Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/1tJ6tx_OhaNeQcvWEkIQFm9ybbw.roa
File:                     1tJ6tx_OhaNeQcvWEkIQFm9ybbw.roa (raw, json)
Hash identifier:          E7rCT+8Zdc0u0F9rqJQY+NedDT+3a4FxS56pBuDRAgU=
Subject key identifier:   D6:D2:7A:B7:1F:CE:85:A3:5E:41:CB:D6:12:42:10:16:6F:72:6D:BC
Certificate issuer:       /CN=fff37e6144be7f5dd93adb9babd83d48d51894fd
Certificate serial:       018CC3B6F1514B98DB134E666E220F79216B
Authority key identifier: FF:F3:7E:61:44:BE:7F:5D:D9:3A:DB:9B:AB:D8:3D:48:D5:18:94:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/__N-YUS-f13ZOtubq9g9SNUYlP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/1tJ6tx_OhaNeQcvWEkIQFm9ybbw.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44621
IP address blocks:        213.168.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/__N-YUS-f13ZOtubq9g9SNUYlP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/__N-YUS-f13ZOtubq9g9SNUYlP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/__N-YUS-f13ZOtubq9g9SNUYlP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f1:51:4b:98:db:13:4e:66:6e:22:0f:79:21:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fff37e6144be7f5dd93adb9babd83d48d51894fd
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d27ab71fce85a35e41cbd6124210166f726dbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:53:14:e5:8b:a4:99:d3:20:72:e1:29:fb:84:
                    44:b4:46:3a:1b:7b:d1:73:bf:8b:90:42:2f:d6:22:
                    53:61:81:5c:fc:67:ef:17:e0:62:2c:ca:11:fa:a4:
                    ee:b7:cc:2b:91:c6:61:0a:b3:be:5b:9d:f4:f4:2b:
                    75:45:61:d8:f8:b9:fa:b3:62:e0:33:d5:38:f7:d4:
                    a2:65:3e:8b:1f:ed:f5:cd:a2:a4:2a:64:1b:a1:d1:
                    d4:6c:97:10:ce:24:3f:2e:a2:cd:11:3f:18:90:26:
                    03:89:ae:c8:15:9a:2d:09:6e:54:5f:d9:09:08:05:
                    45:69:94:7b:0a:4c:b4:2b:cd:cb:b1:44:cc:15:e2:
                    31:2d:9b:3c:39:51:0e:86:85:7f:be:b5:2b:9a:5a:
                    bd:a7:39:1c:68:32:6d:86:80:9f:af:d4:e2:c4:c1:
                    8e:b5:41:7c:ab:7f:d1:1e:b2:b2:9f:05:ea:d3:87:
                    d8:d1:ef:67:5a:09:23:69:36:f0:36:f7:aa:fb:0c:
                    fd:8e:6c:e6:2c:cb:f0:8f:4c:d2:96:41:74:0a:ad:
                    1a:a3:5d:04:e2:f3:fb:07:f7:9c:a9:79:e2:b6:a7:
                    1e:db:fd:7a:f1:6f:80:e4:00:2e:7a:1d:c3:a5:5a:
                    8a:79:b7:79:c0:0f:13:98:aa:01:dd:c7:72:14:a3:
                    3c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D2:7A:B7:1F:CE:85:A3:5E:41:CB:D6:12:42:10:16:6F:72:6D:BC
            X509v3 Authority Key Identifier:
                keyid:FF:F3:7E:61:44:BE:7F:5D:D9:3A:DB:9B:AB:D8:3D:48:D5:18:94:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/__N-YUS-f13ZOtubq9g9SNUYlP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/1tJ6tx_OhaNeQcvWEkIQFm9ybbw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/__N-YUS-f13ZOtubq9g9SNUYlP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.168.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:54:5c:e1:7b:2a:55:cb:da:52:f6:7a:e4:29:ba:c7:2d:8b:
         43:c8:6d:df:d0:11:35:52:f8:30:26:12:9d:7a:e3:82:22:cb:
         b3:30:09:25:99:76:39:bf:6e:d8:1b:2a:0b:9a:5f:b4:f9:01:
         1a:73:61:e9:49:d1:78:8e:41:d3:1c:af:3e:f0:6d:0f:f0:d9:
         87:18:76:02:df:9b:74:1b:f7:07:3f:c0:b8:92:08:5d:29:f2:
         de:87:83:26:d1:84:7a:cf:96:67:3d:0c:82:ab:92:c6:09:bd:
         43:e7:4d:6e:41:ff:e8:f3:7b:94:3e:55:43:08:63:fe:47:6d:
         23:22:33:68:6d:10:e4:66:ba:cf:3b:57:f1:ce:a0:ae:c9:47:
         68:ac:24:cc:42:bd:9b:b4:21:68:12:6c:87:8c:1f:7b:46:4d:
         d6:ca:bf:33:04:28:89:d4:1b:95:dc:7b:bf:94:2b:19:b8:d1:
         91:cc:a2:1a:8b:57:ac:46:ff:d6:d5:3b:c5:fd:d0:72:d8:35:
         4e:79:0c:8c:74:89:01:41:6f:31:a3:62:5d:76:f9:95:83:29:
         f0:d7:e4:a7:85:e2:20:42:64:fb:34:2e:b7:32:be:1f:41:8d:
         f2:d4:c1:46:6f:5e:a7:ca:94:3b:c8:ef:73:ff:74:aa:ce:8c:
         bf:ed:c5:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvFRS5jbE05mbiIPeSFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZjM3ZTYxNDRiZTdmNWRkOTNhZGI5YmFiZDgzZDQ4ZDUx
ODk0ZmQwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQyN2FiNzFmY2U4NWEzNWU0MWNiZDYxMjQyMTAxNjZmNzI2ZGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1MU5YukmdMgcuEp+4REtEY6G3vR
c7+LkEIv1iJTYYFc/GfvF+BiLMoR+qTut8wrkcZhCrO+W5309Ct1RWHY+Ln6s2Lg
M9U499SiZT6LH+31zaKkKmQbodHUbJcQziQ/LqLNET8YkCYDia7IFZotCW5UX9kJ
CAVFaZR7Cky0K83LsUTMFeIxLZs8OVEOhoV/vrUrmlq9pzkcaDJthoCfr9TixMGO
tUF8q3/RHrKynwXq04fY0e9nWgkjaTbwNveq+wz9jmzmLMvwj0zSlkF0Cq0ao10E
4vP7B/ecqXnitqce2/168W+A5AAueh3DpVqKebd5wA8TmKoB3cdyFKM86wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbSercfzoWjXkHL1hJCEBZvcm28MB8GA1UdIwQY
MBaAFP/zfmFEvn9d2Trbm6vYPUjVGJT9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX19OLVlVUy1mMTNaT3R1YnE5ZzlTTlVZbFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmZlMGYtYmNjOS00MmJjLTkyMjYt
MGJjZTgwZDRkZmY5LzEvMXRKNnR4X09oYU5lUWN2V0VrSVFGbTl5YmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmZlMGYtYmNjOS00MmJjLTkyMjYtMGJjZTgwZDRkZmY5
LzEvX19OLVlVUy1mMTNaT3R1YnE5ZzlTTlVZbFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aieMA0G
CSqGSIb3DQEBCwUAA4IBAQCpVFzheypVy9pS9nrkKbrHLYtDyG3f0BE1UvgwJhKd
euOCIsuzMAklmXY5v27YGyoLml+0+QEac2HpSdF4jkHTHK8+8G0P8NmHGHYC35t0
G/cHP8C4kghdKfLeh4Mm0YR6z5ZnPQyCq5LGCb1D501uQf/o83uUPlVDCGP+R20j
IjNobRDkZrrPO1fxzqCuyUdorCTMQr2btCFoEmyHjB97Rk3Wyr8zBCiJ1BuV3Hu/
lCsZuNGRzKIai1esRv/W1TvF/dBy2DVOeQyMdIkBQW8xo2JddvmVgynw1+SnheIg
QmT7NC63Mr4fQY3y1MFGb16nypQ7yO9z/3Sqzoy/7cU3
-----END CERTIFICATE-----