Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1lITG_UqnfavYQ_xoQlV3wFv38U.roa
File:                     1lITG_UqnfavYQ_xoQlV3wFv38U.roa (raw, json)
Hash identifier:          EEjmi7deVkOh9RZ1Yb2ahklKAUhFdcMk/pd79vay4U0=
Subject key identifier:   D6:52:13:1B:F5:2A:9D:F6:AF:61:0F:F1:A1:09:55:DF:01:6F:DF:C5
Certificate issuer:       /CN=d67618d34179c3ea52330264a1964187b23cdd24
Certificate serial:       01941FFA4F34D1613B048F6E5C2D5A3E5D1A
Authority key identifier: D6:76:18:D3:41:79:C3:EA:52:33:02:64:A1:96:41:87:B2:3C:DD:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nYY00F5w-pSMwJkoZZBh7I83SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1lITG_UqnfavYQ_xoQlV3wFv38U.roa
Signing time:             Wed 01 Jan 2025 03:48:05 +0000
ROA not before:           Wed 01 Jan 2025 03:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62313
IP address blocks:        185.168.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nYY00F5w-pSMwJkoZZBh7I83SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:4f:34:d1:61:3b:04:8f:6e:5c:2d:5a:3e:5d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d67618d34179c3ea52330264a1964187b23cdd24
        Validity
            Not Before: Jan  1 03:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d652131bf52a9df6af610ff1a10955df016fdfc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1b:e5:ac:9c:b6:39:73:ff:cf:e2:8a:3b:19:
                    4e:b6:72:a6:72:e8:87:08:de:97:4d:b0:f8:5c:80:
                    39:b8:5a:5e:fe:50:16:2f:a9:44:c7:d9:98:60:4f:
                    df:63:ce:aa:88:37:c7:80:b0:1e:df:61:f2:fe:45:
                    ce:7b:7f:d2:a5:2f:45:71:96:25:ce:62:a8:8d:bd:
                    da:b4:e9:15:f2:bb:5a:1d:6e:04:b2:60:4f:ce:52:
                    25:74:7b:33:29:a9:85:74:fd:cb:ce:fd:06:0b:46:
                    f4:63:c8:71:ab:99:3a:59:5f:a7:ee:38:d8:7f:c2:
                    21:27:e7:1f:b7:2e:45:39:3e:2a:11:6d:cc:8d:ee:
                    05:24:99:4d:3d:53:fe:b7:9e:35:1f:6a:f6:73:ad:
                    d2:9f:51:c3:6d:34:11:fa:39:4a:bd:2e:17:38:83:
                    14:93:99:d7:6b:1c:45:ba:20:77:c1:70:9e:08:37:
                    a2:35:7d:6f:f0:a4:e0:c6:0a:ec:26:6a:1a:59:d6:
                    ef:6e:13:12:f9:28:cd:e5:48:75:b6:26:1a:fc:eb:
                    41:28:54:99:e2:0b:b1:32:62:fe:a7:90:1c:8c:51:
                    c5:60:10:7f:06:66:8a:7d:84:16:7f:1e:cf:5f:91:
                    ba:3f:a6:07:ab:84:cd:60:d9:18:d5:03:22:fb:d5:
                    34:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:52:13:1B:F5:2A:9D:F6:AF:61:0F:F1:A1:09:55:DF:01:6F:DF:C5
            X509v3 Authority Key Identifier:
                keyid:D6:76:18:D3:41:79:C3:EA:52:33:02:64:A1:96:41:87:B2:3C:DD:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nYY00F5w-pSMwJkoZZBh7I83SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1lITG_UqnfavYQ_xoQlV3wFv38U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/47f513-76db-4a61-b1be-74dc8386dc6a/1/1nYY00F5w-pSMwJkoZZBh7I83SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:f1:56:ca:9a:b5:71:8f:91:22:fd:a3:0d:ff:45:01:7b:d7:
         6c:ca:1a:79:e7:f1:78:0d:ee:65:7a:ba:a6:fd:bb:35:8b:86:
         7d:66:3e:fc:5c:e4:cf:45:34:2b:fa:cf:a1:d8:ab:5c:28:5d:
         3a:ee:cf:2f:95:db:15:04:49:3c:b0:ac:c7:5c:44:6d:98:97:
         0c:63:51:cb:7d:41:b4:7a:fa:55:6a:7b:35:c2:49:45:8e:d8:
         4a:41:41:dd:d2:0b:aa:e6:6a:6a:8f:a2:f1:7b:25:c2:a7:c9:
         95:66:d9:66:e2:aa:e7:98:bd:b4:f8:bf:bb:6e:a5:8c:cc:4e:
         cd:d5:f4:de:f4:f1:70:32:9f:e7:fd:6f:42:ff:49:0b:d5:08:
         66:83:92:61:e0:b6:05:d9:e7:e4:a2:4d:53:b9:78:27:e9:29:
         e7:39:7a:c7:bc:74:5e:2f:96:52:fd:a9:03:72:d5:c4:bd:eb:
         db:3f:58:c8:aa:c2:e5:fd:e8:f5:36:b2:62:2d:dc:69:d5:84:
         1f:f2:f0:34:22:5e:92:47:0a:7e:2e:ee:8d:63:ca:77:2f:5a:
         5e:57:d8:09:e8:c8:24:9c:91:3f:87:82:02:b3:5c:a0:0d:8a:
         3b:d1:c0:96:93:f1:16:3a:3b:53:14:db:52:ec:5b:66:42:2b:
         fe:03:32:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+k800WE7BI9uXC1aPl0aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzYxOGQzNDE3OWMzZWE1MjMzMDI2NGExOTY0MTg3YjIz
Y2RkMjQwHhcNMjUwMTAxMDM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjUyMTMxYmY1MmE5ZGY2YWY2MTBmZjFhMTA5NTVkZjAxNmZkZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRvlrJy2OXP/z+KKOxlOtnKmcuiH
CN6XTbD4XIA5uFpe/lAWL6lEx9mYYE/fY86qiDfHgLAe32Hy/kXOe3/SpS9FcZYl
zmKojb3atOkV8rtaHW4EsmBPzlIldHszKamFdP3Lzv0GC0b0Y8hxq5k6WV+n7jjY
f8IhJ+cfty5FOT4qEW3Mje4FJJlNPVP+t541H2r2c63Sn1HDbTQR+jlKvS4XOIMU
k5nXaxxFuiB3wXCeCDeiNX1v8KTgxgrsJmoaWdbvbhMS+SjN5Uh1tiYa/OtBKFSZ
4guxMmL+p5AcjFHFYBB/BmaKfYQWfx7PX5G6P6YHq4TNYNkY1QMi+9U0oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZSExv1Kp32r2EP8aEJVd8Bb9/FMB8GA1UdIwQY
MBaAFNZ2GNNBecPqUjMCZKGWQYeyPN0kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5ZWTAwRjV3LXBTTXdKa29aWkJoN0k4M1NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80N2Y1MTMtNzZkYi00YTYxLWIxYmUt
NzRkYzgzODZkYzZhLzEvMWxJVEdfVXFuZmF2WVFfeG9RbFYzd0Z2MzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80N2Y1MTMtNzZkYi00YTYxLWIxYmUtNzRkYzgzODZkYzZh
LzEvMW5ZWTAwRjV3LXBTTXdKa29aWkJoN0k4M1NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuagAMA0G
CSqGSIb3DQEBCwUAA4IBAQBa8VbKmrVxj5Ei/aMN/0UBe9dsyhp55/F4De5lerqm
/bs1i4Z9Zj78XOTPRTQr+s+h2KtcKF067s8vldsVBEk8sKzHXERtmJcMY1HLfUG0
evpVans1wklFjthKQUHd0guq5mpqj6LxeyXCp8mVZtlm4qrnmL20+L+7bqWMzE7N
1fTe9PFwMp/n/W9C/0kL1Qhmg5Jh4LYF2efkok1TuXgn6SnnOXrHvHReL5ZS/akD
ctXEvevbP1jIqsLl/ej1NrJiLdxp1YQf8vA0Il6SRwp+Lu6NY8p3L1peV9gJ6Mgk
nJE/h4ICs1ygDYo70cCWk/EWOjtTFNtS7FtmQiv+AzI4
-----END CERTIFICATE-----