Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/_Kc1X5WBzsamJXilWlCKn8jQ2Wk.roa
File:                     _Kc1X5WBzsamJXilWlCKn8jQ2Wk.roa (raw, json)
Hash identifier:          Mk9/ZFaFsG8Yzx+MKsJKmhMkaNWmS8hWPEVhCdkCwoc=
Subject key identifier:   FC:A7:35:5F:95:81:CE:C6:A6:25:78:A5:5A:50:8A:9F:C8:D0:D9:69
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D04B78D7C0873B77E80A65C8E78F9
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/_Kc1X5WBzsamJXilWlCKn8jQ2Wk.roa
Signing time:             Tue 02 Jan 2024 08:31:56 +0000
ROA not before:           Tue 02 Jan 2024 08:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199676
IP address blocks:        2a0a:280:2100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:04:b7:8d:7c:08:73:b7:7e:80:a6:5c:8e:78:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fca7355f9581cec6a62578a55a508a9fc8d0d969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4c:b4:07:47:ec:f5:4e:50:92:3b:7c:8f:5e:
                    25:16:9b:d8:13:9f:bf:32:de:6c:d7:60:37:12:92:
                    15:03:63:e5:7f:7e:40:35:db:fc:38:86:83:0b:fc:
                    f5:c3:29:51:fd:b3:d5:03:56:43:ff:f3:97:77:0c:
                    80:27:bf:f2:cb:74:0a:5d:8b:8b:24:e2:cd:89:4c:
                    d5:56:d5:37:28:84:f6:78:26:6a:8c:56:89:84:e0:
                    fd:48:6e:42:90:17:71:04:cb:90:5c:e1:1a:10:9e:
                    3e:c2:4b:e6:65:7e:5e:5a:06:5a:46:c3:70:db:6a:
                    cd:3d:c5:9c:a6:87:72:39:c6:2f:97:7d:5d:3c:8d:
                    84:6c:6e:24:8b:9d:5f:d6:85:76:12:94:86:3a:40:
                    27:a8:76:e9:1f:28:d3:6d:a6:34:87:7a:5e:15:ad:
                    f4:6b:cc:f7:a5:d8:54:dd:e8:f2:a1:b5:1e:cc:08:
                    34:14:dc:69:5f:3d:30:e5:7e:08:f6:1e:a6:4c:8b:
                    d1:09:fe:51:a1:41:92:ac:fb:73:4d:2f:45:e5:8f:
                    05:67:f3:f4:6e:74:ac:00:9f:48:56:ca:13:c0:7a:
                    3c:b4:42:e7:25:b7:e7:1c:a9:6e:be:f6:37:10:23:
                    10:90:dd:fb:2d:59:d2:25:71:30:8f:ac:f6:24:d4:
                    f5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A7:35:5F:95:81:CE:C6:A6:25:78:A5:5A:50:8A:9F:C8:D0:D9:69
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/_Kc1X5WBzsamJXilWlCKn8jQ2Wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2100::/40

    Signature Algorithm: sha256WithRSAEncryption
         78:aa:46:2c:af:68:8f:43:48:89:cc:e0:c3:8d:53:f7:e4:cf:
         f4:66:0e:95:95:9d:d4:81:f2:29:35:28:95:c5:ef:84:7d:35:
         73:13:71:35:1f:06:0b:f4:9b:95:db:d9:77:34:a4:43:df:9a:
         f0:2a:11:36:e3:fd:53:8d:71:3d:e7:35:4a:05:c8:68:62:be:
         c6:91:11:1c:99:e4:d9:e4:63:b9:26:c5:2e:f6:18:ff:45:12:
         fc:70:49:38:35:94:e1:fa:fd:1a:7e:a5:78:7c:6a:fa:21:17:
         6b:bb:16:d4:dc:e1:24:c7:8b:e3:16:6d:77:29:36:3a:3f:d9:
         1b:d1:18:e1:e0:39:62:24:9c:26:72:b7:9d:2b:b4:d2:85:12:
         02:ab:6f:bd:de:56:69:e9:d5:91:56:8e:9e:90:03:46:b2:75:
         5c:39:1f:0e:5a:de:65:58:e3:f1:21:7d:03:cb:db:00:ca:ac:
         8e:f2:16:eb:20:f4:39:be:1f:9e:25:a9:6e:f7:8b:bc:91:0b:
         94:9d:dc:c4:a5:4c:fc:58:09:27:31:86:6b:07:6f:42:e2:28:
         02:f1:95:30:15:d2:1f:f8:51:84:fe:4e:05:fe:65:57:17:5d:
         d6:fb:30:17:db:16:3e:03:97:2b:34:69:34:ce:0b:51:cf:26:
         6c:90:33:bd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQS3jXwIc7d+gKZcjnj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E3MzU1Zjk1ODFjZWM2YTYyNTc4YTU1YTUwOGE5ZmM4ZDBkOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0y0B0fs9U5Qkjt8j14lFpvYE5+/
Mt5s12A3EpIVA2Plf35ANdv8OIaDC/z1wylR/bPVA1ZD//OXdwyAJ7/yy3QKXYuL
JOLNiUzVVtU3KIT2eCZqjFaJhOD9SG5CkBdxBMuQXOEaEJ4+wkvmZX5eWgZaRsNw
22rNPcWcpodyOcYvl31dPI2EbG4ki51f1oV2EpSGOkAnqHbpHyjTbaY0h3peFa30
a8z3pdhU3ejyobUezAg0FNxpXz0w5X4I9h6mTIvRCf5RoUGSrPtzTS9F5Y8FZ/P0
bnSsAJ9IVsoTwHo8tELnJbfnHKluvvY3ECMQkN37LVnSJXEwj6z2JNT1xwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPynNV+Vgc7GpiV4pVpQip/I0NlpMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvX0tjMVg1V0J6c2FtSlhpbFdsQ0tuOGpRMldrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCEw
DQYJKoZIhvcNAQELBQADggEBAHiqRiyvaI9DSInM4MONU/fkz/RmDpWVndSB8ik1
KJXF74R9NXMTcTUfBgv0m5Xb2Xc0pEPfmvAqETbj/VONcT3nNUoFyGhivsaRERyZ
5NnkY7kmxS72GP9FEvxwSTg1lOH6/Rp+pXh8avohF2u7FtTc4STHi+MWbXcpNjo/
2RvRGOHgOWIknCZyt50rtNKFEgKrb73eVmnp1ZFWjp6QA0aydVw5Hw5a3mVY4/Eh
fQPL2wDKrI7yFusg9Dm+H54lqW73i7yRC5Sd3MSlTPxYCScxhmsHb0LiKALxlTAV
0h/4UYT+TgX+ZVcXXdb7MBfbFj4Dlys0aTTOC1HPJmyQM70=
-----END CERTIFICATE-----