Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/1-WJDAzNtHm2UqXpk8MBNCsdodsM.roa
File:                     1-WJDAzNtHm2UqXpk8MBNCsdodsM.roa (raw, json)
Hash identifier:          WOMo94F2AinAAcBVEVkKj9jZ8HclEtjkWhJVwJerRC8=
Subject key identifier:   F9:62:43:03:33:6D:1E:6D:94:A9:7A:64:F0:C0:4D:0A:C7:68:76:C3
Certificate issuer:       /CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
Certificate serial:       018CC793FD223E3665FB47F559E71397D62A
Authority key identifier: 1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/1-WJDAzNtHm2UqXpk8MBNCsdodsM.roa
Signing time:             Tue 02 Jan 2024 00:30:13 +0000
ROA not before:           Tue 02 Jan 2024 00:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213230
IP address blocks:        178.156.128.0/17 maxlen: 24
                          5.161.0.0/16 maxlen: 24
                          2a01:4ff::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:fd:22:3e:36:65:fb:47:f5:59:e7:13:97:d6:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f46f57735a4e63dbef848ee0d9d199e215f8304
        Validity
            Not Before: Jan  2 00:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9624303336d1e6d94a97a64f0c04d0ac76876c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b5:d1:4d:c7:e1:ce:f1:7f:09:e5:25:b4:df:
                    c7:a1:73:bf:26:f1:c3:c0:4a:0f:6c:8d:e8:f3:85:
                    ee:73:29:85:22:07:96:fe:1d:7e:44:d5:b5:de:2e:
                    b7:ea:53:51:cf:b2:e7:4c:ae:98:e9:24:0d:b8:fc:
                    77:bd:2b:1b:0f:7a:55:d8:41:08:6e:76:58:1f:4f:
                    2a:4f:7b:c2:c7:12:f4:df:57:81:0c:75:a1:36:83:
                    a1:b2:01:df:cd:52:f0:d3:48:72:d3:50:30:b0:f3:
                    b3:0d:e8:e7:5e:db:5f:26:4f:d4:01:e2:9a:8f:b0:
                    20:05:6d:36:ac:7b:29:d1:84:58:9b:3d:17:b5:3b:
                    13:4b:56:e7:8a:55:47:aa:b3:21:08:fd:c7:0f:e0:
                    37:55:e0:da:69:17:3f:3e:26:82:f5:b6:8a:8e:29:
                    ed:ef:63:d4:98:04:37:9a:4c:82:61:3e:c0:a2:21:
                    e6:00:05:8d:a6:c9:58:d5:d8:66:cd:9b:02:a2:fc:
                    20:a5:4b:dd:49:e7:28:18:ff:09:db:ba:fb:3a:f9:
                    64:a9:21:a9:d6:bb:06:50:e1:6f:79:89:6e:1d:7f:
                    f3:20:b0:a1:f0:4b:2e:b2:8d:a7:9d:ea:a5:a7:ad:
                    22:e4:f8:ee:85:20:62:99:7b:3f:5e:3a:94:0a:4f:
                    ad:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:62:43:03:33:6D:1E:6D:94:A9:7A:64:F0:C0:4D:0A:C7:68:76:C3
            X509v3 Authority Key Identifier:
                keyid:1F:46:F5:77:35:A4:E6:3D:BE:F8:48:EE:0D:9D:19:9E:21:5F:83:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/1-WJDAzNtHm2UqXpk8MBNCsdodsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/107266-ab51-462b-9fc2-a7c9898eecbc/1/H0b1dzWk5j2--EjuDZ0ZniFfgwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.161.0.0/16
                  178.156.128.0/17
                IPv6:
                  2a01:4ff::/40

    Signature Algorithm: sha256WithRSAEncryption
         cb:23:b0:30:f5:c4:59:dc:69:0e:42:c8:3b:69:27:6c:65:51:
         6e:18:4a:e6:b0:8e:27:c0:2f:f2:e3:b4:6c:78:09:24:28:48:
         ea:c2:0b:10:55:d8:fd:c4:b8:78:48:ba:6b:7d:ac:a1:96:d1:
         27:4f:ce:3b:c6:fd:61:99:e5:62:9d:a5:00:d4:f7:51:49:e8:
         29:27:0c:fe:8f:5c:27:6e:f3:cb:44:c2:80:1f:8a:85:4d:4b:
         df:8f:34:b1:c3:11:56:f2:23:d1:02:51:89:ca:fa:d6:f5:16:
         30:9f:a6:ac:35:3d:e7:f0:97:aa:33:85:17:31:a3:fe:58:1f:
         dc:63:09:75:d8:6c:4d:9b:f8:6d:09:d9:73:95:2f:6e:21:61:
         5e:4a:72:32:79:4a:c0:df:0c:3d:4c:76:11:6a:0b:d8:d9:9f:
         33:64:12:66:5f:f7:7c:a2:ab:9a:d9:b7:3e:64:60:2a:0f:f5:
         6e:16:58:53:02:07:20:f6:7f:c8:bc:87:e4:29:a2:3a:3d:c7:
         41:d8:5c:09:1d:82:62:9a:da:6e:21:88:8c:ab:e2:84:81:f3:
         50:da:cc:0f:a4:08:08:d0:db:dd:6f:cd:01:a8:62:78:20:21:
         dc:26:1b:f8:45:b8:3c:f6:36:e0:1c:04:3d:4a:81:f7:16:0c:
         57:2c:1a:2e
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzHk/0iPjZl+0f1WecTl9YqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDZmNTc3MzVhNGU2M2RiZWY4NDhlZTBkOWQxOTllMjE1
ZjgzMDQwHhcNMjQwMTAyMDAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTYyNDMwMzMzNmQxZTZkOTRhOTdhNjRmMGMwNGQwYWM3Njg3NmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbXRTcfhzvF/CeUltN/HoXO/JvHD
wEoPbI3o84XucymFIgeW/h1+RNW13i636lNRz7LnTK6Y6SQNuPx3vSsbD3pV2EEI
bnZYH08qT3vCxxL031eBDHWhNoOhsgHfzVLw00hy01AwsPOzDejnXttfJk/UAeKa
j7AgBW02rHsp0YRYmz0XtTsTS1bnilVHqrMhCP3HD+A3VeDaaRc/PiaC9baKjint
72PUmAQ3mkyCYT7AoiHmAAWNpslY1dhmzZsCovwgpUvdSecoGP8J27r7OvlkqSGp
1rsGUOFveYluHX/zILCh8Esuso2nneqlp60i5PjuhSBimXs/XjqUCk+tDQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPliQwMzbR5tlKl6ZPDATQrHaHbDMB8GA1UdIwQY
MBaAFB9G9Xc1pOY9vvhI7g2dGZ4hX4MEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBiMWR6V2s1ajItLUVqdURaMFpuaUZmZ3dRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8xMDcyNjYtYWI1MS00NjJiLTlmYzIt
YTdjOTg5OGVlY2JjLzEvMS1XSkRBek50SG0yVXFYcGs4TUJOQ3Nkb2RzTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTMvMTA3MjY2LWFiNTEtNDYyYi05ZmMyLWE3Yzk4OThlZWNi
Yy8xL0gwYjFkeldrNWoyLS1FanVEWjBabmlGZmd3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEQQCAAEwCwMDAAWhAwQH
spyAMA4EAgACMAgDBgAqAQT/ADANBgkqhkiG9w0BAQsFAAOCAQEAyyOwMPXEWdxp
DkLIO2knbGVRbhhK5rCOJ8Av8uO0bHgJJChI6sILEFXY/cS4eEi6a32soZbRJ0/O
O8b9YZnlYp2lANT3UUnoKScM/o9cJ27zy0TCgB+KhU1L3480scMRVvIj0QJRicr6
1vUWMJ+mrDU95/CXqjOFFzGj/lgf3GMJddhsTZv4bQnZc5UvbiFhXkpyMnlKwN8M
PUx2EWoL2NmfM2QSZl/3fKKrmtm3PmRgKg/1bhZYUwIHIPZ/yLyH5CmiOj3HQdhc
CR2CYprabiGIjKvihIHzUNrMD6QICNDb3W/NAahieCAh3CYb+EW4PPY24BwEPUqB
9xYMVywaLg==
-----END CERTIFICATE-----