Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1B9YsFsqyWrY8VttMS7VDJRaMy8.roa
File:                     1B9YsFsqyWrY8VttMS7VDJRaMy8.roa (raw, json)
Hash identifier:          0t2DKxWDa5RYtGvDUVSvaTKmOaCfwRAyhDb6rosn51Y=
Subject key identifier:   D4:1F:58:B0:5B:2A:C9:6A:D8:F1:5B:6D:31:2E:D5:0C:94:5A:33:2F
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       0193168BCEB55EC55D8757B8CF98B15BC8DD
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1B9YsFsqyWrY8VttMS7VDJRaMy8.roa
Signing time:             Sun 10 Nov 2024 14:48:01 +0000
ROA not before:           Sun 10 Nov 2024 14:48:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61185
IP address blocks:        185.146.18.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:16:8b:ce:b5:5e:c5:5d:87:57:b8:cf:98:b1:5b:c8:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Nov 10 14:48:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d41f58b05b2ac96ad8f15b6d312ed50c945a332f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c5:63:37:41:86:1f:0b:96:51:a2:f5:29:0a:
                    02:9c:d2:d8:42:84:eb:04:53:41:10:45:9c:96:07:
                    9b:e2:7e:08:cb:20:01:a3:22:3e:b4:10:e9:17:07:
                    e7:26:00:33:89:49:4b:06:06:35:70:07:59:4f:97:
                    35:19:79:d6:79:e6:a1:04:2f:b4:36:14:39:c7:4b:
                    25:69:b5:de:b8:ca:d9:39:ee:57:bc:c5:72:8e:c9:
                    82:d3:2d:22:cf:69:ff:d2:4a:37:c3:bb:8b:c0:6d:
                    e4:c4:1c:54:37:4f:cc:10:b1:cd:fd:c6:d1:f0:b7:
                    90:8e:37:be:83:54:43:3f:10:b9:0e:a3:3e:a9:ac:
                    31:cf:2d:34:09:9d:77:47:56:49:47:24:c2:2d:31:
                    89:98:c2:0c:14:23:05:23:7d:ed:e3:65:6c:56:90:
                    a9:46:f7:72:e3:a2:02:9d:90:07:b5:68:3f:e7:48:
                    0a:ef:55:92:dd:e0:c1:af:e6:32:e9:98:b2:27:df:
                    da:ce:96:28:10:e8:86:f2:43:30:2f:91:db:f3:4e:
                    3a:97:bb:4f:1a:b7:98:e3:bd:c6:61:1b:1f:d7:b8:
                    1a:64:a5:bb:e5:82:90:12:69:8f:99:16:17:47:7e:
                    5d:dc:78:d8:61:41:41:20:ad:f8:c0:56:cd:ad:71:
                    7d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1F:58:B0:5B:2A:C9:6A:D8:F1:5B:6D:31:2E:D5:0C:94:5A:33:2F
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1B9YsFsqyWrY8VttMS7VDJRaMy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:ab:ad:4e:3a:69:51:85:96:a2:7a:b0:10:8e:07:35:44:d7:
         6d:a9:8e:4a:76:38:6f:74:0d:08:34:c4:14:8f:73:ea:dd:20:
         ce:23:d8:3a:7b:6e:ff:c0:81:8c:d4:08:b8:c0:30:9c:39:82:
         e7:09:d2:32:78:af:7c:89:ea:7b:47:bd:b1:47:cd:5f:7b:be:
         bd:63:5c:2b:31:bb:ab:7e:43:02:29:62:cf:cf:94:04:b3:88:
         e8:5d:39:83:bd:c2:0a:80:3e:d5:4e:5f:67:af:32:f7:bf:98:
         d3:fc:7e:32:9a:76:c5:50:fe:fb:b0:62:cd:0a:93:68:79:36:
         15:a9:e0:1d:3e:6b:10:90:82:bd:96:0c:69:98:01:1c:c5:b0:
         0f:3f:12:e9:a3:78:96:bc:7b:96:8f:20:b3:6b:45:27:69:e8:
         80:5d:36:c9:f2:2f:f7:aa:90:84:a5:91:c5:5f:a4:cb:3e:0a:
         98:0c:ea:dc:52:d4:14:b9:15:85:a6:f3:db:8f:75:47:95:82:
         e7:0f:61:1f:4f:2f:04:37:59:1d:57:5f:b5:c1:1b:a0:0e:1e:
         e8:dc:97:f1:85:5f:cd:d6:d0:92:d7:9b:65:50:53:70:a0:55:
         6c:59:85:96:1c:74:b4:b6:be:ad:2c:8b:b9:44:76:ef:07:b1:
         1f:27:9b:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMWi861XsVdh1e4z5ixW8jdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjQxMTEwMTQ0ODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDFmNThiMDViMmFjOTZhZDhmMTViNmQzMTJlZDUwYzk0NWEzMzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsVjN0GGHwuWUaL1KQoCnNLYQoTr
BFNBEEWclgeb4n4IyyABoyI+tBDpFwfnJgAziUlLBgY1cAdZT5c1GXnWeeahBC+0
NhQ5x0slabXeuMrZOe5XvMVyjsmC0y0iz2n/0ko3w7uLwG3kxBxUN0/MELHN/cbR
8LeQjje+g1RDPxC5DqM+qawxzy00CZ13R1ZJRyTCLTGJmMIMFCMFI33t42VsVpCp
Rvdy46ICnZAHtWg/50gK71WS3eDBr+Yy6ZiyJ9/azpYoEOiG8kMwL5Hb8046l7tP
GreY473GYRsf17gaZKW75YKQEmmPmRYXR35d3HjYYUFBIK34wFbNrXF9JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQfWLBbKslq2PFbbTEu1QyUWjMvMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvMUI5WXNGc3F5V3JZOFZ0dE1TN1ZESlJhTXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZISMA0G
CSqGSIb3DQEBCwUAA4IBAQCOq61OOmlRhZaierAQjgc1RNdtqY5KdjhvdA0INMQU
j3Pq3SDOI9g6e27/wIGM1Ai4wDCcOYLnCdIyeK98iep7R72xR81fe769Y1wrMbur
fkMCKWLPz5QEs4joXTmDvcIKgD7VTl9nrzL3v5jT/H4ymnbFUP77sGLNCpNoeTYV
qeAdPmsQkIK9lgxpmAEcxbAPPxLpo3iWvHuWjyCza0UnaeiAXTbJ8i/3qpCEpZHF
X6TLPgqYDOrcUtQUuRWFpvPbj3VHlYLnD2EfTy8EN1kdV1+1wRugDh7o3JfxhV/N
1tCS15tlUFNwoFVsWYWWHHS0tr6tLIu5RHbvB7EfJ5ta
-----END CERTIFICATE-----