Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1-DKHVWPI9dCfWjVm_mAVVvlCYPI.roa
File:                     1-DKHVWPI9dCfWjVm_mAVVvlCYPI.roa (raw, json)
Hash identifier:          GBXLkCyGB567Xk0dLIFdpIezzlFRzs/0SGSf6/oUPtg=
Subject key identifier:   F8:32:87:55:63:C8:F5:D0:9F:5A:35:66:FE:60:15:56:F9:42:60:F2
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B7EA60294A3B7B151952F5A8D0050
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1-DKHVWPI9dCfWjVm_mAVVvlCYPI.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13086
IP address blocks:        213.216.64.0/18 maxlen: 18
                          213.186.64.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7e:a6:02:94:a3:b7:b1:51:95:2f:5a:8d:00:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f832875563c8f5d09f5a3566fe601556f94260f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:44:c3:39:99:13:68:b5:92:fa:16:6a:eb:da:
                    13:12:35:ed:4f:89:77:87:26:d9:eb:91:68:5d:d0:
                    dd:fe:b5:1c:6f:89:12:09:a4:7f:30:ba:ce:e8:8a:
                    0c:1e:cd:43:d3:4b:d7:3e:49:1c:b5:bd:bf:18:78:
                    ff:2b:54:3e:55:49:e3:ec:d1:6d:df:5e:fe:25:3f:
                    6c:10:f6:10:5f:71:1b:59:36:f8:49:62:eb:4f:16:
                    60:15:f0:b7:c2:6a:fb:15:3d:3e:b9:2e:b5:7c:6a:
                    de:f5:02:9c:01:4d:91:ad:1a:83:f0:a2:2a:00:a0:
                    68:db:a6:ea:6e:97:63:29:2b:a0:80:f1:ea:f5:14:
                    9f:aa:ac:3b:ff:ae:68:ae:46:0c:19:e9:b7:15:70:
                    11:e4:26:da:b1:27:6d:39:11:31:95:4a:a4:c5:e5:
                    74:61:13:9d:0d:53:bc:b7:ee:b7:c2:2b:c4:41:88:
                    7a:d1:05:be:b0:a0:e2:ae:da:77:8b:87:a1:dd:e0:
                    35:bc:62:2a:e7:7d:ec:5a:e6:c4:91:10:9d:0a:c3:
                    ae:9a:4a:69:b4:77:bd:4e:d6:db:08:a7:78:99:d1:
                    e1:bf:ef:f2:f5:37:df:eb:b9:15:70:51:0e:ab:e4:
                    0c:78:d2:ef:bb:bf:3b:77:aa:3e:2f:d3:62:81:0e:
                    34:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:32:87:55:63:C8:F5:D0:9F:5A:35:66:FE:60:15:56:F9:42:60:F2
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1-DKHVWPI9dCfWjVm_mAVVvlCYPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.186.64.0/19
                  213.216.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6d:ee:2d:92:9c:65:7d:d8:25:fe:ba:90:79:ae:87:49:e4:58:
         24:01:2e:0b:73:03:ef:ae:a0:51:1d:c0:de:07:25:61:c9:16:
         9d:44:68:d5:65:f1:c4:84:4c:91:a4:be:af:65:74:0b:60:de:
         e4:09:b6:81:25:eb:7e:b0:eb:33:7d:72:be:64:7b:71:aa:9d:
         d6:a3:2b:a7:9f:34:59:15:40:a9:86:f4:23:07:74:8f:71:d1:
         89:d5:1b:fe:76:97:cc:bb:37:32:8a:a3:f2:1d:57:9b:d3:83:
         e4:2e:6e:ec:df:17:eb:29:39:7c:55:09:16:92:01:41:27:01:
         1f:62:df:c3:f3:d5:63:0d:c0:5d:13:ba:e6:f6:00:6d:f4:43:
         42:d8:9f:0f:6f:39:28:4c:97:70:ed:b1:58:af:39:06:ff:d7:
         df:9a:66:e1:11:b2:0a:78:5d:77:c2:58:e6:a7:11:c4:41:a2:
         e0:e1:aa:f1:7f:b4:88:16:ee:c9:ab:b8:8b:09:0a:68:11:84:
         ca:22:64:f8:03:30:83:54:90:a6:f7:1e:dd:8c:d6:28:9e:dd:
         6b:ec:bc:61:5f:d4:54:b0:e7:bd:20:4b:9c:c1:6e:ba:cd:56:
         85:8b:3c:c6:29:2b:fa:4b:c7:f5:f8:99:e7:10:64:73:fa:b6:
         25:35:1a:1f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzGS36mApSjt7FRlS9ajQBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODMyODc1NTYzYzhmNWQwOWY1YTM1NjZmZTYwMTU1NmY5NDI2MGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqETDOZkTaLWS+hZq69oTEjXtT4l3
hybZ65FoXdDd/rUcb4kSCaR/MLrO6IoMHs1D00vXPkkctb2/GHj/K1Q+VUnj7NFt
317+JT9sEPYQX3EbWTb4SWLrTxZgFfC3wmr7FT0+uS61fGre9QKcAU2RrRqD8KIq
AKBo26bqbpdjKSuggPHq9RSfqqw7/65orkYMGem3FXAR5CbasSdtORExlUqkxeV0
YROdDVO8t+63wivEQYh60QW+sKDirtp3i4eh3eA1vGIq533sWubEkRCdCsOumkpp
tHe9TtbbCKd4mdHhv+/y9Tff67kVcFEOq+QMeNLvu787d6o+L9NigQ40iQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPgyh1VjyPXQn1o1Zv5gFVb5QmDyMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvMS1ES0hWV1BJOWRDZldqVm1fbUFWVnZsQ1lQSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDcvNzg4ODAzLWJlMTItNDMzZi1hOGQwLTAyNGIxNjU1YzI0
Ny8xL3VaVkVtWmR5ZUtkVmNMTkFQMDA2b0FzYk51Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBdW6QAME
BtXYQDANBgkqhkiG9w0BAQsFAAOCAQEAbe4tkpxlfdgl/rqQea6HSeRYJAEuC3MD
766gUR3A3gclYckWnURo1WXxxIRMkaS+r2V0C2De5Am2gSXrfrDrM31yvmR7caqd
1qMrp580WRVAqYb0Iwd0j3HRidUb/naXzLs3Moqj8h1Xm9OD5C5u7N8X6yk5fFUJ
FpIBQScBH2Lfw/PVYw3AXRO65vYAbfRDQtifD285KEyXcO2xWK85Bv/X35pm4RGy
Cnhdd8JY5qcRxEGi4OGq8X+0iBbuyau4iwkKaBGEyiJk+AMwg1SQpvce3YzWKJ7d
a+y8YV/UVLDnvSBLnMFuus1WhYs8xikr+kvH9fiZ5xBkc/q2JTUaHw==
-----END CERTIFICATE-----