Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1nQcaAEXR1uGpqMa80L0YA_1Zhs.roa
File:                     1nQcaAEXR1uGpqMa80L0YA_1Zhs.roa (raw, json)
Hash identifier:          8MLUHzdqAIyhrtRowyQwZSr0Dw3eH2QJ80w/WyeDiRA=
Subject key identifier:   D6:74:1C:68:01:17:47:5B:86:A6:A3:1A:F3:42:F4:60:0F:F5:66:1B
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC7942738385854EC9FDDA752B7050AEF
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1nQcaAEXR1uGpqMa80L0YA_1Zhs.roa
Signing time:             Tue 02 Jan 2024 00:30:24 +0000
ROA not before:           Tue 02 Jan 2024 00:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205686
IP address blocks:        213.190.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:27:38:38:58:54:ec:9f:dd:a7:52:b7:05:0a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6741c680117475b86a6a31af342f4600ff5661b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ca:84:06:70:38:4b:2d:51:e9:af:61:62:59:
                    d6:e2:5e:1e:e0:7d:3b:e2:71:9c:ec:dc:e2:1f:a9:
                    d6:02:a5:b1:d6:b5:07:63:3a:cf:56:88:ab:b3:b2:
                    8d:68:19:92:bb:b0:1f:fc:53:e0:8f:37:cf:c0:fa:
                    52:12:54:a2:ea:81:94:66:a7:0a:21:8a:d1:d2:28:
                    4d:36:52:4a:86:38:60:4f:bc:3e:0f:9e:e7:76:0b:
                    06:bd:a4:0c:82:26:6e:61:3c:17:1e:e0:5c:4c:a2:
                    94:66:b2:60:43:70:16:54:05:1f:01:1a:d0:e4:23:
                    db:94:1e:cf:0e:68:d6:d2:fb:b4:96:64:68:8b:6b:
                    81:8e:82:93:0c:22:a3:c9:14:27:fa:43:91:9b:e1:
                    94:ef:25:ca:61:1d:4a:c5:04:db:9f:1a:84:af:b1:
                    51:dd:e5:05:f5:08:7d:2b:eb:b3:d7:58:e6:d8:77:
                    ac:ae:5a:0f:a9:fe:ce:ab:88:d7:75:d5:27:17:46:
                    83:60:ac:55:77:63:e3:e7:75:30:38:6b:53:9b:b0:
                    6b:66:96:11:9b:61:22:ff:a2:60:0f:e4:01:c9:9f:
                    f4:b8:bb:ed:d9:14:ee:1f:b1:cb:88:8e:14:17:0e:
                    11:33:6d:58:c2:06:df:2b:04:45:4b:bc:f2:6e:b9:
                    36:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:74:1C:68:01:17:47:5B:86:A6:A3:1A:F3:42:F4:60:0F:F5:66:1B
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1nQcaAEXR1uGpqMa80L0YA_1Zhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:c0:b5:bd:90:22:07:c4:a2:dc:d0:23:a4:69:88:78:9d:32:
         fa:87:55:80:03:d9:f1:6c:23:90:45:81:2a:21:9a:af:e2:95:
         ea:e6:26:dc:f7:3f:7e:0f:65:7e:2e:a8:f3:01:0d:82:cf:0e:
         b7:64:fb:5d:d5:58:03:a0:e4:ed:f4:44:84:80:9a:78:d7:7a:
         51:7a:e4:22:fd:34:60:b5:9d:56:e1:ff:2e:ae:35:e8:0f:2e:
         b0:41:3c:f3:2b:9a:c9:9e:a6:65:db:c3:87:c5:f5:df:99:b6:
         52:ca:e6:c5:7f:4e:24:11:67:82:85:a0:c6:68:e3:34:cc:2e:
         86:73:70:a2:6c:f7:9b:7f:37:ed:54:9f:02:7b:87:c4:79:09:
         40:71:86:8e:5e:9a:3e:a0:49:6b:e0:1f:ce:af:b7:41:4a:82:
         40:44:7b:43:38:4b:2f:be:47:97:65:80:2b:28:80:50:42:38:
         f4:78:d9:e2:da:b0:8f:93:df:09:9a:56:e5:9c:bd:74:02:37:
         08:ac:50:2f:8f:1e:fa:c2:89:5a:7a:a7:f4:a9:24:31:62:22:
         05:21:68:67:2b:5b:43:d5:a6:f6:f6:eb:9b:07:70:0f:fd:c6:
         5e:a8:03:ce:c0:6c:c3:5f:47:ce:16:05:b6:eb:b8:f8:9f:89:
         c9:fd:0c:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlCc4OFhU7J/dp1K3BQrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjc0MWM2ODAxMTc0NzViODZhNmEzMWFmMzQyZjQ2MDBmZjU2NjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8qEBnA4Sy1R6a9hYlnW4l4e4H07
4nGc7NziH6nWAqWx1rUHYzrPVoirs7KNaBmSu7Af/FPgjzfPwPpSElSi6oGUZqcK
IYrR0ihNNlJKhjhgT7w+D57ndgsGvaQMgiZuYTwXHuBcTKKUZrJgQ3AWVAUfARrQ
5CPblB7PDmjW0vu0lmRoi2uBjoKTDCKjyRQn+kORm+GU7yXKYR1KxQTbnxqEr7FR
3eUF9Qh9K+uz11jm2HesrloPqf7Oq4jXddUnF0aDYKxVd2Pj53UwOGtTm7BrZpYR
m2Ei/6JgD+QByZ/0uLvt2RTuH7HLiI4UFw4RM21YwgbfKwRFS7zybrk28wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNZ0HGgBF0dbhqajGvNC9GAP9WYbMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xLzFuUWNhQUVYUjF1R3BxTWE4MEwwWUFfMVpocy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVviIw
DQYJKoZIhvcNAQELBQADggEBABzAtb2QIgfEotzQI6RpiHidMvqHVYAD2fFsI5BF
gSohmq/ilermJtz3P34PZX4uqPMBDYLPDrdk+13VWAOg5O30RISAmnjXelF65CL9
NGC1nVbh/y6uNegPLrBBPPMrmsmepmXbw4fF9d+ZtlLK5sV/TiQRZ4KFoMZo4zTM
LoZzcKJs95t/N+1UnwJ7h8R5CUBxho5emj6gSWvgH86vt0FKgkBEe0M4Sy++R5dl
gCsogFBCOPR42eLasI+T3wmaVuWcvXQCNwisUC+PHvrCiVp6p/SpJDFiIgUhaGcr
W0PVpvb265sHcA/9xl6oA87AbMNfR84WBbbruPificn9DKQ=
-----END CERTIFICATE-----