Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/1-fTb7xYqbSrerJnmY1FvbkardEo.roa
File:                     1-fTb7xYqbSrerJnmY1FvbkardEo.roa (raw, json)
Hash identifier:          8S1AIGSvt/vb0TOnlLTlOVIv6jeqx8/YIetYz+cJ/yI=
Subject key identifier:   F9:F4:DB:EF:16:2A:6D:2A:DE:AC:99:E6:63:51:6F:6E:46:AB:74:4A
Certificate issuer:       /CN=4ab7dc03789f58621b25e8dd0d925dc91b4a5aa2
Certificate serial:       018CC64B3D10CFE190E4BF3E75FB22DDF06F
Authority key identifier: 4A:B7:DC:03:78:9F:58:62:1B:25:E8:DD:0D:92:5D:C9:1B:4A:5A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/1-fTb7xYqbSrerJnmY1FvbkardEo.roa
Signing time:             Mon 01 Jan 2024 18:31:08 +0000
ROA not before:           Mon 01 Jan 2024 18:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49409
IP address blocks:        95.141.80.0/20 maxlen: 24
                          185.134.124.0/22 maxlen: 24
                          2a02:f58::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:3d:10:cf:e1:90:e4:bf:3e:75:fb:22:dd:f0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ab7dc03789f58621b25e8dd0d925dc91b4a5aa2
        Validity
            Not Before: Jan  1 18:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f4dbef162a6d2adeac99e663516f6e46ab744a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cf:fc:73:e4:65:d0:6d:91:53:07:ce:df:1d:
                    48:ba:79:ea:22:f3:80:f3:be:ee:92:1a:34:da:05:
                    87:a3:6b:2a:d6:62:88:e6:c0:22:47:7e:41:0a:d3:
                    82:9b:d1:16:34:4c:6a:24:90:95:28:2e:95:81:43:
                    38:72:a2:0b:7b:e0:78:2b:2a:1e:c2:51:2f:53:be:
                    a3:0a:90:bf:18:b1:0c:d7:39:c9:11:32:7d:3f:37:
                    cb:b3:10:56:9b:76:82:86:0a:42:89:46:12:1a:80:
                    7a:74:f0:7a:d5:ed:af:93:f9:70:8f:4e:bd:e3:1f:
                    c9:d9:ce:ae:be:8e:4a:95:62:c4:be:15:de:7e:c9:
                    63:68:fb:51:9d:cf:ca:aa:bd:2f:89:3e:b1:39:22:
                    12:87:a8:0f:d4:de:e0:99:82:83:e0:2a:16:12:ef:
                    6e:c5:f4:6e:8e:ea:9a:51:46:d8:0a:88:f2:e1:73:
                    87:22:ad:cb:e6:fa:e9:c6:7d:ec:10:5d:71:cc:22:
                    58:e4:88:5f:b3:7e:79:7a:63:4e:f5:12:9d:21:52:
                    cc:43:e6:2d:33:de:6e:85:03:85:3e:17:a6:0a:dc:
                    b0:e9:5c:2a:cc:c1:9c:80:3c:a6:a0:02:45:63:d0:
                    fc:b6:54:de:c8:97:1d:e2:5b:f8:26:27:48:3b:cc:
                    c4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F4:DB:EF:16:2A:6D:2A:DE:AC:99:E6:63:51:6F:6E:46:AB:74:4A
            X509v3 Authority Key Identifier:
                keyid:4A:B7:DC:03:78:9F:58:62:1B:25:E8:DD:0D:92:5D:C9:1B:4A:5A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SrfcA3ifWGIbJejdDZJdyRtKWqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/1-fTb7xYqbSrerJnmY1FvbkardEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/8a59db-5ad8-4f3f-97c2-f38bcbd93390/1/SrfcA3ifWGIbJejdDZJdyRtKWqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.141.80.0/20
                  185.134.124.0/22
                IPv6:
                  2a02:f58::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:41:d9:f2:f0:6f:c7:fa:1d:ec:e3:39:11:13:2e:f2:84:77:
         fc:b9:39:43:1e:44:74:a4:a9:3a:f2:56:0d:9e:25:d0:c0:30:
         1f:e8:13:6d:47:ea:05:6c:45:b8:2c:b9:69:b3:27:e3:60:2b:
         ee:36:32:2f:76:00:24:e0:25:37:57:35:e7:47:5b:7a:e0:3f:
         a5:4b:84:d1:82:4d:30:26:ee:56:fd:e6:93:13:f1:3f:1b:db:
         be:39:0d:4b:e5:fc:16:dd:e5:f1:2c:cf:04:47:2f:e0:88:80:
         83:53:8e:d0:0d:7b:3f:44:c9:8f:b4:c7:70:97:1b:6b:87:94:
         54:6f:09:c1:dc:61:47:70:1f:2e:41:8a:75:69:fa:cb:44:14:
         65:97:2d:d6:3d:af:04:f3:26:58:07:c3:e6:18:dc:57:a2:21:
         c6:c6:b2:19:2a:08:32:27:f9:f9:22:44:d2:25:12:6c:61:b1:
         61:2d:3c:81:ce:04:1b:79:fe:7c:ad:34:92:c1:f1:45:87:0a:
         22:81:dd:84:35:59:1c:ec:b8:ec:e9:14:36:49:fb:c8:56:28:
         fc:e5:11:06:fb:1a:d4:63:4b:0d:97:7b:18:a0:d1:8f:21:cc:
         f8:4d:ff:04:1b:a6:e8:ab:45:93:87:40:0a:9b:c8:0e:c5:da:
         39:12:c7:d4
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzGSz0Qz+GQ5L8+dfsi3fBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYjdkYzAzNzg5ZjU4NjIxYjI1ZThkZDBkOTI1ZGM5MWI0
YTVhYTIwHhcNMjQwMTAxMTgzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWY0ZGJlZjE2MmE2ZDJhZGVhYzk5ZTY2MzUxNmY2ZTQ2YWI3NDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM/8c+Rl0G2RUwfO3x1IunnqIvOA
877ukho02gWHo2sq1mKI5sAiR35BCtOCm9EWNExqJJCVKC6VgUM4cqILe+B4Kyoe
wlEvU76jCpC/GLEM1znJETJ9PzfLsxBWm3aChgpCiUYSGoB6dPB61e2vk/lwj069
4x/J2c6uvo5KlWLEvhXefsljaPtRnc/Kqr0viT6xOSISh6gP1N7gmYKD4CoWEu9u
xfRujuqaUUbYCojy4XOHIq3L5vrpxn3sEF1xzCJY5Ihfs355emNO9RKdIVLMQ+Yt
M95uhQOFPhemCtyw6VwqzMGcgDymoAJFY9D8tlTeyJcd4lv4JidIO8zEXQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPn02+8WKm0q3qyZ5mNRb25Gq3RKMB8GA1UdIwQY
MBaAFEq33AN4n1hiGyXo3Q2SXckbSlqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3JmY0EzaWZXR0liSmVqZERaSmR5UnRLV3FJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84YTU5ZGItNWFkOC00ZjNmLTk3YzIt
ZjM4YmNiZDkzMzkwLzEvMS1mVGI3eFlxYlNyZXJKbm1ZMUZ2YmthcmRFby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvOGE1OWRiLTVhZDgtNGYzZi05N2MyLWYzOGJjYmQ5MzM5
MC8xL1NyZmNBM2lmV0dJYkplamREWkpkeVJ0S1dxSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBF+NUAME
ArmGfDANBAIAAjAHAwUDKgIPWDANBgkqhkiG9w0BAQsFAAOCAQEAgkHZ8vBvx/od
7OM5ERMu8oR3/Lk5Qx5EdKSpOvJWDZ4l0MAwH+gTbUfqBWxFuCy5abMn42Ar7jYy
L3YAJOAlN1c150dbeuA/pUuE0YJNMCbuVv3mkxPxPxvbvjkNS+X8Ft3l8SzPBEcv
4IiAg1OO0A17P0TJj7THcJcba4eUVG8JwdxhR3AfLkGKdWn6y0QUZZct1j2vBPMm
WAfD5hjcV6IhxsayGSoIMif5+SJE0iUSbGGxYS08gc4EG3n+fK00ksHxRYcKIoHd
hDVZHOy47OkUNkn7yFYo/OURBvsa1GNLDZd7GKDRjyHM+E3/BBum6KtFk4dACpvI
DsXaORLH1A==
-----END CERTIFICATE-----