Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/NI1hEVhxea_n_WytovI8NViIMtM.roa
File:                     NI1hEVhxea_n_WytovI8NViIMtM.roa (raw, json)
Hash identifier:          LvZH/ZAprTTHxsDney9mSNk6X2i+NNkFrZJOL4fmy3U=
Subject key identifier:   34:8D:61:11:58:71:79:AF:E7:FD:6C:AD:A2:F2:3C:35:58:88:32:D3
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0BA6608B50E8DD9F0EC977DBA631
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/NI1hEVhxea_n_WytovI8NViIMtM.roa
Signing time:             Tue 02 Jan 2024 08:31:58 +0000
ROA not before:           Tue 02 Jan 2024 08:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204829
IP address blocks:        2a0a:280:2400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 15:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0b:a6:60:8b:50:e8:dd:9f:0e:c9:77:db:a6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=348d6111587179afe7fd6cada2f23c35588832d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ee:1f:fe:b7:91:a4:7f:dd:c7:88:b9:b7:c9:
                    fb:90:09:53:6f:55:29:44:2e:74:ea:e6:36:22:d0:
                    70:1b:66:af:d5:e3:a7:3d:80:e9:84:22:3e:87:ad:
                    9c:d9:07:46:12:6f:ad:3b:48:c8:e9:ea:e1:8f:da:
                    00:39:61:23:2b:d0:04:f1:53:40:50:81:cb:08:05:
                    0a:e1:8f:f8:40:38:0e:34:bd:5a:e2:6c:31:e3:42:
                    53:b5:79:e9:6b:7d:c0:48:89:b2:78:01:2c:1d:5d:
                    c9:87:7c:20:63:dd:57:54:0e:06:5a:58:e9:ee:ad:
                    76:ae:a6:3e:71:cf:13:4e:90:f1:ca:df:2e:da:1e:
                    af:6e:01:4b:6a:1a:4e:e8:e1:b5:6e:ba:8f:58:a2:
                    65:96:4c:80:ad:6d:c5:14:6f:a5:70:f1:00:bc:25:
                    49:f5:26:4e:ba:4f:92:9f:bf:e5:5f:94:e4:d0:9d:
                    26:00:78:fb:87:2a:74:45:dc:11:24:6a:f0:e6:37:
                    77:bc:79:96:89:ec:93:ae:78:44:b2:6a:d9:1b:b5:
                    e7:fc:88:c1:34:a0:56:f8:fb:7b:13:cc:da:41:9c:
                    08:ad:f2:d2:da:a4:1b:5c:c6:4a:15:f3:7b:2c:6e:
                    5c:a4:a8:e5:31:4d:43:74:be:67:01:4d:02:3c:2d:
                    08:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8D:61:11:58:71:79:AF:E7:FD:6C:AD:A2:F2:3C:35:58:88:32:D3
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/NI1hEVhxea_n_WytovI8NViIMtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2400::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:56:f5:3e:bb:2a:ac:da:a5:9d:94:12:0d:d9:c1:85:39:aa:
         dc:30:2a:f3:4e:47:c1:72:7b:49:cb:b3:5a:59:96:53:55:ed:
         63:0e:16:f7:fa:50:6a:15:ce:8d:a6:b9:29:9f:56:90:3c:d5:
         4d:05:df:c3:50:bb:92:55:2e:fb:3a:ef:83:7c:b6:31:65:4b:
         4f:eb:21:11:7a:24:a5:25:46:4f:39:ba:6d:0c:15:1e:9f:63:
         58:04:3d:de:0e:2f:b0:73:7c:39:69:e4:d7:2c:c9:42:d4:14:
         19:e3:1f:17:ce:8e:46:25:08:11:94:2a:94:bd:34:dc:91:47:
         60:d0:14:dd:0c:97:05:72:a6:d0:4a:f0:85:d4:fe:27:40:64:
         be:18:c3:f1:26:e2:69:51:bd:ee:1b:0f:2e:eb:43:32:e1:99:
         23:42:a0:c3:54:b0:36:1b:4a:35:f8:59:67:cd:7d:c6:ea:b2:
         cb:c6:61:b9:a9:71:df:38:cf:13:4d:3d:0a:b7:ec:a0:e4:a4:
         86:98:28:7b:23:96:87:67:93:e8:e1:74:52:d9:1b:5a:fb:52:
         d5:23:98:95:c3:0e:09:0c:a2:3a:4b:f2:b2:1f:32:0e:a0:6a:
         da:3c:36:63:34:7f:e7:2c:79:f0:50:05:6c:b1:e8:e3:b2:77:
         02:61:5f:ef
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQumYItQ6N2fDsl326YxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhkNjExMTU4NzE3OWFmZTdmZDZjYWRhMmYyM2MzNTU4ODgzMmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie4f/reRpH/dx4i5t8n7kAlTb1Up
RC506uY2ItBwG2av1eOnPYDphCI+h62c2QdGEm+tO0jI6erhj9oAOWEjK9AE8VNA
UIHLCAUK4Y/4QDgONL1a4mwx40JTtXnpa33ASImyeAEsHV3Jh3wgY91XVA4GWljp
7q12rqY+cc8TTpDxyt8u2h6vbgFLahpO6OG1brqPWKJllkyArW3FFG+lcPEAvCVJ
9SZOuk+Sn7/lX5Tk0J0mAHj7hyp0RdwRJGrw5jd3vHmWieyTrnhEsmrZG7Xn/IjB
NKBW+Pt7E8zaQZwIrfLS2qQbXMZKFfN7LG5cpKjlMU1DdL5nAU0CPC0IqQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDSNYRFYcXmv5/1sraLyPDVYiDLTMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvTkkxaEVWaHhlYV9uX1d5dG92SThOVmlJTXRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCQw
DQYJKoZIhvcNAQELBQADggEBAF1W9T67KqzapZ2UEg3ZwYU5qtwwKvNOR8Fye0nL
s1pZllNV7WMOFvf6UGoVzo2muSmfVpA81U0F38NQu5JVLvs674N8tjFlS0/rIRF6
JKUlRk85um0MFR6fY1gEPd4OL7BzfDlp5NcsyULUFBnjHxfOjkYlCBGUKpS9NNyR
R2DQFN0MlwVyptBK8IXU/idAZL4Yw/Em4mlRve4bDy7rQzLhmSNCoMNUsDYbSjX4
WWfNfcbqssvGYbmpcd84zxNNPQq37KDkpIaYKHsjlodnk+jhdFLZG1r7UtUjmJXD
DgkMojpL8rIfMg6gato8NmM0f+csefBQBWyx6OOydwJhX+8=
-----END CERTIFICATE-----