Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/E1G9scYZRT0jwW4owvldhEnRWUU.roa
File:                     E1G9scYZRT0jwW4owvldhEnRWUU.roa (raw, json)
Hash identifier:          22rfbzqktmOcbWhBOCJPxDilrJN6g5TcCI1p5aMDVW4=
Subject key identifier:   13:51:BD:B1:C6:19:45:3D:23:C1:6E:28:C2:F9:5D:84:49:D1:59:45
Certificate issuer:       /CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
Certificate serial:       018CC7957BC5EA7E87F3886BB8550AA51CA3
Authority key identifier: DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/E1G9scYZRT0jwW4owvldhEnRWUU.roa
Signing time:             Tue 02 Jan 2024 00:31:51 +0000
ROA not before:           Tue 02 Jan 2024 00:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        185.248.48.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7b:c5:ea:7e:87:f3:88:6b:b8:55:0a:a5:1c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
        Validity
            Not Before: Jan  2 00:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1351bdb1c619453d23c16e28c2f95d8449d15945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:26:cc:4d:90:81:2a:d1:db:9d:d1:3b:82:4e:
                    3f:31:90:a7:61:7e:63:a6:68:4b:1d:ed:a2:5b:30:
                    9a:37:d0:5f:23:fd:ce:f1:8a:0d:7a:c8:fe:70:ce:
                    57:65:c2:7e:e8:a3:24:72:03:5b:c0:ff:0d:92:a1:
                    39:b3:c6:c6:24:c3:57:44:b3:07:4f:28:58:3d:6a:
                    0c:b9:4c:a3:c4:be:4a:e0:55:71:86:26:47:63:57:
                    75:72:13:40:5b:34:a4:db:89:c1:e0:43:52:7f:60:
                    df:0f:9b:d0:3c:85:a9:3e:cb:dd:7f:09:93:34:85:
                    bf:6c:e4:3a:94:a1:2b:4a:e9:9a:55:de:a5:ea:9a:
                    08:67:1d:39:96:72:46:b6:33:68:01:7c:6f:8e:0a:
                    0c:7b:54:6c:d8:99:8d:af:27:d0:74:c4:3f:76:4b:
                    00:29:f9:5b:9a:2f:71:38:79:42:59:cf:52:32:74:
                    dd:77:5c:67:9d:36:19:10:bf:c2:28:0a:24:3a:f5:
                    cf:a3:bf:57:12:5f:6f:c7:4e:6f:22:c0:00:07:c6:
                    cf:b4:34:73:85:3c:99:ac:3c:1d:64:4a:37:68:0b:
                    f7:84:53:a7:d9:e2:6e:21:d9:1a:38:29:10:fe:0b:
                    6c:76:f9:b3:b5:50:e8:5f:ad:53:97:1c:5a:ba:a2:
                    43:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:51:BD:B1:C6:19:45:3D:23:C1:6E:28:C2:F9:5D:84:49:D1:59:45
            X509v3 Authority Key Identifier:
                keyid:DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/E1G9scYZRT0jwW4owvldhEnRWUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:59:ca:2e:40:9d:d6:f5:31:db:54:fe:c8:24:56:08:85:71:
         cd:1e:02:40:37:cc:89:ba:9d:32:6a:07:95:be:cb:52:80:65:
         08:d5:6a:4c:fe:23:5e:b4:b3:2c:89:dd:5b:6f:b4:35:4f:b4:
         f9:a2:74:c0:fd:59:20:a3:c5:47:a7:85:ec:bd:d5:cb:e7:27:
         99:ab:6f:30:b0:af:f7:9d:10:ec:90:b7:0b:bb:24:83:09:5d:
         9e:2f:e0:f3:89:0f:ce:95:9c:c5:05:90:2d:ce:27:e2:b7:1e:
         4d:d7:5b:42:a5:51:5a:98:1a:d9:87:ec:15:ad:70:67:4f:cb:
         a8:f4:80:5d:3c:d0:ff:3d:b5:6d:51:a0:c0:33:2d:88:50:5f:
         bb:b0:78:f1:65:a3:c3:b2:91:54:5a:ed:52:d9:e6:4b:ae:ef:
         3d:94:3a:d8:c1:01:06:10:33:14:59:53:e1:e3:c3:61:b4:a5:
         4f:e1:41:46:ee:4a:ca:e5:cf:6c:64:1f:26:4f:95:17:3d:a3:
         a2:ce:89:29:aa:bc:95:0e:de:81:45:c3:a9:a3:05:e4:ea:eb:
         5c:e5:2e:e9:43:80:5f:81:3a:cf:09:4f:f9:eb:34:55:ba:9d:
         84:20:78:b1:b8:c2:fb:2c:68:b8:63:a5:91:c1:ea:ac:1f:fb:
         53:27:d7:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXvF6n6H84hruFUKpRyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDE0MTFlOTNlMjVkNWVjNjUwOTk1NjliMWI1YzVmYWRj
MWFlM2QwHhcNMjQwMTAyMDAzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzUxYmRiMWM2MTk0NTNkMjNjMTZlMjhjMmY5NWQ4NDQ5ZDE1OTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ybMTZCBKtHbndE7gk4/MZCnYX5j
pmhLHe2iWzCaN9BfI/3O8YoNesj+cM5XZcJ+6KMkcgNbwP8NkqE5s8bGJMNXRLMH
TyhYPWoMuUyjxL5K4FVxhiZHY1d1chNAWzSk24nB4ENSf2DfD5vQPIWpPsvdfwmT
NIW/bOQ6lKErSumaVd6l6poIZx05lnJGtjNoAXxvjgoMe1Rs2JmNryfQdMQ/dksA
Kflbmi9xOHlCWc9SMnTdd1xnnTYZEL/CKAokOvXPo79XEl9vx05vIsAAB8bPtDRz
hTyZrDwdZEo3aAv3hFOn2eJuIdkaOCkQ/gtsdvmztVDoX61TlxxauqJDPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBNRvbHGGUU9I8FuKML5XYRJ0VlFMB8GA1UdIwQY
MBaAFNxBQR6T4l1exlCZVpsbXF+twa49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEt
NTEzODdkMTYwYmE5LzEvRTFHOXNjWVpSVDBqd1c0b3d2bGRoRW5SV1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEtNTEzODdkMTYwYmE5
LzEvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufgwMA0G
CSqGSIb3DQEBCwUAA4IBAQA5WcouQJ3W9THbVP7IJFYIhXHNHgJAN8yJup0yageV
vstSgGUI1WpM/iNetLMsid1bb7Q1T7T5onTA/Vkgo8VHp4XsvdXL5yeZq28wsK/3
nRDskLcLuySDCV2eL+DziQ/OlZzFBZAtzifitx5N11tCpVFamBrZh+wVrXBnT8uo
9IBdPND/PbVtUaDAMy2IUF+7sHjxZaPDspFUWu1S2eZLru89lDrYwQEGEDMUWVPh
48NhtKVP4UFG7krK5c9sZB8mT5UXPaOizokpqryVDt6BRcOpowXk6utc5S7pQ4Bf
gTrPCU/56zRVup2EIHixuML7LGi4Y6WRweqsH/tTJ9dr
-----END CERTIFICATE-----