Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/P-AwYX_u542kvivUdWcEElUbbQE.roa
File:                     P-AwYX_u542kvivUdWcEElUbbQE.roa (raw, json)
Hash identifier:          VZZAfs6TNsFcgVOX9uH7kmVjZlUvAXjkjSbyRBk5cbY=
Subject key identifier:   3F:E0:30:61:7F:EE:E7:8D:A4:BE:2B:D4:75:67:04:12:55:1B:6D:01
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018E6C718EC17368D122293B3BDCB7391FAB
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/P-AwYX_u542kvivUdWcEElUbbQE.roa
Signing time:             Sat 23 Mar 2024 17:52:45 +0000
ROA not before:           Sat 23 Mar 2024 17:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44908
IP address blocks:        2a0a:280:3600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6c:71:8e:c1:73:68:d1:22:29:3b:3b:dc:b7:39:1f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Mar 23 17:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fe030617feee78da4be2bd475670412551b6d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a2:ad:7b:da:0a:5c:f9:04:30:76:c7:4d:0e:
                    cd:ab:68:11:2e:7b:c8:58:fd:7b:5f:a3:27:27:25:
                    2c:5a:0b:19:b8:21:a4:03:5b:55:97:3d:ca:84:d8:
                    36:e6:20:82:fb:02:3d:31:51:a5:ac:c5:fd:76:f5:
                    d4:5b:55:7c:fb:89:2d:7b:6a:c1:bd:2f:f2:3a:c4:
                    52:23:9c:cf:0a:b0:1d:80:50:11:88:21:39:b1:01:
                    e1:f5:bb:32:b2:8b:d4:06:ae:b0:b8:0d:15:8d:bb:
                    11:49:ba:5c:60:05:1d:d9:d4:4a:ff:60:0b:85:bf:
                    d9:d8:6c:13:96:61:ef:78:9c:a6:34:ae:12:ec:17:
                    f6:39:25:56:28:87:50:84:8b:3c:82:0f:0a:c5:fe:
                    db:53:8b:95:d5:1d:58:a0:7d:3a:21:bb:0c:70:de:
                    72:03:ab:ba:05:33:e4:fc:6d:8b:00:6e:ff:50:b0:
                    4e:c6:8c:50:0b:a3:f2:73:8d:7b:cc:c2:c7:79:73:
                    1d:0d:49:e1:7a:6c:7b:74:6a:46:08:97:cc:eb:03:
                    46:11:4b:84:0d:67:89:ad:1a:93:1f:a7:fc:2c:0f:
                    b7:dd:ef:c9:fb:ce:2d:56:1e:f8:85:91:2d:3f:64:
                    e6:74:80:9a:0c:00:68:d1:01:ab:44:7c:50:7f:91:
                    09:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:E0:30:61:7F:EE:E7:8D:A4:BE:2B:D4:75:67:04:12:55:1B:6D:01
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/P-AwYX_u542kvivUdWcEElUbbQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3600::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:ee:b7:0e:4f:87:cd:0a:b1:d6:3c:bb:c2:15:7e:31:db:29:
         c8:c2:52:e0:03:a7:bc:f5:cf:40:1a:d0:29:ee:ea:66:f0:fc:
         4e:04:35:19:4a:17:6e:94:0f:9b:4c:73:cb:61:46:bd:75:3c:
         3f:92:97:41:3f:36:71:37:76:97:35:c6:d5:01:f4:91:52:fd:
         5e:5b:fe:fc:ca:4f:aa:b4:b9:0e:08:9a:7c:99:f4:69:63:03:
         e1:76:cd:b7:a1:33:4c:34:39:9c:d0:ae:c7:6d:83:67:b7:bb:
         c9:bd:b8:04:5e:72:b6:a3:28:0c:f8:c1:06:80:fa:4f:0c:b2:
         d6:97:cd:46:4d:6d:2f:12:81:d5:70:f8:30:d2:ea:2e:cc:e2:
         e6:1c:21:a4:43:2b:6f:d1:b3:ff:b9:00:92:95:a1:bc:98:7d:
         a1:73:cf:ec:c1:ec:48:d8:55:60:f9:dc:42:8d:25:66:0a:81:
         04:19:64:25:16:0d:ef:20:59:df:8d:b6:65:68:9d:a4:4b:68:
         6f:26:29:ea:e1:29:2b:57:0e:93:b8:43:e5:e3:31:4c:da:56:
         5f:cd:15:d0:a8:4c:fa:24:d4:c9:31:15:11:a9:a0:f9:b7:38:
         bd:9f:df:e7:af:46:22:15:c9:02:c1:af:26:89:e8:5a:f2:e9:
         38:64:e0:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY5scY7Bc2jRIik7O9y3OR+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMzIzMTc1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmUwMzA2MTdmZWVlNzhkYTRiZTJiZDQ3NTY3MDQxMjU1MWI2ZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKKte9oKXPkEMHbHTQ7Nq2gRLnvI
WP17X6MnJyUsWgsZuCGkA1tVlz3KhNg25iCC+wI9MVGlrMX9dvXUW1V8+4kte2rB
vS/yOsRSI5zPCrAdgFARiCE5sQHh9bsysovUBq6wuA0VjbsRSbpcYAUd2dRK/2AL
hb/Z2GwTlmHveJymNK4S7Bf2OSVWKIdQhIs8gg8Kxf7bU4uV1R1YoH06IbsMcN5y
A6u6BTPk/G2LAG7/ULBOxoxQC6Pyc417zMLHeXMdDUnhemx7dGpGCJfM6wNGEUuE
DWeJrRqTH6f8LA+33e/J+84tVh74hZEtP2TmdICaDABo0QGrRHxQf5EJPwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD/gMGF/7ueNpL4r1HVnBBJVG20BMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvUC1Bd1lYX3U1NDJrdml2VWRXY0VFbFViYlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDYw
DQYJKoZIhvcNAQELBQADggEBAHvutw5Ph80KsdY8u8IVfjHbKcjCUuADp7z1z0Aa
0Cnu6mbw/E4ENRlKF26UD5tMc8thRr11PD+Sl0E/NnE3dpc1xtUB9JFS/V5b/vzK
T6q0uQ4ImnyZ9GljA+F2zbehM0w0OZzQrsdtg2e3u8m9uARecrajKAz4wQaA+k8M
staXzUZNbS8SgdVw+DDS6i7M4uYcIaRDK2/Rs/+5AJKVobyYfaFzz+zB7EjYVWD5
3EKNJWYKgQQZZCUWDe8gWd+NtmVonaRLaG8mKerhKStXDpO4Q+XjMUzaVl/NFdCo
TPok1MkxFRGpoPm3OL2f3+evRiIVyQLBryaJ6Fry6Thk4LE=
-----END CERTIFICATE-----