Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/d73592-e46d-4598-8b12-fa9114a82ac9/1/1-_3nfZtfV8QVfq00_CSsIBm-HNs.roa
File:                     1-_3nfZtfV8QVfq00_CSsIBm-HNs.roa (raw, json)
Hash identifier:          UwmjMVoglBdfhhhJooLNN9H1V+ushql2SC0sNBQBdc0=
Subject key identifier:   FB:FD:E7:7D:9B:5F:57:C4:15:7E:AD:34:FC:24:AC:20:19:BE:1C:DB
Certificate issuer:       /CN=b281ff314fc8aae3975407b0a0c17f2fde34dc26
Certificate serial:       018CC726D44AD73320E5BEEF00D2E850797E
Authority key identifier: B2:81:FF:31:4F:C8:AA:E3:97:54:07:B0:A0:C1:7F:2F:DE:34:DC:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/soH_MU_IquOXVAewoMF_L9403CY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/d73592-e46d-4598-8b12-fa9114a82ac9/1/1-_3nfZtfV8QVfq00_CSsIBm-HNs.roa
Signing time:             Mon 01 Jan 2024 22:30:59 +0000
ROA not before:           Mon 01 Jan 2024 22:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8271
IP address blocks:        62.48.0.0/19 maxlen: 19
                          2001:4bf8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/d73592-e46d-4598-8b12-fa9114a82ac9/1/soH_MU_IquOXVAewoMF_L9403CY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/d73592-e46d-4598-8b12-fa9114a82ac9/1/soH_MU_IquOXVAewoMF_L9403CY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/soH_MU_IquOXVAewoMF_L9403CY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d4:4a:d7:33:20:e5:be:ef:00:d2:e8:50:79:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b281ff314fc8aae3975407b0a0c17f2fde34dc26
        Validity
            Not Before: Jan  1 22:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbfde77d9b5f57c4157ead34fc24ac2019be1cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5c:10:cf:8f:92:39:78:70:63:fd:df:3d:a9:
                    6d:53:6c:59:7c:04:9f:75:91:7e:4b:59:a2:6f:6e:
                    84:65:7c:7b:d9:73:7a:80:90:29:54:c9:8f:a5:f6:
                    4e:50:a8:ce:9f:7b:06:73:89:44:57:63:6d:e9:52:
                    b8:20:cc:70:79:37:98:20:32:cf:1b:79:4f:b2:d6:
                    8a:30:c4:a8:12:ef:8e:e3:c5:2c:dc:a7:07:bd:b3:
                    d3:02:16:b6:c1:be:f8:c5:37:66:b5:a3:ea:c0:8a:
                    87:28:36:fb:55:8b:c4:4b:4e:8d:57:f1:4f:e0:08:
                    9f:2a:a7:95:f9:64:69:af:5c:cc:51:eb:9a:68:53:
                    ff:b6:65:7b:49:2c:ef:7c:71:5d:59:a8:9e:ab:59:
                    f7:ef:15:7f:72:87:32:c5:bc:78:dc:9f:f4:3e:82:
                    80:4b:19:d6:f8:cd:4c:b3:20:f8:16:6d:68:ab:b0:
                    53:58:fc:02:70:24:b0:64:2e:62:7e:dc:83:1c:38:
                    8a:85:ec:43:50:3c:1e:da:9c:97:ff:f3:42:de:f5:
                    ad:ae:b1:bc:00:56:1a:6b:25:ed:52:87:29:57:d8:
                    82:c4:73:a6:09:4d:8b:31:86:f8:33:82:c6:be:0c:
                    e8:3e:c0:fa:e4:99:4a:a5:a7:2f:84:08:47:97:fd:
                    54:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:FD:E7:7D:9B:5F:57:C4:15:7E:AD:34:FC:24:AC:20:19:BE:1C:DB
            X509v3 Authority Key Identifier:
                keyid:B2:81:FF:31:4F:C8:AA:E3:97:54:07:B0:A0:C1:7F:2F:DE:34:DC:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/soH_MU_IquOXVAewoMF_L9403CY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/d73592-e46d-4598-8b12-fa9114a82ac9/1/1-_3nfZtfV8QVfq00_CSsIBm-HNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/d73592-e46d-4598-8b12-fa9114a82ac9/1/soH_MU_IquOXVAewoMF_L9403CY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.48.0.0/19
                IPv6:
                  2001:4bf8::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:44:10:56:9d:e3:3d:66:f0:26:61:84:b8:56:34:78:1a:e6:
         0a:0e:04:e5:5a:29:46:d7:d2:0f:9c:cd:34:8c:f4:1c:a8:b2:
         9e:02:ba:d8:d3:c4:81:6e:21:46:e6:08:68:f1:a9:47:42:b0:
         fc:49:fd:be:44:57:4c:15:0b:3b:17:79:32:67:f7:17:79:ab:
         bb:65:4b:d6:fb:a9:09:5f:75:93:c9:ad:eb:ff:74:de:da:62:
         73:c7:44:ab:95:72:49:80:eb:10:7e:4a:42:be:9a:8f:1d:8d:
         b2:82:63:8b:8f:7a:d0:aa:cc:51:31:4c:d4:e2:59:5e:e6:99:
         f1:e5:a5:d8:e8:73:7f:b9:9c:d8:a4:97:84:d3:e8:71:e7:c8:
         81:92:cf:54:16:9e:d0:11:15:5d:00:58:d2:24:5b:b0:31:eb:
         52:e2:25:42:3a:d6:ae:5e:02:4d:a6:a6:d2:82:5b:a5:22:21:
         3f:6a:5d:46:e1:e6:84:8d:07:48:47:e7:bf:d2:9e:f3:df:54:
         54:45:a4:2c:16:ee:30:44:2f:69:e9:e0:b1:0b:31:96:3d:56:
         79:05:bb:9d:3a:6c:13:27:9d:38:b7:ba:ec:43:39:cf:ac:94:
         32:29:bd:eb:a0:d7:3c:18:17:18:65:06:f0:12:63:7f:8c:bb:
         ee:95:92:22
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJtRK1zMg5b7vANLoUHl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyODFmZjMxNGZjOGFhZTM5NzU0MDdiMGEwYzE3ZjJmZGUz
NGRjMjYwHhcNMjQwMTAxMjIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmZkZTc3ZDliNWY1N2M0MTU3ZWFkMzRmYzI0YWMyMDE5YmUxY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFwQz4+SOXhwY/3fPaltU2xZfASf
dZF+S1mib26EZXx72XN6gJApVMmPpfZOUKjOn3sGc4lEV2Nt6VK4IMxweTeYIDLP
G3lPstaKMMSoEu+O48Us3KcHvbPTAha2wb74xTdmtaPqwIqHKDb7VYvES06NV/FP
4AifKqeV+WRpr1zMUeuaaFP/tmV7SSzvfHFdWaieq1n37xV/cocyxbx43J/0PoKA
SxnW+M1MsyD4Fm1oq7BTWPwCcCSwZC5iftyDHDiKhexDUDwe2pyX//NC3vWtrrG8
AFYaayXtUocpV9iCxHOmCU2LMYb4M4LGvgzoPsD65JlKpacvhAhHl/1U4QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPv9532bX1fEFX6tNPwkrCAZvhzbMB8GA1UdIwQY
MBaAFLKB/zFPyKrjl1QHsKDBfy/eNNwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc29IX01VX0lxdU9YVkFld29NRl9MOTQwM0NZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kNzM1OTItZTQ2ZC00NTk4LThiMTIt
ZmE5MTE0YTgyYWM5LzEvMS1fM25mWnRmVjhRVmZxMDBfQ1NzSUJtLUhOcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGIvZDczNTkyLWU0NmQtNDU5OC04YjEyLWZhOTExNGE4MmFj
OS8xL3NvSF9NVV9JcXVPWFZBZXdvTUZfTDk0MDNDWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEBT4wADAN
BAIAAjAHAwUAIAFL+DANBgkqhkiG9w0BAQsFAAOCAQEABkQQVp3jPWbwJmGEuFY0
eBrmCg4E5VopRtfSD5zNNIz0HKiyngK62NPEgW4hRuYIaPGpR0Kw/En9vkRXTBUL
Oxd5Mmf3F3mru2VL1vupCV91k8mt6/903tpic8dEq5VySYDrEH5KQr6ajx2NsoJj
i4960KrMUTFM1OJZXuaZ8eWl2Ohzf7mc2KSXhNPocefIgZLPVBae0BEVXQBY0iRb
sDHrUuIlQjrWrl4CTaam0oJbpSIhP2pdRuHmhI0HSEfnv9Ke899UVEWkLBbuMEQv
aengsQsxlj1WeQW7nTpsEyedOLe67EM5z6yUMim966DXPBgXGGUG8BJjf4y77pWS
Ig==
-----END CERTIFICATE-----