Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/0547bb-4408-491e-90a0-fa709a23ac74/1/1IL4FQPh0sje1jXpEAbVVjA0BMs.roa
File:                     1IL4FQPh0sje1jXpEAbVVjA0BMs.roa (raw, json)
Hash identifier:          cG17JIXSyEa9z1vyq9CS6QAEkgpJrLPa48WPqp8G4Y4=
Subject key identifier:   D4:82:F8:15:03:E1:D2:C8:DE:D6:35:E9:10:06:D5:56:30:34:04:CB
Certificate issuer:       /CN=93fe8a95e5529d78e72047d4e35d1a7e9ad5c11a
Certificate serial:       018CC9BC40B743C66EA682155EE1F60CED75
Authority key identifier: 93:FE:8A:95:E5:52:9D:78:E7:20:47:D4:E3:5D:1A:7E:9A:D5:C1:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k_6KleVSnXjnIEfU410afprVwRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/0547bb-4408-491e-90a0-fa709a23ac74/1/1IL4FQPh0sje1jXpEAbVVjA0BMs.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62336
IP address blocks:        185.193.44.0/24 maxlen: 24
                          212.122.128.0/19 maxlen: 19
                          2a10:fcc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/0547bb-4408-491e-90a0-fa709a23ac74/1/k_6KleVSnXjnIEfU410afprVwRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/0547bb-4408-491e-90a0-fa709a23ac74/1/k_6KleVSnXjnIEfU410afprVwRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k_6KleVSnXjnIEfU410afprVwRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:40:b7:43:c6:6e:a6:82:15:5e:e1:f6:0c:ed:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93fe8a95e5529d78e72047d4e35d1a7e9ad5c11a
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d482f81503e1d2c8ded635e91006d556303404cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:72:9e:d8:3e:16:21:24:b8:68:10:c2:09:d9:
                    6a:9f:3c:b8:f6:0f:19:d7:5d:fb:00:75:a0:05:83:
                    cd:24:63:09:06:f8:9f:4c:d5:3f:64:18:82:74:22:
                    f6:ff:4d:06:8e:bd:b9:d9:68:de:ae:f5:62:2f:57:
                    03:97:62:45:bd:30:b6:e7:f2:ee:fc:3b:e9:3a:ab:
                    3f:93:10:92:30:98:7d:5b:98:c8:30:fe:0c:bb:d8:
                    e9:f4:d3:d3:b0:0e:16:04:f2:05:ef:df:2e:b7:ee:
                    77:c2:9c:f5:71:bd:1c:db:f0:5d:a0:f3:1d:57:50:
                    63:db:3c:ff:d6:03:87:75:f6:9d:17:47:65:f0:5e:
                    a1:3c:99:82:e0:a3:63:f0:a2:d6:3e:3f:df:35:df:
                    00:ff:ff:6f:4a:9e:c2:c9:87:2e:ce:32:31:8f:73:
                    6d:42:12:53:f1:c0:d9:f8:18:19:7c:10:9b:37:9e:
                    44:e6:50:11:73:35:6e:46:42:0b:60:6e:c4:0c:b7:
                    fc:5f:f6:66:e9:50:77:3a:70:2c:a3:35:85:8f:66:
                    a6:2b:c5:c1:af:14:75:03:43:f7:53:d3:13:a9:a7:
                    1d:8a:c0:5d:47:61:f4:8e:6c:76:c1:0f:fc:84:26:
                    33:6b:34:2b:b0:fd:af:69:00:7b:13:ee:e6:47:d1:
                    12:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:82:F8:15:03:E1:D2:C8:DE:D6:35:E9:10:06:D5:56:30:34:04:CB
            X509v3 Authority Key Identifier:
                keyid:93:FE:8A:95:E5:52:9D:78:E7:20:47:D4:E3:5D:1A:7E:9A:D5:C1:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k_6KleVSnXjnIEfU410afprVwRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/0547bb-4408-491e-90a0-fa709a23ac74/1/1IL4FQPh0sje1jXpEAbVVjA0BMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/0547bb-4408-491e-90a0-fa709a23ac74/1/k_6KleVSnXjnIEfU410afprVwRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.44.0/24
                  212.122.128.0/19
                IPv6:
                  2a10:fcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:4b:0f:f6:13:02:3b:e7:00:16:85:bc:53:d8:0d:5d:b6:c7:
         e4:5f:2f:a5:40:69:a5:a0:7a:ba:10:e7:59:87:c4:da:c6:18:
         ea:94:4b:59:18:9a:fe:63:04:d7:34:03:8c:60:41:93:21:d2:
         b4:e0:3d:db:18:f1:62:b6:af:d3:44:aa:57:ab:b2:43:b3:87:
         ae:a9:97:cb:9d:ad:52:0c:a0:87:71:8c:26:4e:a1:1c:27:5d:
         5d:cd:ae:c1:3e:a6:e0:3e:f9:03:91:78:d9:17:e7:bd:37:0c:
         7c:c9:6a:d9:09:47:1d:2c:3e:ce:a6:68:ee:31:dd:ff:35:03:
         03:73:0f:2a:01:2f:45:c2:80:d7:aa:99:06:b6:e3:02:b0:28:
         47:52:f4:15:65:0b:fa:23:2c:4a:75:3f:6d:0f:c0:20:15:b6:
         aa:bc:a4:cf:1f:17:7f:1d:0e:a1:4c:4e:95:f2:f3:2c:22:0b:
         5b:6e:3f:b6:06:8b:42:4a:58:54:bf:e2:5e:01:b6:4c:9b:74:
         b0:5f:69:58:33:24:dd:81:29:ed:de:30:54:53:7b:d1:b6:29:
         92:8e:98:76:bc:6f:ea:31:c9:db:1c:19:79:a8:b0:76:4e:e9:
         0b:6e:90:e6:84:9c:aa:36:1a:be:e9:54:a2:93:23:e7:9f:82:
         c6:13:ac:61
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJvEC3Q8ZupoIVXuH2DO11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZmU4YTk1ZTU1MjlkNzhlNzIwNDdkNGUzNWQxYTdlOWFk
NWMxMWEwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDgyZjgxNTAzZTFkMmM4ZGVkNjM1ZTkxMDA2ZDU1NjMwMzQwNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3Ke2D4WISS4aBDCCdlqnzy49g8Z
1137AHWgBYPNJGMJBvifTNU/ZBiCdCL2/00Gjr252WjervViL1cDl2JFvTC25/Lu
/DvpOqs/kxCSMJh9W5jIMP4Mu9jp9NPTsA4WBPIF798ut+53wpz1cb0c2/BdoPMd
V1Bj2zz/1gOHdfadF0dl8F6hPJmC4KNj8KLWPj/fNd8A//9vSp7CyYcuzjIxj3Nt
QhJT8cDZ+BgZfBCbN55E5lARczVuRkILYG7EDLf8X/Zm6VB3OnAsozWFj2amK8XB
rxR1A0P3U9MTqacdisBdR2H0jmx2wQ/8hCYzazQrsP2vaQB7E+7mR9ESgQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNSC+BUD4dLI3tY16RAG1VYwNATLMB8GA1UdIwQY
MBaAFJP+ipXlUp145yBH1ONdGn6a1cEaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva182S2xlVlNuWGpuSUVmVTQxMGFmcHJWd1JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8wNTQ3YmItNDQwOC00OTFlLTkwYTAt
ZmE3MDlhMjNhYzc0LzEvMUlMNEZRUGgwc2plMWpYcEVBYlZWakEwQk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8wNTQ3YmItNDQwOC00OTFlLTkwYTAtZmE3MDlhMjNhYzc0
LzEva182S2xlVlNuWGpuSUVmVTQxMGFmcHJWd1JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAucEsAwQF
1HqAMA0EAgACMAcDBQMqEPzAMA0GCSqGSIb3DQEBCwUAA4IBAQCISw/2EwI75wAW
hbxT2A1dtsfkXy+lQGmloHq6EOdZh8TaxhjqlEtZGJr+YwTXNAOMYEGTIdK04D3b
GPFitq/TRKpXq7JDs4euqZfLna1SDKCHcYwmTqEcJ11dza7BPqbgPvkDkXjZF+e9
Nwx8yWrZCUcdLD7OpmjuMd3/NQMDcw8qAS9FwoDXqpkGtuMCsChHUvQVZQv6IyxK
dT9tD8AgFbaqvKTPHxd/HQ6hTE6V8vMsIgtbbj+2BotCSlhUv+JeAbZMm3SwX2lY
MyTdgSnt3jBUU3vRtimSjph2vG/qMcnbHBl5qLB2TukLbpDmhJyqNhq+6VSikyPn
n4LGE6xh
-----END CERTIFICATE-----