Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/cxLRTbU3CWgMqZrPKtwz01kZBzk.roa
File:                     cxLRTbU3CWgMqZrPKtwz01kZBzk.roa (raw, json)
Hash identifier:          gn5UCzYjpiB6OzT05mw9GV1TtS9r2XbkMuWEnQSxZuI=
Subject key identifier:   73:12:D1:4D:B5:37:09:68:0C:A9:9A:CF:2A:DC:33:D3:59:19:07:39
Certificate issuer:       /CN=01d1a1353f7f8b505fc98750e86787f4e046432e
Certificate serial:       018D300F1705C85917510EA8FA8AF342C35E
Authority key identifier: 01:D1:A1:35:3F:7F:8B:50:5F:C9:87:50:E8:67:87:F4:E0:46:43:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/cxLRTbU3CWgMqZrPKtwz01kZBzk.roa
Signing time:             Mon 22 Jan 2024 07:25:11 +0000
ROA not before:           Mon 22 Jan 2024 07:25:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15717
IP address blocks:        213.30.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:30:0f:17:05:c8:59:17:51:0e:a8:fa:8a:f3:42:c3:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d1a1353f7f8b505fc98750e86787f4e046432e
        Validity
            Not Before: Jan 22 07:25:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7312d14db53709680ca99acf2adc33d359190739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c9:8e:90:bd:6e:79:bf:04:71:3e:cc:b5:a1:
                    c9:27:e0:0d:b5:9b:7e:30:a8:95:12:f7:77:15:4e:
                    a4:7d:fb:2e:4e:96:b5:08:af:66:43:d8:aa:dc:85:
                    27:62:5b:d2:62:d8:39:3d:8b:81:4b:05:6c:bb:ab:
                    0d:27:60:a7:ce:76:56:a7:6a:e5:ae:ce:2d:bb:3c:
                    5c:01:36:93:b8:0f:bd:44:64:5b:a7:61:e9:30:57:
                    37:ed:5a:d1:4b:84:ee:f0:41:82:33:a2:a5:39:c7:
                    83:1f:b9:18:23:f9:59:72:ca:c5:fe:63:2a:99:c2:
                    28:65:53:70:93:fc:6f:6e:d9:f6:7e:45:f2:58:42:
                    59:2b:c1:f0:a2:3f:67:90:06:9e:c7:e9:12:09:05:
                    3c:1d:2f:47:dd:31:ee:ec:6f:0d:28:77:92:cc:b3:
                    bc:e9:a1:bf:b6:14:1a:50:33:a3:61:03:86:a3:bc:
                    ed:8e:24:2b:e5:4c:70:a6:57:74:f7:54:55:a0:aa:
                    3a:bf:e3:20:7c:02:fe:6c:2b:e8:17:b8:15:6d:bd:
                    76:d3:15:b7:08:12:ba:a7:1e:77:c3:72:9e:e4:18:
                    88:c5:1a:35:33:4d:a6:0b:e8:54:04:94:3b:0d:a8:
                    b6:9a:0b:04:45:bb:a9:27:2b:79:3d:94:4d:74:41:
                    1c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:12:D1:4D:B5:37:09:68:0C:A9:9A:CF:2A:DC:33:D3:59:19:07:39
            X509v3 Authority Key Identifier:
                keyid:01:D1:A1:35:3F:7F:8B:50:5F:C9:87:50:E8:67:87:F4:E0:46:43:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/cxLRTbU3CWgMqZrPKtwz01kZBzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/b1393d-cca8-4a97-81aa-643a4159ab46/1/AdGhNT9_i1BfyYdQ6GeH9OBGQy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.30.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:0a:90:6f:ae:b3:62:27:f9:58:d7:05:9a:b4:0e:97:71:e9:
         4a:08:bd:71:64:93:14:eb:e9:c3:4c:56:ff:a0:6b:8f:97:fa:
         b0:c9:ca:5d:e3:98:75:63:1b:95:d9:9f:29:c8:1d:bd:e5:91:
         8d:fb:11:da:81:45:ad:3f:74:c9:68:67:7e:64:6e:95:e4:64:
         22:b7:03:e3:c9:aa:8a:31:4c:ea:af:98:c1:1f:e4:03:d5:cd:
         aa:ae:2a:ea:e0:17:ad:f1:ee:9e:82:5c:8d:a8:6c:fb:41:d3:
         58:f2:77:22:7d:1e:de:8b:e9:90:f4:a4:19:48:60:76:b3:a1:
         2f:cb:79:cf:58:d7:c1:99:a5:a3:e5:64:bb:ba:91:61:e9:58:
         68:b9:03:42:1f:31:88:7d:bd:85:44:43:0b:5d:54:d7:e6:0d:
         ce:b9:1d:75:78:fa:cb:a4:34:0c:50:a4:85:1b:18:eb:c8:23:
         0b:03:ac:b3:c8:e8:0d:52:9c:38:fc:f2:f7:86:92:28:3e:14:
         a2:00:52:76:3d:85:96:87:3c:1f:29:27:59:06:48:a6:3d:e9:
         0a:6f:3e:8f:69:4e:3d:d5:90:97:68:fe:ce:0d:e0:02:81:d3:
         b7:11:c5:5b:63:09:86:ab:67:d0:f1:33:32:52:ed:37:8c:0b:
         08:fd:20:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0wDxcFyFkXUQ6o+orzQsNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDFhMTM1M2Y3ZjhiNTA1ZmM5ODc1MGU4Njc4N2Y0ZTA0
NjQzMmUwHhcNMjQwMTIyMDcyNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzEyZDE0ZGI1MzcwOTY4MGNhOTlhY2YyYWRjMzNkMzU5MTkwNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsmOkL1ueb8EcT7MtaHJJ+ANtZt+
MKiVEvd3FU6kffsuTpa1CK9mQ9iq3IUnYlvSYtg5PYuBSwVsu6sNJ2CnznZWp2rl
rs4tuzxcATaTuA+9RGRbp2HpMFc37VrRS4Tu8EGCM6KlOceDH7kYI/lZcsrF/mMq
mcIoZVNwk/xvbtn2fkXyWEJZK8Hwoj9nkAaex+kSCQU8HS9H3THu7G8NKHeSzLO8
6aG/thQaUDOjYQOGo7ztjiQr5Uxwpld091RVoKo6v+MgfAL+bCvoF7gVbb120xW3
CBK6px53w3Ke5BiIxRo1M02mC+hUBJQ7Dai2mgsERbupJyt5PZRNdEEcBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMS0U21NwloDKmazyrcM9NZGQc5MB8GA1UdIwQY
MBaAFAHRoTU/f4tQX8mHUOhnh/TgRkMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRHaE5UOV9pMUJmeVlkUTZHZUg5T0JHUXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9iMTM5M2QtY2NhOC00YTk3LTgxYWEt
NjQzYTQxNTlhYjQ2LzEvY3hMUlRiVTNDV2dNcVpyUEt0d3owMWtaQnprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9iMTM5M2QtY2NhOC00YTk3LTgxYWEtNjQzYTQxNTlhYjQ2
LzEvQWRHaE5UOV9pMUJmeVlkUTZHZUg5T0JHUXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1R7AMA0G
CSqGSIb3DQEBCwUAA4IBAQBrCpBvrrNiJ/lY1wWatA6XcelKCL1xZJMU6+nDTFb/
oGuPl/qwycpd45h1YxuV2Z8pyB295ZGN+xHagUWtP3TJaGd+ZG6V5GQitwPjyaqK
MUzqr5jBH+QD1c2qrirq4Bet8e6eglyNqGz7QdNY8ncifR7ei+mQ9KQZSGB2s6Ev
y3nPWNfBmaWj5WS7upFh6VhouQNCHzGIfb2FREMLXVTX5g3OuR11ePrLpDQMUKSF
GxjryCMLA6yzyOgNUpw4/PL3hpIoPhSiAFJ2PYWWhzwfKSdZBkimPekKbz6PaU49
1ZCXaP7ODeACgdO3EcVbYwmGq2fQ8TMyUu03jAsI/SDn
-----END CERTIFICATE-----