Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pa1xmCeS6XF5-tyNWCLuxj8cfbg.roa
File:                     pa1xmCeS6XF5-tyNWCLuxj8cfbg.roa (raw, json)
Hash identifier:          NYguBpWsP047sLxLzUxiTNqcnrlvthpkc0sp2t6EGBE=
Subject key identifier:   A5:AD:71:98:27:92:E9:71:79:FA:DC:8D:58:22:EE:C6:3F:1C:7D:B8
Certificate issuer:       /CN=a633725cd5dd91cf190ab3a99526e898357856ef
Certificate serial:       018CC424FAF373EAB0BBC61D8BE74F6EE5E1
Authority key identifier: A6:33:72:5C:D5:DD:91:CF:19:0A:B3:A9:95:26:E8:98:35:78:56:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pa1xmCeS6XF5-tyNWCLuxj8cfbg.roa
Signing time:             Mon 01 Jan 2024 08:30:06 +0000
ROA not before:           Mon 01 Jan 2024 08:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        141.6.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fa:f3:73:ea:b0:bb:c6:1d:8b:e7:4f:6e:e5:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a633725cd5dd91cf190ab3a99526e898357856ef
        Validity
            Not Before: Jan  1 08:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5ad71982792e97179fadc8d5822eec63f1c7db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:bd:64:df:38:ec:7f:e6:a3:91:7b:bd:cf:f5:
                    53:57:2c:0b:35:7b:02:dd:78:87:f5:d7:17:55:d0:
                    68:08:96:dc:06:47:59:84:2a:23:8b:d2:a6:62:be:
                    2e:0e:59:3a:d5:26:a8:e1:7f:13:83:53:36:8a:07:
                    b7:b3:cb:81:ba:fd:c3:bb:44:17:18:fa:a2:e5:2e:
                    d8:78:dc:c5:a8:38:4e:94:09:14:ba:4c:1f:46:c5:
                    34:a9:c2:6c:3a:a3:7d:25:0e:cd:78:c9:21:4a:e2:
                    2c:c2:f4:ef:cd:79:af:77:17:74:f4:36:6a:c8:8b:
                    dd:ab:68:e3:6b:eb:01:16:cd:30:a4:1a:da:82:9b:
                    45:c5:1e:80:ce:d7:6c:46:8c:6a:b4:0a:f8:5f:0e:
                    b6:0c:47:bb:aa:a1:ef:11:9e:66:c9:5e:33:28:b8:
                    ec:ae:7a:ad:2c:aa:16:9f:e6:0e:a2:1b:c5:d0:01:
                    75:7e:5a:81:14:1c:f4:7f:06:43:1c:39:d6:5a:a9:
                    53:75:57:48:7a:fe:6a:58:a0:30:3e:81:57:22:d9:
                    85:73:35:12:b8:43:36:97:9c:f0:51:7e:60:0f:f4:
                    47:7a:7d:b0:e4:ea:e3:86:2b:1a:11:2e:57:07:2a:
                    38:53:83:69:fa:b6:30:73:82:ff:4f:e6:04:71:7d:
                    1b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:AD:71:98:27:92:E9:71:79:FA:DC:8D:58:22:EE:C6:3F:1C:7D:B8
            X509v3 Authority Key Identifier:
                keyid:A6:33:72:5C:D5:DD:91:CF:19:0A:B3:A9:95:26:E8:98:35:78:56:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjNyXNXdkc8ZCrOplSbomDV4Vu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pa1xmCeS6XF5-tyNWCLuxj8cfbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5b856a-a90d-4791-9c10-c0b813b4ec7e/1/pjNyXNXdkc8ZCrOplSbomDV4Vu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.6.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:ca:60:51:bd:8c:d9:e9:90:73:7b:43:15:df:ef:8e:40:e7:
         c0:2d:d2:9f:15:c7:1b:b0:7f:f0:f0:64:36:98:1f:66:f3:8a:
         3e:7c:6d:53:b2:f9:e7:2c:2f:3d:fd:2c:80:16:c3:f9:b3:22:
         66:34:eb:2e:b6:b7:ea:ba:fa:0f:a8:d6:ae:7c:0c:97:57:45:
         6d:c8:83:b7:cc:1d:0c:35:ad:cd:72:0a:5b:55:69:34:04:e2:
         67:f3:06:db:04:63:12:95:f4:da:0f:4d:3f:95:f8:1a:88:1f:
         ce:6d:0f:e0:6a:0c:a6:f4:8b:61:96:8a:52:26:ba:2f:e0:55:
         7c:d9:a9:c6:f8:77:e6:35:b3:f7:ec:01:50:47:69:d1:f8:7d:
         b9:9b:70:a3:a7:0d:0a:7f:a4:e7:ec:00:8f:0e:7e:52:8f:3f:
         62:5a:52:09:19:f3:69:88:1f:80:74:5c:7c:95:b4:b9:03:11:
         03:2b:1a:a3:16:d3:70:4e:b9:51:f1:08:15:3b:fd:a8:89:be:
         5c:8a:e6:f0:56:fc:30:58:62:55:19:bc:52:bd:0e:4c:db:4e:
         59:f7:97:13:be:e2:1e:e7:39:c5:1f:34:59:63:ad:7a:58:28:
         de:37:39:f8:e0:d5:b5:7d:67:bd:bc:52:0c:f1:79:99:d5:13:
         5e:bd:6b:e9
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEJPrzc+qwu8Ydi+dPbuXhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MzM3MjVjZDVkZDkxY2YxOTBhYjNhOTk1MjZlODk4MzU3
ODU2ZWYwHhcNMjQwMTAxMDgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWFkNzE5ODI3OTJlOTcxNzlmYWRjOGQ1ODIyZWVjNjNmMWM3ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb1k3zjsf+ajkXu9z/VTVywLNXsC
3XiH9dcXVdBoCJbcBkdZhCoji9KmYr4uDlk61Sao4X8Tg1M2ige3s8uBuv3Du0QX
GPqi5S7YeNzFqDhOlAkUukwfRsU0qcJsOqN9JQ7NeMkhSuIswvTvzXmvdxd09DZq
yIvdq2jja+sBFs0wpBragptFxR6AztdsRoxqtAr4Xw62DEe7qqHvEZ5myV4zKLjs
rnqtLKoWn+YOohvF0AF1flqBFBz0fwZDHDnWWqlTdVdIev5qWKAwPoFXItmFczUS
uEM2l5zwUX5gD/RHen2w5OrjhisaES5XByo4U4Np+rYwc4L/T+YEcX0bowIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFKWtcZgnkulxefrcjVgi7sY/HH24MB8GA1UdIwQY
MBaAFKYzclzV3ZHPGQqzqZUm6Jg1eFbvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGpOeVhOWGRrYzhaQ3JPcGxTYm9tRFY0VnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81Yjg1NmEtYTkwZC00NzkxLTljMTAt
YzBiODEzYjRlYzdlLzEvcGExeG1DZVM2WEY1LXR5TldDTHV4ajhjZmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81Yjg1NmEtYTkwZC00NzkxLTljMTAtYzBiODEzYjRlYzdl
LzEvcGpOeVhOWGRrYzhaQ3JPcGxTYm9tRFY0VnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQYwDQYJ
KoZIhvcNAQELBQADggEBADDKYFG9jNnpkHN7QxXf745A58At0p8Vxxuwf/DwZDaY
H2bzij58bVOy+ecsLz39LIAWw/mzImY06y62t+q6+g+o1q58DJdXRW3Ig7fMHQw1
rc1yCltVaTQE4mfzBtsEYxKV9NoPTT+V+BqIH85tD+BqDKb0i2GWilImui/gVXzZ
qcb4d+Y1s/fsAVBHadH4fbmbcKOnDQp/pOfsAI8OflKPP2JaUgkZ82mIH4B0XHyV
tLkDEQMrGqMW03BOuVHxCBU7/aiJvlyK5vBW/DBYYlUZvFK9DkzbTln3lxO+4h7n
OcUfNFljrXpYKN43Ofjg1bV9Z728UgzxeZnVE169a+k=
-----END CERTIFICATE-----