Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/S1hMqZR1-HUYMZuOOHyUfP0OV6A.roa
File:                     S1hMqZR1-HUYMZuOOHyUfP0OV6A.roa (raw, json)
Hash identifier:          1HC99XxYA7H5lUUogQ/BzYiQTZG6IYtoIweVSSvgjY8=
Subject key identifier:   4B:58:4C:A9:94:75:F8:75:18:31:9B:8E:38:7C:94:7C:FD:0E:57:A0
Certificate issuer:       /CN=833e0e480411b9c88e916def90fc3a901026394a
Certificate serial:       018CC56DFEE409088247F595EB37B28D2999
Authority key identifier: 83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/S1hMqZR1-HUYMZuOOHyUfP0OV6A.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.7.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fe:e4:09:08:82:47:f5:95:eb:37:b2:8d:29:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e0e480411b9c88e916def90fc3a901026394a
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b584ca99475f87518319b8e387c947cfd0e57a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:af:44:60:29:65:2d:2b:d8:45:32:57:fa:89:
                    97:b8:6d:f7:1b:b2:54:58:1a:2b:8f:e0:2c:02:64:
                    62:24:4d:27:01:bd:ab:ce:be:83:93:67:5c:1b:5e:
                    c8:a6:b3:c5:0a:9f:72:a7:64:63:78:1d:89:16:38:
                    ff:37:c9:3e:07:b5:53:75:13:56:91:d3:39:53:e6:
                    b4:da:b3:80:fa:43:ad:44:6c:ec:fa:d1:f6:e0:87:
                    06:f5:dc:86:c0:47:33:2e:8a:ec:02:74:48:8c:bd:
                    d5:c9:8c:46:17:36:ca:78:58:51:af:e1:bf:e3:89:
                    21:6d:65:58:24:5c:de:f3:a9:64:89:32:f2:a6:ca:
                    99:7a:c2:66:4b:e8:28:5b:c9:dc:68:e1:c8:dc:2d:
                    0c:e9:71:22:60:8c:0b:cb:26:d2:29:51:f7:e1:da:
                    d9:bc:60:bb:c2:21:b9:de:11:cc:1e:31:0a:34:f5:
                    7c:83:78:7c:a4:79:cc:dd:46:0c:5f:e1:37:ea:4e:
                    91:24:e9:bb:22:c1:54:36:5f:ca:e4:2f:8a:5a:b6:
                    03:3c:23:12:07:fe:3c:45:18:c9:b8:4b:36:76:fa:
                    ee:9e:f5:87:03:b2:cb:d1:b9:be:21:d8:54:08:5c:
                    ab:67:1a:10:c0:c2:3b:d3:38:d3:d6:e6:50:03:65:
                    94:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:58:4C:A9:94:75:F8:75:18:31:9B:8E:38:7C:94:7C:FD:0E:57:A0
            X509v3 Authority Key Identifier:
                keyid:83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/S1hMqZR1-HUYMZuOOHyUfP0OV6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ef:8f:20:38:ec:9f:99:90:a3:de:6f:93:60:d7:93:13:01:
         86:99:c6:e2:2f:f1:1c:ae:ad:a1:66:53:0b:8c:39:6c:2e:57:
         14:4b:d9:a9:ed:7c:34:63:b8:13:d0:38:21:b5:23:38:34:f2:
         16:8f:9e:8e:65:69:7c:62:0a:02:72:9e:b1:42:97:1a:36:5b:
         b9:18:78:4f:12:e0:e0:b6:a8:a8:b0:1c:6c:30:b7:32:f5:d8:
         70:76:d2:96:a2:86:56:2d:1f:16:68:bc:0c:ca:45:02:8e:a6:
         8a:df:78:46:b4:08:ac:a6:ac:40:fb:db:0c:3d:4f:09:b0:7b:
         25:07:a0:a5:92:79:4a:59:ca:2e:4b:dd:e1:b8:dc:2e:85:ac:
         de:c5:61:87:a1:6a:2f:8f:d2:ad:78:b4:81:75:20:5f:e3:96:
         d5:c2:e8:28:b2:4c:b2:a0:65:e3:ee:e0:0d:5c:87:eb:21:62:
         c8:1d:f4:7a:9a:86:2d:fc:58:46:f2:8d:50:05:b8:7e:12:60:
         16:44:72:60:e7:84:88:c8:2c:07:61:ac:6b:61:f6:96:fa:5a:
         3c:9f:34:29:f1:50:2e:10:56:f8:2d:cc:71:eb:ea:47:6f:dc:
         64:f9:05:f2:d3:c2:5e:45:e5:5b:d5:c2:2e:7c:1d:42:9c:81:
         f1:b0:f0:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf7kCQiCR/WV6zeyjSmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UwZTQ4MDQxMWI5Yzg4ZTkxNmRlZjkwZmMzYTkwMTAy
NjM5NGEwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU4NGNhOTk0NzVmODc1MTgzMTliOGUzODdjOTQ3Y2ZkMGU1N2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuK9EYCllLSvYRTJX+omXuG33G7JU
WBorj+AsAmRiJE0nAb2rzr6Dk2dcG17IprPFCp9yp2RjeB2JFjj/N8k+B7VTdRNW
kdM5U+a02rOA+kOtRGzs+tH24IcG9dyGwEczLorsAnRIjL3VyYxGFzbKeFhRr+G/
44khbWVYJFze86lkiTLypsqZesJmS+goW8ncaOHI3C0M6XEiYIwLyybSKVH34drZ
vGC7wiG53hHMHjEKNPV8g3h8pHnM3UYMX+E36k6RJOm7IsFUNl/K5C+KWrYDPCMS
B/48RRjJuEs2dvrunvWHA7LL0bm+IdhUCFyrZxoQwMI70zjT1uZQA2WUhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEtYTKmUdfh1GDGbjjh8lHz9DlegMB8GA1UdIwQY
MBaAFIM+DkgEEbnIjpFt75D8OpAQJjlKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMt
NmMyMGViYWYzMGE5LzEvUzFoTXFaUjEtSFVZTVp1T09IeVVmUDBPVjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMtNmMyMGViYWYzMGE5
LzEvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQdJMA0G
CSqGSIb3DQEBCwUAA4IBAQBA748gOOyfmZCj3m+TYNeTEwGGmcbiL/Ecrq2hZlML
jDlsLlcUS9mp7Xw0Y7gT0DghtSM4NPIWj56OZWl8YgoCcp6xQpcaNlu5GHhPEuDg
tqiosBxsMLcy9dhwdtKWooZWLR8WaLwMykUCjqaK33hGtAispqxA+9sMPU8JsHsl
B6ClknlKWcouS93huNwuhazexWGHoWovj9KteLSBdSBf45bVwugoskyyoGXj7uAN
XIfrIWLIHfR6moYt/FhG8o1QBbh+EmAWRHJg54SIyCwHYaxrYfaW+lo8nzQp8VAu
EFb4Lcxx6+pHb9xk+QXy08JeReVb1cIufB1CnIHxsPDS
-----END CERTIFICATE-----