Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/5w1oMxMjUeI2ZWvzohto48DY_i4.roa
File:                     5w1oMxMjUeI2ZWvzohto48DY_i4.roa (raw, json)
Hash identifier:          VjxQKpX8ET8ZG+FV8pzl5RZR3DAP8fBqLS/ANHLrmko=
Subject key identifier:   E7:0D:68:33:13:23:51:E2:36:65:6B:F3:A2:1B:68:E3:C0:D8:FE:2E
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018D224964866D85608610F477036300F617
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/5w1oMxMjUeI2ZWvzohto48DY_i4.roa
Signing time:             Fri 19 Jan 2024 15:14:11 +0000
ROA not before:           Fri 19 Jan 2024 15:14:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:280:3004::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:22:49:64:86:6d:85:60:86:10:f4:77:03:63:00:f6:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan 19 15:14:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e70d6833132351e236656bf3a21b68e3c0d8fe2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d9:4e:fe:5d:9f:e8:6b:73:29:ea:d3:ea:0f:
                    1e:0a:6c:da:51:38:8a:8a:f9:d4:f6:7c:1f:5d:67:
                    d0:41:c0:bc:ae:ae:19:65:ee:20:4c:36:4b:b8:d4:
                    98:86:c4:fa:f8:53:c6:d6:14:1a:7f:9a:8b:15:fd:
                    81:7a:73:88:e2:71:86:cb:1b:fe:b8:c0:60:8a:2d:
                    74:27:1e:ae:e6:9b:10:3b:68:fe:c5:d4:bc:b0:f9:
                    79:f2:77:0c:29:05:73:0f:76:fa:47:98:b7:f4:01:
                    9d:d7:45:51:e1:e2:5e:f2:07:c1:43:65:8c:dd:8f:
                    30:83:90:bf:78:f6:18:00:df:04:c1:65:83:c1:50:
                    5d:ca:ec:25:38:3e:89:c1:24:4b:e0:2a:77:62:ba:
                    06:a5:38:63:6f:6d:7a:53:94:cd:ec:fa:a2:84:c1:
                    b3:82:1a:8a:3f:e0:e4:e6:9c:63:7c:5d:60:bb:ac:
                    e0:ee:b1:30:de:75:cc:14:4c:40:4c:0d:34:13:c6:
                    96:4d:9f:31:8f:0b:61:4f:08:35:11:6f:05:64:f7:
                    9d:40:91:dc:3a:38:58:db:eb:3c:99:38:fc:f7:de:
                    a1:dd:54:df:88:f1:37:bd:9b:0e:a5:69:81:26:e8:
                    9e:1f:98:81:30:77:d8:2c:a0:71:7f:e5:b0:a6:79:
                    d7:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:0D:68:33:13:23:51:E2:36:65:6B:F3:A2:1B:68:E3:C0:D8:FE:2E
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/5w1oMxMjUeI2ZWvzohto48DY_i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3004::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:55:7e:42:2c:84:c4:d7:a2:a1:1c:12:61:8b:2a:73:1b:a8:
         83:82:8f:da:46:9c:2d:0d:28:a3:08:67:68:6b:f7:68:23:6e:
         12:95:cb:f6:3c:82:95:71:b6:30:e5:14:01:21:ab:19:16:20:
         ea:24:f7:cc:f8:77:4e:69:cc:7d:dd:e7:6f:ec:97:4e:28:e6:
         c1:db:f2:66:4e:cb:e4:2d:cf:8f:f3:e5:8a:e6:2f:4c:5c:62:
         bf:78:35:1e:fd:29:a2:f0:db:51:c9:02:1a:a2:77:04:d4:7d:
         8c:08:72:ed:f8:9e:03:da:ed:82:04:3d:11:1c:d9:d6:a9:1b:
         4f:ad:89:24:80:1e:aa:7a:a2:4f:80:9a:16:41:1f:6f:e8:49:
         43:1f:67:33:c3:4a:7b:7a:d2:fb:5f:68:c2:dc:19:19:93:f4:
         79:b3:ee:41:ec:72:d2:a2:4e:51:01:7d:4e:0a:9c:95:9f:30:
         1e:07:05:45:32:f5:bd:f2:85:10:c6:cb:19:12:58:8c:8c:17:
         d3:bd:11:ca:db:9a:a8:04:17:73:8e:74:01:81:3d:c9:70:ff:
         e7:05:91:52:42:dc:53:2c:1a:21:df:01:b7:89:bd:fa:15:22:
         24:a1:ea:da:20:de:b5:01:aa:43:c1:d8:1a:10:e5:e9:82:64:
         c7:6f:a2:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0iSWSGbYVghhD0dwNjAPYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTE5MTUxNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzBkNjgzMzEzMjM1MWUyMzY2NTZiZjNhMjFiNjhlM2MwZDhmZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdlO/l2f6GtzKerT6g8eCmzaUTiK
ivnU9nwfXWfQQcC8rq4ZZe4gTDZLuNSYhsT6+FPG1hQaf5qLFf2BenOI4nGGyxv+
uMBgii10Jx6u5psQO2j+xdS8sPl58ncMKQVzD3b6R5i39AGd10VR4eJe8gfBQ2WM
3Y8wg5C/ePYYAN8EwWWDwVBdyuwlOD6JwSRL4Cp3YroGpThjb216U5TN7PqihMGz
ghqKP+Dk5pxjfF1gu6zg7rEw3nXMFExATA00E8aWTZ8xjwthTwg1EW8FZPedQJHc
OjhY2+s8mTj8996h3VTfiPE3vZsOpWmBJuieH5iBMHfYLKBxf+WwpnnXbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOcNaDMTI1HiNmVr86IbaOPA2P4uMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvNXcxb014TWpVZUkyWld2em9odG80OERZX2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgoCgDAE
MA0GCSqGSIb3DQEBCwUAA4IBAQAyVX5CLITE16KhHBJhiypzG6iDgo/aRpwtDSij
CGdoa/doI24Slcv2PIKVcbYw5RQBIasZFiDqJPfM+HdOacx93edv7JdOKObB2/Jm
TsvkLc+P8+WK5i9MXGK/eDUe/Smi8NtRyQIaoncE1H2MCHLt+J4D2u2CBD0RHNnW
qRtPrYkkgB6qeqJPgJoWQR9v6ElDH2czw0p7etL7X2jC3BkZk/R5s+5B7HLSok5R
AX1OCpyVnzAeBwVFMvW98oUQxssZEliMjBfTvRHK25qoBBdzjnQBgT3JcP/nBZFS
QtxTLBoh3wG3ib36FSIkoeraIN61AapDwdgaEOXpgmTHb6JJ
-----END CERTIFICATE-----