Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/_Utiwl34ZCGht-a00WVWeSQxmK4.roa
File:                     _Utiwl34ZCGht-a00WVWeSQxmK4.roa (raw, json)
Hash identifier:          VV5FVFLMuzxM+sd6EL3uT0RxnTAeL4LDvIPRvwlHRdo=
Subject key identifier:   FD:4B:62:C2:5D:F8:64:21:A1:B7:E6:B4:D1:65:56:79:24:31:98:AE
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019121DA60676B5CB135CBB6772F2DAD10FE
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/_Utiwl34ZCGht-a00WVWeSQxmK4.roa
Signing time:             Mon 05 Aug 2024 09:24:05 +0000
ROA not before:           Mon 05 Aug 2024 09:24:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215987
IP address blocks:        204.11.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:21:da:60:67:6b:5c:b1:35:cb:b6:77:2f:2d:ad:10:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Aug  5 09:24:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd4b62c25df86421a1b7e6b4d1655679243198ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1c:27:73:3b:b4:5d:cb:3a:06:96:1d:a8:ab:
                    28:a1:e6:a7:f5:55:c5:30:94:9c:8b:36:db:ef:f5:
                    bb:5e:e2:35:a0:c5:a7:aa:02:8b:aa:aa:bc:24:84:
                    73:f9:62:04:71:22:86:a2:3f:0a:e6:37:6c:97:fd:
                    a8:6c:d9:1f:4e:05:d9:cf:25:23:af:d4:f2:fb:ce:
                    67:3f:1f:cc:fd:52:bd:81:15:de:2f:c0:60:5e:1f:
                    65:89:32:4c:68:84:c0:3f:31:c2:bc:9b:c8:24:52:
                    cf:f2:c7:90:c8:fc:84:21:f0:59:17:ed:bf:80:88:
                    ab:7e:c0:cd:11:aa:99:69:33:32:a8:c0:51:fd:57:
                    44:85:ac:ec:4e:c5:68:c1:8f:6a:ae:a1:50:c7:49:
                    13:f5:ca:d6:ec:9d:6e:9c:66:37:ac:6d:cf:1c:91:
                    96:52:95:46:25:19:e3:63:fa:18:ce:fc:8f:f2:3f:
                    ac:a1:5e:52:b7:c8:ff:11:8d:c0:e7:f4:c1:f7:0e:
                    1b:9e:c5:54:88:d2:f8:fb:6f:0a:20:ae:ef:67:c5:
                    53:9a:d2:88:94:0e:5d:60:56:77:b3:1e:d2:05:76:
                    4e:7a:e3:00:1f:a1:9b:13:3a:fc:0a:d3:a1:36:4e:
                    a2:29:9d:aa:5a:d5:44:85:1f:ae:e4:27:52:b8:7a:
                    6e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:4B:62:C2:5D:F8:64:21:A1:B7:E6:B4:D1:65:56:79:24:31:98:AE
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/_Utiwl34ZCGht-a00WVWeSQxmK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.11.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ce:bf:3b:27:26:46:92:7e:a5:f0:8f:15:8f:8c:e8:5e:78:
         ec:64:24:fb:37:5c:2e:fb:e5:ff:b5:d9:32:31:f6:e4:7c:6c:
         74:c3:c3:73:7f:32:c9:ea:a8:8f:09:86:81:66:58:0c:55:a7:
         5c:81:74:26:7b:39:13:10:78:f2:58:b9:e0:cf:ec:e0:20:6a:
         4c:c8:0d:ca:af:3e:60:1a:08:60:2e:10:4b:a0:f5:43:dc:27:
         b4:0a:86:a7:64:be:d9:dc:3f:49:06:f9:6c:09:19:9c:bd:51:
         43:86:fb:bc:fb:31:79:b7:40:19:7b:c6:e2:10:3e:de:d1:3a:
         43:76:d5:fb:b8:0b:e2:8d:4b:ae:2e:4b:48:fe:56:b1:21:55:
         be:bf:84:ed:2a:d3:af:16:62:0b:a6:a7:26:b9:fd:b7:f1:c5:
         85:a8:c3:c5:ba:78:69:1f:b1:ec:21:92:8a:00:36:0a:71:97:
         53:52:5f:82:96:f1:4e:a8:44:fe:53:35:b4:49:44:4b:62:c5:
         eb:6a:f5:49:de:62:34:66:b1:68:ab:75:4a:f1:25:ef:00:01:
         25:92:b6:89:bf:4d:70:af:a5:d8:af:45:6b:b3:5a:8c:ef:c4:
         16:cf:be:ef:ad:3e:bc:19:2a:57:85:f4:e7:d5:7d:fb:32:46:
         72:56:93:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEh2mBna1yxNcu2dy8trRD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwODA1MDkyNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDRiNjJjMjVkZjg2NDIxYTFiN2U2YjRkMTY1NTY3OTI0MzE5OGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxwnczu0Xcs6BpYdqKsooean9VXF
MJScizbb7/W7XuI1oMWnqgKLqqq8JIRz+WIEcSKGoj8K5jdsl/2obNkfTgXZzyUj
r9Ty+85nPx/M/VK9gRXeL8BgXh9liTJMaITAPzHCvJvIJFLP8seQyPyEIfBZF+2/
gIirfsDNEaqZaTMyqMBR/VdEhazsTsVowY9qrqFQx0kT9crW7J1unGY3rG3PHJGW
UpVGJRnjY/oYzvyP8j+soV5St8j/EY3A5/TB9w4bnsVUiNL4+28KIK7vZ8VTmtKI
lA5dYFZ3sx7SBXZOeuMAH6GbEzr8CtOhNk6iKZ2qWtVEhR+u5CdSuHpupQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1LYsJd+GQhobfmtNFlVnkkMZiuMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvX1V0aXdsMzRaQ0dodC1hMDBXVldlU1F4bUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzAsBMA0G
CSqGSIb3DQEBCwUAA4IBAQAgzr87JyZGkn6l8I8Vj4zoXnjsZCT7N1wu++X/tdky
MfbkfGx0w8NzfzLJ6qiPCYaBZlgMVadcgXQmezkTEHjyWLngz+zgIGpMyA3Krz5g
GghgLhBLoPVD3Ce0CoanZL7Z3D9JBvlsCRmcvVFDhvu8+zF5t0AZe8biED7e0TpD
dtX7uAvijUuuLktI/laxIVW+v4TtKtOvFmILpqcmuf238cWFqMPFunhpH7HsIZKK
ADYKcZdTUl+ClvFOqET+UzW0SURLYsXravVJ3mI0ZrFoq3VK8SXvAAElkraJv01w
r6XYr0Vrs1qM78QWz77vrT68GSpXhfTn1X37MkZyVpPh
-----END CERTIFICATE-----