Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/dae290-1b84-4fd0-9072-bd7d3451aa66/1/1-hXvtz1Lj7NBKVN4pTXdrNGBMZ4.roa
File:                     1-hXvtz1Lj7NBKVN4pTXdrNGBMZ4.roa (raw, json)
Hash identifier:          TVN8Ou6VwU/WLku8R7NNgNmOq+30VvurRAmj7/GPxq8=
Subject key identifier:   FA:15:EF:B7:3D:4B:8F:B3:41:29:53:78:A5:35:DD:AC:D1:81:31:9E
Certificate issuer:       /CN=1f456cc5b7ce3c2079f786fec1dfbcb252439941
Certificate serial:       018CC26CF5E2C2D978BD7C8B9FD8DCC628A9
Authority key identifier: 1F:45:6C:C5:B7:CE:3C:20:79:F7:86:FE:C1:DF:BC:B2:52:43:99:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0VsxbfOPCB594b-wd-8slJDmUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/dae290-1b84-4fd0-9072-bd7d3451aa66/1/1-hXvtz1Lj7NBKVN4pTXdrNGBMZ4.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34353
IP address blocks:        193.178.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/dae290-1b84-4fd0-9072-bd7d3451aa66/1/H0VsxbfOPCB594b-wd-8slJDmUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/dae290-1b84-4fd0-9072-bd7d3451aa66/1/H0VsxbfOPCB594b-wd-8slJDmUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0VsxbfOPCB594b-wd-8slJDmUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f5:e2:c2:d9:78:bd:7c:8b:9f:d8:dc:c6:28:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f456cc5b7ce3c2079f786fec1dfbcb252439941
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa15efb73d4b8fb341295378a535ddacd181319e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b7:10:d4:02:aa:ba:64:bb:80:77:5e:a6:b7:
                    9a:47:5e:b7:1f:09:51:f3:c0:5c:96:e4:36:04:71:
                    82:53:34:5a:8f:b3:59:bc:6e:44:52:20:e8:ff:d9:
                    c0:01:fb:65:41:3e:3a:24:8e:06:aa:25:1e:a8:26:
                    64:22:48:13:c6:21:39:45:37:37:9f:00:97:c0:47:
                    9a:1b:40:50:cf:25:3b:31:da:b4:3c:66:b7:2c:0f:
                    a0:b5:3e:b4:fc:89:36:cd:fb:61:90:40:1f:eb:6c:
                    50:54:91:23:72:59:d5:4e:a0:0e:91:e0:8c:97:3b:
                    b6:78:9c:8d:fc:61:2e:ae:9a:bc:9f:b9:44:a8:69:
                    53:36:7f:a9:6e:fe:02:c4:69:6e:7c:17:98:f1:9b:
                    2d:9c:e3:f0:5b:7b:24:c7:08:af:96:c8:3d:5a:41:
                    07:b3:71:fd:4a:1c:e3:60:e2:0e:d5:bf:7e:22:40:
                    df:76:30:11:fb:37:21:86:86:36:1c:c6:95:a0:48:
                    a5:73:6a:5c:1c:02:de:15:ea:1a:52:19:c2:ed:2e:
                    be:e9:cd:7c:e2:d6:be:72:81:3e:a7:4e:72:c4:35:
                    15:1e:81:cb:89:ef:dc:f7:e1:2e:ea:ab:6d:93:43:
                    49:39:7b:8b:f2:c7:69:2e:ab:94:50:56:33:c3:5a:
                    38:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:15:EF:B7:3D:4B:8F:B3:41:29:53:78:A5:35:DD:AC:D1:81:31:9E
            X509v3 Authority Key Identifier:
                keyid:1F:45:6C:C5:B7:CE:3C:20:79:F7:86:FE:C1:DF:BC:B2:52:43:99:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0VsxbfOPCB594b-wd-8slJDmUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/dae290-1b84-4fd0-9072-bd7d3451aa66/1/1-hXvtz1Lj7NBKVN4pTXdrNGBMZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/dae290-1b84-4fd0-9072-bd7d3451aa66/1/H0VsxbfOPCB594b-wd-8slJDmUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:28:31:73:ce:f0:4e:13:00:9c:55:95:11:9b:47:7a:b5:88:
         49:19:05:b3:88:81:7e:d6:d3:05:44:d7:a4:4d:b6:6b:c6:e4:
         50:88:c5:3c:7f:53:8a:78:01:dd:87:04:5d:ae:97:f9:7c:07:
         ff:4e:4b:81:47:84:8e:bc:b2:48:c4:11:ad:6b:41:22:0d:e4:
         a7:21:bd:a2:4e:9b:52:e0:77:65:51:0a:b8:34:57:c9:09:bf:
         ff:ea:b5:2d:2a:88:71:74:4c:70:c9:55:48:df:cd:53:4d:14:
         6c:91:5c:f8:e4:6e:b4:72:f1:10:78:4c:bd:ce:89:94:67:dd:
         5c:35:10:6a:a9:8f:22:df:3b:36:4f:e8:3e:03:9f:86:34:db:
         87:c7:8d:d4:ec:ad:a7:fc:b2:43:1d:22:ed:af:83:cc:37:15:
         ef:ea:d4:01:ff:9e:4d:de:8d:2a:fc:8b:04:d8:f2:a7:d3:a8:
         f2:b2:57:b7:37:8c:be:f9:42:3a:f8:58:b0:cf:9d:c2:b7:d0:
         2d:bf:36:13:29:65:ce:1d:6d:4c:46:ec:be:0d:ff:f5:86:da:
         a2:39:8c:be:7f:6c:48:49:da:b1:4a:51:36:67:99:6a:b5:8e:
         4e:94:d9:0a:5b:39:55:3e:a3:0a:f7:11:19:dc:39:57:e2:8a:
         b5:2c:44:81
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbPXiwtl4vXyLn9jcxiipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDU2Y2M1YjdjZTNjMjA3OWY3ODZmZWMxZGZiY2IyNTI0
Mzk5NDEwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTE1ZWZiNzNkNGI4ZmIzNDEyOTUzNzhhNTM1ZGRhY2QxODEzMTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07cQ1AKqumS7gHdepreaR163HwlR
88BcluQ2BHGCUzRaj7NZvG5EUiDo/9nAAftlQT46JI4GqiUeqCZkIkgTxiE5RTc3
nwCXwEeaG0BQzyU7Mdq0PGa3LA+gtT60/Ik2zfthkEAf62xQVJEjclnVTqAOkeCM
lzu2eJyN/GEurpq8n7lEqGlTNn+pbv4CxGlufBeY8ZstnOPwW3skxwivlsg9WkEH
s3H9ShzjYOIO1b9+IkDfdjAR+zchhoY2HMaVoEilc2pcHALeFeoaUhnC7S6+6c18
4ta+coE+p05yxDUVHoHLie/c9+Eu6qttk0NJOXuL8sdpLquUUFYzw1o4wQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoV77c9S4+zQSlTeKU13azRgTGeMB8GA1UdIwQY
MBaAFB9FbMW3zjwgefeG/sHfvLJSQ5lBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBWc3hiZk9QQ0I1OTRiLXdkLThzbEpEbVVFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9kYWUyOTAtMWI4NC00ZmQwLTkwNzIt
YmQ3ZDM0NTFhYTY2LzEvMS1oWHZ0ejFMajdOQktWTjRwVFhkck5HQk1aNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWUvZGFlMjkwLTFiODQtNGZkMC05MDcyLWJkN2QzNDUxYWE2
Ni8xL0gwVnN4YmZPUENCNTk0Yi13ZC04c2xKRG1VRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMGyjTAN
BgkqhkiG9w0BAQsFAAOCAQEAXigxc87wThMAnFWVEZtHerWISRkFs4iBftbTBUTX
pE22a8bkUIjFPH9TingB3YcEXa6X+XwH/05LgUeEjryySMQRrWtBIg3kpyG9ok6b
UuB3ZVEKuDRXyQm//+q1LSqIcXRMcMlVSN/NU00UbJFc+ORutHLxEHhMvc6JlGfd
XDUQaqmPIt87Nk/oPgOfhjTbh8eN1Oytp/yyQx0i7a+DzDcV7+rUAf+eTd6NKvyL
BNjyp9Oo8rJXtzeMvvlCOvhYsM+dwrfQLb82Eyllzh1tTEbsvg3/9YbaojmMvn9s
SEnasUpRNmeZarWOTpTZCls5VT6jCvcRGdw5V+KKtSxEgQ==
-----END CERTIFICATE-----