Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/c475ab-fdd5-492f-813a-61d9a23f3411/1/1RwS_fALTwgj2nYw4UzokfpoEes.roa
File:                     1RwS_fALTwgj2nYw4UzokfpoEes.roa (raw, json)
Hash identifier:          7I9sW+KMnjVioOsM/x9kvwecKMQ4RuUodvgXXeyuA4I=
Subject key identifier:   D5:1C:12:FD:F0:0B:4F:08:23:DA:76:30:E1:4C:E8:91:FA:68:11:EB
Certificate issuer:       /CN=c469fe3d882c93e38e8b6a286a3177dc17e99ac7
Certificate serial:       018CC94D8C62AACF0FCDAE5A421E2685ABDF
Authority key identifier: C4:69:FE:3D:88:2C:93:E3:8E:8B:6A:28:6A:31:77:DC:17:E9:9A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xGn-PYgsk-OOi2ooajF33Bfpmsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/c475ab-fdd5-492f-813a-61d9a23f3411/1/1RwS_fALTwgj2nYw4UzokfpoEes.roa
Signing time:             Tue 02 Jan 2024 08:32:31 +0000
ROA not before:           Tue 02 Jan 2024 08:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200762
IP address blocks:        178.57.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/c475ab-fdd5-492f-813a-61d9a23f3411/1/xGn-PYgsk-OOi2ooajF33Bfpmsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/c475ab-fdd5-492f-813a-61d9a23f3411/1/xGn-PYgsk-OOi2ooajF33Bfpmsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xGn-PYgsk-OOi2ooajF33Bfpmsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8c:62:aa:cf:0f:cd:ae:5a:42:1e:26:85:ab:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c469fe3d882c93e38e8b6a286a3177dc17e99ac7
        Validity
            Not Before: Jan  2 08:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d51c12fdf00b4f0823da7630e14ce891fa6811eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:26:f4:24:87:f7:1b:f6:f4:34:5f:70:f6:f6:
                    de:26:96:72:85:ef:6a:8c:90:66:51:23:2a:7f:02:
                    98:52:3a:31:40:36:02:03:65:5d:44:c9:1c:9b:be:
                    5d:97:5f:1d:36:ef:b7:d6:06:41:f2:30:1e:02:e6:
                    6c:5e:53:7e:7e:98:e0:79:76:b9:67:53:43:e9:ff:
                    cd:57:38:ad:1c:6e:b9:74:ca:76:ce:df:8d:be:9b:
                    84:cf:b3:d8:ec:f7:c5:b6:03:3c:40:4c:9e:f1:fd:
                    79:61:fa:07:c5:b5:21:b7:33:ce:8c:2a:bd:99:10:
                    09:fb:4e:4a:43:fb:03:2f:b9:ac:e9:46:49:08:54:
                    72:eb:f9:f5:cb:93:b9:fa:2f:49:16:33:43:c9:ea:
                    64:a8:55:59:a0:a6:e6:24:ba:75:fc:cf:29:99:9f:
                    ff:a9:b6:79:d2:2c:37:eb:57:4f:58:07:eb:85:4b:
                    de:cf:14:f3:67:7c:d4:c0:d7:34:44:cd:37:c4:a5:
                    75:cc:d3:c6:fd:eb:52:a2:cc:a7:8a:48:a4:30:34:
                    97:e3:4f:da:f5:83:4e:39:7e:9b:f2:86:72:53:04:
                    2f:7e:73:b3:84:92:ab:e1:df:c6:43:18:9f:37:69:
                    c1:f9:e1:42:72:0f:3e:9a:22:bf:32:1c:6f:85:48:
                    ee:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:1C:12:FD:F0:0B:4F:08:23:DA:76:30:E1:4C:E8:91:FA:68:11:EB
            X509v3 Authority Key Identifier:
                keyid:C4:69:FE:3D:88:2C:93:E3:8E:8B:6A:28:6A:31:77:DC:17:E9:9A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGn-PYgsk-OOi2ooajF33Bfpmsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/c475ab-fdd5-492f-813a-61d9a23f3411/1/1RwS_fALTwgj2nYw4UzokfpoEes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/c475ab-fdd5-492f-813a-61d9a23f3411/1/xGn-PYgsk-OOi2ooajF33Bfpmsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.57.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f1:e5:73:d3:34:ee:a7:6b:ea:c8:8e:03:c7:af:22:c7:f1:
         0f:d0:e0:c2:a2:28:b7:dd:56:f2:b1:29:c7:b3:9e:fe:a5:21:
         38:67:19:35:e9:89:d0:32:fe:c1:63:e7:04:6c:6b:6a:b2:b9:
         0f:93:de:08:73:27:3a:6b:de:8a:3c:c0:e2:5c:95:4c:8b:e6:
         fe:25:66:bf:38:18:50:ba:3c:09:d8:9e:2f:76:84:26:be:9b:
         5a:a4:ad:3c:20:be:ab:fd:3d:a3:48:4e:5f:34:1a:54:66:e5:
         91:e1:88:d2:b4:67:54:18:bd:c4:24:b5:94:a0:c2:e6:c0:bd:
         68:76:6b:67:f4:d9:9d:5c:87:e5:ed:d5:5b:3b:be:20:21:b9:
         f3:d2:3f:87:23:9b:53:bb:be:b0:d0:75:d4:e4:25:41:09:fb:
         e0:32:69:8c:a9:b8:91:6a:8d:eb:f2:6b:1c:5f:2a:aa:9e:de:
         f4:44:c6:61:5c:20:db:40:a6:b4:59:ad:a9:85:2f:94:ce:16:
         7b:87:37:f1:47:8c:0a:3c:92:ca:b3:ec:48:da:f2:79:6d:e8:
         7d:7d:8c:fb:eb:fb:a8:3a:7f:16:20:bd:aa:c8:3a:64:ed:9c:
         02:e7:01:9f:36:7d:74:56:b2:0c:eb:5f:53:3f:a0:8f:4d:5e:
         cd:bb:b3:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYxiqs8Pza5aQh4mhavfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NjlmZTNkODgyYzkzZTM4ZThiNmEyODZhMzE3N2RjMTdl
OTlhYzcwHhcNMjQwMTAyMDgzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTFjMTJmZGYwMGI0ZjA4MjNkYTc2MzBlMTRjZTg5MWZhNjgxMWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCb0JIf3G/b0NF9w9vbeJpZyhe9q
jJBmUSMqfwKYUjoxQDYCA2VdRMkcm75dl18dNu+31gZB8jAeAuZsXlN+fpjgeXa5
Z1ND6f/NVzitHG65dMp2zt+NvpuEz7PY7PfFtgM8QEye8f15YfoHxbUhtzPOjCq9
mRAJ+05KQ/sDL7ms6UZJCFRy6/n1y5O5+i9JFjNDyepkqFVZoKbmJLp1/M8pmZ//
qbZ50iw361dPWAfrhUvezxTzZ3zUwNc0RM03xKV1zNPG/etSosynikikMDSX40/a
9YNOOX6b8oZyUwQvfnOzhJKr4d/GQxifN2nB+eFCcg8+miK/MhxvhUju0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUcEv3wC08II9p2MOFM6JH6aBHrMB8GA1UdIwQY
MBaAFMRp/j2ILJPjjotqKGoxd9wX6ZrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEduLVBZZ3NrLU9PaTJvb2FqRjMzQmZwbXNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9jNDc1YWItZmRkNS00OTJmLTgxM2Et
NjFkOWEyM2YzNDExLzEvMVJ3U19mQUxUd2dqMm5ZdzRVem9rZnBvRWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9jNDc1YWItZmRkNS00OTJmLTgxM2EtNjFkOWEyM2YzNDEx
LzEveEduLVBZZ3NrLU9PaTJvb2FqRjMzQmZwbXNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsjleMA0G
CSqGSIb3DQEBCwUAA4IBAQAk8eVz0zTup2vqyI4Dx68ix/EP0ODCoii33VbysSnH
s57+pSE4Zxk16YnQMv7BY+cEbGtqsrkPk94Icyc6a96KPMDiXJVMi+b+JWa/OBhQ
ujwJ2J4vdoQmvptapK08IL6r/T2jSE5fNBpUZuWR4YjStGdUGL3EJLWUoMLmwL1o
dmtn9NmdXIfl7dVbO74gIbnz0j+HI5tTu76w0HXU5CVBCfvgMmmMqbiRao3r8msc
Xyqqnt70RMZhXCDbQKa0Wa2phS+UzhZ7hzfxR4wKPJLKs+xI2vJ5beh9fYz76/uo
On8WIL2qyDpk7ZwC5wGfNn10VrIM619TP6CPTV7Nu7M7
-----END CERTIFICATE-----