Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/qSk0gkXwc7gDXALWB-pa5dQLq4g.roa
File:                     qSk0gkXwc7gDXALWB-pa5dQLq4g.roa (raw, json)
Hash identifier:          67SEPReH+JJFp7g5rDqjRjIoU0jh+ElLzyQ0p51B4Wc=
Subject key identifier:   A9:29:34:82:45:F0:73:B8:03:5C:02:D6:07:EA:5A:E5:D4:0B:AB:88
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0334C32BB8F75A8D9238557BBF4C
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/qSk0gkXwc7gDXALWB-pa5dQLq4g.roa
Signing time:             Tue 02 Jan 2024 08:31:56 +0000
ROA not before:           Tue 02 Jan 2024 08:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199605
IP address blocks:        2a0a:280:1800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:03:34:c3:2b:b8:f7:5a:8d:92:38:55:7b:bf:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a929348245f073b8035c02d607ea5ae5d40bab88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f8:8e:f0:ac:bc:80:0a:82:09:80:53:2e:e4:
                    0d:a0:ad:2a:ba:06:be:d0:83:c7:2a:be:d2:a0:3c:
                    c9:41:97:fc:25:be:b7:45:c2:9d:16:09:20:74:63:
                    1e:2e:e5:3b:3e:f7:c9:dd:ae:ea:24:ca:e1:cd:0f:
                    38:d9:8a:44:4d:63:f2:06:c9:40:8e:9a:f9:53:81:
                    42:8c:1c:72:e4:9e:80:ed:32:cf:d4:93:62:31:01:
                    e0:24:f6:05:d5:83:fe:44:f7:a1:af:4a:a9:35:94:
                    7a:33:e1:3f:0b:dc:bd:8f:b3:4d:53:9f:f0:1c:0e:
                    a6:a6:a8:e3:29:27:31:8a:06:90:86:3a:b7:db:c2:
                    8e:74:05:ae:cd:81:76:73:32:a3:d4:e8:5b:10:0b:
                    3a:6e:6b:da:e8:01:ef:07:37:aa:d1:7c:0f:9c:13:
                    88:e4:c7:e2:6b:77:65:f2:f4:dc:47:9f:41:03:5f:
                    ec:42:5b:e2:a4:0d:61:43:68:d6:ad:37:af:16:13:
                    bd:b1:39:96:f8:71:cc:c4:ad:4a:c2:07:d1:eb:06:
                    a1:e5:5d:27:fa:d1:71:5c:8d:df:c1:a0:46:69:82:
                    dc:d3:e1:1c:6d:64:99:c9:43:4e:e3:41:9c:8c:15:
                    43:6b:c7:bc:e4:a2:38:e5:ab:18:7e:44:33:a4:5a:
                    72:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:29:34:82:45:F0:73:B8:03:5C:02:D6:07:EA:5A:E5:D4:0B:AB:88
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/qSk0gkXwc7gDXALWB-pa5dQLq4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1800::/40

    Signature Algorithm: sha256WithRSAEncryption
         55:7b:30:25:9b:4b:d6:53:e9:ba:91:ce:74:73:7a:75:d9:7f:
         dc:bf:70:65:c7:23:fa:ad:2f:d6:16:05:03:19:5d:5f:12:86:
         64:16:9a:c7:a3:e8:30:f9:06:96:7e:06:e6:76:4d:23:7d:77:
         97:c2:bd:c1:d8:87:37:eb:8e:ad:66:ae:b6:24:2a:f3:9d:12:
         6c:20:06:e5:2f:6d:0b:99:6b:14:35:98:fb:6c:85:6a:e5:c4:
         81:ec:01:cb:76:e8:7d:f0:96:8f:68:a5:da:de:3c:27:8a:50:
         b8:fc:c1:e7:3d:b0:f1:6e:94:e2:25:1c:8b:43:7d:a6:89:bb:
         65:be:bc:cc:4f:2e:c8:e5:68:0c:10:cf:41:49:6b:c3:4b:0f:
         81:3b:8e:16:91:f8:81:9a:a9:71:90:fe:9c:8e:f8:86:e6:0a:
         7d:26:96:89:d2:b7:51:d2:61:16:f1:88:70:6c:a4:21:67:e2:
         1f:79:d6:ea:a0:f5:69:fd:53:de:05:eb:0a:47:a2:a2:a9:df:
         62:76:33:45:6f:f2:f3:d0:38:8e:a9:98:9f:63:b2:58:e5:ef:
         b0:0d:c0:3d:21:43:5f:34:16:6c:28:1d:b5:5b:1c:cb:f1:55:
         6b:ca:0c:cb:4f:8c:08:69:3d:ba:8e:08:57:c3:1a:06:cf:4a:
         ce:24:40:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQM0wyu491qNkjhVe79MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTI5MzQ4MjQ1ZjA3M2I4MDM1YzAyZDYwN2VhNWFlNWQ0MGJhYjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgviO8Ky8gAqCCYBTLuQNoK0quga+
0IPHKr7SoDzJQZf8Jb63RcKdFgkgdGMeLuU7PvfJ3a7qJMrhzQ842YpETWPyBslA
jpr5U4FCjBxy5J6A7TLP1JNiMQHgJPYF1YP+RPehr0qpNZR6M+E/C9y9j7NNU5/w
HA6mpqjjKScxigaQhjq328KOdAWuzYF2czKj1OhbEAs6bmva6AHvBzeq0XwPnBOI
5Mfia3dl8vTcR59BA1/sQlvipA1hQ2jWrTevFhO9sTmW+HHMxK1KwgfR6wah5V0n
+tFxXI3fwaBGaYLc0+EcbWSZyUNO40GcjBVDa8e85KI45asYfkQzpFpynwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKkpNIJF8HO4A1wC1gfqWuXUC6uIMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvcVNrMGdrWHdjN2dEWEFMV0ItcGE1ZFFMcTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBgw
DQYJKoZIhvcNAQELBQADggEBAFV7MCWbS9ZT6bqRznRzenXZf9y/cGXHI/qtL9YW
BQMZXV8ShmQWmsej6DD5BpZ+BuZ2TSN9d5fCvcHYhzfrjq1mrrYkKvOdEmwgBuUv
bQuZaxQ1mPtshWrlxIHsAct26H3wlo9opdrePCeKULj8wec9sPFulOIlHItDfaaJ
u2W+vMxPLsjlaAwQz0FJa8NLD4E7jhaR+IGaqXGQ/pyO+IbmCn0mlonSt1HSYRbx
iHBspCFn4h951uqg9Wn9U94F6wpHoqKp32J2M0Vv8vPQOI6pmJ9jsljl77ANwD0h
Q180FmwoHbVbHMvxVWvKDMtPjAhpPbqOCFfDGgbPSs4kQCg=
-----END CERTIFICATE-----