Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/4997de-7df7-4c6d-a54a-42b73ee46b9c/1/s1a_dhH0HMHZyb7TFK0uVs9kOBI.roa
File:                     s1a_dhH0HMHZyb7TFK0uVs9kOBI.roa (raw, json)
Hash identifier:          6uUzjVmviywJurlH5+n5Y5Uq4aQwbmf5jKw1sMIDHvc=
Subject key identifier:   B3:56:BF:76:11:F4:1C:C1:D9:C9:BE:D3:14:AD:2E:56:CF:64:38:12
Certificate issuer:       /CN=c51fdb78308fdf7d6619f54ed21c02e5b50b2905
Certificate serial:       018CC8DCFF1BEFBDBB9C0F43B500F4E5BB41
Authority key identifier: C5:1F:DB:78:30:8F:DF:7D:66:19:F5:4E:D2:1C:02:E5:B5:0B:29:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xR_beDCP331mGfVO0hwC5bULKQU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/4997de-7df7-4c6d-a54a-42b73ee46b9c/1/s1a_dhH0HMHZyb7TFK0uVs9kOBI.roa
Signing time:             Tue 02 Jan 2024 06:29:35 +0000
ROA not before:           Tue 02 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201211
IP address blocks:        185.19.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/4997de-7df7-4c6d-a54a-42b73ee46b9c/1/xR_beDCP331mGfVO0hwC5bULKQU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/4997de-7df7-4c6d-a54a-42b73ee46b9c/1/xR_beDCP331mGfVO0hwC5bULKQU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xR_beDCP331mGfVO0hwC5bULKQU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ff:1b:ef:bd:bb:9c:0f:43:b5:00:f4:e5:bb:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c51fdb78308fdf7d6619f54ed21c02e5b50b2905
        Validity
            Not Before: Jan  2 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b356bf7611f41cc1d9c9bed314ad2e56cf643812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9d:c1:11:86:09:f4:51:f7:9a:7f:61:42:3e:
                    e2:88:a0:c2:c8:22:9e:6c:7f:12:5d:f1:8b:df:11:
                    c7:65:c8:0e:50:f0:5a:9c:aa:78:ab:44:46:1f:9d:
                    65:8f:38:11:9b:fe:d0:64:1f:13:14:06:b8:cd:09:
                    2e:21:55:e2:8c:b3:f2:84:15:69:2d:8e:4b:1d:5c:
                    85:78:59:7c:14:5c:08:63:f7:87:71:ed:4d:0e:04:
                    51:cf:26:e8:c8:5d:91:12:6e:13:bc:78:16:d8:07:
                    6f:66:52:ff:80:bd:4f:03:88:c5:1f:cb:f0:d4:24:
                    b0:33:71:0e:ee:93:8f:9c:4d:d7:62:c3:88:36:fc:
                    cd:11:e7:98:51:a3:7b:a4:ce:f3:e6:af:23:65:54:
                    e3:b9:87:05:2d:70:58:70:ee:5a:ce:06:98:c5:f8:
                    a3:0d:41:29:97:e0:28:15:8b:f1:c7:ed:6d:74:8f:
                    13:66:41:8e:66:41:75:9b:ce:66:5d:fe:d0:71:44:
                    79:a5:68:99:9f:92:7e:68:4e:43:38:7c:e1:59:5c:
                    0f:fc:65:d9:c3:b1:67:24:90:d3:59:88:2b:42:13:
                    96:70:28:cf:3f:91:5a:50:5c:f1:68:5c:2f:54:5d:
                    2f:82:60:69:43:1f:a1:5b:f3:f2:07:56:ae:0c:df:
                    f9:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:56:BF:76:11:F4:1C:C1:D9:C9:BE:D3:14:AD:2E:56:CF:64:38:12
            X509v3 Authority Key Identifier:
                keyid:C5:1F:DB:78:30:8F:DF:7D:66:19:F5:4E:D2:1C:02:E5:B5:0B:29:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xR_beDCP331mGfVO0hwC5bULKQU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/4997de-7df7-4c6d-a54a-42b73ee46b9c/1/s1a_dhH0HMHZyb7TFK0uVs9kOBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/4997de-7df7-4c6d-a54a-42b73ee46b9c/1/xR_beDCP331mGfVO0hwC5bULKQU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:93:ba:b8:fd:09:e3:10:82:5c:f5:49:ec:b0:60:3a:88:b7:
         b5:50:1c:77:ed:f1:41:47:fb:00:a2:12:c7:05:d7:ca:3a:de:
         0e:e5:bb:56:b8:56:bf:1f:03:a4:78:ad:e9:c8:07:5e:c9:87:
         01:b9:95:a1:f0:54:7f:26:5a:87:78:a5:97:12:d1:ce:3c:cb:
         a6:05:de:ae:67:2e:4d:58:d3:f2:4d:73:d2:73:e7:e3:ad:a3:
         9a:98:9e:7c:e4:16:de:12:28:55:ee:a4:96:db:a4:aa:aa:cb:
         a2:ea:8b:de:ac:5f:36:67:74:1f:fb:00:f3:7e:23:35:d2:b5:
         b6:fb:9e:89:f7:94:84:dd:1d:db:47:dc:31:f5:f3:28:47:7f:
         f1:eb:ee:c6:b7:59:ed:e6:00:ec:6a:42:a1:f9:90:4a:0b:53:
         bf:5a:c4:9b:b7:77:3c:6f:30:38:7d:60:86:ce:73:6a:78:bc:
         9a:fa:13:b9:2d:52:ab:cb:e3:61:a9:80:9b:be:6c:02:fd:0e:
         aa:63:16:59:fd:4c:bf:d3:3b:19:6a:79:9c:5a:df:96:44:79:
         3b:c0:5e:81:9f:5f:09:d2:17:0a:49:1c:fe:94:29:d1:b6:ab:
         7d:7c:05:9a:1e:2d:4e:fa:ac:f1:0b:f1:e2:1e:ae:b3:2b:9b:
         c6:b6:70:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3P8b7727nA9DtQD05btBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MWZkYjc4MzA4ZmRmN2Q2NjE5ZjU0ZWQyMWMwMmU1YjUw
YjI5MDUwHhcNMjQwMTAyMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzU2YmY3NjExZjQxY2MxZDljOWJlZDMxNGFkMmU1NmNmNjQzODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ3BEYYJ9FH3mn9hQj7iiKDCyCKe
bH8SXfGL3xHHZcgOUPBanKp4q0RGH51ljzgRm/7QZB8TFAa4zQkuIVXijLPyhBVp
LY5LHVyFeFl8FFwIY/eHce1NDgRRzyboyF2REm4TvHgW2AdvZlL/gL1PA4jFH8vw
1CSwM3EO7pOPnE3XYsOINvzNEeeYUaN7pM7z5q8jZVTjuYcFLXBYcO5azgaYxfij
DUEpl+AoFYvxx+1tdI8TZkGOZkF1m85mXf7QcUR5pWiZn5J+aE5DOHzhWVwP/GXZ
w7FnJJDTWYgrQhOWcCjPP5FaUFzxaFwvVF0vgmBpQx+hW/PyB1auDN/5XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNWv3YR9BzB2cm+0xStLlbPZDgSMB8GA1UdIwQY
MBaAFMUf23gwj999Zhn1TtIcAuW1CykFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJfYmVEQ1AzMzFtR2ZWTzBod0M1YlVMS1FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80OTk3ZGUtN2RmNy00YzZkLWE1NGEt
NDJiNzNlZTQ2YjljLzEvczFhX2RoSDBITUhaeWI3VEZLMHVWczlrT0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80OTk3ZGUtN2RmNy00YzZkLWE1NGEtNDJiNzNlZTQ2Yjlj
LzEveFJfYmVEQ1AzMzFtR2ZWTzBod0M1YlVMS1FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRPKMA0G
CSqGSIb3DQEBCwUAA4IBAQAqk7q4/QnjEIJc9UnssGA6iLe1UBx37fFBR/sAohLH
BdfKOt4O5btWuFa/HwOkeK3pyAdeyYcBuZWh8FR/JlqHeKWXEtHOPMumBd6uZy5N
WNPyTXPSc+fjraOamJ585BbeEihV7qSW26Sqqsui6overF82Z3Qf+wDzfiM10rW2
+56J95SE3R3bR9wx9fMoR3/x6+7Gt1nt5gDsakKh+ZBKC1O/WsSbt3c8bzA4fWCG
znNqeLya+hO5LVKry+NhqYCbvmwC/Q6qYxZZ/Uy/0zsZanmcWt+WRHk7wF6Bn18J
0hcKSRz+lCnRtqt9fAWaHi1O+qzxC/HiHq6zK5vGtnDr
-----END CERTIFICATE-----