roa
Signing time:             Tue 02 Jan 2024 06:31:03 +0000
ROA not before:           Tue 02 Jan 2024 06:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42229
IP address blocks:        185.1.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 17 Nov 2024 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:58:78:cf:89:47:9b:21:48:f8:84:5d:f3:86:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
        Validity
            Not Before: Jan  2 06:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fadfdfdf3abcde64c36258e22232c38028d67c85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:1f:d8:62:51:e7:94:d4:46:f0:aa:14:82:db:
                    ee:b6:01:63:e0:46:91:62:87:2f:64:ff:d3:4b:91:
                    d6:15:df:66:81:e2:0c:12:7b:08:d8:ad:86:75:c7:
                    e9:c7:a5:3d:78:84:0e:1f:16:95:fc:68:1d:fc:d7:
                    e9:1b:35:2e:eb:e2:e2:1c:c9:04:18:b1:9a:a0:c9:
                    61:45:01:df:2f:ce:47:27:07:9b:da:16:a4:fd:ef:
                    f2:49:52:72:f2:77:1c:f5:f7:ac:a9:84:4e:54:3a:
                    be:e6:e3:4b:68:37:ad:8e:65:a4:34:d2:fc:7d:11:
                    99:a9:10:09:bb:65:0b:98:7e:b5:ea:db:64:79:1a:
                    d2:b2:25:55:fe:ab:4f:69:a9:58:a8:9f:d4:cf:8e:
                    a2:67:e4:e3:35:3b:7b:5b:3e:bc:f5:c8:aa:9b:8e:
                    93:29:03:8a:1d:34:31:9e:5a:7f:64:9a:eb:6b:1a:
                    30:0b:12:3b:1f:16:d8:94:bc:d3:aa:09:9f:b0:54:
                    4a:e6:9c:06:e4:a4:81:b0:c5:c6:9d:1b:e3:a5:bb:
                    c5:52:6c:1b:61:b9:4c:b0:46:69:c6:e1:9e:68:74:
                    7e:2d:7d:e3:f3:83:ca:06:00:2c:f3:73:60:eb:71:
                    7e:5c:4d:dd:09:8e:18:3f:ec:5d:b0:42:52:a4:d6:
                    dc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:DF:DF:DF:3A:BC:DE:64:C3:62:58:E2:22:32:C3:80:28:D6:7C:85
            X509v3 Authority Key Identifier:
                keyid:08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/1-t_f3zq83mTDYljiIjLDgCjWfIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:c8:3d:5c:48:04:ab:b2:89:29:3e:97:12:a4:c1:a5:f4:91:
         16:4e:c2:9a:47:14:f9:69:19:5f:ab:f2:10:5c:b8:0d:0e:bb:
         dc:8a:d8:b2:1e:d6:05:ea:0e:b2:33:f7:50:e5:d5:84:eb:79:
         52:01:60:f0:a3:6b:0a:48:41:94:ae:eb:f2:4e:f4:25:2f:da:
         7c:d4:7c:80:81:3f:4d:16:63:14:48:1d:f1:bb:eb:41:b0:f2:
         ed:f0:fc:bf:17:d0:a0:01:9f:1a:f6:cb:62:e2:1e:17:c4:cb:
         12:72:95:02:cc:ef:9d:f1:98:0e:e0:78:67:7d:ed:5a:5d:a2:
         40:b6:ce:7a:bd:4f:08:35:19:14:6c:61:ad:e1:ca:98:fa:89:
         2a:9a:37:35:c7:9d:39:38:62:d1:76:22:92:98:8c:58:54:a9:
         ab:a7:69:3d:aa:15:12:28:68:f2:a8:79:54:8e:7f:a4:a3:b6:
         8b:d9:b5:90:eb:7b:55:e1:32:cc:06:db:fe:38:72:e7:7a:ea:
         89:5f:e4:68:b4:2a:05:a4:4d:7c:44:c6:cb:30:60:ff:4e:8c:
         1f:b7:1f:a8:91:34:9b:a2:5d:fb:30:b7:ce:96:1a:f3:87:a7:
         2e:fa:4a:b4:a0:ab:17:ac:76:dd:79:f8:40:f4:23:e0:13:bd:
         e1:5b:3a:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3lh4z4lHmyFI+IRd84YVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDNhNTE1NjgzZTlkZGI4NWQzOGU3YWIzOWMzM2FlZGFj
YWY3ZWYwHhcNMjQwMTAyMDYzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWRmZGZkZjNhYmNkZTY0YzM2MjU4ZTIyMjMyYzM4MDI4ZDY3Yzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyx/YYlHnlNRG8KoUgtvutgFj4EaR
YocvZP/TS5HWFd9mgeIMEnsI2K2Gdcfpx6U9eIQOHxaV/Ggd/NfpGzUu6+LiHMkE
GLGaoMlhRQHfL85HJweb2hak/e/ySVJy8ncc9fesqYROVDq+5uNLaDetjmWkNNL8
fRGZqRAJu2ULmH616ttkeRrSsiVV/qtPaalYqJ/Uz46iZ+TjNTt7Wz689ciqm46T
KQOKHTQxnlp/ZJrraxowCxI7HxbYlLzTqgmfsFRK5pwG5KSBsMXGnRvjpbvFUmwb
YblMsEZpxuGeaHR+LX3j84PKBgAs83Ng63F+XE3dCY4YP+xdsEJSpNbcrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrf3986vN5kw2JY4iIyw4Ao1nyFMB8GA1UdIwQY
MBaAFAjTpRVoPp3bhdOOerOcM67ayvfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05PbEZXZy1uZHVGMDQ1NnM1d3pydHJLOS04LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82N2NmYTAtYTMyYi00MDYzLTkzNzAt
MGI1YzVkOTQ0MjZhLzEvMS10X2YzenE4M21URFlsamlJakxEZ0NqV2ZJVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTkvNjdjZmEwLWEzMmItNDA2My05MzcwLTBiNWM1ZDk0NDI2
YS8xL0NOT2xGV2ctbmR1RjA0NTZzNXd6cnRySzktOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkBWjAN
BgkqhkiG9w0BAQsFAAOCAQEAJcg9XEgEq7KJKT6XEqTBpfSRFk7CmkcU+WkZX6vy
EFy4DQ673IrYsh7WBeoOsjP3UOXVhOt5UgFg8KNrCkhBlK7r8k70JS/afNR8gIE/
TRZjFEgd8bvrQbDy7fD8vxfQoAGfGvbLYuIeF8TLEnKVAszvnfGYDuB4Z33tWl2i
QLbOer1PCDUZFGxhreHKmPqJKpo3NcedOThi0XYikpiMWFSpq6dpPaoVEiho8qh5
VI5/pKO2i9m1kOt7VeEyzAbb/jhy53rqiV/kaLQqBaRNfETGyzBg/06MH7cfqJE0
m6Jd+zC3zpYa84enLvpKtKCrF6x23Xn4QPQj4BO94Vs6WA==
-----END CERTIFICATE-----