Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/dhxMitCOIWqFDAvhzzgVqv9AJvk.roa
File:                     dhxMitCOIWqFDAvhzzgVqv9AJvk.roa (raw, json)
Hash identifier:          Zil0AuiaIrl7jh4hrwaUFIrctpS7SOJ8rXbWNiq4MOA=
Subject key identifier:   76:1C:4C:8A:D0:8E:21:6A:85:0C:0B:E1:CF:38:15:AA:FF:40:26:F9
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D017DA9FB1544380455EB47A11C88
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/dhxMitCOIWqFDAvhzzgVqv9AJvk.roa
Signing time:             Tue 02 Jan 2024 08:31:56 +0000
ROA not before:           Tue 02 Jan 2024 08:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199376
IP address blocks:        2a0a:280:1200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:01:7d:a9:fb:15:44:38:04:55:eb:47:a1:1c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=761c4c8ad08e216a850c0be1cf3815aaff4026f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:09:85:be:39:e2:1b:6b:2d:84:9b:37:df:c7:
                    54:9b:a5:ab:fd:7d:2f:1b:85:81:b2:52:ee:74:05:
                    8d:dd:12:49:fa:03:aa:d4:82:f1:2a:5f:30:15:9f:
                    08:c6:4a:e3:8e:5e:93:96:a7:fa:a6:d5:12:f8:8b:
                    27:79:e5:80:90:0b:1a:d1:4c:d4:5d:b3:b4:88:2b:
                    fa:73:ff:ed:f8:07:93:20:54:09:14:e8:51:69:af:
                    db:a4:25:11:b7:e4:67:e2:cd:f2:72:5f:33:1e:dd:
                    b3:4f:62:2f:aa:d2:5c:e6:88:c1:01:9b:e7:33:09:
                    a7:56:2b:0b:99:c7:b9:cc:b1:dd:33:76:c0:71:ca:
                    4a:b9:8a:11:d1:fd:32:e6:61:c0:d4:0d:ac:c5:b3:
                    27:e5:53:c0:d6:f2:f7:a8:de:f2:fa:47:f8:b1:7e:
                    c3:04:8f:cb:9f:b7:97:2a:09:d5:af:f6:48:df:98:
                    e0:71:2f:dd:b7:62:76:36:d3:92:80:b9:30:0f:a0:
                    d4:32:5e:3d:ab:fa:f3:51:15:f8:e7:32:21:49:f2:
                    9d:6b:d2:8f:03:96:ad:eb:fb:fc:b0:07:48:60:ac:
                    78:d3:bf:74:bb:35:b5:a5:64:69:f4:dd:43:79:59:
                    fc:4c:e7:70:4d:d2:81:52:c7:6b:02:20:5d:3e:53:
                    0c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1C:4C:8A:D0:8E:21:6A:85:0C:0B:E1:CF:38:15:AA:FF:40:26:F9
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/dhxMitCOIWqFDAvhzzgVqv9AJvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         14:c8:0d:f2:9a:b2:a7:6c:76:3f:56:c3:6b:dd:de:85:ea:23:
         1f:d6:af:73:a0:b7:31:3e:e3:93:9f:21:af:c2:3a:b3:00:d5:
         51:83:75:50:30:cb:8f:d6:12:76:c8:da:8d:ee:57:e0:a9:d9:
         29:c8:15:d2:3e:b0:64:1a:74:74:ee:99:28:13:1b:02:e3:4d:
         6f:cc:4d:82:4d:61:f9:02:1d:86:02:7a:f5:f0:46:d5:bf:97:
         48:1c:d9:45:6a:88:2f:0c:19:0c:af:a7:27:9a:a1:4e:65:ca:
         e7:79:33:72:ba:78:a3:ab:5c:77:fa:17:84:2f:fc:52:61:4e:
         73:63:09:60:be:6f:fa:04:29:8e:64:78:d2:8f:4f:e0:fa:7a:
         23:cc:d8:af:eb:87:8a:4e:2b:44:66:77:80:ee:66:ed:0c:6d:
         d3:b8:f2:36:09:a7:e0:b9:63:bf:01:36:c0:9d:3c:de:3d:4c:
         21:67:8a:04:c5:e5:6e:e6:ed:49:47:65:2e:27:7c:89:b0:29:
         b2:7f:6c:73:c8:04:ce:5f:1f:6b:a3:13:20:a4:dd:15:af:0e:
         f5:2c:48:a5:17:90:a7:3d:2f:ff:7f:76:5f:ac:19:1c:1c:c6:
         cf:12:93:0d:a7:c3:3b:44:c7:f5:7b:76:1d:fe:e9:e3:44:6b:
         e8:3a:c6:f4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQF9qfsVRDgEVetHoRyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFjNGM4YWQwOGUyMTZhODUwYzBiZTFjZjM4MTVhYWZmNDAyNmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQmFvjniG2sthJs338dUm6Wr/X0v
G4WBslLudAWN3RJJ+gOq1ILxKl8wFZ8Ixkrjjl6Tlqf6ptUS+IsneeWAkAsa0UzU
XbO0iCv6c//t+AeTIFQJFOhRaa/bpCURt+Rn4s3ycl8zHt2zT2IvqtJc5ojBAZvn
MwmnVisLmce5zLHdM3bAccpKuYoR0f0y5mHA1A2sxbMn5VPA1vL3qN7y+kf4sX7D
BI/Ln7eXKgnVr/ZI35jgcS/dt2J2NtOSgLkwD6DUMl49q/rzURX45zIhSfKda9KP
A5at6/v8sAdIYKx40790uzW1pWRp9N1DeVn8TOdwTdKBUsdrAiBdPlMMMwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHYcTIrQjiFqhQwL4c84Far/QCb5MB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvZGh4TWl0Q09JV3FGREF2aHp6Z1ZxdjlBSnZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBIw
DQYJKoZIhvcNAQELBQADggEBABTIDfKasqdsdj9Ww2vd3oXqIx/Wr3OgtzE+45Of
Ia/COrMA1VGDdVAwy4/WEnbI2o3uV+Cp2SnIFdI+sGQadHTumSgTGwLjTW/MTYJN
YfkCHYYCevXwRtW/l0gc2UVqiC8MGQyvpyeaoU5lyud5M3K6eKOrXHf6F4Qv/FJh
TnNjCWC+b/oEKY5keNKPT+D6eiPM2K/rh4pOK0Rmd4DuZu0MbdO48jYJp+C5Y78B
NsCdPN49TCFnigTF5W7m7UlHZS4nfImwKbJ/bHPIBM5fH2ujEyCk3RWvDvUsSKUX
kKc9L/9/dl+sGRwcxs8Skw2nwztEx/V7dh3+6eNEa+g6xvQ=
-----END CERTIFICATE-----