Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/706f54-87a5-45e7-bf22-8a6b547666aa/1/A1gVBoQEf9ARL7vk3gzG4ADa4GU.roa
File:                     A1gVBoQEf9ARL7vk3gzG4ADa4GU.roa (raw, json)
Hash identifier:          duw42kHvZrso9WlebLSO/KjBXcvb5lvEt2kIeEPBbtA=
Subject key identifier:   03:58:15:06:84:04:7F:D0:11:2F:BB:E4:DE:0C:C6:E0:00:DA:E0:65
Certificate issuer:       /CN=fb3646fba69045ede5ef8e5c39a2fc17f9f0d2dc
Certificate serial:       018CC493838255227FBE264B9C61AA862B5A
Authority key identifier: FB:36:46:FB:A6:90:45:ED:E5:EF:8E:5C:39:A2:FC:17:F9:F0:D2:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zZG-6aQRe3l745cOaL8F_nw0tw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/706f54-87a5-45e7-bf22-8a6b547666aa/1/A1gVBoQEf9ARL7vk3gzG4ADa4GU.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50921
IP address blocks:        195.170.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/706f54-87a5-45e7-bf22-8a6b547666aa/1/1-zZG-6aQRe3l745cOaL8F_nw0tw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/706f54-87a5-45e7-bf22-8a6b547666aa/1/1-zZG-6aQRe3l745cOaL8F_nw0tw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-zZG-6aQRe3l745cOaL8F_nw0tw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:83:82:55:22:7f:be:26:4b:9c:61:aa:86:2b:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb3646fba69045ede5ef8e5c39a2fc17f9f0d2dc
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0358150684047fd0112fbbe4de0cc6e000dae065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:99:58:02:f0:03:19:c2:2c:44:2f:78:a9:ac:
                    26:e3:ef:8f:da:c3:39:67:00:db:ef:88:df:b6:cb:
                    47:a0:18:ff:3e:f8:71:d1:1f:e2:df:b4:0c:3f:d5:
                    49:18:86:98:17:54:74:81:ff:70:8b:2b:de:4e:f4:
                    13:91:cb:f7:26:02:2e:5f:45:64:41:3b:21:62:4f:
                    96:ff:48:b0:d1:b2:fe:2b:23:6c:25:e2:3a:b0:d2:
                    c7:6c:fe:f0:02:4a:1a:c4:7e:b6:2d:30:29:99:68:
                    53:98:5d:78:29:b5:5d:2d:a1:9a:7c:04:2f:5b:5f:
                    3e:e2:17:ab:04:dc:5d:22:61:fa:2d:82:90:88:83:
                    e5:1f:5a:10:02:22:6b:d9:24:4d:54:e8:f7:9a:0f:
                    1e:14:a4:76:9a:22:03:1c:00:35:25:28:52:56:db:
                    a0:b8:df:ff:31:5d:4c:38:4c:24:83:0a:d3:ae:0f:
                    d3:3c:ee:bf:1a:68:ce:e7:98:be:d3:0d:30:2f:16:
                    6c:d1:cd:c6:58:ab:db:19:81:0e:da:f3:02:4b:1f:
                    61:c7:c4:08:37:5e:89:56:f2:6e:87:2d:53:d6:76:
                    e8:56:6f:dc:c4:27:37:68:b0:54:55:ab:e0:4c:6f:
                    40:93:9a:28:56:23:d9:b0:ba:c9:7d:1c:7f:a1:41:
                    21:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:58:15:06:84:04:7F:D0:11:2F:BB:E4:DE:0C:C6:E0:00:DA:E0:65
            X509v3 Authority Key Identifier:
                keyid:FB:36:46:FB:A6:90:45:ED:E5:EF:8E:5C:39:A2:FC:17:F9:F0:D2:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zZG-6aQRe3l745cOaL8F_nw0tw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/706f54-87a5-45e7-bf22-8a6b547666aa/1/A1gVBoQEf9ARL7vk3gzG4ADa4GU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/706f54-87a5-45e7-bf22-8a6b547666aa/1/1-zZG-6aQRe3l745cOaL8F_nw0tw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d1:1a:aa:11:13:de:2b:ac:5c:b5:93:82:e8:3f:17:69:80:
         ca:6c:e7:58:f6:79:da:a1:d2:51:9e:00:1e:16:f7:14:34:09:
         a4:e1:0f:94:bc:74:17:32:16:83:3e:64:59:a6:32:21:99:e1:
         d8:83:aa:3d:c0:eb:14:d4:a5:d5:e0:f3:66:3e:57:5d:8b:d5:
         78:67:5d:b6:61:f9:dd:8c:d6:23:43:9c:a7:d2:7c:9c:32:ac:
         81:ca:62:80:22:ab:08:c8:8a:0d:54:85:70:24:f2:9c:03:dd:
         49:32:1a:cf:77:42:5d:f0:52:92:9e:87:a8:40:a7:0f:f5:f9:
         e7:fd:25:eb:7e:cd:27:a0:79:5e:6e:ce:0d:86:a4:69:53:c1:
         e3:28:1c:a1:71:7b:96:2f:36:c1:d4:bf:b0:30:d7:4b:f9:68:
         21:2c:92:98:9b:20:99:d1:56:a6:76:32:88:1a:fd:d2:1d:54:
         aa:e2:f4:4b:a2:00:df:92:eb:10:ed:63:9c:3a:ec:f5:66:be:
         04:3e:ac:6b:ac:a1:ab:04:67:bd:d7:55:4f:c9:45:a2:94:18:
         c9:b0:3d:a6:f8:3c:7b:f9:a1:ee:98:f6:1e:59:02:8e:9c:99:
         a3:63:b3:f1:f2:b3:1a:08:41:87:aa:f2:90:12:c3:ce:15:a5:
         90:c5:d1:f9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEk4OCVSJ/viZLnGGqhitaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzY0NmZiYTY5MDQ1ZWRlNWVmOGU1YzM5YTJmYzE3Zjlm
MGQyZGMwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU4MTUwNjg0MDQ3ZmQwMTEyZmJiZTRkZTBjYzZlMDAwZGFlMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5lYAvADGcIsRC94qawm4++P2sM5
ZwDb74jftstHoBj/Pvhx0R/i37QMP9VJGIaYF1R0gf9wiyveTvQTkcv3JgIuX0Vk
QTshYk+W/0iw0bL+KyNsJeI6sNLHbP7wAkoaxH62LTApmWhTmF14KbVdLaGafAQv
W18+4herBNxdImH6LYKQiIPlH1oQAiJr2SRNVOj3mg8eFKR2miIDHAA1JShSVtug
uN//MV1MOEwkgwrTrg/TPO6/GmjO55i+0w0wLxZs0c3GWKvbGYEO2vMCSx9hx8QI
N16JVvJuhy1T1nboVm/cxCc3aLBUVavgTG9Ak5ooViPZsLrJfRx/oUEhywIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFANYFQaEBH/QES+75N4MxuAA2uBlMB8GA1UdIwQY
MBaAFPs2RvumkEXt5e+OXDmi/Bf58NLcMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16WkctNmFRUmUzbDc0NWNPYUw4Rl9udzB0dy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvNzA2ZjU0LTg3YTUtNDVlNy1iZjIy
LThhNmI1NDc2NjZhYS8xL0ExZ1ZCb1FFZjlBUkw3dmszZ3pHNEFEYTRHVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvNzA2ZjU0LTg3YTUtNDVlNy1iZjIyLThhNmI1NDc2NjZh
YS8xLzEtelpHLTZhUVJlM2w3NDVjT2FMOEZfbncwdHcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDqqsw
DQYJKoZIhvcNAQELBQADggEBAFLRGqoRE94rrFy1k4LoPxdpgMps51j2edqh0lGe
AB4W9xQ0CaThD5S8dBcyFoM+ZFmmMiGZ4diDqj3A6xTUpdXg82Y+V12L1XhnXbZh
+d2M1iNDnKfSfJwyrIHKYoAiqwjIig1UhXAk8pwD3UkyGs93Ql3wUpKeh6hApw/1
+ef9Jet+zSegeV5uzg2GpGlTweMoHKFxe5YvNsHUv7Aw10v5aCEskpibIJnRVqZ2
Moga/dIdVKri9EuiAN+S6xDtY5w67PVmvgQ+rGusoasEZ73XVU/JRaKUGMmwPab4
PHv5oe6Y9h5ZAo6cmaNjs/HysxoIQYeq8pASw84VpZDF0fk=
-----END CERTIFICATE-----