Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/1LqretNV1bZvfI58WQLyxPKMKDs.roa
File:                     1LqretNV1bZvfI58WQLyxPKMKDs.roa (raw, json)
Hash identifier:          JeaaDVGvdipxBJvAnra6aUoOXoRjyJHDznWXIJHpHdw=
Subject key identifier:   D4:BA:AB:7A:D3:55:D5:B6:6F:7C:8E:7C:59:02:F2:C4:F2:8C:28:3B
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       018CC94DB04B23AA657D3A2284ADA5753D39
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/1LqretNV1bZvfI58WQLyxPKMKDs.roa
Signing time:             Tue 02 Jan 2024 08:32:40 +0000
ROA not before:           Tue 02 Jan 2024 08:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.138.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b0:4b:23:aa:65:7d:3a:22:84:ad:a5:75:3d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  2 08:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4baab7ad355d5b66f7c8e7c5902f2c4f28c283b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e5:ed:32:da:e9:3c:84:99:56:c1:58:64:0e:
                    b1:e7:a2:56:4a:bb:6c:d8:3e:8f:40:bb:fc:79:51:
                    a5:c8:9b:fe:dc:c3:78:52:a2:5c:7f:bb:b6:7a:03:
                    aa:95:bf:b8:57:18:a0:8e:aa:4d:a9:a4:9c:8b:c1:
                    78:ce:96:29:be:af:d2:ed:04:ba:41:ce:41:25:4c:
                    db:bb:da:a3:b2:90:3e:9b:34:e6:e6:fa:3a:b0:32:
                    5d:e9:ee:a3:29:20:01:cd:2b:d4:ab:d3:33:92:0f:
                    6c:de:8b:f3:32:16:a8:f3:ca:10:c9:f5:4f:51:e6:
                    df:7e:17:2c:60:af:66:8c:73:ff:96:2d:a0:f2:a1:
                    4e:50:99:4c:83:ff:d6:3b:9d:b2:ea:47:03:20:22:
                    8b:61:28:4b:e0:ed:f5:5d:fa:35:40:ff:ad:ae:af:
                    77:ce:24:a3:f6:fe:07:87:a9:8d:f8:04:d3:c5:80:
                    68:2a:3c:b6:df:22:51:3f:b6:f4:0f:0c:d4:6e:e3:
                    e8:87:ef:f2:22:db:1f:88:95:52:e9:9f:e2:cc:4f:
                    02:58:0a:67:25:81:73:6e:73:2e:65:d1:c7:c9:5e:
                    54:17:a4:33:d9:c6:41:df:1d:c1:19:5f:23:50:a2:
                    66:35:ae:12:1e:68:73:1d:11:9c:c5:e7:93:06:71:
                    b9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:BA:AB:7A:D3:55:D5:B6:6F:7C:8E:7C:59:02:F2:C4:F2:8C:28:3B
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/1LqretNV1bZvfI58WQLyxPKMKDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:89:10:57:6c:c3:78:e2:88:84:f6:a4:6d:f2:c4:35:2b:05:
         c7:56:ec:8c:0c:0b:d4:16:93:6d:78:86:71:98:ca:b8:d2:a4:
         da:bd:3d:cd:ce:23:14:52:65:96:70:fc:34:be:de:ac:13:5b:
         1b:68:ca:81:60:f2:78:bd:7e:34:8e:b1:78:00:81:65:3a:34:
         24:cc:29:4c:2b:04:ee:81:81:7a:6e:b4:4b:58:1f:49:62:89:
         00:f8:21:4b:39:aa:b3:6f:d9:3c:b3:0f:36:0d:31:38:03:31:
         2b:f0:20:15:00:3e:22:1e:2a:f6:52:2d:c5:ad:8d:96:07:42:
         d9:de:1e:3a:0f:b8:86:17:2c:62:54:a3:ca:44:b5:7c:1b:3f:
         ca:9c:2d:50:27:98:fb:00:3c:05:27:d8:d1:f7:11:01:d4:d8:
         18:b1:26:c2:86:3b:db:dc:d3:a9:68:5d:8f:3c:22:6f:6d:b7:
         1c:e9:8e:37:70:32:5a:77:03:42:bc:67:ac:e7:49:6a:88:47:
         e0:1d:1e:6e:e0:ee:6c:c9:47:37:75:dc:e5:63:c6:9c:ab:2c:
         04:a3:61:86:9e:7c:67:ca:47:6b:b7:a3:65:0d:86:a9:f1:0c:
         cf:a5:81:46:a3:88:0d:68:34:94:a7:50:72:1b:53:f5:42:05:
         26:37:6e:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbBLI6plfToihK2ldT05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjQwMTAyMDgzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGJhYWI3YWQzNTVkNWI2NmY3YzhlN2M1OTAyZjJjNGYyOGMyODNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+XtMtrpPISZVsFYZA6x56JWSrts
2D6PQLv8eVGlyJv+3MN4UqJcf7u2egOqlb+4VxigjqpNqaSci8F4zpYpvq/S7QS6
Qc5BJUzbu9qjspA+mzTm5vo6sDJd6e6jKSABzSvUq9Mzkg9s3ovzMhao88oQyfVP
UebffhcsYK9mjHP/li2g8qFOUJlMg//WO52y6kcDICKLYShL4O31Xfo1QP+trq93
ziSj9v4Hh6mN+ATTxYBoKjy23yJRP7b0DwzUbuPoh+/yItsfiJVS6Z/izE8CWApn
JYFzbnMuZdHHyV5UF6Qz2cZB3x3BGV8jUKJmNa4SHmhzHRGcxeeTBnG5kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNS6q3rTVdW2b3yOfFkC8sTyjCg7MB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvMUxxcmV0TlYxYlp2Zkk1OFdRTHl4UEtNS0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYrqMA0G
CSqGSIb3DQEBCwUAA4IBAQCHiRBXbMN44oiE9qRt8sQ1KwXHVuyMDAvUFpNteIZx
mMq40qTavT3NziMUUmWWcPw0vt6sE1sbaMqBYPJ4vX40jrF4AIFlOjQkzClMKwTu
gYF6brRLWB9JYokA+CFLOaqzb9k8sw82DTE4AzEr8CAVAD4iHir2Ui3FrY2WB0LZ
3h46D7iGFyxiVKPKRLV8Gz/KnC1QJ5j7ADwFJ9jR9xEB1NgYsSbChjvb3NOpaF2P
PCJvbbcc6Y43cDJadwNCvGes50lqiEfgHR5u4O5syUc3ddzlY8acqywEo2GGnnxn
ykdrt6NlDYap8QzPpYFGo4gNaDSUp1ByG1P1QgUmN247
-----END CERTIFICATE-----