Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/1PrDc34ymc0esPW5-DHXDo8ijGI.roa
File:                     1PrDc34ymc0esPW5-DHXDo8ijGI.roa (raw, json)
Hash identifier:          gqszA+5UBcV1CZif3ET3u8dbYxKdfrTSbS35G0yDDPU=
Subject key identifier:   D4:FA:C3:73:7E:32:99:CD:1E:B0:F5:B9:F8:31:D7:0E:8F:22:8C:62
Certificate issuer:       /CN=295579f5b673dbe2ebba348cfb0f56124cde7048
Certificate serial:       018CC5DC14C60E55DA51AD1E2D25FF9EA354
Authority key identifier: 29:55:79:F5:B6:73:DB:E2:EB:BA:34:8C:FB:0F:56:12:4C:DE:70:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/1PrDc34ymc0esPW5-DHXDo8ijGI.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        185.94.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:14:c6:0e:55:da:51:ad:1e:2d:25:ff:9e:a3:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=295579f5b673dbe2ebba348cfb0f56124cde7048
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4fac3737e3299cd1eb0f5b9f831d70e8f228c62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:71:20:19:6d:78:46:55:e7:98:08:79:a2:8c:
                    48:05:9d:28:10:9a:51:3f:d4:e0:8d:f9:72:73:1c:
                    6f:90:f9:51:f3:30:3f:63:8f:f3:ee:96:41:3d:e8:
                    47:b4:75:68:9e:f3:76:c0:10:cc:c5:e4:f7:88:5d:
                    7e:79:98:fb:3f:f1:42:94:d0:52:51:a0:a8:9a:6d:
                    5c:4d:c3:d9:16:a0:a3:77:6c:22:bb:5b:0a:b9:2d:
                    f1:db:af:f2:8e:02:59:5c:22:3e:bc:b3:2f:72:6b:
                    ea:2e:f9:af:da:49:25:6d:5a:a5:09:45:bc:71:90:
                    06:99:7c:33:cb:23:ae:9a:f7:b2:b4:3e:b6:6e:3b:
                    c6:d3:1b:c9:6b:7c:c1:18:8f:05:83:9c:de:a1:3d:
                    55:de:59:38:f6:8d:ee:65:c6:a1:36:2c:4f:e1:a0:
                    9d:64:49:7e:89:48:86:e4:24:c8:cd:4b:5d:99:9b:
                    72:6e:56:14:42:28:56:33:ab:4f:ef:a9:4a:38:ef:
                    ed:ff:b0:ad:e3:8a:a5:6d:4b:8b:f6:e6:0a:87:35:
                    10:ea:6e:32:75:ad:38:d2:78:9e:28:3e:b4:82:29:
                    5c:95:ad:f5:a4:63:1a:9c:a6:9e:d4:76:53:dc:17:
                    06:16:56:4e:3d:b2:aa:dd:2b:68:f2:66:98:d3:d2:
                    e4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:FA:C3:73:7E:32:99:CD:1E:B0:F5:B9:F8:31:D7:0E:8F:22:8C:62
            X509v3 Authority Key Identifier:
                keyid:29:55:79:F5:B6:73:DB:E2:EB:BA:34:8C:FB:0F:56:12:4C:DE:70:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVV59bZz2-LrujSM-w9WEkzecEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/1PrDc34ymc0esPW5-DHXDo8ijGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1574c9-01d5-48fd-980f-343c4d24c23b/1/KVV59bZz2-LrujSM-w9WEkzecEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:a9:25:19:aa:f6:4c:fa:0f:43:4a:72:46:78:e4:56:c8:59:
         d5:ad:aa:95:b2:38:45:f6:c9:f1:99:6e:ed:8b:c0:4a:b0:62:
         26:cb:17:4d:29:5f:00:89:23:25:f6:fb:30:ab:50:3c:93:63:
         6b:d3:51:d0:c3:b0:cc:83:c0:9e:35:2d:31:c5:dd:0b:be:6f:
         c0:40:3e:7f:e8:d6:27:25:3e:d8:30:e0:ea:9a:cd:7d:5f:af:
         42:e6:6e:43:8b:b9:37:11:13:57:fb:07:be:c2:0b:b7:13:2e:
         5b:ed:c5:38:10:e1:a7:91:99:80:b1:e5:00:7f:37:6f:14:03:
         ee:e3:ff:fb:0a:80:39:93:cf:85:97:9a:6d:74:74:18:a3:f1:
         74:95:93:50:90:8e:95:81:43:d0:b9:87:db:59:8b:e6:0d:57:
         03:e8:59:fc:ae:17:74:ce:2c:ad:fa:4c:ef:64:71:f0:0b:e5:
         e0:8c:df:f5:3a:f4:d6:43:f4:d7:1d:0f:8f:d0:16:04:90:03:
         16:52:87:16:d7:8b:ef:83:4e:85:79:36:1c:42:9a:93:7f:9f:
         ef:58:d5:0e:81:53:0c:54:bd:39:db:9b:ec:71:15:53:b3:5a:
         71:9a:db:f9:e1:b2:93:66:f9:83:73:2d:82:a5:26:3a:d6:e9:
         94:69:b6:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BTGDlXaUa0eLSX/nqNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTU3OWY1YjY3M2RiZTJlYmJhMzQ4Y2ZiMGY1NjEyNGNk
ZTcwNDgwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGZhYzM3MzdlMzI5OWNkMWViMGY1YjlmODMxZDcwZThmMjI4YzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXEgGW14RlXnmAh5ooxIBZ0oEJpR
P9TgjflycxxvkPlR8zA/Y4/z7pZBPehHtHVonvN2wBDMxeT3iF1+eZj7P/FClNBS
UaComm1cTcPZFqCjd2wiu1sKuS3x26/yjgJZXCI+vLMvcmvqLvmv2kklbVqlCUW8
cZAGmXwzyyOumveytD62bjvG0xvJa3zBGI8Fg5zeoT1V3lk49o3uZcahNixP4aCd
ZEl+iUiG5CTIzUtdmZtyblYUQihWM6tP76lKOO/t/7Ct44qlbUuL9uYKhzUQ6m4y
da040nieKD60gilcla31pGManKae1HZT3BcGFlZOPbKq3Sto8maY09LkCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNT6w3N+MpnNHrD1ufgx1w6PIoxiMB8GA1UdIwQY
MBaAFClVefW2c9vi67o0jPsPVhJM3nBIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZWNTliWnoyLUxydWpTTS13OVdFa3plY0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8xNTc0YzktMDFkNS00OGZkLTk4MGYt
MzQzYzRkMjRjMjNiLzEvMVByRGMzNHltYzBlc1BXNS1ESFhEbzhpakdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8xNTc0YzktMDFkNS00OGZkLTk4MGYtMzQzYzRkMjRjMjNi
LzEvS1ZWNTliWnoyLUxydWpTTS13OVdFa3plY0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV5XMA0G
CSqGSIb3DQEBCwUAA4IBAQACqSUZqvZM+g9DSnJGeORWyFnVraqVsjhF9snxmW7t
i8BKsGImyxdNKV8AiSMl9vswq1A8k2Nr01HQw7DMg8CeNS0xxd0Lvm/AQD5/6NYn
JT7YMODqms19X69C5m5Di7k3ERNX+we+wgu3Ey5b7cU4EOGnkZmAseUAfzdvFAPu
4//7CoA5k8+Fl5ptdHQYo/F0lZNQkI6VgUPQuYfbWYvmDVcD6Fn8rhd0ziyt+kzv
ZHHwC+XgjN/1OvTWQ/TXHQ+P0BYEkAMWUocW14vvg06FeTYcQpqTf5/vWNUOgVMM
VL0525vscRVTs1pxmtv54bKTZvmDcy2CpSY61umUabYg
-----END CERTIFICATE-----