Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/A1R1tQF-WsYvJ21J-b7T2-CAt8g.roa
File:                     A1R1tQF-WsYvJ21J-b7T2-CAt8g.roa (raw, json)
Hash identifier:          ONX8S9m534M28Bbc70K62U7xXDHuIeZGhFYQ+HPeSCs=
Subject key identifier:   03:54:75:B5:01:7E:5A:C6:2F:27:6D:49:F9:BE:D3:DB:E0:80:B7:C8
Certificate issuer:       /CN=06039e71cb715204a83cc253822dc29a62c799e6
Certificate serial:       018CC349334838167EEF72C6622323FC4A4F
Authority key identifier: 06:03:9E:71:CB:71:52:04:A8:3C:C2:53:82:2D:C2:9A:62:C7:99:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BgOecctxUgSoPMJTgi3CmmLHmeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/A1R1tQF-WsYvJ21J-b7T2-CAt8g.roa
Signing time:             Mon 01 Jan 2024 04:30:03 +0000
ROA not before:           Mon 01 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197120
IP address blocks:        193.160.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/BgOecctxUgSoPMJTgi3CmmLHmeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/BgOecctxUgSoPMJTgi3CmmLHmeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BgOecctxUgSoPMJTgi3CmmLHmeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:33:48:38:16:7e:ef:72:c6:62:23:23:fc:4a:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06039e71cb715204a83cc253822dc29a62c799e6
        Validity
            Not Before: Jan  1 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=035475b5017e5ac62f276d49f9bed3dbe080b7c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:66:9d:6b:07:d2:b6:f9:1a:24:ac:b6:1b:aa:
                    c7:09:15:82:ef:ea:a6:78:2a:52:6d:4f:ee:d2:44:
                    6f:70:f1:b5:ab:08:a7:3c:cf:67:67:5c:49:2e:05:
                    fd:99:b8:d5:65:0d:94:06:d4:06:d2:0a:aa:f3:a9:
                    f0:00:87:be:07:04:8d:99:ec:79:36:6d:65:4f:b5:
                    7b:85:f4:29:fa:ba:12:13:55:79:90:9f:5d:9b:1e:
                    82:ba:b0:33:a7:00:f7:28:ee:d1:a5:97:23:d7:d3:
                    d3:e2:95:46:29:99:ae:a5:47:86:b7:c9:3a:01:c3:
                    0b:40:6b:35:06:5d:78:54:ba:36:b4:6e:4e:ea:1f:
                    00:6f:dd:43:df:e4:74:61:09:10:47:7b:c3:22:de:
                    0c:84:b6:32:91:9d:20:24:fc:6e:29:1c:9b:28:31:
                    cd:33:f6:b6:2d:9d:09:c5:65:bd:33:3b:ab:8b:0a:
                    f4:68:3b:f9:28:ab:80:69:5f:d5:33:7e:a7:c5:66:
                    de:6e:d6:dd:40:7a:a2:8f:40:f0:7c:f6:76:05:d4:
                    f3:4e:95:d7:98:3e:ef:71:77:d8:d7:97:3e:eb:eb:
                    34:48:fa:ed:1a:74:b1:83:fd:89:e8:32:56:f0:d2:
                    71:76:df:45:f8:ed:4a:59:79:da:25:33:8f:e8:e7:
                    c1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:54:75:B5:01:7E:5A:C6:2F:27:6D:49:F9:BE:D3:DB:E0:80:B7:C8
            X509v3 Authority Key Identifier:
                keyid:06:03:9E:71:CB:71:52:04:A8:3C:C2:53:82:2D:C2:9A:62:C7:99:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BgOecctxUgSoPMJTgi3CmmLHmeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/A1R1tQF-WsYvJ21J-b7T2-CAt8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/BgOecctxUgSoPMJTgi3CmmLHmeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:f5:eb:7d:8b:43:60:54:f9:59:f0:6b:70:60:d9:c8:14:b2:
         36:42:58:79:33:26:d0:34:ae:1f:cc:44:a5:e5:c2:86:ec:9f:
         ce:00:02:b5:25:91:d3:f8:75:a5:d8:f5:c0:72:93:54:12:57:
         1b:48:65:46:04:7c:13:99:15:ba:54:05:ba:6f:e5:3f:30:25:
         c7:c1:48:93:49:cc:05:f4:65:4c:a2:d4:84:15:a6:02:16:56:
         a6:e8:a2:7f:c6:62:a6:9b:34:4a:4f:30:cf:80:ae:3f:c4:62:
         8d:52:2e:59:d0:42:81:fc:d7:0e:d4:47:f4:1b:64:8f:e8:7c:
         89:32:6f:cd:5b:d5:98:bb:2d:aa:3a:45:f8:b9:8f:8a:a3:d3:
         6d:f2:a3:40:1f:cd:02:47:72:59:98:a8:a6:7f:2f:9e:f7:23:
         67:9e:d9:8a:46:13:b2:5a:9f:1a:13:23:57:95:7a:df:ec:c9:
         61:16:21:fa:47:df:00:2f:0e:f8:f1:76:47:92:30:6a:ca:f2:
         51:9c:2b:ea:25:6f:b8:a4:7b:e4:c4:4f:0e:d0:9b:d1:0f:e6:
         c2:8e:df:75:80:c8:76:b1:1a:e2:81:e2:22:e5:5a:d7:20:23:
         4c:32:0d:e5:34:dd:3b:9f:09:46:9c:81:c6:b3:f6:82:f5:5f:
         b2:68:1f:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTNIOBZ+73LGYiMj/EpPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MDM5ZTcxY2I3MTUyMDRhODNjYzI1MzgyMmRjMjlhNjJj
Nzk5ZTYwHhcNMjQwMTAxMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU0NzViNTAxN2U1YWM2MmYyNzZkNDlmOWJlZDNkYmUwODBiN2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2adawfStvkaJKy2G6rHCRWC7+qm
eCpSbU/u0kRvcPG1qwinPM9nZ1xJLgX9mbjVZQ2UBtQG0gqq86nwAIe+BwSNmex5
Nm1lT7V7hfQp+roSE1V5kJ9dmx6CurAzpwD3KO7RpZcj19PT4pVGKZmupUeGt8k6
AcMLQGs1Bl14VLo2tG5O6h8Ab91D3+R0YQkQR3vDIt4MhLYykZ0gJPxuKRybKDHN
M/a2LZ0JxWW9Mzuriwr0aDv5KKuAaV/VM36nxWbebtbdQHqij0DwfPZ2BdTzTpXX
mD7vcXfY15c+6+s0SPrtGnSxg/2J6DJW8NJxdt9F+O1KWXnaJTOP6OfB0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANUdbUBflrGLydtSfm+09vggLfIMB8GA1UdIwQY
MBaAFAYDnnHLcVIEqDzCU4Itwppix5nmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmdPZWNjdHhVZ1NvUE1KVGdpM0NtbUxIbWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9lNjI4NzktMmM2OS00MGMzLWIxMTYt
MGU0Njg3NWQ0NWZkLzEvQTFSMXRRRi1Xc1l2SjIxSi1iN1QyLUNBdDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9lNjI4NzktMmM2OS00MGMzLWIxMTYtMGU0Njg3NWQ0NWZk
LzEvQmdPZWNjdHhVZ1NvUE1KVGdpM0NtbUxIbWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwaDkMA0G
CSqGSIb3DQEBCwUAA4IBAQBK9et9i0NgVPlZ8GtwYNnIFLI2Qlh5MybQNK4fzESl
5cKG7J/OAAK1JZHT+HWl2PXAcpNUElcbSGVGBHwTmRW6VAW6b+U/MCXHwUiTScwF
9GVMotSEFaYCFlam6KJ/xmKmmzRKTzDPgK4/xGKNUi5Z0EKB/NcO1Ef0G2SP6HyJ
Mm/NW9WYuy2qOkX4uY+Ko9Nt8qNAH80CR3JZmKimfy+e9yNnntmKRhOyWp8aEyNX
lXrf7MlhFiH6R98ALw748XZHkjBqyvJRnCvqJW+4pHvkxE8O0JvRD+bCjt91gMh2
sRrigeIi5VrXICNMMg3lNN07nwlGnIHGs/aC9V+yaB92
-----END CERTIFICATE-----