Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/985a27-0818-4ca5-a377-061f5cc6ad52/1/1-EQdwsPQHYFbzGpDV1f_d8CuhzA.roa
File:                     1-EQdwsPQHYFbzGpDV1f_d8CuhzA.roa (raw, json)
Hash identifier:          aA+9hjabnGgmA994XcQ9jdmH7coIaQC/pIAWchTDESs=
Subject key identifier:   F8:44:1D:C2:C3:D0:1D:81:5B:CC:6A:43:57:57:FF:77:C0:AE:87:30
Certificate issuer:       /CN=075bb41325fd605e20bafc2f065945439ec05fe0
Certificate serial:       018CC5001B9CAA5F149A0EBACE8DBD8D4535
Authority key identifier: 07:5B:B4:13:25:FD:60:5E:20:BA:FC:2F:06:59:45:43:9E:C0:5F:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B1u0EyX9YF4guvwvBllFQ57AX-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/985a27-0818-4ca5-a377-061f5cc6ad52/1/1-EQdwsPQHYFbzGpDV1f_d8CuhzA.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200852
IP address blocks:        212.46.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/985a27-0818-4ca5-a377-061f5cc6ad52/1/B1u0EyX9YF4guvwvBllFQ57AX-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/985a27-0818-4ca5-a377-061f5cc6ad52/1/B1u0EyX9YF4guvwvBllFQ57AX-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B1u0EyX9YF4guvwvBllFQ57AX-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1b:9c:aa:5f:14:9a:0e:ba:ce:8d:bd:8d:45:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=075bb41325fd605e20bafc2f065945439ec05fe0
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8441dc2c3d01d815bcc6a435757ff77c0ae8730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:19:d3:10:37:6e:71:12:25:f2:f3:90:62:03:
                    ee:01:1c:64:c3:ec:07:57:52:9a:3d:a4:88:8e:ac:
                    2d:85:e8:60:cb:ec:77:c3:d1:67:ac:48:42:71:e9:
                    c0:d5:e2:0c:2d:e1:b0:26:d0:f9:a5:4b:b2:36:f1:
                    c5:4d:61:3b:6f:35:c0:59:e3:7f:36:ed:c0:60:6e:
                    3f:24:32:84:0a:e5:12:09:dd:fd:86:84:38:55:83:
                    66:2d:43:0f:96:84:75:bd:79:3b:4a:88:a6:0b:a0:
                    ad:e4:bb:97:ad:29:0b:5c:b1:8b:7f:50:05:b3:38:
                    26:60:d7:11:30:56:21:69:3c:f6:1a:a6:08:ba:50:
                    0d:f2:45:b1:0d:a5:8d:b7:c8:fe:26:1b:62:6c:ae:
                    22:4c:7d:53:26:28:fe:e1:3e:77:35:45:d8:72:d1:
                    5e:ce:2b:5b:1b:f6:25:22:94:37:4c:ba:d8:10:57:
                    76:b8:b6:ee:27:7f:43:fd:bc:5f:81:bf:2e:55:d9:
                    16:d9:2c:ff:16:07:cf:e5:66:ca:db:13:71:3b:31:
                    a9:9c:1c:b8:17:6e:7f:95:49:62:42:f3:48:c9:3a:
                    cf:ea:47:2b:ab:2a:c5:d3:b3:c7:cc:f4:5d:36:a4:
                    25:df:9d:68:7a:be:b0:d5:98:62:88:4f:0c:be:bf:
                    89:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:44:1D:C2:C3:D0:1D:81:5B:CC:6A:43:57:57:FF:77:C0:AE:87:30
            X509v3 Authority Key Identifier:
                keyid:07:5B:B4:13:25:FD:60:5E:20:BA:FC:2F:06:59:45:43:9E:C0:5F:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B1u0EyX9YF4guvwvBllFQ57AX-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/985a27-0818-4ca5-a377-061f5cc6ad52/1/1-EQdwsPQHYFbzGpDV1f_d8CuhzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/985a27-0818-4ca5-a377-061f5cc6ad52/1/B1u0EyX9YF4guvwvBllFQ57AX-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a1:20:01:03:b3:ec:0a:21:fa:1f:26:ed:02:8f:76:9d:ee:
         aa:c0:3e:8e:1c:37:7b:80:3f:da:0d:a0:ed:be:f6:32:ae:26:
         07:56:0d:e5:2f:13:a9:ed:63:0f:08:ee:e1:bb:b3:94:53:83:
         25:14:2d:6a:c3:e0:65:79:14:11:c7:a4:93:dd:e0:11:b4:a6:
         e0:8a:f5:99:bd:c3:ca:7b:85:9e:40:3e:58:a8:17:ab:24:78:
         38:0e:0f:ae:42:b1:ea:27:d6:4d:e9:74:1e:46:fc:c1:41:9b:
         9b:26:1e:a4:f0:5c:76:83:8c:60:51:68:d4:96:bc:1f:f3:70:
         b0:5c:39:99:bb:b9:ae:94:a2:0c:bc:db:a1:e3:88:a2:b4:99:
         41:b3:70:fc:44:5f:1e:cf:92:0c:01:62:25:4c:0c:97:4f:cd:
         ff:68:ab:06:00:cc:c0:3d:6f:8f:a7:15:53:fd:3d:0b:0d:b1:
         88:5c:12:9b:50:fd:e3:a3:ef:b1:9d:ae:08:9a:f9:d5:8f:37:
         a7:62:57:75:6d:c8:78:91:b8:13:55:68:fc:ed:eb:31:25:fd:
         8e:4e:d9:f3:b9:a4:62:9d:58:8e:ef:27:ca:96:10:20:54:f0:
         fe:e1:97:6b:e9:b5:c6:98:5f:02:89:93:fe:ae:45:0d:04:e2:
         40:3c:5c:7e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFABucql8Umg66zo29jUU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NWJiNDEzMjVmZDYwNWUyMGJhZmMyZjA2NTk0NTQzOWVj
MDVmZTAwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODQ0MWRjMmMzZDAxZDgxNWJjYzZhNDM1NzU3ZmY3N2MwYWU4NzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBnTEDducRIl8vOQYgPuARxkw+wH
V1KaPaSIjqwthehgy+x3w9FnrEhCcenA1eIMLeGwJtD5pUuyNvHFTWE7bzXAWeN/
Nu3AYG4/JDKECuUSCd39hoQ4VYNmLUMPloR1vXk7SoimC6Ct5LuXrSkLXLGLf1AF
szgmYNcRMFYhaTz2GqYIulAN8kWxDaWNt8j+JhtibK4iTH1TJij+4T53NUXYctFe
zitbG/YlIpQ3TLrYEFd2uLbuJ39D/bxfgb8uVdkW2Sz/FgfP5WbK2xNxOzGpnBy4
F25/lUliQvNIyTrP6kcrqyrF07PHzPRdNqQl351oer6w1ZhiiE8Mvr+J3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhEHcLD0B2BW8xqQ1dX/3fArocwMB8GA1UdIwQY
MBaAFAdbtBMl/WBeILr8LwZZRUOewF/gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjF1MEV5WDlZRjRndXZ3dkJsbEZRNTdBWC1BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85ODVhMjctMDgxOC00Y2E1LWEzNzct
MDYxZjVjYzZhZDUyLzEvMS1FUWR3c1BRSFlGYnpHcERWMWZfZDhDdWh6QS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTgvOTg1YTI3LTA4MTgtNGNhNS1hMzc3LTA2MWY1Y2M2YWQ1
Mi8xL0IxdTBFeVg5WUY0Z3V2d3ZCbGxGUTU3QVgtQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQuPzAN
BgkqhkiG9w0BAQsFAAOCAQEAnKEgAQOz7Aoh+h8m7QKPdp3uqsA+jhw3e4A/2g2g
7b72Mq4mB1YN5S8Tqe1jDwju4buzlFODJRQtasPgZXkUEcekk93gEbSm4Ir1mb3D
ynuFnkA+WKgXqyR4OA4PrkKx6ifWTel0Hkb8wUGbmyYepPBcdoOMYFFo1Ja8H/Nw
sFw5mbu5rpSiDLzboeOIorSZQbNw/ERfHs+SDAFiJUwMl0/N/2irBgDMwD1vj6cV
U/09Cw2xiFwSm1D946PvsZ2uCJr51Y83p2JXdW3IeJG4E1Vo/O3rMSX9jk7Z87mk
Yp1Yju8nypYQIFTw/uGXa+m1xphfAomT/q5FDQTiQDxcfg==
-----END CERTIFICATE-----