Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/p6ijZZii-uwsG2Hnh8cqCO1BhuA.roa
File:                     p6ijZZii-uwsG2Hnh8cqCO1BhuA.roa (raw, json)
Hash identifier:          yQLpAW6USeqzz8S0s4jI6MUuagrQc1NEOFspgQSydGk=
Subject key identifier:   A7:A8:A3:65:98:A2:FA:EC:2C:1B:61:E7:87:C7:2A:08:ED:41:86:E0
Certificate issuer:       /CN=eb41956d12dcb982bed47a9fac4a7e48e7787c79
Certificate serial:       018CC49351DBB827B539F1BBEE81DDA7B72C
Authority key identifier: EB:41:95:6D:12:DC:B9:82:BE:D4:7A:9F:AC:4A:7E:48:E7:78:7C:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/60GVbRLcuYK-1HqfrEp-SOd4fHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/p6ijZZii-uwsG2Hnh8cqCO1BhuA.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198423
IP address blocks:        192.41.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/60GVbRLcuYK-1HqfrEp-SOd4fHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/60GVbRLcuYK-1HqfrEp-SOd4fHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/60GVbRLcuYK-1HqfrEp-SOd4fHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:51:db:b8:27:b5:39:f1:bb:ee:81:dd:a7:b7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb41956d12dcb982bed47a9fac4a7e48e7787c79
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7a8a36598a2faec2c1b61e787c72a08ed4186e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:37:01:26:62:80:7a:7a:32:a2:3c:d7:97:18:
                    2c:20:e2:46:04:0b:5a:fd:80:ba:e6:f8:6d:19:79:
                    ef:a5:5b:28:de:1c:06:24:05:91:2b:65:f4:96:fc:
                    45:4d:22:02:44:6e:51:88:ab:16:a9:b8:2a:43:0f:
                    55:68:1c:cf:8c:a0:4d:92:9a:e7:a2:86:aa:d1:82:
                    a3:11:96:23:bf:54:c7:ac:fb:44:43:e0:58:f3:ef:
                    97:95:0a:c2:bf:cc:6b:0a:a9:b5:2b:d3:88:38:ea:
                    9c:ab:fe:14:d9:8f:d1:7a:95:92:3c:bd:48:8a:37:
                    e0:ba:1b:fb:f5:c3:df:00:5c:53:e7:7c:78:8c:05:
                    ec:7c:56:6c:0b:d4:d0:6f:59:dc:75:f1:ab:39:a1:
                    31:bb:dc:1b:30:cd:84:33:f3:99:da:9f:1a:21:d0:
                    ae:a5:75:ea:40:0a:f3:55:1a:de:b4:df:c3:30:05:
                    3f:fb:7c:2f:4f:7f:ad:3c:c2:1b:1c:ba:e2:4d:2f:
                    02:c9:0a:de:ef:e0:b4:fb:33:2b:68:3a:e9:3b:f4:
                    a5:b2:4e:72:db:ab:5c:b7:95:ac:65:b1:6b:fc:89:
                    6a:a2:5e:fc:f8:2b:7d:6f:7f:1c:3d:d1:a2:d9:16:
                    36:69:30:2f:89:22:ed:ca:6c:22:19:40:3c:83:3b:
                    37:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A8:A3:65:98:A2:FA:EC:2C:1B:61:E7:87:C7:2A:08:ED:41:86:E0
            X509v3 Authority Key Identifier:
                keyid:EB:41:95:6D:12:DC:B9:82:BE:D4:7A:9F:AC:4A:7E:48:E7:78:7C:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/60GVbRLcuYK-1HqfrEp-SOd4fHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/p6ijZZii-uwsG2Hnh8cqCO1BhuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/60GVbRLcuYK-1HqfrEp-SOd4fHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.41.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:42:79:c5:8c:1c:30:f3:58:18:57:63:f1:bb:3f:cf:ce:b1:
         e5:7d:99:d4:b4:a7:b9:11:93:4a:89:9b:d2:f3:40:c1:17:a9:
         06:99:1f:a9:4f:58:82:43:d3:e9:12:d7:2f:50:66:6c:d6:2b:
         ca:db:75:47:60:ac:c5:ac:84:17:01:d6:a2:31:9f:2c:0d:f6:
         08:fb:6f:1e:dc:c9:65:7d:d2:b5:e6:26:18:a6:0c:49:df:a3:
         f2:d2:0a:12:d9:4b:e4:8a:af:f4:7b:5f:34:f8:e8:87:c7:de:
         51:43:c8:4c:74:0d:9b:42:df:6d:b2:b2:19:39:15:72:10:b4:
         75:ed:81:3c:23:ae:fb:c4:b3:4f:4c:53:cf:8c:a7:01:2a:6f:
         42:63:b0:f8:12:b3:86:19:1b:dd:fe:8b:79:06:f4:36:a1:74:
         71:46:5a:1c:59:23:21:2b:85:52:7d:c6:cb:7d:6e:56:ec:dc:
         77:ee:e5:44:08:01:d5:b0:20:e9:fd:2b:d5:d0:7f:bd:b7:b4:
         71:63:c8:9d:11:8f:6f:ad:a9:72:21:80:49:eb:ae:df:46:eb:
         31:73:73:97:78:ba:3b:1d:c3:e7:89:86:61:e8:8b:ca:33:71:
         4f:e5:4a:bf:41:2f:65:61:56:e0:08:3d:f8:11:32:cc:8c:a1:
         cf:7f:d2:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1HbuCe1OfG77oHdp7csMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNDE5NTZkMTJkY2I5ODJiZWQ0N2E5ZmFjNGE3ZTQ4ZTc3
ODdjNzkwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2E4YTM2NTk4YTJmYWVjMmMxYjYxZTc4N2M3MmEwOGVkNDE4NmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDcBJmKAenoyojzXlxgsIOJGBAta
/YC65vhtGXnvpVso3hwGJAWRK2X0lvxFTSICRG5RiKsWqbgqQw9VaBzPjKBNkprn
ooaq0YKjEZYjv1THrPtEQ+BY8++XlQrCv8xrCqm1K9OIOOqcq/4U2Y/RepWSPL1I
ijfguhv79cPfAFxT53x4jAXsfFZsC9TQb1ncdfGrOaExu9wbMM2EM/OZ2p8aIdCu
pXXqQArzVRretN/DMAU/+3wvT3+tPMIbHLriTS8CyQre7+C0+zMraDrpO/Slsk5y
26tct5WsZbFr/Ilqol78+Ct9b38cPdGi2RY2aTAviSLtymwiGUA8gzs3XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKeoo2WYovrsLBth54fHKgjtQYbgMB8GA1UdIwQY
MBaAFOtBlW0S3LmCvtR6n6xKfkjneHx5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjBHVmJSTGN1WUstMUhxZnJFcC1TT2Q0ZkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81ZDNmMWMtY2ZmNS00YjJiLTllNDYt
Njc4NDdjNzZjYjc2LzEvcDZpalpaaWktdXdzRzJIbmg4Y3FDTzFCaHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81ZDNmMWMtY2ZmNS00YjJiLTllNDYtNjc4NDdjNzZjYjc2
LzEvNjBHVmJSTGN1WUstMUhxZnJFcC1TT2Q0ZkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCnYMA0G
CSqGSIb3DQEBCwUAA4IBAQBnQnnFjBww81gYV2Pxuz/PzrHlfZnUtKe5EZNKiZvS
80DBF6kGmR+pT1iCQ9PpEtcvUGZs1ivK23VHYKzFrIQXAdaiMZ8sDfYI+28e3Mll
fdK15iYYpgxJ36Py0goS2Uvkiq/0e180+OiHx95RQ8hMdA2bQt9tsrIZORVyELR1
7YE8I677xLNPTFPPjKcBKm9CY7D4ErOGGRvd/ot5BvQ2oXRxRlocWSMhK4VSfcbL
fW5W7Nx37uVECAHVsCDp/SvV0H+9t7RxY8idEY9vralyIYBJ667fRusxc3OXeLo7
HcPniYZh6IvKM3FP5Uq/QS9lYVbgCD34ETLMjKHPf9LX
-----END CERTIFICATE-----