Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/1H17hr_hUobWuXYgGJhlVMl0vAc.roa
File:                     1H17hr_hUobWuXYgGJhlVMl0vAc.roa (raw, json)
Hash identifier:          Rkxn+UezcsjedNVWyRrXBhJiByNzWdCMDO+NHJTfQBQ=
Subject key identifier:   D4:7D:7B:86:BF:E1:52:86:D6:B9:76:20:18:98:65:54:C9:74:BC:07
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FA57D04F87A23BFD15905C3C79D61
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/1H17hr_hUobWuXYgGJhlVMl0vAc.roa
Signing time:             Tue 02 Jan 2024 04:30:09 +0000
ROA not before:           Tue 02 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        194.5.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a5:7d:04:f8:7a:23:bf:d1:59:05:c3:c7:9d:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d47d7b86bfe15286d6b9762018986554c974bc07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0a:5c:91:d3:60:00:34:01:1f:cd:48:c4:96:
                    d9:6b:0c:67:38:dc:d5:32:46:19:80:7d:11:8e:4e:
                    78:43:c8:99:01:e1:a6:4f:12:6a:b8:82:d6:0e:4e:
                    5f:50:f3:a9:05:7b:09:c9:cb:a5:74:4a:90:80:bd:
                    fe:22:ec:42:30:7e:e3:29:21:62:a2:e7:d9:1f:4a:
                    82:6b:fa:5b:94:76:23:d1:b4:0b:75:17:d3:23:0e:
                    71:c7:93:dd:b5:68:9a:3e:59:e4:15:d8:a2:da:91:
                    fb:74:3c:3d:0f:2a:ea:4c:66:4e:01:73:3d:55:aa:
                    09:63:7d:55:1d:6e:25:39:0e:15:ed:78:72:4f:3d:
                    6c:e2:00:14:2a:51:c6:1b:16:77:f8:24:b0:bf:64:
                    38:30:fe:ff:f7:ba:85:68:e5:65:1b:69:ac:87:09:
                    8e:26:f7:2f:8d:6e:ef:93:2d:f7:27:3f:79:e4:da:
                    52:b0:a4:f8:d0:ed:f8:bd:3d:f5:aa:6e:9f:45:7c:
                    3e:52:72:30:fe:ba:4d:14:e8:d9:55:87:31:f4:b9:
                    00:7a:33:0a:f8:1e:95:6d:82:f2:9a:c0:20:ab:94:
                    81:4f:14:17:8d:2a:43:36:1b:d8:b5:48:25:b7:52:
                    b4:c2:15:95:e1:3a:4e:1a:f5:17:9b:21:bc:6f:e5:
                    73:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7D:7B:86:BF:E1:52:86:D6:B9:76:20:18:98:65:54:C9:74:BC:07
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/1H17hr_hUobWuXYgGJhlVMl0vAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:3c:58:c0:66:a8:47:cf:f4:23:1d:82:b1:52:af:46:20:c4:
         b5:c0:8c:58:8c:63:51:2a:06:0e:df:29:0f:73:d3:06:2e:3e:
         43:7c:c0:c1:20:c3:b4:86:4b:51:4a:06:cc:16:2c:8c:01:e4:
         97:62:50:b7:17:09:0f:5f:3b:e8:ce:81:cf:fa:a4:f3:57:e3:
         2c:39:8a:2d:d3:34:f4:cb:04:dd:a3:92:76:c6:86:c4:93:ed:
         2e:be:bb:b4:ed:a4:82:4c:27:d4:85:2e:0b:a4:10:4c:ee:0d:
         39:7d:39:e4:a4:c8:c3:d1:07:50:18:2c:49:c8:5f:83:16:8e:
         94:ba:cd:a5:c6:65:b2:78:f6:82:26:4c:a6:f0:e3:b7:b9:e0:
         cb:bf:d8:62:3b:52:98:7f:9b:35:50:71:f6:b3:c2:4d:99:15:
         46:9e:f2:22:a9:31:4a:bd:0e:54:da:a6:46:3a:94:5b:38:85:
         09:0e:c8:35:8b:ce:b6:a4:85:a1:9e:7c:f4:7b:52:a3:b8:e7:
         dc:2e:5a:89:7c:9e:d0:7f:ba:df:0f:f1:8b:20:9d:99:c3:00:
         7e:ca:fb:c4:29:03:5f:b1:ef:61:84:7d:ae:3d:17:50:91:59:
         db:0e:f6:38:a7:96:76:cf:d1:c8:c1:ff:fc:39:36:31:d2:f9:
         8c:7e:ac:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6V9BPh6I7/RWQXDx51hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdkN2I4NmJmZTE1Mjg2ZDZiOTc2MjAxODk4NjU1NGM5NzRiYzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgpckdNgADQBH81IxJbZawxnONzV
MkYZgH0Rjk54Q8iZAeGmTxJquILWDk5fUPOpBXsJyculdEqQgL3+IuxCMH7jKSFi
oufZH0qCa/pblHYj0bQLdRfTIw5xx5PdtWiaPlnkFdii2pH7dDw9DyrqTGZOAXM9
VaoJY31VHW4lOQ4V7XhyTz1s4gAUKlHGGxZ3+CSwv2Q4MP7/97qFaOVlG2mshwmO
JvcvjW7vky33Jz955NpSsKT40O34vT31qm6fRXw+UnIw/rpNFOjZVYcx9LkAejMK
+B6VbYLymsAgq5SBTxQXjSpDNhvYtUglt1K0whWV4TpOGvUXmyG8b+Vz+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNR9e4a/4VKG1rl2IBiYZVTJdLwHMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvMUgxN2hyX2hVb2JXdVhZZ0dKaGxWTWwwdkFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgUxMA0G
CSqGSIb3DQEBCwUAA4IBAQBkPFjAZqhHz/QjHYKxUq9GIMS1wIxYjGNRKgYO3ykP
c9MGLj5DfMDBIMO0hktRSgbMFiyMAeSXYlC3FwkPXzvozoHP+qTzV+MsOYot0zT0
ywTdo5J2xobEk+0uvru07aSCTCfUhS4LpBBM7g05fTnkpMjD0QdQGCxJyF+DFo6U
us2lxmWyePaCJkym8OO3ueDLv9hiO1KYf5s1UHH2s8JNmRVGnvIiqTFKvQ5U2qZG
OpRbOIUJDsg1i862pIWhnnz0e1KjuOfcLlqJfJ7Qf7rfD/GLIJ2ZwwB+yvvEKQNf
se9hhH2uPRdQkVnbDvY4p5Z2z9HIwf/8OTYx0vmMfqyo
-----END CERTIFICATE-----