Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/1kBMT4qxg6DrNF9nvIfjhoHbSfg.roa
File:                     1kBMT4qxg6DrNF9nvIfjhoHbSfg.roa (raw, json)
Hash identifier:          QslXF84HY+fiOOIb2NsalyanS+PhBb4K2lPB8vsMUsw=
Subject key identifier:   D6:40:4C:4F:8A:B1:83:A0:EB:34:5F:67:BC:87:E3:86:81:DB:49:F8
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       018CC56E7A019A61F78A4A04C24F62A7A25A
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/1kBMT4qxg6DrNF9nvIfjhoHbSfg.roa
Signing time:             Mon 01 Jan 2024 14:30:00 +0000
ROA not before:           Mon 01 Jan 2024 14:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        194.9.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:7a:01:9a:61:f7:8a:4a:04:c2:4f:62:a7:a2:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 14:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6404c4f8ab183a0eb345f67bc87e38681db49f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9e:2b:4b:54:2c:d4:46:fd:ad:93:bd:50:c3:
                    e6:86:a0:eb:86:54:e1:f4:a4:e9:cc:95:5d:ba:53:
                    9b:2d:8d:96:d7:93:38:12:2a:1c:66:f3:74:0d:8b:
                    d8:58:a4:d8:e9:73:52:31:24:f4:09:82:a3:83:57:
                    4f:c8:ea:d6:0a:cb:c9:d3:55:7a:f6:6b:12:c8:6b:
                    a6:44:3a:1e:d3:95:15:9c:9e:da:ef:21:94:f6:4e:
                    d2:df:05:c6:88:7d:1d:dc:3c:50:e4:6d:a1:3a:27:
                    45:cb:75:19:46:a8:fe:9c:d8:5f:06:a7:9f:4b:d3:
                    c8:ec:33:2c:94:c1:aa:11:cb:34:ae:76:b3:56:81:
                    b2:9a:4f:c1:1c:ae:8f:2d:1c:fe:b2:89:ad:2d:07:
                    c3:b9:8f:2d:4c:0c:02:b8:25:b6:30:07:1b:05:7d:
                    d2:d4:a8:e7:b7:d7:6a:e8:4e:d4:52:80:0b:37:0e:
                    b6:c3:77:ad:58:37:a0:4f:6b:1f:b3:54:be:7d:5a:
                    b2:dc:9e:db:a4:61:3e:b7:bb:2c:6e:26:04:b4:e4:
                    93:16:a5:db:f5:cc:99:14:93:7d:05:3f:be:6a:62:
                    e6:12:3c:96:7f:7b:db:f1:4c:14:d6:8b:09:42:b9:
                    8c:62:8d:0b:f4:18:7f:c3:1d:d8:d7:3a:0d:cd:84:
                    8d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:40:4C:4F:8A:B1:83:A0:EB:34:5F:67:BC:87:E3:86:81:DB:49:F8
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/1kBMT4qxg6DrNF9nvIfjhoHbSfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:a4:69:a3:bf:8c:67:6c:a1:cc:77:08:82:78:46:45:b7:20:
         69:37:de:e2:0d:3d:7d:f3:c7:1c:34:a6:93:65:32:4c:88:13:
         21:ef:e1:20:27:44:0c:20:d6:0b:1b:f4:db:71:42:61:fc:15:
         89:fb:4f:30:7b:9e:96:48:17:8f:ae:a2:85:e8:a3:f9:65:53:
         87:6b:95:fe:3a:c3:9a:72:72:3f:98:c0:b6:35:14:4d:ed:6c:
         48:4b:c1:44:e1:81:82:88:ab:fe:13:b6:fe:e0:7e:8b:ec:34:
         64:0d:f6:ce:e9:fc:5c:f5:f5:9d:b9:cb:13:c5:d8:e5:6f:de:
         77:56:33:5a:7e:25:5d:f4:74:37:26:33:14:39:cf:ed:05:4b:
         43:aa:e8:b4:05:47:d2:fe:12:53:bc:34:79:55:ec:53:91:a9:
         ce:5b:46:65:8f:c5:6d:42:b7:b2:2c:2c:8b:a1:db:24:e3:cd:
         3d:3b:61:3b:e5:09:d0:0a:c5:10:06:cb:ad:a3:32:23:9f:b7:
         89:43:de:02:22:fb:cb:df:1e:24:e9:dc:c7:c2:fe:cd:24:63:
         85:a3:80:15:3b:a4:ec:b6:9b:70:79:ee:80:52:7c:d7:69:cb:
         56:2e:7f:70:84:1b:3f:47:b3:72:b5:f8:1d:65:04:84:f6:85:
         ed:3a:1a:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbnoBmmH3ikoEwk9ip6JaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjQwMTAxMTQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQwNGM0ZjhhYjE4M2EwZWIzNDVmNjdiYzg3ZTM4NjgxZGI0OWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5p4rS1Qs1Eb9rZO9UMPmhqDrhlTh
9KTpzJVdulObLY2W15M4EiocZvN0DYvYWKTY6XNSMST0CYKjg1dPyOrWCsvJ01V6
9msSyGumRDoe05UVnJ7a7yGU9k7S3wXGiH0d3DxQ5G2hOidFy3UZRqj+nNhfBqef
S9PI7DMslMGqEcs0rnazVoGymk/BHK6PLRz+somtLQfDuY8tTAwCuCW2MAcbBX3S
1Kjnt9dq6E7UUoALNw62w3etWDegT2sfs1S+fVqy3J7bpGE+t7ssbiYEtOSTFqXb
9cyZFJN9BT++amLmEjyWf3vb8UwU1osJQrmMYo0L9Bh/wx3Y1zoNzYSNAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZATE+KsYOg6zRfZ7yH44aB20n4MB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvMWtCTVQ0cXhnNkRyTkY5bnZJZmpob0hiU2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgm1MA0G
CSqGSIb3DQEBCwUAA4IBAQCDpGmjv4xnbKHMdwiCeEZFtyBpN97iDT1988ccNKaT
ZTJMiBMh7+EgJ0QMINYLG/TbcUJh/BWJ+08we56WSBePrqKF6KP5ZVOHa5X+OsOa
cnI/mMC2NRRN7WxIS8FE4YGCiKv+E7b+4H6L7DRkDfbO6fxc9fWducsTxdjlb953
VjNafiVd9HQ3JjMUOc/tBUtDqui0BUfS/hJTvDR5VexTkanOW0Zlj8VtQreyLCyL
odsk4809O2E75QnQCsUQBsutozIjn7eJQ94CIvvL3x4k6dzHwv7NJGOFo4AVO6Ts
tptwee6AUnzXactWLn9whBs/R7NytfgdZQSE9oXtOhr/
-----END CERTIFICATE-----