Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/1-WuNzs4D5Cl0FJe4HNILB6iyJ1k.roa
File:                     1-WuNzs4D5Cl0FJe4HNILB6iyJ1k.roa (raw, json)
Hash identifier:          bBgL1im973R/Gl5cXCrvJKvOUqTjjVXxWxLATAhjFNo=
Subject key identifier:   F9:6B:8D:CE:CE:03:E4:29:74:14:97:B8:1C:D2:0B:07:A8:B2:27:59
Certificate issuer:       /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial:       018CC5DC05E3B365CDCEC643344DEAB8765E
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/1-WuNzs4D5Cl0FJe4HNILB6iyJ1k.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60231
IP address blocks:        93.189.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:05:e3:b3:65:cd:ce:c6:43:34:4d:ea:b8:76:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f96b8dcece03e429741497b81cd20b07a8b22759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:54:5e:3e:0b:d6:73:62:93:4b:39:4c:0b:a4:
                    8f:4f:8d:6e:6f:53:6c:a6:d4:83:c7:a6:19:8c:cd:
                    7f:06:74:5e:b5:37:ae:88:e0:22:ba:23:2d:c0:b6:
                    f4:4a:1c:08:d8:2e:05:90:8b:ab:1c:18:07:02:7d:
                    04:13:b4:02:b3:6c:05:b1:e4:50:db:19:b7:c6:c0:
                    c8:c8:c2:0c:3c:3b:b2:60:f3:17:9b:e0:74:97:49:
                    38:7d:98:b4:f6:60:f0:ec:dd:28:df:2b:a6:68:a9:
                    88:23:19:0e:f6:ce:54:e4:5d:cd:a4:32:c4:d6:34:
                    3c:eb:58:d3:11:55:c4:53:90:1f:52:c9:9a:e1:34:
                    3e:3e:13:1f:5b:36:c3:65:80:6e:9f:21:7d:79:f9:
                    c3:d4:21:3d:81:31:43:b1:fb:6b:9d:6e:23:d4:fd:
                    1e:fb:3a:81:fd:11:03:f3:77:1b:44:53:5e:cc:34:
                    aa:24:c1:19:f4:87:00:13:c9:62:ba:4b:b0:de:31:
                    91:64:58:de:70:88:02:03:c5:76:77:3c:0f:87:a5:
                    8d:64:4c:1a:de:9f:ab:46:e5:06:b5:23:93:ea:a4:
                    b5:f9:f1:e7:d5:36:8f:44:8b:8f:b0:7f:9c:14:42:
                    5d:3b:34:7a:31:48:71:43:42:88:23:44:e1:8c:46:
                    80:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6B:8D:CE:CE:03:E4:29:74:14:97:B8:1C:D2:0B:07:A8:B2:27:59
            X509v3 Authority Key Identifier:
                keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/1-WuNzs4D5Cl0FJe4HNILB6iyJ1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.189.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:3e:71:7e:13:41:db:68:85:3f:eb:bf:ec:43:f6:b0:23:69:
         79:9b:08:9e:1c:7d:eb:75:c2:12:8c:69:f5:6c:46:5e:8f:db:
         ce:53:60:30:14:65:a5:80:f8:99:33:89:d9:eb:6f:88:76:41:
         f4:31:e7:84:2f:4e:eb:85:99:bf:23:f7:0b:6e:be:b2:af:20:
         33:70:7b:ed:b3:fa:4b:b8:16:fa:a1:56:e4:8e:ee:30:6f:2c:
         5c:01:79:7a:d5:89:b7:c9:c7:29:64:b3:60:03:f9:03:31:e7:
         62:98:37:e5:8e:c4:77:30:1c:75:86:99:42:70:65:52:65:b6:
         2f:78:8a:73:47:44:17:d7:15:02:d8:64:cd:3b:b4:3d:34:ca:
         7f:0c:04:90:f8:44:45:55:ab:ba:ac:2e:f8:31:57:ef:3e:e9:
         f9:ce:b6:41:77:bd:16:94:9f:49:10:15:7b:33:44:f7:32:46:
         7a:b7:73:06:4b:04:de:48:ed:1c:9a:ce:2c:72:c9:20:bb:3c:
         69:3a:7d:14:2d:20:7c:4d:83:d3:34:4d:1e:f7:7d:f9:8d:56:
         a2:20:6b:35:66:0f:e6:3e:b7:c7:97:3f:e2:bd:b7:7d:d3:90:
         b9:d3:2f:23:e8:9b:59:bd:92:c7:9d:da:e4:54:e8:e7:48:d4:
         0c:90:76:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3AXjs2XNzsZDNE3quHZeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZiOGRjZWNlMDNlNDI5NzQxNDk3YjgxY2QyMGIwN2E4YjIyNzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1RePgvWc2KTSzlMC6SPT41ub1Ns
ptSDx6YZjM1/BnRetTeuiOAiuiMtwLb0ShwI2C4FkIurHBgHAn0EE7QCs2wFseRQ
2xm3xsDIyMIMPDuyYPMXm+B0l0k4fZi09mDw7N0o3yumaKmIIxkO9s5U5F3NpDLE
1jQ861jTEVXEU5AfUsma4TQ+PhMfWzbDZYBunyF9efnD1CE9gTFDsftrnW4j1P0e
+zqB/RED83cbRFNezDSqJMEZ9IcAE8liukuw3jGRZFjecIgCA8V2dzwPh6WNZEwa
3p+rRuUGtSOT6qS1+fHn1TaPRIuPsH+cFEJdOzR6MUhxQ0KII0ThjEaASwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlrjc7OA+QpdBSXuBzSCweosidZMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEvMS1XdU56czRENUNsMEZKZTRITklMQjZpeUoxay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvMTM4MDQ2LTdiZTAtNDAxNy1hOThiLWE3MjQ3ZTlkNWYz
YS8xL3MwTlJSakRjRl9QLW0xSGRRMEdFMExZckE4QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF29lDAN
BgkqhkiG9w0BAQsFAAOCAQEAVT5xfhNB22iFP+u/7EP2sCNpeZsInhx963XCEoxp
9WxGXo/bzlNgMBRlpYD4mTOJ2etviHZB9DHnhC9O64WZvyP3C26+sq8gM3B77bP6
S7gW+qFW5I7uMG8sXAF5etWJt8nHKWSzYAP5AzHnYpg35Y7EdzAcdYaZQnBlUmW2
L3iKc0dEF9cVAthkzTu0PTTKfwwEkPhERVWruqwu+DFX7z7p+c62QXe9FpSfSRAV
ezNE9zJGerdzBksE3kjtHJrOLHLJILs8aTp9FC0gfE2D0zRNHvd9+Y1WoiBrNWYP
5j63x5c/4r23fdOQudMvI+ibWb2Sx53a5FTo50jUDJB22w==
-----END CERTIFICATE-----