Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/1-Q3vbwygDgPlHgEvvAoKWKdM7hI.roa
File:                     1-Q3vbwygDgPlHgEvvAoKWKdM7hI.roa (raw, json)
Hash identifier:          HC4jEPLjI3nlH58dh8rOymLNwtvf4cw9lQvSNCGwSfQ=
Subject key identifier:   F9:0D:EF:6F:0C:A0:0E:03:E5:1E:01:2F:BC:0A:0A:58:A7:4C:EE:12
Certificate issuer:       /CN=048dc3b923c7738f9a58ee80b49bcd0c5e7dcffa
Certificate serial:       018CC2DAF4F35A0812FFF102506DF4253A80
Authority key identifier: 04:8D:C3:B9:23:C7:73:8F:9A:58:EE:80:B4:9B:CD:0C:5E:7D:CF:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/1-Q3vbwygDgPlHgEvvAoKWKdM7hI.roa
Signing time:             Mon 01 Jan 2024 02:29:38 +0000
ROA not before:           Mon 01 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209169
IP address blocks:        2.59.44.0/22 maxlen: 24
                          2a09:f0c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f4:f3:5a:08:12:ff:f1:02:50:6d:f4:25:3a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048dc3b923c7738f9a58ee80b49bcd0c5e7dcffa
        Validity
            Not Before: Jan  1 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f90def6f0ca00e03e51e012fbc0a0a58a74cee12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:64:b0:5b:39:51:19:d6:f4:3e:88:9f:81:d0:
                    df:5c:47:7b:2d:a8:ed:bc:7b:ae:9a:7d:20:4f:2d:
                    e1:dd:93:f7:14:95:b4:4f:c3:d0:55:1d:0a:6e:c2:
                    fb:12:1f:4e:25:a2:79:52:dd:66:24:f5:9f:43:6c:
                    94:d0:38:8c:67:64:4e:ab:a3:4c:3c:c5:c1:b8:0b:
                    a1:1d:ae:71:fe:8d:dc:ef:79:b8:27:be:e6:a2:83:
                    6c:ea:1e:e9:d5:e8:ec:aa:cc:00:0f:65:7f:ca:12:
                    4b:f6:24:5b:3f:b5:d3:ee:3c:7e:6f:03:e8:b9:3f:
                    c0:96:3a:13:bf:5c:9b:2f:5a:a0:22:39:32:e5:be:
                    02:56:4e:9a:0a:2b:ab:38:6b:f9:10:fb:6c:b3:57:
                    76:ea:46:e4:83:4a:e5:e0:aa:52:d3:8c:99:6d:92:
                    5b:db:2d:e7:1a:0a:21:ea:12:c3:2e:8f:ec:9f:36:
                    8b:12:0e:fe:0d:94:63:ce:51:51:16:64:f7:54:0c:
                    28:aa:cc:30:c2:5e:5e:5a:44:10:0b:da:bd:33:a9:
                    e6:9d:59:7a:64:92:9e:ee:c0:7b:92:e7:0b:d2:f5:
                    5a:c2:cb:1d:98:d6:4a:2c:7e:02:d3:0e:a6:b7:70:
                    29:18:b2:ee:7a:af:1d:82:b8:4a:f3:49:0b:90:60:
                    57:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:0D:EF:6F:0C:A0:0E:03:E5:1E:01:2F:BC:0A:0A:58:A7:4C:EE:12
            X509v3 Authority Key Identifier:
                keyid:04:8D:C3:B9:23:C7:73:8F:9A:58:EE:80:B4:9B:CD:0C:5E:7D:CF:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BI3DuSPHc4-aWO6AtJvNDF59z_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/1-Q3vbwygDgPlHgEvvAoKWKdM7hI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f8c018-b90f-4f89-a3f4-2ec871465599/1/BI3DuSPHc4-aWO6AtJvNDF59z_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.44.0/22
                IPv6:
                  2a09:f0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:5f:f9:f1:13:25:e8:43:51:10:5e:fa:23:48:ab:09:c7:cc:
         7a:a8:1d:f0:d3:98:e8:fc:fc:48:50:31:58:6b:28:f3:1a:d1:
         cf:21:53:b4:87:9c:a9:72:69:2f:e4:6f:69:ac:e9:ee:57:c8:
         21:a6:96:ab:10:ba:25:3b:fe:46:6a:cb:36:90:b9:69:c6:fa:
         33:ff:45:8e:55:6a:1f:3a:4a:f5:c3:49:7b:51:77:63:d4:f1:
         56:b6:39:c6:2a:b2:94:a7:fa:10:cb:fb:5a:57:02:dd:db:c7:
         fb:7a:04:d1:26:47:0c:79:7d:e8:fb:9c:33:b0:4f:f9:23:32:
         b0:22:04:ff:fb:d2:61:82:dc:23:de:d1:15:87:8d:8d:df:3b:
         c1:5d:5f:8b:fb:6e:8d:d4:d9:32:6f:9f:f7:16:41:5a:cf:36:
         e8:47:c3:83:31:81:49:44:6e:36:81:37:b6:90:83:69:84:16:
         97:26:b0:d0:96:14:f8:bb:c0:c7:64:7b:7d:5d:0b:36:97:63:
         80:52:91:dc:a6:db:38:01:dc:8b:80:15:37:fe:1a:fa:90:cb:
         52:2e:de:48:31:f2:02:c4:37:5c:fb:2f:59:a7:3e:e4:1c:e2:
         14:05:28:99:d5:54:f8:71:34:c4:6b:36:7d:33:05:ff:0f:81:
         8e:f7:34:34
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC2vTzWggS//ECUG30JTqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0OGRjM2I5MjNjNzczOGY5YTU4ZWU4MGI0OWJjZDBjNWU3
ZGNmZmEwHhcNMjQwMTAxMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTBkZWY2ZjBjYTAwZTAzZTUxZTAxMmZiYzBhMGE1OGE3NGNlZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGSwWzlRGdb0PoifgdDfXEd7Lajt
vHuumn0gTy3h3ZP3FJW0T8PQVR0KbsL7Eh9OJaJ5Ut1mJPWfQ2yU0DiMZ2ROq6NM
PMXBuAuhHa5x/o3c73m4J77mooNs6h7p1ejsqswAD2V/yhJL9iRbP7XT7jx+bwPo
uT/AljoTv1ybL1qgIjky5b4CVk6aCiurOGv5EPtss1d26kbkg0rl4KpS04yZbZJb
2y3nGgoh6hLDLo/snzaLEg7+DZRjzlFRFmT3VAwoqswwwl5eWkQQC9q9M6nmnVl6
ZJKe7sB7kucL0vVawssdmNZKLH4C0w6mt3ApGLLueq8dgrhK80kLkGBXRwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPkN728MoA4D5R4BL7wKClinTO4SMB8GA1UdIwQY
MBaAFASNw7kjx3OPmljugLSbzQxefc/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkkzRHVTUEhjNC1hV082QXRKdk5ERjU5el9vLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mOGMwMTgtYjkwZi00Zjg5LWEzZjQt
MmVjODcxNDY1NTk5LzEvMS1RM3Zid3lnRGdQbEhnRXZ2QW9LV0tkTTdoSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjQvZjhjMDE4LWI5MGYtNGY4OS1hM2Y0LTJlYzg3MTQ2NTU5
OS8xL0JJM0R1U1BIYzQtYVdPNkF0SnZOREY1OXpfby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAgI7LDAN
BAIAAjAHAwUDKgnwwDANBgkqhkiG9w0BAQsFAAOCAQEAZ1/58RMl6ENREF76I0ir
CcfMeqgd8NOY6Pz8SFAxWGso8xrRzyFTtIecqXJpL+Rvaazp7lfIIaaWqxC6JTv+
RmrLNpC5acb6M/9FjlVqHzpK9cNJe1F3Y9TxVrY5xiqylKf6EMv7WlcC3dvH+3oE
0SZHDHl96PucM7BP+SMysCIE//vSYYLcI97RFYeNjd87wV1fi/tujdTZMm+f9xZB
Ws826EfDgzGBSURuNoE3tpCDaYQWlyaw0JYU+LvAx2R7fV0LNpdjgFKR3KbbOAHc
i4AVN/4a+pDLUi7eSDHyAsQ3XPsvWac+5BziFAUomdVU+HE0xGs2fTMF/w+Bjvc0
NA==
-----END CERTIFICATE-----