Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/1VAbQA3MWHPtdV6FDtwyjHzaqKU.roa
File:                     1VAbQA3MWHPtdV6FDtwyjHzaqKU.roa (raw, json)
Hash identifier:          CvqfZwvHSQTX6hGL76JO4jsnp/rmv72r+NaeQ3un3ss=
Subject key identifier:   D5:50:1B:40:0D:CC:58:73:ED:75:5E:85:0E:DC:32:8C:7C:DA:A8:A5
Certificate issuer:       /CN=3797e039f025a25aa6e992391d924260699ba67b
Certificate serial:       018CC42555F4D498F15D051D74F4ADC2EECE
Authority key identifier: 37:97:E0:39:F0:25:A2:5A:A6:E9:92:39:1D:92:42:60:69:9B:A6:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N5fgOfAlolqm6ZI5HZJCYGmbpns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/1VAbQA3MWHPtdV6FDtwyjHzaqKU.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61006
IP address blocks:        185.96.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/N5fgOfAlolqm6ZI5HZJCYGmbpns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/N5fgOfAlolqm6ZI5HZJCYGmbpns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N5fgOfAlolqm6ZI5HZJCYGmbpns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:55:f4:d4:98:f1:5d:05:1d:74:f4:ad:c2:ee:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3797e039f025a25aa6e992391d924260699ba67b
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5501b400dcc5873ed755e850edc328c7cdaa8a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:60:f1:bf:2e:4b:1f:00:44:cb:32:03:bb:9f:
                    cf:3c:da:a7:f5:e0:7b:02:33:01:86:e9:75:fb:c5:
                    72:53:f5:45:92:7d:fa:6a:9e:d1:45:f6:67:b4:75:
                    f8:a6:73:af:50:91:50:0c:24:eb:18:95:33:97:64:
                    a2:c5:76:6a:cc:f5:bc:39:91:3b:c6:06:fa:9b:24:
                    5d:92:25:3a:8d:bb:87:68:2c:90:1a:34:86:60:9f:
                    23:d4:2d:e2:8e:15:a7:07:d4:51:a0:90:02:9a:74:
                    bb:07:82:65:b2:39:a6:44:2f:0b:2a:9c:c1:ed:02:
                    42:12:0e:e6:27:46:e8:a0:6d:d5:0c:2e:48:f7:72:
                    7f:5e:f3:0d:d1:f4:e4:2d:fc:a9:89:a8:48:02:81:
                    39:4d:94:6c:a0:8a:31:c6:06:d1:70:85:88:35:ac:
                    63:76:ea:aa:c7:3e:3e:9b:1d:d6:10:f6:a2:64:88:
                    ff:01:b6:b3:7f:82:62:93:d9:48:bf:9d:32:b1:a8:
                    cf:f2:c6:28:4e:d5:6a:86:5f:04:c1:af:0c:f2:1c:
                    3a:53:8f:40:16:4a:85:6c:a9:ff:c5:e7:e4:e9:1a:
                    38:0d:21:d5:69:c3:91:ca:2e:b0:79:14:c9:b2:0b:
                    0c:75:fb:88:26:f6:33:eb:2a:e8:2e:87:6e:39:88:
                    5d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:50:1B:40:0D:CC:58:73:ED:75:5E:85:0E:DC:32:8C:7C:DA:A8:A5
            X509v3 Authority Key Identifier:
                keyid:37:97:E0:39:F0:25:A2:5A:A6:E9:92:39:1D:92:42:60:69:9B:A6:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N5fgOfAlolqm6ZI5HZJCYGmbpns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/1VAbQA3MWHPtdV6FDtwyjHzaqKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/N5fgOfAlolqm6ZI5HZJCYGmbpns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:a3:3e:e3:4b:bc:c0:69:dc:2d:01:cf:9b:fc:16:bb:b1:59:
         2c:f4:0f:5a:9f:70:01:55:21:20:99:31:24:86:76:80:65:36:
         cc:58:77:4d:4b:c9:6d:bf:32:59:7b:df:53:59:81:8a:89:47:
         5a:37:44:c6:fd:b9:b0:d1:b6:07:44:5f:e1:19:7a:a6:ec:74:
         c7:d5:e8:87:ba:33:5f:90:13:6d:56:be:ee:1f:ce:07:d0:82:
         cd:7f:eb:bc:cb:7c:ee:26:78:7a:78:c1:76:8c:9a:5f:09:54:
         58:7b:82:b6:69:d4:e9:8f:c2:a7:b0:fc:0a:1f:71:ff:f9:00:
         e5:9f:e2:05:97:92:d1:ab:14:25:cd:23:c3:27:7c:42:44:92:
         c3:55:72:49:76:e0:82:7b:9f:70:23:fe:d5:b1:d1:dd:1e:bc:
         ed:07:1c:0b:55:7a:5e:f5:0e:46:db:7c:a5:12:3e:ef:75:cf:
         4f:05:9c:f8:07:23:6d:a4:90:fd:19:20:e9:7a:be:c7:eb:5c:
         cb:83:81:49:24:14:f4:f3:fb:22:96:f1:17:31:08:7a:55:c8:
         4a:09:ff:a4:bb:67:3f:e8:0e:33:2b:d3:f2:6e:70:a2:ac:3c:
         a3:0b:e8:f3:80:c2:49:04:d9:dd:44:ec:2f:0e:8d:c9:29:06:
         f2:b4:51:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVX01JjxXQUddPStwu7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OTdlMDM5ZjAyNWEyNWFhNmU5OTIzOTFkOTI0MjYwNjk5
YmE2N2IwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTUwMWI0MDBkY2M1ODczZWQ3NTVlODUwZWRjMzI4YzdjZGFhOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2Dxvy5LHwBEyzIDu5/PPNqn9eB7
AjMBhul1+8VyU/VFkn36ap7RRfZntHX4pnOvUJFQDCTrGJUzl2SixXZqzPW8OZE7
xgb6myRdkiU6jbuHaCyQGjSGYJ8j1C3ijhWnB9RRoJACmnS7B4JlsjmmRC8LKpzB
7QJCEg7mJ0booG3VDC5I93J/XvMN0fTkLfypiahIAoE5TZRsoIoxxgbRcIWINaxj
duqqxz4+mx3WEPaiZIj/Abazf4Jik9lIv50ysajP8sYoTtVqhl8Ewa8M8hw6U49A
FkqFbKn/xefk6Ro4DSHVacORyi6weRTJsgsMdfuIJvYz6yroLoduOYhduQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVQG0ANzFhz7XVehQ7cMox82qilMB8GA1UdIwQY
MBaAFDeX4DnwJaJapumSOR2SQmBpm6Z7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjVmZ09mQWxvbHFtNlpJNUhaSkNZR21icG5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wYWJiOGEtOTc5OC00YmY4LWJhZTEt
YzFjMDVjZGI3ODQxLzEvMVZBYlFBM01XSFB0ZFY2RkR0d3lqSHphcUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wYWJiOGEtOTc5OC00YmY4LWJhZTEtYzFjMDVjZGI3ODQx
LzEvTjVmZ09mQWxvbHFtNlpJNUhaSkNZR21icG5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWBIMA0G
CSqGSIb3DQEBCwUAA4IBAQAKoz7jS7zAadwtAc+b/Ba7sVks9A9an3ABVSEgmTEk
hnaAZTbMWHdNS8ltvzJZe99TWYGKiUdaN0TG/bmw0bYHRF/hGXqm7HTH1eiHujNf
kBNtVr7uH84H0ILNf+u8y3zuJnh6eMF2jJpfCVRYe4K2adTpj8KnsPwKH3H/+QDl
n+IFl5LRqxQlzSPDJ3xCRJLDVXJJduCCe59wI/7VsdHdHrztBxwLVXpe9Q5G23yl
Ej7vdc9PBZz4ByNtpJD9GSDper7H61zLg4FJJBT08/silvEXMQh6VchKCf+ku2c/
6A4zK9PybnCirDyjC+jzgMJJBNndROwvDo3JKQbytFGy
-----END CERTIFICATE-----