Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/N1PB4wkghMthA8l4GP9N1SzOEWE.roa
File:                     N1PB4wkghMthA8l4GP9N1SzOEWE.roa (raw, json)
Hash identifier:          8LPlkWhxVtJM+jMtTkRPToXaYbmZ6b57zhGOgt0FEmU=
Subject key identifier:   37:53:C1:E3:09:20:84:CB:61:03:C9:78:18:FF:4D:D5:2C:CE:11:61
Certificate issuer:       /CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
Certificate serial:       0194228DF43C38B27E9DD5879184A26D4EA2
Authority key identifier: D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/N1PB4wkghMthA8l4GP9N1SzOEWE.roa
Signing time:             Wed 01 Jan 2025 15:48:35 +0000
ROA not before:           Wed 01 Jan 2025 15:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        192.118.70.0/24 maxlen: 24
                          192.118.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f4:3c:38:b2:7e:9d:d5:87:91:84:a2:6d:4e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
        Validity
            Not Before: Jan  1 15:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3753c1e3092084cb6103c97818ff4dd52cce1161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ed:ac:b7:07:75:0c:85:23:90:2b:2f:9b:3e:
                    a9:b5:bd:cd:56:59:b5:34:21:c3:67:06:3f:dd:d1:
                    e6:6e:d3:3c:ee:37:c4:56:19:29:3c:ca:4c:8b:38:
                    c3:13:52:c6:a5:a0:70:b7:af:52:a3:65:8f:ec:04:
                    bf:3a:32:a9:b6:50:34:9b:e7:e2:f8:1f:68:7e:6c:
                    74:0b:27:09:dd:aa:ca:a0:af:19:bb:4b:05:40:f1:
                    e5:d9:86:da:9e:cc:f5:a9:c7:e5:5f:ca:91:8e:d0:
                    e3:3c:41:3e:03:8c:5f:42:0d:5a:ea:06:ba:ae:aa:
                    19:44:9a:4e:78:00:bc:25:0e:d9:a8:40:2a:ed:9d:
                    ef:67:b6:c8:a2:6c:96:bf:05:cf:0d:f9:30:95:14:
                    97:2a:5b:e1:08:7c:f1:f4:89:cd:a7:76:0a:53:54:
                    ce:88:a6:7a:39:bf:9e:b6:ac:b3:d9:e9:69:8c:86:
                    d7:d3:30:f0:b4:c3:85:88:54:36:0f:59:47:eb:2b:
                    1b:d1:c0:c2:45:58:33:e8:c3:35:b0:24:71:6b:ae:
                    e4:7d:5d:9a:a3:37:69:f2:f7:6a:d0:cb:d0:ef:34:
                    a6:c1:26:82:c9:e5:9a:10:07:c6:0d:aa:89:84:69:
                    82:a2:c4:97:aa:9c:3b:ed:81:2f:5f:02:82:99:9a:
                    e0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:53:C1:E3:09:20:84:CB:61:03:C9:78:18:FF:4D:D5:2C:CE:11:61
            X509v3 Authority Key Identifier:
                keyid:D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/N1PB4wkghMthA8l4GP9N1SzOEWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.118.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:1d:0d:f9:52:67:82:b4:b1:51:27:c5:51:18:2c:3d:e0:f5:
         78:0b:ff:df:9e:ac:73:ba:75:5f:7e:e6:a1:bd:50:16:62:ab:
         ea:2a:71:f8:5b:c5:f0:9d:02:0a:8a:88:97:66:c0:c3:07:64:
         82:d0:bc:90:3c:6f:35:ac:52:86:a6:da:04:94:4a:48:cf:db:
         0b:8a:fe:e4:c0:a0:f3:90:3c:1d:4e:f1:3f:f8:fb:63:70:e7:
         0f:5b:78:1a:46:66:7c:6b:ce:ef:8c:76:30:bc:48:db:1d:75:
         98:ac:8b:ce:a5:43:fc:84:0d:82:04:42:b0:b1:ec:4c:12:f4:
         60:67:d5:52:76:12:a2:b3:f4:29:7b:96:17:84:c9:da:03:eb:
         a2:8d:13:c4:5f:3a:5a:c6:6c:7b:2a:4a:b6:af:db:f7:a1:9e:
         b5:23:2b:91:84:4b:f8:7d:e3:eb:62:55:ef:43:af:30:0c:01:
         23:5c:ca:83:5f:9b:27:e4:70:6c:15:9f:03:f3:39:90:f8:4b:
         a6:39:2d:07:be:08:a5:4f:b8:f2:f3:54:f0:ad:98:85:40:a0:
         b9:b6:6a:e3:a3:55:ed:29:95:18:13:5a:74:7a:f0:34:5b:b6:
         09:3e:75:4a:c0:02:f8:d4:5f:d5:9b:2d:40:6c:ea:7b:db:ad:
         fe:b9:bf:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfQ8OLJ+ndWHkYSibU6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzFkNWZkNGUyMGFkZTVmMTFiNjZhZmIxMGE1NGM4ZmZl
NGIwNDAwHhcNMjUwMTAxMTU0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzUzYzFlMzA5MjA4NGNiNjEwM2M5NzgxOGZmNGRkNTJjY2UxMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiO2stwd1DIUjkCsvmz6ptb3NVlm1
NCHDZwY/3dHmbtM87jfEVhkpPMpMizjDE1LGpaBwt69So2WP7AS/OjKptlA0m+fi
+B9ofmx0CycJ3arKoK8Zu0sFQPHl2Ybansz1qcflX8qRjtDjPEE+A4xfQg1a6ga6
rqoZRJpOeAC8JQ7ZqEAq7Z3vZ7bIomyWvwXPDfkwlRSXKlvhCHzx9InNp3YKU1TO
iKZ6Ob+etqyz2elpjIbX0zDwtMOFiFQ2D1lH6ysb0cDCRVgz6MM1sCRxa67kfV2a
ozdp8vdq0MvQ7zSmwSaCyeWaEAfGDaqJhGmCosSXqpw77YEvXwKCmZrgVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdTweMJIITLYQPJeBj/TdUszhFhMB8GA1UdIwQY
MBaAFNLB1f1OIK3l8Rtmr7EKVMj/5LBAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTkt
YTA5YTg3NWY1OTAzLzEvTjFQQjR3a2doTXRoQThsNEdQOU4xU3pPRVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTktYTA5YTg3NWY1OTAz
LzEvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwHZGMA0G
CSqGSIb3DQEBCwUAA4IBAQAuHQ35UmeCtLFRJ8VRGCw94PV4C//fnqxzunVffuah
vVAWYqvqKnH4W8XwnQIKioiXZsDDB2SC0LyQPG81rFKGptoElEpIz9sLiv7kwKDz
kDwdTvE/+PtjcOcPW3gaRmZ8a87vjHYwvEjbHXWYrIvOpUP8hA2CBEKwsexMEvRg
Z9VSdhKis/Qpe5YXhMnaA+uijRPEXzpaxmx7Kkq2r9v3oZ61IyuRhEv4fePrYlXv
Q68wDAEjXMqDX5sn5HBsFZ8D8zmQ+EumOS0HvgilT7jy81TwrZiFQKC5tmrjo1Xt
KZUYE1p0evA0W7YJPnVKwAL41F/Vmy1AbOp7263+ub82
-----END CERTIFICATE-----