Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/If1TwXAmqS70IioqFOMyj_DnQLA.roa
File:                     If1TwXAmqS70IioqFOMyj_DnQLA.roa (raw, json)
Hash identifier:          Q2AoBanNHV9aLn40MlojBtlsCQypziSS9O4AnN83hZc=
Subject key identifier:   21:FD:53:C1:70:26:A9:2E:F4:22:2A:2A:14:E3:32:8F:F0:E7:40:B0
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0E89C68BA170AE42A01E8C52E936
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/If1TwXAmqS70IioqFOMyj_DnQLA.roa
Signing time:             Tue 02 Jan 2024 08:31:59 +0000
ROA not before:           Tue 02 Jan 2024 08:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216343
IP address blocks:        2a0a:280:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 09:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0e:89:c6:8b:a1:70:ae:42:a0:1e:8c:52:e9:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21fd53c17026a92ef4222a2a14e3328ff0e740b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:19:9d:6a:13:b6:f4:60:82:c6:5b:76:7c:14:
                    56:46:f4:bf:f5:d3:40:1a:28:c0:1f:9c:fd:3d:7e:
                    fb:ff:83:d4:4b:c4:ed:03:1c:f6:4c:22:61:04:b5:
                    21:66:ee:be:69:6c:10:ad:64:4e:ce:55:b6:cc:88:
                    d7:25:54:6f:89:10:0a:9e:db:3d:51:9b:bd:f5:fa:
                    2d:b4:38:a1:a8:c1:41:10:74:18:b5:f3:6e:71:5e:
                    7d:ab:7f:8f:52:bc:a8:63:9c:fd:98:63:15:1a:da:
                    f0:66:62:fc:1c:83:e6:19:4a:df:98:db:bb:34:b3:
                    b2:b6:0a:51:90:35:d1:18:52:b1:78:98:86:7a:9f:
                    99:90:85:20:76:43:61:05:6f:28:3c:54:34:48:bb:
                    86:43:72:15:af:d2:94:e4:b5:88:fb:bf:66:e4:5b:
                    b8:25:ab:1a:cd:78:12:0b:5f:da:0c:d5:fe:67:9c:
                    d0:89:b0:bd:65:9b:f9:54:ee:47:52:ea:1b:87:82:
                    b6:57:cf:a4:0e:25:a5:9f:55:c0:f6:0a:b8:ab:68:
                    fc:65:83:99:f3:d8:8f:42:08:0a:ad:cc:77:09:8d:
                    e8:46:84:3d:5f:a5:24:fd:bc:4a:d9:4f:e3:cb:dc:
                    1c:8e:f8:6c:d1:39:fe:b4:66:fc:b6:4e:31:c7:9c:
                    44:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FD:53:C1:70:26:A9:2E:F4:22:2A:2A:14:E3:32:8F:F0:E7:40:B0
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/If1TwXAmqS70IioqFOMyj_DnQLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         2f:75:a6:38:00:69:2e:00:a3:f6:81:49:a7:1a:0f:0f:d5:85:
         46:09:94:f8:d7:b7:b5:8c:99:01:34:c7:4c:e4:3c:08:6a:97:
         c6:c7:8d:3d:65:14:6a:d5:67:f4:4c:22:73:21:d7:44:10:d3:
         7c:1a:d8:2d:80:aa:67:0f:f6:be:53:20:29:d8:2d:ca:40:fa:
         58:a0:1b:cd:84:37:d3:b8:85:fd:f2:d3:5b:c0:95:ce:cb:69:
         d3:e0:22:80:a3:f3:91:3b:18:5a:d5:4e:20:08:24:d4:3c:78:
         73:9b:62:aa:d7:86:31:69:76:8e:6f:7e:a9:04:3f:a4:d1:e5:
         2f:0a:4f:09:e6:53:1a:41:ea:00:75:c7:64:6c:da:47:63:be:
         ed:21:58:5a:7d:ac:22:74:00:b9:e1:2a:4b:17:00:cb:c6:c0:
         5e:53:dc:98:5b:e2:72:38:04:e8:6d:19:84:b6:18:77:04:30:
         5f:df:e2:45:bf:e4:ed:d5:94:cf:47:56:da:fe:fa:47:a5:10:
         7e:9e:06:ea:16:04:79:f6:3d:47:c9:38:55:f9:12:53:ac:f6:
         42:30:e7:16:16:8e:c1:71:83:c1:ce:b7:03:ea:0f:2e:81:9b:
         d5:5b:8c:3f:08:2a:18:29:73:f1:63:f7:90:b5:35:b7:ce:59:
         b8:b8:26:77
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQ6JxouhcK5CoB6MUuk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWZkNTNjMTcwMjZhOTJlZjQyMjJhMmExNGUzMzI4ZmYwZTc0MGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxmdahO29GCCxlt2fBRWRvS/9dNA
GijAH5z9PX77/4PUS8TtAxz2TCJhBLUhZu6+aWwQrWROzlW2zIjXJVRviRAKnts9
UZu99fottDihqMFBEHQYtfNucV59q3+PUryoY5z9mGMVGtrwZmL8HIPmGUrfmNu7
NLOytgpRkDXRGFKxeJiGep+ZkIUgdkNhBW8oPFQ0SLuGQ3IVr9KU5LWI+79m5Fu4
JasazXgSC1/aDNX+Z5zQibC9ZZv5VO5HUuobh4K2V8+kDiWln1XA9gq4q2j8ZYOZ
89iPQggKrcx3CY3oRoQ9X6Uk/bxK2U/jy9wcjvhs0Tn+tGb8tk4xx5xEAwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCH9U8FwJqku9CIqKhTjMo/w50CwMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvSWYxVHdYQW1xUzcwSWlvcUZPTXlqX0RuUUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBAw
DQYJKoZIhvcNAQELBQADggEBAC91pjgAaS4Ao/aBSacaDw/VhUYJlPjXt7WMmQE0
x0zkPAhql8bHjT1lFGrVZ/RMInMh10QQ03wa2C2AqmcP9r5TICnYLcpA+ligG82E
N9O4hf3y01vAlc7LadPgIoCj85E7GFrVTiAIJNQ8eHObYqrXhjFpdo5vfqkEP6TR
5S8KTwnmUxpB6gB1x2Rs2kdjvu0hWFp9rCJ0ALnhKksXAMvGwF5T3Jhb4nI4BOht
GYS2GHcEMF/f4kW/5O3VlM9HVtr++kelEH6eBuoWBHn2PUfJOFX5ElOs9kIw5xYW
jsFxg8HOtwPqDy6Bm9VbjD8IKhgpc/Fj95C1NbfOWbi4Jnc=
-----END CERTIFICATE-----