Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/1cZQBNYM1LyIFNPwuC1563tkW0E.roa
File:                     1cZQBNYM1LyIFNPwuC1563tkW0E.roa (raw, json)
Hash identifier:          SNMmHisT+OZk98VlkRsyG6U2Fj7njMmvtyinhcZLtOQ=
Subject key identifier:   D5:C6:50:04:D6:0C:D4:BC:88:14:D3:F0:B8:2D:79:EB:7B:64:5B:41
Certificate issuer:       /CN=eb91e993a4a40ce7e5d9c86325f186df069ecacd
Certificate serial:       018D1752BA3288979734D7B417E76F9ED82E
Authority key identifier: EB:91:E9:93:A4:A4:0C:E7:E5:D9:C8:63:25:F1:86:DF:06:9E:CA:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/65Hpk6SkDOfl2chjJfGG3waeys0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/1cZQBNYM1LyIFNPwuC1563tkW0E.roa
Signing time:             Wed 17 Jan 2024 12:08:34 +0000
ROA not before:           Wed 17 Jan 2024 12:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212552
IP address blocks:        194.146.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/65Hpk6SkDOfl2chjJfGG3waeys0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/65Hpk6SkDOfl2chjJfGG3waeys0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/65Hpk6SkDOfl2chjJfGG3waeys0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:17:52:ba:32:88:97:97:34:d7:b4:17:e7:6f:9e:d8:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb91e993a4a40ce7e5d9c86325f186df069ecacd
        Validity
            Not Before: Jan 17 12:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5c65004d60cd4bc8814d3f0b82d79eb7b645b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:34:00:07:40:19:98:3b:95:8a:2a:e0:24:ea:
                    90:4a:a6:0d:31:68:51:40:e7:c1:9f:da:6e:6e:f1:
                    ac:6c:3f:48:5c:03:04:2a:dc:22:00:1d:8b:59:e6:
                    74:d0:a0:c2:43:21:5c:bd:80:59:88:6a:c0:09:6c:
                    44:25:cc:55:b7:f2:7d:9a:64:53:2a:a3:ad:4e:c3:
                    75:86:80:af:04:33:ea:07:b8:81:34:86:29:30:bc:
                    7d:25:e9:22:6c:06:f2:ad:6f:1b:77:6d:4c:5f:f3:
                    50:b4:19:e1:45:6a:1d:56:5a:db:67:1f:b3:f7:c2:
                    de:71:a8:0b:18:7d:70:5e:75:ec:c9:7d:21:a4:97:
                    3e:cc:4b:2e:ce:87:d7:14:cd:f8:08:bc:05:fb:17:
                    e7:e0:33:db:a5:78:2a:3e:40:18:3f:44:37:90:8e:
                    48:35:37:15:ed:5d:23:fb:42:83:6f:04:44:7b:ac:
                    18:d0:bc:17:77:5c:87:c6:c2:3a:89:50:2c:ca:85:
                    ae:9c:5e:b1:24:ec:cf:38:f1:f3:f0:74:c1:eb:d5:
                    b9:15:3c:30:c7:04:b5:22:46:5d:74:44:66:e8:18:
                    3d:da:75:e6:8c:9b:10:ed:cd:5e:8c:9a:ce:91:1c:
                    9d:c5:4f:03:e4:10:26:f3:7a:5f:e6:11:62:64:31:
                    e6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:C6:50:04:D6:0C:D4:BC:88:14:D3:F0:B8:2D:79:EB:7B:64:5B:41
            X509v3 Authority Key Identifier:
                keyid:EB:91:E9:93:A4:A4:0C:E7:E5:D9:C8:63:25:F1:86:DF:06:9E:CA:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/65Hpk6SkDOfl2chjJfGG3waeys0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/1cZQBNYM1LyIFNPwuC1563tkW0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/65Hpk6SkDOfl2chjJfGG3waeys0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:54:bf:40:fa:f1:7f:f2:51:16:95:63:53:01:fa:88:d1:18:
         e0:19:c4:32:eb:df:71:c9:f3:d2:bb:b7:ed:d7:06:40:26:45:
         12:73:a6:77:fe:ed:56:5b:41:a7:17:bb:30:f5:a5:30:9b:2e:
         4b:c7:c5:13:4f:5c:b3:03:62:10:4f:bb:3c:e0:ca:48:2b:bf:
         37:06:9c:f5:d4:8b:98:10:2b:e6:36:a3:b5:20:a7:d4:ff:0f:
         f8:5a:97:b8:b9:b0:a2:ec:f7:7e:bb:13:bd:3b:12:3c:5a:9d:
         e0:9f:10:d1:9d:09:6c:06:87:b1:3f:68:ef:df:07:2a:60:d4:
         54:f3:cc:da:36:ea:27:37:0c:0a:1d:39:ff:20:8e:fd:82:fb:
         9a:7d:ee:0c:e7:8e:a2:bc:3d:5d:f2:e6:3e:d7:b4:47:a8:a6:
         63:ff:77:62:a1:c8:83:22:56:ce:38:6a:63:94:7e:ef:b6:8b:
         69:43:99:6a:12:7c:28:34:51:15:00:f2:1b:54:00:89:53:29:
         9a:82:7e:08:43:0a:19:26:c9:19:86:54:bf:73:00:6c:a0:58:
         f2:61:4e:16:c2:fb:31:70:79:f8:a8:55:a0:ce:90:5b:be:9e:
         2b:09:ad:3b:8b:1a:ca:c1:5e:82:02:69:de:3e:ed:18:e7:6a:
         2f:99:98:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0XUroyiJeXNNe0F+dvntguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViOTFlOTkzYTRhNDBjZTdlNWQ5Yzg2MzI1ZjE4NmRmMDY5
ZWNhY2QwHhcNMjQwMTE3MTIwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWM2NTAwNGQ2MGNkNGJjODgxNGQzZjBiODJkNzllYjdiNjQ1YjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzQAB0AZmDuViirgJOqQSqYNMWhR
QOfBn9pubvGsbD9IXAMEKtwiAB2LWeZ00KDCQyFcvYBZiGrACWxEJcxVt/J9mmRT
KqOtTsN1hoCvBDPqB7iBNIYpMLx9JekibAbyrW8bd21MX/NQtBnhRWodVlrbZx+z
98LecagLGH1wXnXsyX0hpJc+zEsuzofXFM34CLwF+xfn4DPbpXgqPkAYP0Q3kI5I
NTcV7V0j+0KDbwREe6wY0LwXd1yHxsI6iVAsyoWunF6xJOzPOPHz8HTB69W5FTww
xwS1IkZddERm6Bg92nXmjJsQ7c1ejJrOkRydxU8D5BAm83pf5hFiZDHmGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXGUATWDNS8iBTT8Lgteet7ZFtBMB8GA1UdIwQY
MBaAFOuR6ZOkpAzn5dnIYyXxht8GnsrNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjVIcGs2U2tET2ZsMmNoakpmR0czd2FleXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81ZjNhMDItMDY1MC00ZTVjLWI4ZDAt
YzcwMWYyNzljNmRlLzEvMWNaUUJOWU0xTHlJRk5Qd3VDMTU2M3RrVzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81ZjNhMDItMDY1MC00ZTVjLWI4ZDAtYzcwMWYyNzljNmRl
LzEvNjVIcGs2U2tET2ZsMmNoakpmR0czd2FleXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpJ7MA0G
CSqGSIb3DQEBCwUAA4IBAQAkVL9A+vF/8lEWlWNTAfqI0RjgGcQy699xyfPSu7ft
1wZAJkUSc6Z3/u1WW0GnF7sw9aUwmy5Lx8UTT1yzA2IQT7s84MpIK783Bpz11IuY
ECvmNqO1IKfU/w/4Wpe4ubCi7Pd+uxO9OxI8Wp3gnxDRnQlsBoexP2jv3wcqYNRU
88zaNuonNwwKHTn/II79gvuafe4M546ivD1d8uY+17RHqKZj/3diociDIlbOOGpj
lH7vtotpQ5lqEnwoNFEVAPIbVACJUymagn4IQwoZJskZhlS/cwBsoFjyYU4Wwvsx
cHn4qFWgzpBbvp4rCa07ixrKwV6CAmnePu0Y52ovmZj+
-----END CERTIFICATE-----