Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/11c52c-41aa-4e95-ad67-a021a63ddfc3/1/1-nNO664c_a01XMkEpfi4WSPls6c.roa
File:                     1-nNO664c_a01XMkEpfi4WSPls6c.roa (raw, json)
Hash identifier:          9LBAs4fc1eUe5rdPGz0G4uESJ3BZ3OZJG8WusSn2ASU=
Subject key identifier:   FA:73:4E:EB:AE:1C:FD:AD:35:5C:C9:04:A5:F8:B8:59:23:E5:B3:A7
Certificate issuer:       /CN=1a0489dc9c0a74c2ed53e1d9e1fbfdd8c8773b94
Certificate serial:       018CC8DCF4533963AADEECD80F73B7881936
Authority key identifier: 1A:04:89:DC:9C:0A:74:C2:ED:53:E1:D9:E1:FB:FD:D8:C8:77:3B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GgSJ3JwKdMLtU-HZ4fv92Mh3O5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/11c52c-41aa-4e95-ad67-a021a63ddfc3/1/1-nNO664c_a01XMkEpfi4WSPls6c.roa
Signing time:             Tue 02 Jan 2024 06:29:32 +0000
ROA not before:           Tue 02 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        185.146.172.0/24 maxlen: 24
                          185.146.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/11c52c-41aa-4e95-ad67-a021a63ddfc3/1/GgSJ3JwKdMLtU-HZ4fv92Mh3O5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/11c52c-41aa-4e95-ad67-a021a63ddfc3/1/GgSJ3JwKdMLtU-HZ4fv92Mh3O5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GgSJ3JwKdMLtU-HZ4fv92Mh3O5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:f4:53:39:63:aa:de:ec:d8:0f:73:b7:88:19:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a0489dc9c0a74c2ed53e1d9e1fbfdd8c8773b94
        Validity
            Not Before: Jan  2 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa734eebae1cfdad355cc904a5f8b85923e5b3a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:be:7b:f4:f5:82:f5:77:56:55:a6:e6:2b:82:
                    01:bb:b9:2f:7b:3c:8b:dc:9f:e6:7d:ab:fd:07:51:
                    5a:6e:2e:9c:ee:80:c9:6e:e2:45:45:c8:fd:5e:b2:
                    d0:1a:30:1c:3a:84:4c:06:c0:cc:4e:d6:5a:70:f7:
                    4d:24:88:ce:96:92:ac:80:9f:a0:9b:01:dd:7f:db:
                    f1:d2:70:65:e8:95:b0:68:43:17:6b:6a:ba:fa:a6:
                    6c:19:5e:e0:50:07:a4:2d:54:02:a6:37:2b:4e:71:
                    2e:00:58:cf:b5:18:9b:60:95:08:e4:b8:08:ad:00:
                    bd:e6:ac:82:9d:d4:97:bf:2b:6c:cd:29:6d:ae:8c:
                    97:66:54:d5:2c:a1:39:f1:af:e9:1e:ff:33:4f:02:
                    5d:d5:f7:58:67:55:86:ba:3f:7d:ff:62:73:95:be:
                    ef:b4:9e:89:8c:7b:f8:a9:8c:8a:67:2d:bc:35:e9:
                    60:bf:bc:fe:91:a6:6a:1b:5c:8b:f2:35:4c:dd:83:
                    d0:96:7b:e4:0c:ef:f7:a1:c3:7e:77:18:75:83:21:
                    eb:5c:51:3c:4a:36:6c:20:3c:71:e9:8a:fd:ea:b6:
                    a1:ea:80:ac:28:83:37:93:40:d2:63:80:0c:3f:5f:
                    cb:1b:ff:2e:67:d0:ab:c0:56:2b:a8:f9:b7:0a:78:
                    92:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:73:4E:EB:AE:1C:FD:AD:35:5C:C9:04:A5:F8:B8:59:23:E5:B3:A7
            X509v3 Authority Key Identifier:
                keyid:1A:04:89:DC:9C:0A:74:C2:ED:53:E1:D9:E1:FB:FD:D8:C8:77:3B:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GgSJ3JwKdMLtU-HZ4fv92Mh3O5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/11c52c-41aa-4e95-ad67-a021a63ddfc3/1/1-nNO664c_a01XMkEpfi4WSPls6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/11c52c-41aa-4e95-ad67-a021a63ddfc3/1/GgSJ3JwKdMLtU-HZ4fv92Mh3O5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:d5:6d:28:6c:d4:28:3b:74:ff:ff:e7:05:da:85:16:e6:2d:
         19:3e:cb:de:d9:b6:6b:7e:87:67:4c:53:12:ab:5d:9d:3e:97:
         42:b4:71:e9:13:56:3e:37:6d:83:ef:9e:a4:a2:ff:2c:d0:25:
         44:b2:e6:31:9d:5f:35:22:87:95:25:f1:4b:62:d7:dd:8a:2f:
         96:8a:e9:3a:18:9e:aa:5f:32:b0:c5:42:64:73:8a:29:b6:b3:
         56:d3:a2:a9:ba:5b:c1:20:91:d8:6b:49:b7:17:31:fc:c5:e2:
         cb:c6:6f:da:94:be:c0:7a:3d:ca:d0:27:ee:03:0c:6f:09:3a:
         f4:76:51:ea:9a:8c:7a:29:36:cb:17:89:55:12:9f:f6:20:f0:
         94:fd:12:56:32:c8:87:e2:a2:68:18:09:41:02:45:64:98:e2:
         44:06:6f:07:b4:b1:27:d9:83:c8:71:95:7b:bb:5a:4e:fd:72:
         f8:88:a6:70:8d:e9:2c:d6:c0:3c:1d:ea:96:5b:71:d1:5a:16:
         f0:88:95:90:47:da:bf:6b:0c:ed:ad:20:75:78:c7:d6:23:dc:
         ed:79:e3:c9:69:05:0a:f5:f9:4b:d6:c7:bb:df:f1:92:e8:77:
         7b:96:b3:d1:0c:d3:a4:6c:83:ed:68:3e:28:6f:4a:29:aa:c8:
         14:93:1f:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI3PRTOWOq3uzYD3O3iBk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMDQ4OWRjOWMwYTc0YzJlZDUzZTFkOWUxZmJmZGQ4Yzg3
NzNiOTQwHhcNMjQwMTAyMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTczNGVlYmFlMWNmZGFkMzU1Y2M5MDRhNWY4Yjg1OTIzZTViM2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7579PWC9XdWVabmK4IBu7kvezyL
3J/mfav9B1Fabi6c7oDJbuJFRcj9XrLQGjAcOoRMBsDMTtZacPdNJIjOlpKsgJ+g
mwHdf9vx0nBl6JWwaEMXa2q6+qZsGV7gUAekLVQCpjcrTnEuAFjPtRibYJUI5LgI
rQC95qyCndSXvytszSltroyXZlTVLKE58a/pHv8zTwJd1fdYZ1WGuj99/2Jzlb7v
tJ6JjHv4qYyKZy28Nelgv7z+kaZqG1yL8jVM3YPQlnvkDO/3ocN+dxh1gyHrXFE8
SjZsIDxx6Yr96rah6oCsKIM3k0DSY4AMP1/LG/8uZ9CrwFYrqPm3CniSrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpzTuuuHP2tNVzJBKX4uFkj5bOnMB8GA1UdIwQY
MBaAFBoEidycCnTC7VPh2eH7/djIdzuUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2dTSjNKd0tkTUx0VS1IWjRmdjkyTWgzTzVRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8xMWM1MmMtNDFhYS00ZTk1LWFkNjct
YTAyMWE2M2RkZmMzLzEvMS1uTk82NjRjX2EwMVhNa0VwZmk0V1NQbHM2Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWEvMTFjNTJjLTQxYWEtNGU5NS1hZDY3LWEwMjFhNjNkZGZj
My8xL0dnU0ozSndLZE1MdFUtSFo0ZnY5Mk1oM081US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbmSrDAN
BgkqhkiG9w0BAQsFAAOCAQEAY9VtKGzUKDt0///nBdqFFuYtGT7L3tm2a36HZ0xT
EqtdnT6XQrRx6RNWPjdtg++epKL/LNAlRLLmMZ1fNSKHlSXxS2LX3YovlorpOhie
ql8ysMVCZHOKKbazVtOiqbpbwSCR2GtJtxcx/MXiy8Zv2pS+wHo9ytAn7gMMbwk6
9HZR6pqMeik2yxeJVRKf9iDwlP0SVjLIh+KiaBgJQQJFZJjiRAZvB7SxJ9mDyHGV
e7taTv1y+IimcI3pLNbAPB3qlltx0VoW8IiVkEfav2sM7a0gdXjH1iPc7XnjyWkF
CvX5S9bHu9/xkuh3e5az0QzTpGyD7Wg+KG9KKarIFJMfiA==
-----END CERTIFICATE-----