Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/qO1RWgbxDNpNhzcR3aKdry6WsPc.roa
File:                     qO1RWgbxDNpNhzcR3aKdry6WsPc.roa (raw, json)
Hash identifier:          ijyrJVmT5AgpdR4LZNmaRthv+00Qu1Okc3wmYEtWQVU=
Subject key identifier:   A8:ED:51:5A:06:F1:0C:DA:4D:87:37:11:DD:A2:9D:AF:2E:96:B0:F7
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018D30D4D8591B4CBDD08367AA0D4722C3E7
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/qO1RWgbxDNpNhzcR3aKdry6WsPc.roa
Signing time:             Mon 22 Jan 2024 11:01:11 +0000
ROA not before:           Mon 22 Jan 2024 11:01:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215683
IP address blocks:        2a0a:280:2900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:30:d4:d8:59:1b:4c:bd:d0:83:67:aa:0d:47:22:c3:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan 22 11:01:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8ed515a06f10cda4d873711dda29daf2e96b0f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3c:49:7d:fc:60:a1:e4:31:a6:4f:8d:1d:34:
                    31:7e:96:5c:64:1f:fc:b7:37:b4:a2:08:f8:d2:3d:
                    63:89:18:73:ce:ba:74:1a:09:7a:9a:8e:09:7a:e7:
                    9e:bb:c7:bf:fd:43:1d:13:c0:54:10:7e:5b:34:b4:
                    c1:0a:8c:98:6b:53:77:aa:53:c4:85:9f:d0:b1:2d:
                    d3:19:b5:ec:27:e5:43:53:e3:2a:3e:7c:e3:b5:ec:
                    bb:38:2f:f9:b8:bc:d3:17:96:30:94:6b:de:41:be:
                    45:7d:c8:0b:83:65:e0:cd:06:b5:7d:6a:0b:86:94:
                    9b:0c:37:bc:a1:a5:b8:39:e9:22:ad:74:86:b9:66:
                    9b:5b:c2:fd:6b:6c:dd:b8:15:c5:3b:92:ca:67:87:
                    03:8e:8d:51:cd:b1:f9:17:53:4a:45:f6:00:61:14:
                    9d:38:86:06:8c:60:ab:b0:fa:fb:0d:1e:c4:03:48:
                    58:9f:41:d7:b4:fb:ab:87:5b:af:92:a0:6a:f3:fb:
                    49:11:d9:70:e6:3d:89:4a:da:6c:e7:03:98:89:83:
                    77:78:dd:7f:be:76:cd:a2:30:96:49:80:56:f3:99:
                    36:db:74:7c:86:77:11:05:70:0c:16:5c:5f:48:03:
                    d8:97:d9:4b:d0:f8:58:ff:f3:d2:fc:53:c9:70:7b:
                    0b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:ED:51:5A:06:F1:0C:DA:4D:87:37:11:DD:A2:9D:AF:2E:96:B0:F7
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/qO1RWgbxDNpNhzcR3aKdry6WsPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2900::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:ba:c0:4b:5e:c7:9e:11:97:e4:e8:a6:fd:8b:d4:e1:72:6f:
         31:ec:b3:4e:8e:b9:f6:e9:61:f3:cd:b8:eb:65:e9:71:b1:04:
         27:ac:98:ce:f5:2c:fc:96:46:05:f0:3b:68:2a:25:f2:89:4c:
         30:cd:5d:1c:dc:50:f1:33:c2:15:5a:6d:f2:71:22:a2:f0:96:
         c5:98:dd:2d:c0:39:b7:50:9c:d3:c3:93:31:c1:6c:69:43:8d:
         41:1c:7d:a0:fa:49:d1:94:2a:a9:80:53:5a:a1:fe:70:8a:96:
         3f:3d:15:56:39:d6:8c:05:24:65:7b:3b:4d:c2:67:77:61:9a:
         41:5a:9d:67:6f:ad:df:83:cc:f5:38:0a:52:09:99:37:14:1b:
         c7:27:46:fc:06:84:5f:79:49:fe:de:17:7a:3f:4c:7c:bf:d1:
         04:17:6d:35:ac:12:0c:6a:18:a9:4d:9c:f4:2f:94:a7:36:15:
         39:2a:80:31:be:90:a8:28:bc:77:cb:75:8a:44:12:8b:78:73:
         21:ed:19:8f:f7:78:84:20:0a:5a:45:fa:1b:3b:65:af:51:0c:
         0c:8d:2c:9c:6e:e3:9a:fa:fd:fa:10:45:20:a6:52:03:24:c3:
         0a:e8:11:20:05:ec:05:30:80:75:89:71:0b:c0:bb:1b:09:aa:
         79:eb:1b:94
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY0w1NhZG0y90INnqg1HIsPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTIyMTEwMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGVkNTE1YTA2ZjEwY2RhNGQ4NzM3MTFkZGEyOWRhZjJlOTZiMGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTxJffxgoeQxpk+NHTQxfpZcZB/8
tze0ogj40j1jiRhzzrp0Ggl6mo4Jeueeu8e//UMdE8BUEH5bNLTBCoyYa1N3qlPE
hZ/QsS3TGbXsJ+VDU+MqPnzjtey7OC/5uLzTF5YwlGveQb5FfcgLg2XgzQa1fWoL
hpSbDDe8oaW4OekirXSGuWabW8L9a2zduBXFO5LKZ4cDjo1RzbH5F1NKRfYAYRSd
OIYGjGCrsPr7DR7EA0hYn0HXtPurh1uvkqBq8/tJEdlw5j2JStps5wOYiYN3eN1/
vnbNojCWSYBW85k223R8hncRBXAMFlxfSAPYl9lL0PhY//PS/FPJcHsL6QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKjtUVoG8QzaTYc3Ed2ina8ulrD3MB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvcU8xUldnYnhETnBOaHpjUjNhS2RyeTZXc1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCkw
DQYJKoZIhvcNAQELBQADggEBACi6wEtex54Rl+Topv2L1OFybzHss06OufbpYfPN
uOtl6XGxBCesmM71LPyWRgXwO2gqJfKJTDDNXRzcUPEzwhVabfJxIqLwlsWY3S3A
ObdQnNPDkzHBbGlDjUEcfaD6SdGUKqmAU1qh/nCKlj89FVY51owFJGV7O03CZ3dh
mkFanWdvrd+DzPU4ClIJmTcUG8cnRvwGhF95Sf7eF3o/THy/0QQXbTWsEgxqGKlN
nPQvlKc2FTkqgDG+kKgovHfLdYpEEot4cyHtGY/3eIQgClpF+hs7Za9RDAyNLJxu
45r6/foQRSCmUgMkwwroESAF7AUwgHWJcQvAuxsJqnnrG5Q=
-----END CERTIFICATE-----