Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/1hsjLJSTcbcikHhhT_hqF78TxgQ.roa
File:                     1hsjLJSTcbcikHhhT_hqF78TxgQ.roa (raw, json)
Hash identifier:          R/4V+dBV+0JmCJxP8j6UIyejMl0vmzT1gL8XSzVSC6E=
Subject key identifier:   D6:1B:23:2C:94:93:71:B7:22:90:78:61:4F:F8:6A:17:BF:13:C6:04
Certificate issuer:       /CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
Certificate serial:       018CC49360D02FC97BF33C6D11F6F9BF45AE
Authority key identifier: B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/1hsjLJSTcbcikHhhT_hqF78TxgQ.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8925
IP address blocks:        212.8.192.0/19 maxlen: 24
                          212.15.192.0/19 maxlen: 24
                          2001:ae0::/30 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:60:d0:2f:c9:7b:f3:3c:6d:11:f6:f9:bf:45:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0cc95fc42f3d81920f464b0f20c8a5203f21e30
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d61b232c949371b7229078614ff86a17bf13c604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:36:6c:82:d3:98:84:d3:18:4f:f4:6b:8c:84:
                    f2:6c:f8:65:13:ff:2e:05:59:0d:c7:4a:1d:88:a1:
                    6d:15:13:33:0b:4e:9b:32:d7:cc:39:1a:f0:f7:ca:
                    97:68:e6:50:13:ae:42:69:d4:20:c8:36:68:7b:54:
                    39:f9:28:fe:0e:43:25:73:82:e0:c2:80:dd:25:84:
                    60:e2:38:d0:34:ed:18:dc:7a:20:1f:29:50:61:4d:
                    42:b3:db:e1:40:0b:78:02:fc:26:87:91:28:7b:af:
                    43:82:9c:47:bd:6e:ec:25:a5:cf:d2:b0:f2:ba:e2:
                    62:58:dc:3c:89:ab:46:b1:ec:48:2d:da:2a:66:aa:
                    b9:1a:1a:05:08:d4:f5:4c:17:ea:69:a2:a1:3f:0d:
                    25:ff:0f:e4:4c:19:5f:54:6f:c3:9d:20:b6:3a:a1:
                    8d:1c:ed:79:fc:fa:46:18:39:35:47:e6:b2:62:8c:
                    31:ca:2c:8a:0f:ca:7b:80:f6:5b:73:49:af:55:71:
                    f0:46:71:7f:3d:60:ba:89:37:97:71:92:ba:e5:a8:
                    b8:dd:58:20:8d:a4:6e:2b:7f:47:39:26:8b:8b:f4:
                    30:cb:07:d2:b9:81:7f:46:1b:da:e9:24:68:49:cd:
                    93:88:81:5b:cb:79:19:8e:20:a0:26:3d:9a:25:04:
                    37:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:1B:23:2C:94:93:71:B7:22:90:78:61:4F:F8:6A:17:BF:13:C6:04
            X509v3 Authority Key Identifier:
                keyid:B0:CC:95:FC:42:F3:D8:19:20:F4:64:B0:F2:0C:8A:52:03:F2:1E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/1hsjLJSTcbcikHhhT_hqF78TxgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/e96877-1133-4b29-a6ba-8453c0f135d6/1/sMyV_ELz2Bkg9GSw8gyKUgPyHjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.8.192.0/19
                  212.15.192.0/19
                IPv6:
                  2001:ae0::/30

    Signature Algorithm: sha256WithRSAEncryption
         06:60:73:61:09:b2:60:c6:61:8e:16:ae:35:70:76:9c:2e:c6:
         e0:96:d2:d1:15:80:94:74:d5:d0:8a:49:b8:eb:aa:3c:64:33:
         9f:48:1d:ff:cb:77:3c:24:95:e8:11:0a:a2:bd:8c:5e:da:29:
         dc:e9:2a:df:3b:1d:d9:80:28:e6:84:00:62:11:7d:46:6c:9c:
         19:6b:e8:56:67:67:2e:bf:e9:88:00:02:63:da:db:68:84:2b:
         99:f6:79:c1:42:0a:0d:73:e6:b8:ae:22:52:39:cf:9c:47:e8:
         e6:65:9c:2d:8f:93:25:ba:55:90:cf:86:8b:7b:49:44:7e:b2:
         20:49:c6:71:cc:d4:e7:ec:20:b3:57:97:aa:fc:31:64:7e:e5:
         d9:d3:85:92:28:30:50:46:09:fa:06:94:d5:f5:75:2a:6e:ca:
         84:7c:f2:78:2c:3b:5d:f0:94:c8:fc:65:49:38:5a:2f:ea:1e:
         31:16:a0:e2:b1:03:e6:39:4f:ca:cf:d2:7a:e5:0b:25:0f:ab:
         e9:08:89:2a:e1:c4:3a:87:e8:3f:dd:3e:97:94:5c:21:0d:19:
         6d:c2:1c:5e:5f:fb:fc:8b:70:52:a0:0b:2b:b1:7f:d7:0a:89:
         cd:7e:f2:b1:74:8f:f3:41:6f:11:30:0c:ac:38:2d:a9:cb:fd:
         45:9a:ea:f5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk2DQL8l78zxtEfb5v0WuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwY2M5NWZjNDJmM2Q4MTkyMGY0NjRiMGYyMGM4YTUyMDNm
MjFlMzAwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjFiMjMyYzk0OTM3MWI3MjI5MDc4NjE0ZmY4NmExN2JmMTNjNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDZsgtOYhNMYT/RrjITybPhlE/8u
BVkNx0odiKFtFRMzC06bMtfMORrw98qXaOZQE65CadQgyDZoe1Q5+Sj+DkMlc4Lg
woDdJYRg4jjQNO0Y3HogHylQYU1Cs9vhQAt4Avwmh5Eoe69DgpxHvW7sJaXP0rDy
uuJiWNw8iatGsexILdoqZqq5GhoFCNT1TBfqaaKhPw0l/w/kTBlfVG/DnSC2OqGN
HO15/PpGGDk1R+ayYowxyiyKD8p7gPZbc0mvVXHwRnF/PWC6iTeXcZK65ai43Vgg
jaRuK39HOSaLi/QwywfSuYF/Rhva6SRoSc2TiIFby3kZjiCgJj2aJQQ3ZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNYbIyyUk3G3IpB4YU/4ahe/E8YEMB8GA1UdIwQY
MBaAFLDMlfxC89gZIPRksPIMilID8h4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEt
ODQ1M2MwZjEzNWQ2LzEvMWhzakxKU1RjYmNpa0hoaFRfaHFGNzhUeGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9lOTY4NzctMTEzMy00YjI5LWE2YmEtODQ1M2MwZjEzNWQ2
LzEvc015Vl9FTHoyQmtnOUdTdzhneUtVZ1B5SGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQF1AjAAwQF
1A/AMA0EAgACMAcDBQIgAQrgMA0GCSqGSIb3DQEBCwUAA4IBAQAGYHNhCbJgxmGO
Fq41cHacLsbgltLRFYCUdNXQikm466o8ZDOfSB3/y3c8JJXoEQqivYxe2inc6Srf
Ox3ZgCjmhABiEX1GbJwZa+hWZ2cuv+mIAAJj2ttohCuZ9nnBQgoNc+a4riJSOc+c
R+jmZZwtj5MlulWQz4aLe0lEfrIgScZxzNTn7CCzV5eq/DFkfuXZ04WSKDBQRgn6
BpTV9XUqbsqEfPJ4LDtd8JTI/GVJOFov6h4xFqDisQPmOU/Kz9J65QslD6vpCIkq
4cQ6h+g/3T6XlFwhDRltwhxeX/v8i3BSoAsrsX/XConNfvKxdI/zQW8RMAysOC2p
y/1Fmur1
-----END CERTIFICATE-----