Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/1b1sfeuUrI6kHZZcru0rVUPN6xs.roa
File:                     1b1sfeuUrI6kHZZcru0rVUPN6xs.roa (raw, json)
Hash identifier:          5DXVyGF9+ODXXosS3KiNDVTiRt7dAPB8oE2s8NuxB14=
Subject key identifier:   D5:BD:6C:7D:EB:94:AC:8E:A4:1D:96:5C:AE:ED:2B:55:43:CD:EB:1B
Certificate issuer:       /CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
Certificate serial:       018CC3490761C0E8AC5B144C5174AF13AD52
Authority key identifier: 39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/1b1sfeuUrI6kHZZcru0rVUPN6xs.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39298
IP address blocks:        213.143.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:07:61:c0:e8:ac:5b:14:4c:51:74:af:13:ad:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3919f2ad91584baff0467447bac8fb978d1f9dd3
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5bd6c7deb94ac8ea41d965caeed2b5543cdeb1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e4:d6:e4:8c:66:5e:10:18:f6:a3:b6:28:b8:
                    b1:8a:f3:13:f6:d9:78:fb:a8:29:01:9d:69:e8:b1:
                    6a:20:be:a1:c5:c8:fa:82:4d:2f:bf:4d:7a:05:22:
                    17:da:05:3a:79:b7:18:2f:89:1a:02:e8:99:5d:20:
                    b5:7a:ec:ef:b4:54:c4:2c:93:94:43:f6:57:d3:21:
                    29:a0:41:5a:75:39:6c:6d:69:23:ec:ea:6d:12:68:
                    69:16:99:0e:c2:c7:20:07:7a:b0:6a:a9:92:e3:fd:
                    82:f9:66:07:f3:61:54:fa:2a:a2:81:82:9d:bb:ad:
                    ef:6f:fe:b7:92:13:9a:b7:0a:d5:9b:9c:f6:27:bb:
                    93:87:c1:ee:00:51:c7:e9:9a:bb:f5:8d:64:57:45:
                    94:46:cf:21:60:ab:14:9d:02:0e:e7:31:72:02:d3:
                    87:64:ce:4b:a5:37:1e:10:39:66:2a:c5:a5:d0:ce:
                    be:63:cf:79:67:79:b4:49:08:d9:b7:02:8e:f0:3b:
                    a6:ce:c7:59:01:b7:92:ec:40:48:e2:cb:ec:f5:b5:
                    8a:11:c9:1b:53:13:cc:2f:50:43:3a:b4:a4:92:22:
                    c6:a3:e8:b6:63:45:9d:67:82:41:63:fb:e6:47:8f:
                    79:fe:a3:69:3b:46:a0:6e:74:5e:43:92:fa:ec:a7:
                    fc:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:BD:6C:7D:EB:94:AC:8E:A4:1D:96:5C:AE:ED:2B:55:43:CD:EB:1B
            X509v3 Authority Key Identifier:
                keyid:39:19:F2:AD:91:58:4B:AF:F0:46:74:47:BA:C8:FB:97:8D:1F:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORnyrZFYS6_wRnRHusj7l40fndM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/1b1sfeuUrI6kHZZcru0rVUPN6xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9118e2-ae74-4c24-a775-32aa6731c291/1/ORnyrZFYS6_wRnRHusj7l40fndM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.143.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:f8:6c:a4:ef:d4:e7:39:80:41:93:64:32:7b:a1:88:60:04:
         b7:e5:f5:7f:5b:9a:0b:db:dd:a4:68:6c:b5:b0:d8:c5:c1:fb:
         0c:df:c9:68:6a:ee:e0:b5:13:4f:4e:93:2b:87:20:0f:47:ed:
         62:b6:2c:a3:1d:3c:00:5b:ec:a4:af:75:9d:ce:a8:b5:27:40:
         ab:75:e5:d0:12:62:13:f1:58:cc:b7:3b:26:44:38:25:b1:d9:
         bf:c3:97:31:f9:ce:2b:4d:9c:93:55:3e:aa:65:bf:db:b0:1c:
         1d:91:2e:8b:3e:70:41:ad:c0:9b:a1:54:cd:8a:66:d1:81:83:
         fb:22:6f:33:b6:cb:9e:8b:e2:34:cc:5c:e3:17:c9:d0:84:be:
         0d:23:ea:3d:8b:98:78:df:f1:1e:04:f7:2e:02:12:3b:a1:21:
         4b:a0:32:4d:b1:83:fb:6d:ae:ed:93:50:25:82:91:9e:e9:e4:
         2b:ca:28:fd:e3:db:c5:d5:35:d1:e6:8f:99:0c:87:d0:df:e6:
         44:60:41:00:b6:b0:e0:1e:62:15:2b:2a:8f:54:97:05:ef:b0:
         3f:e5:16:50:11:e1:52:78:76:13:6d:8d:74:36:c5:11:d6:ff:
         19:44:7b:7f:69:37:33:9a:8f:72:0a:e0:3c:cf:fd:29:e1:82:
         f3:39:8a:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQdhwOisWxRMUXSvE61SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MTlmMmFkOTE1ODRiYWZmMDQ2NzQ0N2JhYzhmYjk3OGQx
ZjlkZDMwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWJkNmM3ZGViOTRhYzhlYTQxZDk2NWNhZWVkMmI1NTQzY2RlYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOTW5IxmXhAY9qO2KLixivMT9tl4
+6gpAZ1p6LFqIL6hxcj6gk0vv016BSIX2gU6ebcYL4kaAuiZXSC1euzvtFTELJOU
Q/ZX0yEpoEFadTlsbWkj7OptEmhpFpkOwscgB3qwaqmS4/2C+WYH82FU+iqigYKd
u63vb/63khOatwrVm5z2J7uTh8HuAFHH6Zq79Y1kV0WURs8hYKsUnQIO5zFyAtOH
ZM5LpTceEDlmKsWl0M6+Y895Z3m0SQjZtwKO8DumzsdZAbeS7EBI4svs9bWKEckb
UxPML1BDOrSkkiLGo+i2Y0WdZ4JBY/vmR495/qNpO0agbnReQ5L67Kf8owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNW9bH3rlKyOpB2WXK7tK1VDzesbMB8GA1UdIwQY
MBaAFDkZ8q2RWEuv8EZ0R7rI+5eNH53TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUt
MzJhYTY3MzFjMjkxLzEvMWIxc2ZldVVySTZrSFpaY3J1MHJWVVBONnhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85MTE4ZTItYWU3NC00YzI0LWE3NzUtMzJhYTY3MzFjMjkx
LzEvT1JueXJaRllTNl93Um5SSHVzajdsNDBmbmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Y/7MA0G
CSqGSIb3DQEBCwUAA4IBAQCK+Gyk79TnOYBBk2Qye6GIYAS35fV/W5oL292kaGy1
sNjFwfsM38loau7gtRNPTpMrhyAPR+1itiyjHTwAW+ykr3Wdzqi1J0CrdeXQEmIT
8VjMtzsmRDglsdm/w5cx+c4rTZyTVT6qZb/bsBwdkS6LPnBBrcCboVTNimbRgYP7
Im8ztsuei+I0zFzjF8nQhL4NI+o9i5h43/EeBPcuAhI7oSFLoDJNsYP7ba7tk1Al
gpGe6eQryij949vF1TXR5o+ZDIfQ3+ZEYEEAtrDgHmIVKyqPVJcF77A/5RZQEeFS
eHYTbY10NsUR1v8ZRHt/aTczmo9yCuA8z/0p4YLzOYqz
-----END CERTIFICATE-----