Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/cHx1mMG9YsFxNpqQvS2b1lXSFhk.roa
File:                     cHx1mMG9YsFxNpqQvS2b1lXSFhk.roa (raw, json)
Hash identifier:          LY/PBd71/6aRYYvDt7+TQj2e4ukaYRg5JFxuipRSk6s=
Subject key identifier:   70:7C:75:98:C1:BD:62:C1:71:36:9A:90:BD:2D:9B:D6:55:D2:16:19
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0A995A90B94F257C77B07E1F020C
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/cHx1mMG9YsFxNpqQvS2b1lXSFhk.roa
Signing time:             Tue 02 Jan 2024 08:31:58 +0000
ROA not before:           Tue 02 Jan 2024 08:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203686
IP address blocks:        2a0a:280:3100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0a:99:5a:90:b9:4f:25:7c:77:b0:7e:1f:02:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=707c7598c1bd62c171369a90bd2d9bd655d21619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d4:62:8c:06:a8:90:b6:e1:7a:fe:1c:23:d7:
                    b4:be:ce:51:39:d8:04:a3:9d:32:29:2c:5e:2f:52:
                    9f:17:30:dd:87:38:9a:b0:05:dc:f2:ee:6e:c4:0c:
                    20:dc:54:92:ed:8f:dd:c1:30:35:6d:e6:07:32:87:
                    74:a3:7a:a7:ab:c2:a6:fd:ce:63:08:69:4c:fc:7b:
                    a6:38:0f:3a:9d:2f:0d:f2:b5:b7:79:61:69:41:cf:
                    f1:f3:86:0f:57:14:30:ca:f8:d7:45:04:ac:7e:57:
                    84:39:26:cd:80:b8:91:4b:fc:72:1c:39:00:a7:b3:
                    2d:ec:1a:2b:9c:88:d5:d4:13:87:66:8e:4c:48:4c:
                    f6:5e:72:ff:d6:28:b2:7b:71:aa:c9:bb:cd:bb:02:
                    ed:f2:a4:c7:31:2e:bc:3c:df:9e:fc:6d:54:66:9f:
                    bc:b9:9a:21:5e:50:cc:d9:a6:b5:0b:f6:0a:d3:e4:
                    55:bd:ed:ca:73:64:26:aa:7a:48:c7:8f:67:08:7a:
                    fa:53:19:c2:4e:80:d5:ab:9c:ae:0d:6e:4d:ff:36:
                    5d:cf:67:cd:c0:eb:72:4e:68:b1:62:66:c0:a6:5b:
                    64:9a:aa:1c:2f:71:dd:76:28:4e:85:6d:d6:a5:3b:
                    00:a9:1a:4a:27:6a:d9:1d:77:45:67:1e:27:b1:55:
                    60:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7C:75:98:C1:BD:62:C1:71:36:9A:90:BD:2D:9B:D6:55:D2:16:19
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/cHx1mMG9YsFxNpqQvS2b1lXSFhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3100::/40

    Signature Algorithm: sha256WithRSAEncryption
         9f:d6:9b:24:11:b4:5e:82:c0:fa:05:3e:b8:70:d5:2d:54:61:
         1a:d2:6a:5f:42:f3:2d:c7:15:ea:9c:f6:82:8d:80:dd:b5:f7:
         8b:21:70:14:27:54:cf:4a:ff:e1:3c:18:a4:7e:04:68:cf:60:
         b7:f8:af:f0:b8:b6:87:d7:33:f9:5b:cd:e9:8e:19:b5:76:bc:
         0f:5a:de:f1:e8:10:23:71:c3:c1:9a:37:07:2d:e9:b3:a1:0b:
         a3:df:19:eb:c1:86:7e:41:35:39:e2:03:eb:41:fc:9a:ac:34:
         f0:c1:cc:d5:4f:63:21:de:e0:17:5c:e5:12:31:10:e8:09:e2:
         51:56:16:54:64:5d:16:26:ab:fe:0c:73:fa:d3:82:f3:98:97:
         13:ce:93:e8:c3:0b:8d:8c:28:4e:a0:c4:86:19:d4:32:2c:3a:
         41:39:ce:d4:9d:dd:6f:93:12:51:0f:fc:74:f3:34:83:c9:37:
         2a:60:7d:73:ca:52:8d:04:1c:40:5b:78:93:c8:25:3a:24:2d:
         68:78:38:8d:e1:86:33:97:06:6f:5d:3a:cc:5b:80:56:6a:c8:
         9a:7f:11:97:65:4c:a9:dc:b9:e1:90:23:dd:61:51:1b:82:6c:
         67:ee:81:dc:74:ea:92:bf:3d:d7:f9:c7:2a:03:8e:21:65:4a:
         98:ba:c6:16
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQqZWpC5TyV8d7B+HwIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdjNzU5OGMxYmQ2MmMxNzEzNjlhOTBiZDJkOWJkNjU1ZDIxNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtRijAaokLbhev4cI9e0vs5ROdgE
o50yKSxeL1KfFzDdhziasAXc8u5uxAwg3FSS7Y/dwTA1beYHMod0o3qnq8Km/c5j
CGlM/HumOA86nS8N8rW3eWFpQc/x84YPVxQwyvjXRQSsfleEOSbNgLiRS/xyHDkA
p7Mt7BornIjV1BOHZo5MSEz2XnL/1iiye3GqybvNuwLt8qTHMS68PN+e/G1UZp+8
uZohXlDM2aa1C/YK0+RVve3Kc2QmqnpIx49nCHr6UxnCToDVq5yuDW5N/zZdz2fN
wOtyTmixYmbApltkmqocL3HddihOhW3WpTsAqRpKJ2rZHXdFZx4nsVVgeQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHB8dZjBvWLBcTaakL0tm9ZV0hYZMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvY0h4MW1NRzlZc0Z4TnBxUXZTMmIxbFhTRmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDEw
DQYJKoZIhvcNAQELBQADggEBAJ/WmyQRtF6CwPoFPrhw1S1UYRrSal9C8y3HFeqc
9oKNgN2194shcBQnVM9K/+E8GKR+BGjPYLf4r/C4tofXM/lbzemOGbV2vA9a3vHo
ECNxw8GaNwct6bOhC6PfGevBhn5BNTniA+tB/JqsNPDBzNVPYyHe4Bdc5RIxEOgJ
4lFWFlRkXRYmq/4Mc/rTgvOYlxPOk+jDC42MKE6gxIYZ1DIsOkE5ztSd3W+TElEP
/HTzNIPJNypgfXPKUo0EHEBbeJPIJTokLWh4OI3hhjOXBm9dOsxbgFZqyJp/EZdl
TKncueGQI91hURuCbGfugdx06pK/Pdf5xyoDjiFlSpi6xhY=
-----END CERTIFICATE-----