Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/bbe9ff-2365-49c8-98d6-e71c317a3fa8/1/1-4NIwwTC2DEh8yEiMX9bnL-8nJU.roa
File:                     1-4NIwwTC2DEh8yEiMX9bnL-8nJU.roa (raw, json)
Hash identifier:          3glw2dtSa2BjZYFu35uXiMtz4kDsHCBiN2c4rmVFne4=
Subject key identifier:   FB:83:48:C3:04:C2:D8:31:21:F3:21:22:31:7F:5B:9C:BF:BC:9C:95
Certificate issuer:       /CN=a63075cbb7eb1693ee71bc90e5f73dadc225d91a
Certificate serial:       018CC49320BC38642FE12BBB3695B168059C
Authority key identifier: A6:30:75:CB:B7:EB:16:93:EE:71:BC:90:E5:F7:3D:AD:C2:25:D9:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjB1y7frFpPucbyQ5fc9rcIl2Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/bbe9ff-2365-49c8-98d6-e71c317a3fa8/1/1-4NIwwTC2DEh8yEiMX9bnL-8nJU.roa
Signing time:             Mon 01 Jan 2024 10:30:25 +0000
ROA not before:           Mon 01 Jan 2024 10:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        192.41.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/bbe9ff-2365-49c8-98d6-e71c317a3fa8/1/pjB1y7frFpPucbyQ5fc9rcIl2Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/bbe9ff-2365-49c8-98d6-e71c317a3fa8/1/pjB1y7frFpPucbyQ5fc9rcIl2Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjB1y7frFpPucbyQ5fc9rcIl2Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:20:bc:38:64:2f:e1:2b:bb:36:95:b1:68:05:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63075cbb7eb1693ee71bc90e5f73dadc225d91a
        Validity
            Not Before: Jan  1 10:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb8348c304c2d83121f32122317f5b9cbfbc9c95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:dc:69:8e:40:52:ab:52:6a:05:7f:c6:63:3e:
                    3f:11:c3:81:b2:13:78:cc:4f:52:6d:44:6e:5f:9b:
                    47:91:d2:10:25:de:5d:dd:e0:b7:7f:f0:fc:ec:fc:
                    4f:0e:33:be:9b:20:d7:d7:ee:81:2b:e1:70:8e:12:
                    9c:2b:af:8e:bd:97:25:21:ab:63:92:c8:98:24:b7:
                    02:09:f8:71:5b:a0:1c:98:56:48:a0:92:a7:3a:eb:
                    ee:5d:fb:c1:0c:34:bb:e9:35:24:af:09:d0:c8:91:
                    be:b9:a1:f0:65:0e:6c:7d:0a:10:5b:eb:03:37:e1:
                    28:b4:74:7a:41:2e:4d:c0:e0:da:01:28:b6:17:90:
                    05:ab:1b:5f:a8:40:52:a4:76:7b:8b:84:8c:bb:7e:
                    3c:99:ff:ea:ec:82:42:43:ab:b7:29:c5:77:9c:f4:
                    d6:2d:7c:4e:2d:c0:a8:0a:32:7e:1a:b9:c3:2e:cf:
                    25:d2:85:8d:8d:49:2c:2d:4b:38:2f:30:d0:83:c3:
                    27:27:28:bc:11:84:d3:7b:13:02:de:c9:45:a2:02:
                    a7:7d:b0:7c:05:e7:db:21:cf:b6:7b:be:a5:a7:09:
                    39:32:8d:e7:a5:8e:ca:64:68:9f:f6:6b:13:91:30:
                    9b:e3:d2:4f:6e:ca:87:c1:83:ba:42:39:ef:5b:b0:
                    7a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:83:48:C3:04:C2:D8:31:21:F3:21:22:31:7F:5B:9C:BF:BC:9C:95
            X509v3 Authority Key Identifier:
                keyid:A6:30:75:CB:B7:EB:16:93:EE:71:BC:90:E5:F7:3D:AD:C2:25:D9:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjB1y7frFpPucbyQ5fc9rcIl2Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/bbe9ff-2365-49c8-98d6-e71c317a3fa8/1/1-4NIwwTC2DEh8yEiMX9bnL-8nJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/bbe9ff-2365-49c8-98d6-e71c317a3fa8/1/pjB1y7frFpPucbyQ5fc9rcIl2Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.41.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:40:96:e0:33:c5:f9:60:b1:f4:4c:6c:36:24:9e:8a:65:a5:
         5f:26:a8:2a:93:56:36:cc:11:7d:94:2b:69:91:0d:53:ec:09:
         a5:78:5e:10:0c:7a:93:fe:dd:aa:46:81:10:be:e8:08:ad:dc:
         26:01:55:15:d4:67:3f:16:b5:8e:6e:c5:e9:ce:af:d1:5a:d0:
         05:16:0e:57:a5:d3:1f:86:50:7c:1e:f9:ef:ce:61:43:2f:46:
         04:bf:12:b6:83:64:e1:d3:e3:32:8d:51:f6:64:82:f1:4b:a5:
         11:74:81:ba:9a:b1:2c:e5:89:79:19:19:af:87:83:8b:55:b9:
         b6:63:42:76:27:9a:2e:46:88:42:8a:a6:88:74:00:70:5a:f1:
         95:08:2e:10:6b:1f:db:7e:80:54:09:8d:de:2c:ab:ea:36:98:
         94:d8:5c:cd:13:20:d2:71:2e:c2:a2:e1:32:17:94:9e:92:ed:
         70:75:90:bc:fe:06:4d:52:33:fc:ed:f3:c7:12:e2:fa:a6:eb:
         1f:f4:dd:8e:85:5e:ff:68:0b:be:36:5f:85:66:b2:3b:fe:6a:
         ac:d5:94:fb:eb:c9:d0:98:ef:b6:ee:e4:ba:53:60:db:e8:e8:
         b8:d7:d9:0e:c9:31:28:5e:f0:7f:56:4f:88:d2:54:3a:82:77:
         e9:a5:43:52
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkyC8OGQv4Su7NpWxaAWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MzA3NWNiYjdlYjE2OTNlZTcxYmM5MGU1ZjczZGFkYzIy
NWQ5MWEwHhcNMjQwMTAxMTAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjgzNDhjMzA0YzJkODMxMjFmMzIxMjIzMTdmNWI5Y2JmYmM5Yzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdxpjkBSq1JqBX/GYz4/EcOBshN4
zE9SbURuX5tHkdIQJd5d3eC3f/D87PxPDjO+myDX1+6BK+FwjhKcK6+OvZclIatj
ksiYJLcCCfhxW6AcmFZIoJKnOuvuXfvBDDS76TUkrwnQyJG+uaHwZQ5sfQoQW+sD
N+EotHR6QS5NwODaASi2F5AFqxtfqEBSpHZ7i4SMu348mf/q7IJCQ6u3KcV3nPTW
LXxOLcCoCjJ+GrnDLs8l0oWNjUksLUs4LzDQg8MnJyi8EYTTexMC3slFogKnfbB8
BefbIc+2e76lpwk5Mo3npY7KZGif9msTkTCb49JPbsqHwYO6QjnvW7B6CwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuDSMMEwtgxIfMhIjF/W5y/vJyVMB8GA1UdIwQY
MBaAFKYwdcu36xaT7nG8kOX3Pa3CJdkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpCMXk3ZnJGcFB1Y2J5UTVmYzlyY0lsMlJvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iYmU5ZmYtMjM2NS00OWM4LTk4ZDYt
ZTcxYzMxN2EzZmE4LzEvMS00Tkl3d1RDMkRFaDh5RWlNWDlibkwtOG5KVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjIvYmJlOWZmLTIzNjUtNDljOC05OGQ2LWU3MWMzMTdhM2Zh
OC8xL3BqQjF5N2ZyRnBQdWNieVE1ZmM5cmNJbDJSby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMAp2jAN
BgkqhkiG9w0BAQsFAAOCAQEAgkCW4DPF+WCx9ExsNiSeimWlXyaoKpNWNswRfZQr
aZENU+wJpXheEAx6k/7dqkaBEL7oCK3cJgFVFdRnPxa1jm7F6c6v0VrQBRYOV6XT
H4ZQfB75785hQy9GBL8StoNk4dPjMo1R9mSC8UulEXSBupqxLOWJeRkZr4eDi1W5
tmNCdieaLkaIQoqmiHQAcFrxlQguEGsf236AVAmN3iyr6jaYlNhczRMg0nEuwqLh
MheUnpLtcHWQvP4GTVIz/O3zxxLi+qbrH/TdjoVe/2gLvjZfhWayO/5qrNWU++vJ
0Jjvtu7kulNg2+jouNfZDskxKF7wf1ZPiNJUOoJ36aVDUg==
-----END CERTIFICATE-----