Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/sGetRY41AMrl0iEX5-a6PSQnDV8.roa
File:                     sGetRY41AMrl0iEX5-a6PSQnDV8.roa (raw, json)
Hash identifier:          fWoyTgN4XgELISzdxk2CSax2AcUTUYgN1hUeLTA5R9A=
Subject key identifier:   B0:67:AD:45:8E:35:00:CA:E5:D2:21:17:E7:E6:BA:3D:24:27:0D:5F
Certificate issuer:       /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial:       018CC6B912C649C4B791BD75FF81D7867770
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/sGetRY41AMrl0iEX5-a6PSQnDV8.roa
Signing time:             Mon 01 Jan 2024 20:31:06 +0000
ROA not before:           Mon 01 Jan 2024 20:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208058
IP address blocks:        185.125.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 19:03:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:12:c6:49:c4:b7:91:bd:75:ff:81:d7:86:77:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
        Validity
            Not Before: Jan  1 20:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b067ad458e3500cae5d22117e7e6ba3d24270d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:08:77:db:bc:a2:fb:32:e3:86:3e:b1:11:fd:
                    1b:54:0e:8e:91:96:a1:ff:df:87:c7:36:ff:6f:80:
                    bf:68:ef:6f:99:5a:60:51:0b:73:e9:1c:bd:66:39:
                    8f:ab:5f:0a:ba:8e:71:17:73:8b:ef:f9:1c:b6:41:
                    3f:79:33:00:2f:b9:d2:b1:8f:6c:47:88:b1:ae:cb:
                    22:49:9e:e4:04:d3:68:c4:7d:ba:8f:d6:62:b7:39:
                    69:ec:49:4f:8c:89:e5:cb:5d:03:dc:49:ec:1b:46:
                    ce:f0:3c:aa:52:d7:e4:d0:77:af:5e:ed:4b:54:b2:
                    d1:de:3f:02:dd:85:18:8f:17:d1:18:81:61:cb:8b:
                    0d:cb:26:12:d9:54:6a:7c:3d:91:52:ba:aa:59:16:
                    27:40:d7:1c:4f:a2:03:e7:10:c1:ea:e5:a6:f2:2b:
                    36:ab:2c:4a:50:bc:65:18:38:ef:41:4d:f7:fd:f1:
                    d5:52:43:31:ff:64:b9:8b:0e:37:b3:80:6f:f5:b9:
                    1a:7e:7d:a0:a6:c3:9a:5e:c0:7c:c4:2a:29:bc:c5:
                    27:bf:66:f4:dd:87:d2:74:93:f9:82:3e:02:e8:a2:
                    16:89:1a:b8:4b:6e:31:92:60:67:0c:be:ac:19:78:
                    46:38:dd:54:fd:e5:26:9b:71:56:10:fb:58:30:a2:
                    6a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:67:AD:45:8E:35:00:CA:E5:D2:21:17:E7:E6:BA:3D:24:27:0D:5F
            X509v3 Authority Key Identifier:
                keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/sGetRY41AMrl0iEX5-a6PSQnDV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:2c:02:df:9a:bb:3d:96:9a:8f:fe:60:7d:c9:e0:23:13:60:
         10:f0:a6:4c:ff:63:6b:6e:86:a0:76:4c:2b:88:f7:90:b8:7d:
         54:46:77:33:28:58:8d:39:28:63:c6:16:a5:9f:48:ed:08:81:
         57:04:2a:a1:80:90:60:ea:2e:1d:44:ea:12:1a:b7:0f:89:8a:
         db:36:a6:19:79:47:7e:56:4f:ee:88:c0:f0:23:11:5a:f0:73:
         7a:00:b9:e8:a9:ee:4d:3a:4c:d1:da:21:c2:fb:f5:54:03:8f:
         33:37:08:75:18:c6:85:9d:a1:43:e3:62:89:dc:4a:df:bb:d6:
         63:29:dc:13:76:6d:0c:a9:e4:e4:02:fb:56:22:1b:49:77:c4:
         ce:62:eb:36:13:5b:5a:94:03:7e:88:af:8c:f9:89:5a:ab:bf:
         11:ad:9b:3f:ec:b5:21:6c:8d:15:ff:63:54:80:38:77:87:95:
         8f:4f:51:86:27:cd:4c:40:82:a0:62:fa:91:f4:26:e6:31:15:
         ac:d8:b4:4d:93:03:9f:98:2a:d2:9d:7b:7e:36:a8:3e:23:66:
         5f:bb:d0:74:41:30:83:e0:e2:cb:47:9d:cb:ac:6d:53:db:bc:
         97:34:73:26:48:ff:d8:cc:f0:a6:36:55:d2:11:d3:be:36:92:
         8b:37:b7:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRLGScS3kb11/4HXhndwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjQwMTAxMjAzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDY3YWQ0NThlMzUwMGNhZTVkMjIxMTdlN2U2YmEzZDI0MjcwZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwh327yi+zLjhj6xEf0bVA6OkZah
/9+Hxzb/b4C/aO9vmVpgUQtz6Ry9ZjmPq18Kuo5xF3OL7/kctkE/eTMAL7nSsY9s
R4ixrssiSZ7kBNNoxH26j9Zitzlp7ElPjInly10D3EnsG0bO8DyqUtfk0HevXu1L
VLLR3j8C3YUYjxfRGIFhy4sNyyYS2VRqfD2RUrqqWRYnQNccT6ID5xDB6uWm8is2
qyxKULxlGDjvQU33/fHVUkMx/2S5iw43s4Bv9bkafn2gpsOaXsB8xCopvMUnv2b0
3YfSdJP5gj4C6KIWiRq4S24xkmBnDL6sGXhGON1U/eUmm3FWEPtYMKJqpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBnrUWONQDK5dIhF+fmuj0kJw1fMB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEvc0dldFJZNDFBTXJsMGlFWDUtYTZQU1FuRFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX3AMA0G
CSqGSIb3DQEBCwUAA4IBAQBJLALfmrs9lpqP/mB9yeAjE2AQ8KZM/2Nrboagdkwr
iPeQuH1URnczKFiNOShjxhaln0jtCIFXBCqhgJBg6i4dROoSGrcPiYrbNqYZeUd+
Vk/uiMDwIxFa8HN6ALnoqe5NOkzR2iHC+/VUA48zNwh1GMaFnaFD42KJ3Erfu9Zj
KdwTdm0MqeTkAvtWIhtJd8TOYus2E1talAN+iK+M+Ylaq78RrZs/7LUhbI0V/2NU
gDh3h5WPT1GGJ81MQIKgYvqR9CbmMRWs2LRNkwOfmCrSnXt+Nqg+I2Zfu9B0QTCD
4OLLR53LrG1T27yXNHMmSP/YzPCmNlXSEdO+NpKLN7fD
-----END CERTIFICATE-----