Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/1vl-uBnqK9x4Sb8bYwZrjeYThtU.roa
File:                     1vl-uBnqK9x4Sb8bYwZrjeYThtU.roa (raw, json)
Hash identifier:          bSnTJ9rl8OrPVbhRr70uQ85wpC/fVsXyzCLGy/fCGn0=
Subject key identifier:   D6:F9:7E:B8:19:EA:2B:DC:78:49:BF:1B:63:06:6B:8D:E6:13:86:D5
Certificate issuer:       /CN=521d2c07c28ac7b726a825d3693afe2397209de6
Certificate serial:       018CCA29621D8FABDA1885447869FD1D8694
Authority key identifier: 52:1D:2C:07:C2:8A:C7:B7:26:A8:25:D3:69:3A:FE:23:97:20:9D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uh0sB8KKx7cmqCXTaTr-I5cgneY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/1vl-uBnqK9x4Sb8bYwZrjeYThtU.roa
Signing time:             Tue 02 Jan 2024 12:32:38 +0000
ROA not before:           Tue 02 Jan 2024 12:32:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5467
IP address blocks:        93.175.0.0/19 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/Uh0sB8KKx7cmqCXTaTr-I5cgneY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/Uh0sB8KKx7cmqCXTaTr-I5cgneY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uh0sB8KKx7cmqCXTaTr-I5cgneY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:62:1d:8f:ab:da:18:85:44:78:69:fd:1d:86:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=521d2c07c28ac7b726a825d3693afe2397209de6
        Validity
            Not Before: Jan  2 12:32:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6f97eb819ea2bdc7849bf1b63066b8de61386d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:70:4d:e9:63:48:9a:f4:c3:f4:55:2c:dd:9c:
                    c9:a1:d5:c8:72:53:e7:53:c1:06:94:d0:51:1c:10:
                    93:b0:57:aa:e3:d3:b0:5a:e9:a7:1a:64:b9:5b:4a:
                    eb:0b:74:4b:92:00:78:ef:de:0d:f7:c5:6c:bf:28:
                    27:fd:fb:8b:f1:ec:7a:29:55:a6:3d:20:39:76:b4:
                    88:91:fd:55:59:07:01:46:73:27:0a:ba:b9:07:e1:
                    a0:a4:cf:93:d3:f9:71:aa:6a:b0:3d:14:c0:79:0b:
                    f7:f2:cf:d1:c9:13:df:46:9c:1f:5e:38:c2:8d:3b:
                    91:01:be:9a:95:e5:08:52:d7:52:a3:e1:82:94:7e:
                    c6:60:2b:47:c5:36:5d:05:39:be:78:d3:dc:23:ba:
                    ff:05:9d:0f:ae:fa:3e:ba:df:30:34:06:f7:d0:05:
                    99:c8:c8:f0:51:f1:11:72:52:00:34:86:18:39:ae:
                    57:13:3c:1b:f5:bf:00:c8:77:fb:f0:47:57:90:d4:
                    0b:9f:d5:18:a7:ad:1a:d5:f4:32:13:66:05:48:39:
                    a3:31:5f:d7:6e:2a:52:21:a4:90:e4:87:31:af:5d:
                    da:d4:5e:d3:9d:d2:08:5e:00:aa:2a:91:6e:96:4b:
                    a7:ba:01:60:89:89:ab:d1:9e:42:5c:37:15:78:9e:
                    ed:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:F9:7E:B8:19:EA:2B:DC:78:49:BF:1B:63:06:6B:8D:E6:13:86:D5
            X509v3 Authority Key Identifier:
                keyid:52:1D:2C:07:C2:8A:C7:B7:26:A8:25:D3:69:3A:FE:23:97:20:9D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uh0sB8KKx7cmqCXTaTr-I5cgneY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/1vl-uBnqK9x4Sb8bYwZrjeYThtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/17ac67-2d5f-439a-8ff9-cacfb67bff9d/1/Uh0sB8KKx7cmqCXTaTr-I5cgneY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.175.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3d:5a:38:4e:06:b7:aa:0f:50:0a:ae:5f:47:6e:8a:4e:b8:a6:
         55:9f:13:76:04:41:af:bf:07:fd:18:51:20:f8:5c:7b:e5:04:
         14:57:eb:02:3b:a9:b0:b5:1d:fc:aa:db:f9:ed:f1:56:2c:70:
         17:d5:36:f2:aa:da:4d:7e:e4:c1:7d:5f:a9:df:1d:12:34:40:
         f3:fd:dc:2f:13:a7:b6:08:70:84:52:41:6d:12:a4:ba:98:82:
         82:27:b4:05:fc:a2:97:ae:7e:5e:97:b8:b7:8e:6f:78:4a:7a:
         cf:82:8b:8c:ab:59:34:0f:56:41:9a:c2:43:04:e8:7e:1f:e8:
         f2:d0:26:4b:15:f6:76:65:3b:78:e3:33:2b:90:b4:ca:61:49:
         65:e8:c1:b4:1a:e0:6d:29:a6:f0:59:1f:32:61:6d:1b:4b:9e:
         34:72:00:5c:27:01:f0:54:44:8a:67:af:5c:19:6b:37:2c:ed:
         f8:ea:f4:29:02:96:d1:b2:e4:87:ba:7d:62:31:0f:d7:74:d4:
         60:15:dc:1b:b9:08:32:ec:fa:0a:fe:a5:fe:f6:45:bb:61:f3:
         ef:06:b8:94:07:d5:75:07:91:78:e8:61:bf:6d:8d:61:f5:77:
         39:73:19:5a:44:4a:68:d3:79:8c:03:97:0e:a8:9e:03:9e:bc:
         f0:cb:d9:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKWIdj6vaGIVEeGn9HYaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMWQyYzA3YzI4YWM3YjcyNmE4MjVkMzY5M2FmZTIzOTcy
MDlkZTYwHhcNMjQwMTAyMTIzMjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmY5N2ViODE5ZWEyYmRjNzg0OWJmMWI2MzA2NmI4ZGU2MTM4NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HBN6WNImvTD9FUs3ZzJodXIclPn
U8EGlNBRHBCTsFeq49OwWumnGmS5W0rrC3RLkgB4794N98Vsvygn/fuL8ex6KVWm
PSA5drSIkf1VWQcBRnMnCrq5B+GgpM+T0/lxqmqwPRTAeQv38s/RyRPfRpwfXjjC
jTuRAb6aleUIUtdSo+GClH7GYCtHxTZdBTm+eNPcI7r/BZ0Prvo+ut8wNAb30AWZ
yMjwUfERclIANIYYOa5XEzwb9b8AyHf78EdXkNQLn9UYp60a1fQyE2YFSDmjMV/X
bipSIaSQ5Icxr13a1F7TndIIXgCqKpFulkunugFgiYmr0Z5CXDcVeJ7tEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNb5frgZ6ivceEm/G2MGa43mE4bVMB8GA1UdIwQY
MBaAFFIdLAfCise3Jqgl02k6/iOXIJ3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWgwc0I4S0t4N2NtcUNYVGFUci1JNWNnbmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xN2FjNjctMmQ1Zi00MzlhLThmZjkt
Y2FjZmI2N2JmZjlkLzEvMXZsLXVCbnFLOXg0U2I4Yll3WnJqZVlUaHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xN2FjNjctMmQ1Zi00MzlhLThmZjktY2FjZmI2N2JmZjlk
LzEvVWgwc0I4S0t4N2NtcUNYVGFUci1JNWNnbmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXa8AMA0G
CSqGSIb3DQEBCwUAA4IBAQA9WjhOBreqD1AKrl9HbopOuKZVnxN2BEGvvwf9GFEg
+Fx75QQUV+sCO6mwtR38qtv57fFWLHAX1TbyqtpNfuTBfV+p3x0SNEDz/dwvE6e2
CHCEUkFtEqS6mIKCJ7QF/KKXrn5el7i3jm94SnrPgouMq1k0D1ZBmsJDBOh+H+jy
0CZLFfZ2ZTt44zMrkLTKYUll6MG0GuBtKabwWR8yYW0bS540cgBcJwHwVESKZ69c
GWs3LO346vQpApbRsuSHun1iMQ/XdNRgFdwbuQgy7PoK/qX+9kW7YfPvBriUB9V1
B5F46GG/bY1h9Xc5cxlaREpo03mMA5cOqJ4Dnrzwy9lK
-----END CERTIFICATE-----