Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/1LaSzpGE_njjTvEGyEudiZ3DCvc.roa
File:                     1LaSzpGE_njjTvEGyEudiZ3DCvc.roa (raw, json)
Hash identifier:          vaH8yPrAbLTh/ZfaYFtqSnVKFbP5VlpKarBSMWikmHo=
Subject key identifier:   D4:B6:92:CE:91:84:FE:78:E3:4E:F1:06:C8:4B:9D:89:9D:C3:0A:F7
Certificate issuer:       /CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
Certificate serial:       018F063C57377030ABA231C38DF809055683
Authority key identifier: BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/1LaSzpGE_njjTvEGyEudiZ3DCvc.roa
Signing time:             Mon 22 Apr 2024 14:36:08 +0000
ROA not before:           Mon 22 Apr 2024 14:36:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9083
IP address blocks:        212.96.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:3c:57:37:70:30:ab:a2:31:c3:8d:f8:09:05:56:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc3a252a8fcca0361da234a4f3ddb957789d0e55
        Validity
            Not Before: Apr 22 14:36:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4b692ce9184fe78e34ef106c84b9d899dc30af7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:59:c9:9d:0c:02:34:a3:6e:11:bd:97:9f:f1:
                    85:4b:e0:f9:ec:44:4b:be:0d:02:60:4e:1d:1c:6a:
                    2c:30:35:e0:86:7b:76:20:ec:43:98:a3:29:79:fc:
                    23:4c:94:3f:cf:a9:03:e8:6e:74:45:69:97:14:8e:
                    51:2f:6e:20:50:0b:eb:56:df:69:01:65:fc:4f:ff:
                    71:d4:a8:fd:9d:64:62:59:73:22:fa:b8:c4:11:e6:
                    f1:77:e0:8c:b7:d9:e0:31:bc:37:b6:74:55:fa:c1:
                    29:65:ac:66:49:0f:ab:56:1b:e3:e9:d3:41:72:86:
                    27:dc:43:a4:e2:8b:fa:5f:b4:46:69:b3:a7:04:17:
                    fb:ca:ac:b0:21:4e:a6:f1:54:bc:f8:b6:6b:af:24:
                    63:ff:94:aa:45:08:ea:a0:a5:d0:60:1d:b0:a1:41:
                    6b:f3:fa:0e:c6:0b:42:eb:81:92:11:3a:83:74:fc:
                    49:4d:be:57:50:ab:af:3b:75:9b:cd:c9:c1:ec:99:
                    4e:9c:e4:cc:24:c0:84:c2:be:e0:83:1f:de:54:4b:
                    8c:d9:78:34:6e:39:6f:24:12:6d:e7:18:ea:ad:8f:
                    0a:cd:38:4d:e2:c9:dd:85:f5:46:19:64:c8:08:82:
                    0e:7c:91:15:98:d5:03:b7:91:2f:88:c4:5f:81:57:
                    7b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B6:92:CE:91:84:FE:78:E3:4E:F1:06:C8:4B:9D:89:9D:C3:0A:F7
            X509v3 Authority Key Identifier:
                keyid:BC:3A:25:2A:8F:CC:A0:36:1D:A2:34:A4:F3:DD:B9:57:78:9D:0E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vDolKo_MoDYdojSk8925V3idDlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/1LaSzpGE_njjTvEGyEudiZ3DCvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/324f05-9a07-44cb-8709-0a19518f7358/1/vDolKo_MoDYdojSk8925V3idDlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.96.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         22:be:d5:32:f0:33:54:04:d5:23:ee:45:be:49:31:6a:f7:3d:
         17:40:82:fe:fb:a0:80:a4:d7:6b:c2:f5:6b:75:aa:d0:ea:df:
         d4:7f:1b:06:fd:91:df:dc:da:a7:fb:d2:c6:e3:a2:8a:78:61:
         cd:33:6a:6a:f8:d0:90:0f:8e:2c:10:68:4d:16:c6:c0:f7:74:
         64:8c:f0:f0:44:52:34:1a:47:73:6b:c8:40:0f:86:6a:62:d5:
         ed:e4:91:6e:a9:22:09:43:fa:87:c7:d3:61:44:ee:74:91:07:
         f3:0d:e1:8c:12:98:df:a6:18:48:a3:1b:28:a1:e6:55:0b:38:
         ec:58:82:54:00:0f:ce:7c:fb:49:14:a0:ec:ad:cf:c1:13:2a:
         b8:97:5f:8a:91:2c:e1:c9:66:7c:79:02:4f:2b:28:ee:22:ff:
         09:b6:b6:35:93:ca:6f:44:2b:46:a2:5e:b4:a1:6d:dd:94:e5:
         0a:a7:c2:20:20:06:70:34:56:85:7e:d3:6a:9e:cc:3b:da:9d:
         f7:ac:eb:41:a4:81:b0:33:1a:16:71:08:28:87:ef:4c:e6:2f:
         70:36:35:5f:d6:24:73:ee:cc:52:80:d1:4f:d9:2c:4e:f8:33:
         74:f1:8c:83:fe:88:10:b8:e0:c6:f9:4f:bc:6d:3b:3f:af:f7:
         ed:58:2b:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8GPFc3cDCrojHDjfgJBVaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjM2EyNTJhOGZjY2EwMzYxZGEyMzRhNGYzZGRiOTU3Nzg5
ZDBlNTUwHhcNMjQwNDIyMTQzNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGI2OTJjZTkxODRmZTc4ZTM0ZWYxMDZjODRiOWQ4OTlkYzMwYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFnJnQwCNKNuEb2Xn/GFS+D57ERL
vg0CYE4dHGosMDXghnt2IOxDmKMpefwjTJQ/z6kD6G50RWmXFI5RL24gUAvrVt9p
AWX8T/9x1Kj9nWRiWXMi+rjEEebxd+CMt9ngMbw3tnRV+sEpZaxmSQ+rVhvj6dNB
coYn3EOk4ov6X7RGabOnBBf7yqywIU6m8VS8+LZrryRj/5SqRQjqoKXQYB2woUFr
8/oOxgtC64GSETqDdPxJTb5XUKuvO3WbzcnB7JlOnOTMJMCEwr7ggx/eVEuM2Xg0
bjlvJBJt5xjqrY8KzThN4sndhfVGGWTICIIOfJEVmNUDt5EviMRfgVd74wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNS2ks6RhP54407xBshLnYmdwwr3MB8GA1UdIwQY
MBaAFLw6JSqPzKA2HaI0pPPduVd4nQ5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDkt
MGExOTUxOGY3MzU4LzEvMUxhU3pwR0VfbmpqVHZFR3lFdWRpWjNEQ3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zMjRmMDUtOWEwNy00NGNiLTg3MDktMGExOTUxOGY3MzU4
LzEvdkRvbEtvX01vRFlkb2pTazg5MjVWM2lkRGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GCAMA0G
CSqGSIb3DQEBCwUAA4IBAQAivtUy8DNUBNUj7kW+STFq9z0XQIL++6CApNdrwvVr
darQ6t/UfxsG/ZHf3Nqn+9LG46KKeGHNM2pq+NCQD44sEGhNFsbA93RkjPDwRFI0
Gkdza8hAD4ZqYtXt5JFuqSIJQ/qHx9NhRO50kQfzDeGMEpjfphhIoxsooeZVCzjs
WIJUAA/OfPtJFKDsrc/BEyq4l1+KkSzhyWZ8eQJPKyjuIv8JtrY1k8pvRCtGol60
oW3dlOUKp8IgIAZwNFaFftNqnsw72p33rOtBpIGwMxoWcQgoh+9M5i9wNjVf1iRz
7sxSgNFP2SxO+DN08YyD/ogQuODG+U+8bTs/r/ftWCt2
-----END CERTIFICATE-----