Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/F1cfinQaCToQ0BcRHAPARScLdRA.roa
File:                     F1cfinQaCToQ0BcRHAPARScLdRA.roa (raw, json)
Hash identifier:          NFHhKAH5vo4ic9BnW8CIDg19ToUjpuyrhtiuaqksZkM=
Subject key identifier:   17:57:1F:8A:74:1A:09:3A:10:D0:17:11:1C:03:C0:45:27:0B:75:10
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC501171338127C508571218A17E4A782
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/F1cfinQaCToQ0BcRHAPARScLdRA.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4826
IP address blocks:        2a0e:eb44::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:17:13:38:12:7c:50:85:71:21:8a:17:e4:a7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17571f8a741a093a10d017111c03c045270b7510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:29:e2:ca:04:35:f6:75:6f:4d:7d:07:00:6d:
                    46:12:99:42:2e:c2:3b:5f:26:c2:d0:b5:99:6e:50:
                    73:ea:c6:9a:b6:15:4d:2c:bc:68:9a:20:58:85:82:
                    31:a6:32:b3:87:a2:9b:9d:bc:13:cf:67:65:42:b1:
                    d9:f1:04:9d:b2:c4:29:eb:c3:b9:43:ce:7f:ff:51:
                    a2:9b:7e:93:06:0b:70:bb:24:8b:1c:ff:92:e9:a7:
                    19:c2:05:f3:46:28:b1:a1:cd:30:77:3b:90:c8:06:
                    3c:c8:3b:97:01:c4:f6:cd:5a:a4:1d:c1:ef:fa:f1:
                    b2:48:b5:7b:28:84:7d:88:a7:77:7f:3a:32:26:3d:
                    f8:d2:0a:99:f4:3d:e6:cf:1c:3b:a5:07:ef:62:72:
                    c0:ed:17:48:9a:33:6b:5d:3a:84:32:d5:d3:bc:a9:
                    df:2c:c9:c6:d9:a2:15:78:87:4c:69:81:e3:3b:da:
                    de:e3:db:b2:34:55:fb:8a:58:c1:31:45:d1:d5:12:
                    10:df:b8:3a:4d:4b:f6:0c:62:ca:46:07:4c:41:d3:
                    78:ed:a0:63:3f:05:c1:df:f3:aa:cc:e8:60:96:34:
                    18:25:71:38:07:8c:f7:3c:b7:7d:a5:78:e3:62:d1:
                    5e:ae:04:31:41:31:77:b8:95:8f:0d:42:f8:da:be:
                    f8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:57:1F:8A:74:1A:09:3A:10:D0:17:11:1C:03:C0:45:27:0B:75:10
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/F1cfinQaCToQ0BcRHAPARScLdRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:eb44::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:f9:6d:c6:6b:0d:e2:8c:62:c8:5b:9d:07:22:22:e7:d1:d9:
         c5:e7:a4:0a:9b:73:63:42:e2:d3:04:37:b7:0e:39:b0:85:e9:
         5f:09:3f:ec:f5:81:e1:92:29:f1:15:ed:7f:89:8e:9d:c3:88:
         09:1b:7f:11:86:4a:b9:19:dc:7a:7d:f5:cc:16:25:b7:9d:08:
         42:ed:72:da:c0:aa:43:50:99:73:23:be:16:8e:7c:78:4f:b3:
         01:09:51:b1:fb:9a:79:3c:f2:81:90:eb:fa:e7:ee:64:bd:fe:
         b4:ba:f7:93:59:f8:31:26:54:1b:63:e0:70:2a:eb:57:95:3d:
         20:09:62:e6:5b:84:73:a6:78:96:a5:de:93:d1:a0:dc:b4:f2:
         9c:39:3e:5e:e2:21:64:e2:06:86:be:1b:d4:30:fb:c1:15:79:
         4e:f1:1f:11:65:b5:51:f7:07:c7:e8:c4:67:e3:c6:a9:78:3f:
         30:74:68:48:90:f7:46:1c:33:51:02:d5:11:5e:9a:8e:6b:2b:
         ed:55:58:86:c9:81:e2:6c:96:1a:4c:22:ea:03:4f:3a:19:e4:
         4a:b7:3d:9f:62:81:b4:bd:32:2d:4b:f1:4e:7a:1d:6a:c3:ae:
         fb:80:20:e1:68:35:d8:f4:07:b9:02:2d:94:99:06:10:11:8a:
         65:9c:c1:32
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFARcTOBJ8UIVxIYoX5KeCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzU3MWY4YTc0MWEwOTNhMTBkMDE3MTExYzAzYzA0NTI3MGI3NTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SniygQ19nVvTX0HAG1GEplCLsI7
XybC0LWZblBz6saathVNLLxomiBYhYIxpjKzh6KbnbwTz2dlQrHZ8QSdssQp68O5
Q85//1Gim36TBgtwuySLHP+S6acZwgXzRiixoc0wdzuQyAY8yDuXAcT2zVqkHcHv
+vGySLV7KIR9iKd3fzoyJj340gqZ9D3mzxw7pQfvYnLA7RdImjNrXTqEMtXTvKnf
LMnG2aIVeIdMaYHjO9re49uyNFX7iljBMUXR1RIQ37g6TUv2DGLKRgdMQdN47aBj
PwXB3/OqzOhgljQYJXE4B4z3PLd9pXjjYtFergQxQTF3uJWPDUL42r74HwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBdXH4p0Ggk6ENAXERwDwEUnC3UQMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvRjFjZmluUWFDVG9RMEJjUkhBUEFSU2NMZFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7rRDAN
BgkqhkiG9w0BAQsFAAOCAQEAa/ltxmsN4oxiyFudByIi59HZxeekCptzY0Li0wQ3
tw45sIXpXwk/7PWB4ZIp8RXtf4mOncOICRt/EYZKuRncen31zBYlt50IQu1y2sCq
Q1CZcyO+Fo58eE+zAQlRsfuaeTzygZDr+ufuZL3+tLr3k1n4MSZUG2PgcCrrV5U9
IAli5luEc6Z4lqXek9Gg3LTynDk+XuIhZOIGhr4b1DD7wRV5TvEfEWW1UfcHx+jE
Z+PGqXg/MHRoSJD3RhwzUQLVEV6ajmsr7VVYhsmB4myWGkwi6gNPOhnkSrc9n2KB
tL0yLUvxTnodasOu+4Ag4Wg12PQHuQItlJkGEBGKZZzBMg==
-----END CERTIFICATE-----