Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/t1cpLqBoH5Wf4VI52apT-hbwR9I.roa
File:                     t1cpLqBoH5Wf4VI52apT-hbwR9I.roa (raw, json)
Hash identifier:          1Ixpv3NxS67aP1slViaj9cwBhkbv+sCUGL1L5b/0EqY=
Subject key identifier:   B7:57:29:2E:A0:68:1F:95:9F:E1:52:39:D9:AA:53:FA:16:F0:47:D2
Certificate issuer:       /CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
Certificate serial:       018CC64B6B58144EB1E848DD155360220BA0
Authority key identifier: 9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/t1cpLqBoH5Wf4VI52apT-hbwR9I.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        80.249.208.0/21 maxlen: 21
                          2001:7f8:86::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6b:58:14:4e:b1:e8:48:dd:15:53:60:22:0b:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b757292ea0681f959fe15239d9aa53fa16f047d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9d:61:b3:63:7c:70:90:33:6e:68:e2:40:a0:
                    29:80:a1:8d:77:23:1f:d8:a4:fd:da:09:ec:f7:17:
                    eb:b0:80:e3:45:57:71:0c:e4:ed:03:57:62:fa:f7:
                    5a:19:b1:45:55:ef:70:4e:88:da:43:b9:b9:5b:a4:
                    10:8c:47:07:9a:e9:84:7f:b6:7d:c3:0f:c1:bc:26:
                    1e:a3:84:53:21:7a:9b:3a:f8:b6:d7:d2:a4:33:56:
                    79:ad:8b:22:45:43:b5:57:74:cc:90:48:1d:f3:5a:
                    c9:cc:85:48:49:34:7a:d0:dd:04:11:f5:7b:7f:98:
                    a2:90:1a:a5:0b:d2:bb:b8:f1:80:26:e8:9b:ff:eb:
                    16:ee:73:98:b3:e8:9a:31:54:cc:68:12:fe:d6:2f:
                    23:79:f5:a7:3a:b2:ba:52:86:a4:d3:fd:5b:c1:58:
                    56:76:de:98:ec:40:7a:50:62:a1:96:ef:0b:da:a7:
                    cf:9b:92:e9:9a:76:08:ba:cd:7b:85:4a:da:c5:1f:
                    f8:cf:f6:11:ef:74:64:07:74:b2:d7:0e:5e:63:86:
                    ea:ad:70:0b:e9:7d:ce:14:ba:48:cb:df:5b:fe:30:
                    cb:51:99:c8:74:e2:4e:69:bc:f6:ea:8e:f8:2d:fe:
                    e1:fa:50:96:78:36:1b:34:78:f9:d7:30:71:7b:34:
                    8a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:57:29:2E:A0:68:1F:95:9F:E1:52:39:D9:AA:53:FA:16:F0:47:D2
            X509v3 Authority Key Identifier:
                keyid:9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/t1cpLqBoH5Wf4VI52apT-hbwR9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.249.208.0/21
                IPv6:
                  2001:7f8:86::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:2e:13:bb:d3:f4:7f:8f:83:1a:99:8a:3e:e7:6c:74:ec:ce:
         40:67:7e:4d:c0:cd:a5:75:3d:a3:1a:73:04:c1:d1:20:b8:4e:
         2d:db:ff:c3:4b:1a:f6:bf:69:29:47:59:aa:ae:c7:0d:ee:dd:
         46:92:b4:a0:1b:6c:cb:e7:de:ed:1e:f5:4b:11:09:07:2b:01:
         b8:ae:dc:84:17:ef:2d:b5:dc:e3:bf:f2:0e:b0:0f:fc:09:d0:
         df:e4:c0:09:ff:8a:63:14:c0:4f:a1:b3:ac:5e:1c:c9:c6:91:
         de:36:a5:b0:cd:f3:83:26:d2:0a:b5:21:2b:33:62:57:ba:44:
         18:70:44:cf:11:b4:55:49:76:e5:20:18:9e:d8:ed:81:9d:cf:
         1f:ab:84:3e:ca:53:1d:f0:e3:20:a3:a2:e1:ef:7c:c5:3c:f8:
         f9:03:b2:0c:fa:a7:81:fd:e1:ca:09:da:42:06:08:6a:4d:ba:
         c9:01:d6:3a:89:a0:2c:e6:96:a2:6a:26:32:be:cf:61:e2:1f:
         72:7b:05:39:9f:ca:a4:1f:45:c7:e1:42:c8:5a:a9:3e:be:b6:
         92:f3:82:54:8a:ab:95:a8:26:05:ef:ee:e3:68:4f:66:4c:61:
         11:16:97:b3:bf:dd:f5:7b:3b:55:1e:b6:38:6c:ff:68:36:9e:
         ae:88:93:33
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGS2tYFE6x6EjdFVNgIgugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNmZiNzk1NDE3OWE5NjY2YjRjYjZhZmUzNDZkMWUyMWVj
MzBlNDUwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzU3MjkyZWEwNjgxZjk1OWZlMTUyMzlkOWFhNTNmYTE2ZjA0N2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy51hs2N8cJAzbmjiQKApgKGNdyMf
2KT92gns9xfrsIDjRVdxDOTtA1di+vdaGbFFVe9wTojaQ7m5W6QQjEcHmumEf7Z9
ww/BvCYeo4RTIXqbOvi219KkM1Z5rYsiRUO1V3TMkEgd81rJzIVISTR60N0EEfV7
f5iikBqlC9K7uPGAJuib/+sW7nOYs+iaMVTMaBL+1i8jefWnOrK6Uoak0/1bwVhW
dt6Y7EB6UGKhlu8L2qfPm5LpmnYIus17hUraxR/4z/YR73RkB3Sy1w5eY4bqrXAL
6X3OFLpIy99b/jDLUZnIdOJOabz26o74Lf7h+lCWeDYbNHj51zBxezSKOwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLdXKS6gaB+Vn+FSOdmqU/oW8EfSMB8GA1UdIwQY
MBaAFJ9vt5VBealma0y2r+NG0eIeww5FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYt
NzM1NGE3M2JkYTdlLzEvdDFjcExxQm9INVdmNFZJNTJhcFQtaGJ3UjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYtNzM1NGE3M2JkYTdl
LzEvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDUPnQMA8E
AgACMAkDBwAgAQf4AIYwDQYJKoZIhvcNAQELBQADggEBAGAuE7vT9H+PgxqZij7n
bHTszkBnfk3AzaV1PaMacwTB0SC4Ti3b/8NLGva/aSlHWaquxw3u3UaStKAbbMvn
3u0e9UsRCQcrAbiu3IQX7y213OO/8g6wD/wJ0N/kwAn/imMUwE+hs6xeHMnGkd42
pbDN84Mm0gq1ISszYle6RBhwRM8RtFVJduUgGJ7Y7YGdzx+rhD7KUx3w4yCjouHv
fMU8+PkDsgz6p4H94coJ2kIGCGpNuskB1jqJoCzmlqJqJjK+z2HiH3J7BTmfyqQf
RcfhQshaqT6+tpLzglSKq5WoJgXv7uNoT2ZMYREWl7O/3fV7O1Uetjhs/2g2nq6I
kzM=
-----END CERTIFICATE-----