Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/1L6GShf94q-3KIn4iwvUJn-TVJw.roa
File:                     1L6GShf94q-3KIn4iwvUJn-TVJw.roa (raw, json)
Hash identifier:          LnacGpgNCcGLSHzLgrDOyUQHieZDC8CmNnuLjKOdcps=
Subject key identifier:   D4:BE:86:4A:17:FD:E2:AF:B7:28:89:F8:8B:0B:D4:26:7F:93:54:9C
Certificate issuer:       /CN=b692454c16696486cf071ed18e7976e3404909fb
Certificate serial:       018CCA2B26A88244D67DA7ABA1A0E1C02263
Authority key identifier: B6:92:45:4C:16:69:64:86:CF:07:1E:D1:8E:79:76:E3:40:49:09:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tpJFTBZpZIbPBx7Rjnl240BJCfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/1L6GShf94q-3KIn4iwvUJn-TVJw.roa
Signing time:             Tue 02 Jan 2024 12:34:34 +0000
ROA not before:           Tue 02 Jan 2024 12:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12350
IP address blocks:        193.41.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/tpJFTBZpZIbPBx7Rjnl240BJCfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/tpJFTBZpZIbPBx7Rjnl240BJCfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tpJFTBZpZIbPBx7Rjnl240BJCfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:26:a8:82:44:d6:7d:a7:ab:a1:a0:e1:c0:22:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b692454c16696486cf071ed18e7976e3404909fb
        Validity
            Not Before: Jan  2 12:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4be864a17fde2afb72889f88b0bd4267f93549c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:45:84:d7:b2:29:17:7f:b2:5d:03:46:eb:23:
                    53:c6:c3:9a:d4:e2:f3:0b:cf:10:a1:cb:45:81:89:
                    d7:39:c5:b3:51:a4:f4:fb:80:5b:55:8b:fa:19:f9:
                    ce:bd:58:ce:b6:a3:83:ba:94:61:3c:28:bc:57:2b:
                    a3:05:cd:0b:2c:6c:cb:01:99:33:2d:7b:f1:18:96:
                    37:07:69:fb:df:00:63:d1:9b:58:b6:ca:22:80:ae:
                    38:f7:18:76:94:fb:6d:f8:41:c8:aa:7d:4b:07:55:
                    2d:78:40:ca:a8:79:60:97:1e:35:e5:42:ed:57:aa:
                    f5:ca:fb:bc:12:f6:68:51:12:20:94:5b:19:48:83:
                    0e:56:f0:f5:91:e0:39:de:08:c2:36:c3:d9:94:03:
                    76:bc:c1:e4:c9:92:74:b2:48:d8:59:48:e3:e5:f0:
                    9d:c1:a8:69:41:68:58:b8:7b:65:1e:31:64:18:dc:
                    ea:d2:73:04:f9:8e:cd:b7:ea:be:e8:51:a1:4f:32:
                    71:72:e7:6a:54:e5:62:a0:6d:8e:7a:49:1e:1d:6e:
                    1a:57:01:3a:d9:f6:34:31:87:28:69:3a:8c:2c:cb:
                    1c:0e:96:d1:d3:60:58:63:1a:19:02:da:da:7a:87:
                    4c:73:e9:e9:03:80:30:2b:0b:05:84:96:17:bd:c7:
                    77:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:BE:86:4A:17:FD:E2:AF:B7:28:89:F8:8B:0B:D4:26:7F:93:54:9C
            X509v3 Authority Key Identifier:
                keyid:B6:92:45:4C:16:69:64:86:CF:07:1E:D1:8E:79:76:E3:40:49:09:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tpJFTBZpZIbPBx7Rjnl240BJCfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/1L6GShf94q-3KIn4iwvUJn-TVJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/tpJFTBZpZIbPBx7Rjnl240BJCfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:92:b6:3a:ee:28:87:d5:e0:a3:28:11:ab:37:f6:4a:35:30:
         5e:8c:83:f9:aa:7e:9a:2a:3b:73:05:1e:5d:8c:9d:18:4e:ae:
         c3:2b:19:f0:fb:2a:75:39:3a:56:9c:81:56:f2:50:91:b4:bc:
         f8:3e:cc:ed:7d:f7:34:fd:67:68:34:b1:2a:ec:6a:12:11:e7:
         58:32:36:07:46:b6:14:f4:2a:66:ec:de:12:57:11:94:55:46:
         db:df:69:8f:14:dc:90:47:62:07:86:f5:df:d1:6d:d7:db:5e:
         28:7d:f5:14:9f:fa:79:c2:07:4c:53:91:e3:17:98:95:fa:9f:
         59:85:30:65:35:ec:82:48:63:24:e1:49:6e:40:23:14:f6:f4:
         0a:21:bb:f7:a0:3c:cc:c9:01:9b:dd:84:af:fc:2b:93:6a:e0:
         8a:1c:57:30:63:16:9d:7b:e9:4d:e6:d3:24:47:8d:5b:54:0a:
         ae:eb:67:3b:76:d1:3a:ae:4f:67:50:02:ca:c7:f3:fa:b2:2f:
         41:1c:cd:72:40:0f:9a:6b:59:fe:95:db:5f:4a:53:2e:50:41:
         e6:87:d9:23:63:a6:8a:7e:96:41:a0:f9:7f:07:46:b1:58:9f:
         5a:96:19:7c:10:68:de:60:41:6f:9d:d5:82:fb:d8:1a:17:20:
         39:28:ab:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKyaogkTWfaeroaDhwCJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OTI0NTRjMTY2OTY0ODZjZjA3MWVkMThlNzk3NmUzNDA0
OTA5ZmIwHhcNMjQwMTAyMTIzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGJlODY0YTE3ZmRlMmFmYjcyODg5Zjg4YjBiZDQyNjdmOTM1NDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEWE17IpF3+yXQNG6yNTxsOa1OLz
C88QoctFgYnXOcWzUaT0+4BbVYv6GfnOvVjOtqODupRhPCi8VyujBc0LLGzLAZkz
LXvxGJY3B2n73wBj0ZtYtsoigK449xh2lPtt+EHIqn1LB1UteEDKqHlglx415ULt
V6r1yvu8EvZoURIglFsZSIMOVvD1keA53gjCNsPZlAN2vMHkyZJ0skjYWUjj5fCd
wahpQWhYuHtlHjFkGNzq0nME+Y7Nt+q+6FGhTzJxcudqVOVioG2OekkeHW4aVwE6
2fY0MYcoaTqMLMscDpbR02BYYxoZAtraeodMc+npA4AwKwsFhJYXvcd3xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNS+hkoX/eKvtyiJ+IsL1CZ/k1ScMB8GA1UdIwQY
MBaAFLaSRUwWaWSGzwce0Y55duNASQn7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHBKRlRCWnBaSWJQQng3UmpubDI0MEJKQ2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9iZDE3M2QtNmNmNS00MjUwLWFhMjYt
NGE2ZjcxN2M3NTY0LzEvMUw2R1NoZjk0cS0zS0luNGl3dlVKbi1UVkp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9iZDE3M2QtNmNmNS00MjUwLWFhMjYtNGE2ZjcxN2M3NTY0
LzEvdHBKRlRCWnBaSWJQQng3UmpubDI0MEJKQ2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSnBMA0G
CSqGSIb3DQEBCwUAA4IBAQAqkrY67iiH1eCjKBGrN/ZKNTBejIP5qn6aKjtzBR5d
jJ0YTq7DKxnw+yp1OTpWnIFW8lCRtLz4Psztffc0/WdoNLEq7GoSEedYMjYHRrYU
9Cpm7N4SVxGUVUbb32mPFNyQR2IHhvXf0W3X214offUUn/p5wgdMU5HjF5iV+p9Z
hTBlNeyCSGMk4UluQCMU9vQKIbv3oDzMyQGb3YSv/CuTauCKHFcwYxade+lN5tMk
R41bVAqu62c7dtE6rk9nUALKx/P6si9BHM1yQA+aa1n+ldtfSlMuUEHmh9kjY6aK
fpZBoPl/B0axWJ9alhl8EGjeYEFvndWC+9gaFyA5KKuQ
-----END CERTIFICATE-----