Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/1Pt8zm6-CzG2_FNyv9KOcXabiB8.roa
File:                     1Pt8zm6-CzG2_FNyv9KOcXabiB8.roa (raw, json)
Hash identifier:          awpPIebDHCF6aMf4q3BIzzvVNJ6jaISbS8IPLxIkX/E=
Subject key identifier:   D4:FB:7C:CE:6E:BE:0B:31:B6:FC:53:72:BF:D2:8E:71:76:9B:88:1F
Certificate issuer:       /CN=9ce94757ac3f70b40f369307d365ebc9657bab69
Certificate serial:       018CC3B7137BA334F1710311443D8AFC602A
Authority key identifier: 9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/1Pt8zm6-CzG2_FNyv9KOcXabiB8.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34572
IP address blocks:        156.28.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:13:7b:a3:34:f1:71:03:11:44:3d:8a:fc:60:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce94757ac3f70b40f369307d365ebc9657bab69
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4fb7cce6ebe0b31b6fc5372bfd28e71769b881f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fb:2e:37:52:e3:f7:ee:53:95:06:57:0c:1f:
                    8b:9c:62:22:40:53:9c:d7:47:23:c6:6d:66:5f:38:
                    32:18:23:9f:ab:c7:4c:6f:68:f7:14:60:5e:2b:86:
                    fa:1a:9b:7b:eb:3d:69:7a:cc:7e:9a:df:58:33:aa:
                    85:85:12:0f:9f:eb:82:6c:5c:02:3f:36:f2:09:4d:
                    b8:c1:cc:65:51:88:f7:95:2e:39:30:08:61:79:8e:
                    bc:25:da:49:7d:16:28:56:48:94:ca:08:36:78:6e:
                    5e:77:93:e7:28:89:60:c3:63:95:b1:7a:85:88:eb:
                    de:3c:bf:ab:eb:7f:66:75:91:10:4b:4d:7f:13:0b:
                    fd:9a:91:74:58:54:3a:0c:ed:27:2c:d7:aa:53:9b:
                    54:3d:dd:23:c6:e6:d3:ca:cb:7f:92:24:ac:e3:64:
                    07:99:49:b5:b1:91:db:85:13:c7:f2:19:0b:af:36:
                    3c:c6:4a:b6:3d:4c:10:d6:23:b5:1c:cd:78:6a:43:
                    1d:40:64:e2:25:d1:f4:28:05:5e:1f:02:eb:57:ba:
                    53:cc:48:e0:50:1a:9a:7c:49:28:30:b1:6e:8b:bf:
                    14:d5:60:f1:30:9a:95:43:29:c0:b1:36:9f:de:bc:
                    b0:37:c3:7e:29:8d:7b:5e:7e:b0:28:ae:37:55:23:
                    0e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:FB:7C:CE:6E:BE:0B:31:B6:FC:53:72:BF:D2:8E:71:76:9B:88:1F
            X509v3 Authority Key Identifier:
                keyid:9C:E9:47:57:AC:3F:70:B4:0F:36:93:07:D3:65:EB:C9:65:7B:AB:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOlHV6w_cLQPNpMH02XryWV7q2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/1Pt8zm6-CzG2_FNyv9KOcXabiB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/481269-dbdb-425e-9642-e1ea41c9a2e6/1/nOlHV6w_cLQPNpMH02XryWV7q2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0f:cd:8f:05:95:0b:6f:98:28:8d:48:b1:a1:30:57:52:14:87:
         a8:2b:df:1f:4f:78:f3:e2:5b:6f:ec:6e:54:7a:f7:64:87:7e:
         d3:02:27:5e:3c:a4:54:0a:fa:b1:3b:b7:29:84:48:86:53:93:
         48:2e:3d:83:fd:9b:f2:67:f1:da:be:e6:31:94:53:5a:a2:84:
         0f:f0:25:b7:8d:56:96:9d:a2:2d:a1:1b:de:fe:47:13:1a:0e:
         bf:4a:da:4c:d9:fb:35:cc:fa:f1:bc:ca:01:9e:90:27:80:b9:
         ef:79:8f:7e:8c:7f:66:6b:f9:bb:8e:3c:5d:d6:4c:1f:d5:55:
         cf:07:24:f9:c1:14:ad:88:e6:9e:69:ab:57:b9:ab:53:b6:32:
         10:60:fd:4e:b2:e5:a4:5e:4b:60:ac:a0:27:88:20:d8:c3:27:
         f6:b4:f2:7b:db:83:4c:40:9c:ea:3b:37:86:11:c2:42:c2:1e:
         e1:15:cf:fd:2e:cf:77:d3:c7:36:e5:91:ad:9c:92:39:e4:c5:
         f5:36:1c:70:8c:ec:a6:0e:d8:15:bd:8d:48:70:db:e0:37:c4:
         f8:fa:20:0a:cf:0d:76:12:3a:88:63:24:cc:54:9e:66:65:46:
         66:1d:3e:67:44:a3:0a:39:ef:67:d9:ab:b2:b0:b8:bc:b5:bd:
         52:7a:56:c2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtxN7ozTxcQMRRD2K/GAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZTk0NzU3YWMzZjcwYjQwZjM2OTMwN2QzNjVlYmM5NjU3
YmFiNjkwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGZiN2NjZTZlYmUwYjMxYjZmYzUzNzJiZmQyOGU3MTc2OWI4ODFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPsuN1Lj9+5TlQZXDB+LnGIiQFOc
10cjxm1mXzgyGCOfq8dMb2j3FGBeK4b6Gpt76z1pesx+mt9YM6qFhRIPn+uCbFwC
PzbyCU24wcxlUYj3lS45MAhheY68JdpJfRYoVkiUygg2eG5ed5PnKIlgw2OVsXqF
iOvePL+r639mdZEQS01/Ewv9mpF0WFQ6DO0nLNeqU5tUPd0jxubTyst/kiSs42QH
mUm1sZHbhRPH8hkLrzY8xkq2PUwQ1iO1HM14akMdQGTiJdH0KAVeHwLrV7pTzEjg
UBqafEkoMLFui78U1WDxMJqVQynAsTaf3rywN8N+KY17Xn6wKK43VSMOFwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNT7fM5uvgsxtvxTcr/SjnF2m4gfMB8GA1UdIwQY
MBaAFJzpR1esP3C0DzaTB9Nl68lle6tpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk9sSFY2d19jTFFQTnBNSDAyWHJ5V1Y3cTJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80ODEyNjktZGJkYi00MjVlLTk2NDIt
ZTFlYTQxYzlhMmU2LzEvMVB0OHptNi1DekcyX0ZOeXY5S09jWGFiaUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80ODEyNjktZGJkYi00MjVlLTk2NDItZTFlYTQxYzlhMmU2
LzEvbk9sSFY2d19jTFFQTnBNSDAyWHJ5V1Y3cTJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnBwwDQYJ
KoZIhvcNAQELBQADggEBAA/NjwWVC2+YKI1IsaEwV1IUh6gr3x9PePPiW2/sblR6
92SHftMCJ148pFQK+rE7tymESIZTk0guPYP9m/Jn8dq+5jGUU1qihA/wJbeNVpad
oi2hG97+RxMaDr9K2kzZ+zXM+vG8ygGekCeAue95j36Mf2Zr+buOPF3WTB/VVc8H
JPnBFK2I5p5pq1e5q1O2MhBg/U6y5aReS2CsoCeIINjDJ/a08nvbg0xAnOo7N4YR
wkLCHuEVz/0uz3fTxzblka2ckjnkxfU2HHCM7KYO2BW9jUhw2+A3xPj6IArPDXYS
OohjJMxUnmZlRmYdPmdEowo572fZq7KwuLy1vVJ6VsI=
-----END CERTIFICATE-----