Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/a009e8-2dc7-4ef8-a5ce-c4c63983b50c/1/Ru_nL_5FR7ZBnH_01vkxWXpSgcU.roa
File:                     Ru_nL_5FR7ZBnH_01vkxWXpSgcU.roa (raw, json)
Hash identifier:          la0pRG5XxYRzQeebMkr6kTeeVTyufg4XhXya24koMjc=
Subject key identifier:   46:EF:E7:2F:FE:45:47:B6:41:9C:7F:F4:D6:F9:31:59:7A:52:81:C5
Certificate issuer:       /CN=1cf2ec825fa6381e8e94fd39b06ea38b63e41a10
Certificate serial:       018CC793792136673CCA585F88ED56CD5C10
Authority key identifier: 1C:F2:EC:82:5F:A6:38:1E:8E:94:FD:39:B0:6E:A3:8B:63:E4:1A:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HPLsgl-mOB6OlP05sG6ji2PkGhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/a009e8-2dc7-4ef8-a5ce-c4c63983b50c/1/Ru_nL_5FR7ZBnH_01vkxWXpSgcU.roa
Signing time:             Tue 02 Jan 2024 00:29:39 +0000
ROA not before:           Tue 02 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        185.78.60.0/22 maxlen: 24
                          170.133.0.0/18 maxlen: 24
                          91.106.128.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/a009e8-2dc7-4ef8-a5ce-c4c63983b50c/1/HPLsgl-mOB6OlP05sG6ji2PkGhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/a009e8-2dc7-4ef8-a5ce-c4c63983b50c/1/HPLsgl-mOB6OlP05sG6ji2PkGhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HPLsgl-mOB6OlP05sG6ji2PkGhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 21:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:79:21:36:67:3c:ca:58:5f:88:ed:56:cd:5c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cf2ec825fa6381e8e94fd39b06ea38b63e41a10
        Validity
            Not Before: Jan  2 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46efe72ffe4547b6419c7ff4d6f931597a5281c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:50:28:ef:96:35:e0:a6:22:d7:0d:a3:8b:3c:
                    f9:b0:c4:9b:c0:19:d7:44:09:94:b2:92:c7:e0:48:
                    1b:cd:92:5e:be:4b:91:7a:4e:f3:f7:35:16:54:e2:
                    0e:27:49:3f:75:24:35:16:7a:55:6e:b2:bd:b1:18:
                    36:21:cb:b9:02:69:2d:e6:84:5b:ac:66:d5:5b:d9:
                    9f:ae:7c:08:e8:11:83:08:0c:a4:0a:89:bb:36:f6:
                    94:3c:23:49:a1:48:06:d4:02:c3:ee:40:0d:b9:79:
                    51:c7:f0:f3:89:9a:94:80:0d:fa:f5:3a:ff:0d:77:
                    bc:04:47:5d:74:c0:a3:75:1f:a2:91:41:f2:3c:03:
                    df:45:02:4d:c2:07:86:3d:d1:03:ba:ae:22:77:16:
                    39:69:2d:69:5e:a0:e7:43:33:9e:3b:96:9a:d4:a9:
                    c1:ee:29:7a:e8:1d:af:e4:f0:61:ae:20:db:d9:c6:
                    96:2b:99:21:97:3d:27:8f:5c:7d:0a:52:be:05:08:
                    cb:ac:2c:a3:4f:8a:06:3d:ec:70:f4:b9:a0:7c:ba:
                    cd:54:3b:e2:97:1f:ff:6e:8e:54:1c:de:5c:19:33:
                    11:65:02:ab:ee:b1:7e:04:c3:d7:d6:73:94:db:d3:
                    a1:50:77:94:61:cd:70:75:17:73:95:3a:8f:d4:67:
                    e3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EF:E7:2F:FE:45:47:B6:41:9C:7F:F4:D6:F9:31:59:7A:52:81:C5
            X509v3 Authority Key Identifier:
                keyid:1C:F2:EC:82:5F:A6:38:1E:8E:94:FD:39:B0:6E:A3:8B:63:E4:1A:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HPLsgl-mOB6OlP05sG6ji2PkGhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/a009e8-2dc7-4ef8-a5ce-c4c63983b50c/1/Ru_nL_5FR7ZBnH_01vkxWXpSgcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/a009e8-2dc7-4ef8-a5ce-c4c63983b50c/1/HPLsgl-mOB6OlP05sG6ji2PkGhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.106.128.0/18
                  170.133.0.0/18
                  185.78.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:fb:6e:fc:91:ce:6a:f5:f0:80:d6:34:1f:b9:1e:c6:b2:06:
         f2:a9:ae:39:75:11:d1:67:92:b0:21:c0:2f:b2:f2:c4:b0:ca:
         f9:0c:8f:da:fc:50:3a:0c:65:44:a8:3e:df:82:f2:d2:13:58:
         83:3c:59:f9:36:32:fe:b9:87:16:72:2b:29:02:a0:1f:93:ca:
         5b:9e:2d:c5:20:3a:1a:ab:15:2c:9f:74:e9:c9:85:3c:f5:7e:
         02:62:78:d6:78:d4:e2:08:7f:a2:64:54:da:f8:91:b4:15:d2:
         5f:ea:98:87:14:ad:e7:50:21:06:d6:38:51:03:95:29:f3:5c:
         f0:7e:7f:c1:b5:ef:de:e6:29:95:41:07:a2:41:b3:2f:9b:61:
         dd:05:2f:2b:13:f9:c7:1d:06:ab:17:ef:20:31:2f:a6:51:41:
         9d:7e:cd:68:32:4c:c8:3b:69:7b:4b:cd:3a:86:96:6f:79:d7:
         97:63:fb:92:00:13:e1:e3:ea:11:41:37:5d:11:71:3a:b3:be:
         75:c6:1d:d6:18:4e:b6:6c:64:10:2c:5a:0d:70:79:78:52:f0:
         e0:6f:82:26:d7:b0:87:d0:54:ba:26:99:36:22:85:8e:d0:e1:
         2d:dc:6b:4a:ae:44:f2:b7:a5:fa:37:78:07:00:7e:5a:32:52:
         16:26:e0:e9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHk3khNmc8ylhfiO1WzVwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZjJlYzgyNWZhNjM4MWU4ZTk0ZmQzOWIwNmVhMzhiNjNl
NDFhMTAwHhcNMjQwMTAyMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVmZTcyZmZlNDU0N2I2NDE5YzdmZjRkNmY5MzE1OTdhNTI4MWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlAo75Y14KYi1w2jizz5sMSbwBnX
RAmUspLH4EgbzZJevkuRek7z9zUWVOIOJ0k/dSQ1FnpVbrK9sRg2Icu5Amkt5oRb
rGbVW9mfrnwI6BGDCAykCom7NvaUPCNJoUgG1ALD7kANuXlRx/DziZqUgA369Tr/
DXe8BEdddMCjdR+ikUHyPAPfRQJNwgeGPdEDuq4idxY5aS1pXqDnQzOeO5aa1KnB
7il66B2v5PBhriDb2caWK5khlz0nj1x9ClK+BQjLrCyjT4oGPexw9LmgfLrNVDvi
lx//bo5UHN5cGTMRZQKr7rF+BMPX1nOU29OhUHeUYc1wdRdzlTqP1Gfj7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEbv5y/+RUe2QZx/9Nb5MVl6UoHFMB8GA1UdIwQY
MBaAFBzy7IJfpjgejpT9ObBuo4tj5BoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFBMc2dsLW1PQjZPbFAwNXNHNmppMlBrR2hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9hMDA5ZTgtMmRjNy00ZWY4LWE1Y2Ut
YzRjNjM5ODNiNTBjLzEvUnVfbkxfNUZSN1pCbkhfMDF2a3hXWHBTZ2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9hMDA5ZTgtMmRjNy00ZWY4LWE1Y2UtYzRjNjM5ODNiNTBj
LzEvSFBMc2dsLW1PQjZPbFAwNXNHNmppMlBrR2hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQGW2qAAwQG
qoUAAwQCuU48MA0GCSqGSIb3DQEBCwUAA4IBAQA1+278kc5q9fCA1jQfuR7Gsgby
qa45dRHRZ5KwIcAvsvLEsMr5DI/a/FA6DGVEqD7fgvLSE1iDPFn5NjL+uYcWcisp
AqAfk8pbni3FIDoaqxUsn3TpyYU89X4CYnjWeNTiCH+iZFTa+JG0FdJf6piHFK3n
UCEG1jhRA5Up81zwfn/Bte/e5imVQQeiQbMvm2HdBS8rE/nHHQarF+8gMS+mUUGd
fs1oMkzIO2l7S806hpZvedeXY/uSABPh4+oRQTddEXE6s751xh3WGE62bGQQLFoN
cHl4UvDgb4Im17CH0FS6Jpk2IoWO0OEt3GtKrkTyt6X6N3gHAH5aMlIWJuDp
-----END CERTIFICATE-----