Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/768e29-24c5-4fa7-9b36-c995d2ec9e94/1/g_1xa2QB__VMgGcaaZC4kfLupoI.roa
File:                     g_1xa2QB__VMgGcaaZC4kfLupoI.roa (raw, json)
Hash identifier:          nFH82JXdMcckLTpfXpzIdjHHm4hRQUgXZUF5AJonqZ8=
Subject key identifier:   83:FD:71:6B:64:01:FF:F5:4C:80:67:1A:69:90:B8:91:F2:EE:A6:82
Certificate issuer:       /CN=1fafca53ac54e57e52c010138a212794c670e0cd
Certificate serial:       018CC7954F720815F86181D4A1B359F143DA
Authority key identifier: 1F:AF:CA:53:AC:54:E5:7E:52:C0:10:13:8A:21:27:94:C6:70:E0:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H6_KU6xU5X5SwBATiiEnlMZw4M0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/768e29-24c5-4fa7-9b36-c995d2ec9e94/1/g_1xa2QB__VMgGcaaZC4kfLupoI.roa
Signing time:             Tue 02 Jan 2024 00:31:40 +0000
ROA not before:           Tue 02 Jan 2024 00:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42724
IP address blocks:        194.169.120.0/24 maxlen: 24
                          185.235.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/768e29-24c5-4fa7-9b36-c995d2ec9e94/1/H6_KU6xU5X5SwBATiiEnlMZw4M0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/768e29-24c5-4fa7-9b36-c995d2ec9e94/1/H6_KU6xU5X5SwBATiiEnlMZw4M0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H6_KU6xU5X5SwBATiiEnlMZw4M0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:4f:72:08:15:f8:61:81:d4:a1:b3:59:f1:43:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fafca53ac54e57e52c010138a212794c670e0cd
        Validity
            Not Before: Jan  2 00:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83fd716b6401fff54c80671a6990b891f2eea682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b5:d7:c6:ca:6f:a9:c1:10:41:ff:fb:85:0f:
                    24:70:5a:39:d4:0d:80:c9:e8:b5:9e:81:b0:48:06:
                    62:2e:9e:61:a6:7e:e1:85:4a:e3:30:ba:ca:aa:d9:
                    bf:02:2b:9a:54:ac:07:76:80:4b:15:6c:5f:c7:b4:
                    31:87:5e:c3:4e:82:20:50:db:36:be:ed:6e:13:be:
                    50:47:06:28:51:0c:5e:0f:ec:43:74:c4:cf:32:54:
                    e0:d2:d8:00:cd:95:00:db:95:fd:7f:68:a2:89:a3:
                    cd:60:aa:c9:92:01:d8:4e:ee:69:14:0e:07:88:ca:
                    a2:5a:d5:1c:d8:83:55:86:ee:61:00:60:0b:c7:fb:
                    70:a1:fd:46:94:0f:3a:44:ec:da:5d:b9:47:62:44:
                    7f:94:76:5e:c7:6e:20:70:c2:71:72:7f:4b:2b:9d:
                    65:f1:cd:ca:79:dd:d7:22:51:26:b7:a6:17:9f:08:
                    b7:d9:d2:51:58:4e:13:ea:26:58:52:38:a9:32:12:
                    fc:42:a0:87:b3:16:5c:ae:3b:dd:ca:5c:5a:bb:8b:
                    33:c9:58:51:bc:db:cc:a8:0e:51:67:51:e1:09:30:
                    0c:6c:4c:41:fe:ec:b8:a9:7a:e1:b6:8d:33:a8:6a:
                    f8:fe:72:e6:e4:76:ee:ba:d5:7f:4e:95:6d:2e:98:
                    a3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:FD:71:6B:64:01:FF:F5:4C:80:67:1A:69:90:B8:91:F2:EE:A6:82
            X509v3 Authority Key Identifier:
                keyid:1F:AF:CA:53:AC:54:E5:7E:52:C0:10:13:8A:21:27:94:C6:70:E0:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H6_KU6xU5X5SwBATiiEnlMZw4M0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/768e29-24c5-4fa7-9b36-c995d2ec9e94/1/g_1xa2QB__VMgGcaaZC4kfLupoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/768e29-24c5-4fa7-9b36-c995d2ec9e94/1/H6_KU6xU5X5SwBATiiEnlMZw4M0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.77.0/24
                  194.169.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:8e:e5:c5:ea:79:a5:79:17:b8:16:22:26:84:37:89:4d:50:
         80:36:44:01:8f:7e:fa:60:2b:67:5f:71:39:c5:b4:f7:71:23:
         5f:36:52:44:78:a6:e8:e5:7c:c5:9b:7e:42:bc:f1:dc:48:0e:
         b8:5c:32:5c:32:18:23:18:aa:aa:82:9e:10:8a:be:f4:a7:61:
         f6:b0:29:b3:40:80:07:a8:ce:46:c9:05:25:f5:5e:a9:26:4d:
         ab:8e:0f:3c:73:5b:1a:e3:51:4a:7d:a2:6a:d3:c6:86:4e:d0:
         4e:85:23:a0:05:80:d8:e6:13:a1:f5:54:58:88:a9:65:f0:ba:
         2e:d7:09:0c:ac:b5:3c:dc:04:71:69:3f:bf:1b:c4:c5:c6:2f:
         46:43:44:e3:c8:88:18:f7:95:05:03:97:ec:b2:43:85:74:89:
         57:32:87:5c:12:73:0e:d7:b8:cb:39:2d:06:69:b2:7c:63:72:
         ce:78:fa:45:dd:a8:88:5a:55:ec:40:f1:1e:22:8c:61:1e:a4:
         d2:76:9e:af:6c:97:90:21:e6:af:7e:f0:df:66:03:f8:5a:b5:
         4e:8f:a9:af:7f:35:cb:a1:fb:cc:fd:07:1f:2f:d4:9f:81:32:
         1c:0b:25:1b:d2:90:46:6c:14:e1:1b:a7:f2:d6:ff:90:b7:62:
         ab:09:0a:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlU9yCBX4YYHUobNZ8UPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYWZjYTUzYWM1NGU1N2U1MmMwMTAxMzhhMjEyNzk0YzY3
MGUwY2QwHhcNMjQwMTAyMDAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2ZkNzE2YjY0MDFmZmY1NGM4MDY3MWE2OTkwYjg5MWYyZWVhNjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorXXxspvqcEQQf/7hQ8kcFo51A2A
yei1noGwSAZiLp5hpn7hhUrjMLrKqtm/AiuaVKwHdoBLFWxfx7Qxh17DToIgUNs2
vu1uE75QRwYoUQxeD+xDdMTPMlTg0tgAzZUA25X9f2iiiaPNYKrJkgHYTu5pFA4H
iMqiWtUc2INVhu5hAGALx/twof1GlA86ROzaXblHYkR/lHZex24gcMJxcn9LK51l
8c3Ked3XIlEmt6YXnwi32dJRWE4T6iZYUjipMhL8QqCHsxZcrjvdylxau4szyVhR
vNvMqA5RZ1HhCTAMbExB/uy4qXrhto0zqGr4/nLm5HbuutV/TpVtLpijlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIP9cWtkAf/1TIBnGmmQuJHy7qaCMB8GA1UdIwQY
MBaAFB+vylOsVOV+UsAQE4ohJ5TGcODNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDZfS1U2eFU1WDVTd0JBVGlpRW5sTVp3NE0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83NjhlMjktMjRjNS00ZmE3LTliMzYt
Yzk5NWQyZWM5ZTk0LzEvZ18xeGEyUUJfX1ZNZ0djYWFaQzRrZkx1cG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83NjhlMjktMjRjNS00ZmE3LTliMzYtYzk5NWQyZWM5ZTk0
LzEvSDZfS1U2eFU1WDVTd0JBVGlpRW5sTVp3NE0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuetNAwQA
wql4MA0GCSqGSIb3DQEBCwUAA4IBAQAWjuXF6nmleRe4FiImhDeJTVCANkQBj376
YCtnX3E5xbT3cSNfNlJEeKbo5XzFm35CvPHcSA64XDJcMhgjGKqqgp4Qir70p2H2
sCmzQIAHqM5GyQUl9V6pJk2rjg88c1sa41FKfaJq08aGTtBOhSOgBYDY5hOh9VRY
iKll8Lou1wkMrLU83ARxaT+/G8TFxi9GQ0TjyIgY95UFA5fsskOFdIlXModcEnMO
17jLOS0GabJ8Y3LOePpF3aiIWlXsQPEeIoxhHqTSdp6vbJeQIeavfvDfZgP4WrVO
j6mvfzXLofvM/QcfL9SfgTIcCyUb0pBGbBThG6fy1v+Qt2KrCQpg
-----END CERTIFICATE-----