Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/Ha1eK6ml2MxNitOYWFbqRrKnvnI.roa
File:                     Ha1eK6ml2MxNitOYWFbqRrKnvnI.roa (raw, json)
Hash identifier:          71fz6Wu9m8HM6ha5JKqa4kOgHfensWm1zZGnh3jic5Y=
Subject key identifier:   1D:AD:5E:2B:A9:A5:D8:CC:4D:8A:D3:98:58:56:EA:46:B2:A7:BE:72
Certificate issuer:       /CN=b1940f000996ebfd2dab71c469cc51ee881b3f5e
Certificate serial:       018CC26D8331BB0B695FBEC12EB75D4E58A0
Authority key identifier: B1:94:0F:00:09:96:EB:FD:2D:AB:71:C4:69:CC:51:EE:88:1B:3F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sZQPAAmW6_0tq3HEacxR7ogbP14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/Ha1eK6ml2MxNitOYWFbqRrKnvnI.roa
Signing time:             Mon 01 Jan 2024 00:30:05 +0000
ROA not before:           Mon 01 Jan 2024 00:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.42.96.0/23 maxlen: 24
                          194.42.104.0/23 maxlen: 24
                          2a0f:340::/29 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/sZQPAAmW6_0tq3HEacxR7ogbP14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/sZQPAAmW6_0tq3HEacxR7ogbP14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sZQPAAmW6_0tq3HEacxR7ogbP14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:83:31:bb:0b:69:5f:be:c1:2e:b7:5d:4e:58:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1940f000996ebfd2dab71c469cc51ee881b3f5e
        Validity
            Not Before: Jan  1 00:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dad5e2ba9a5d8cc4d8ad3985856ea46b2a7be72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c5:4c:01:75:02:82:57:9f:70:5d:ce:f6:d9:
                    3d:4f:e0:59:e4:ba:8e:27:f4:bf:f1:11:44:f4:e2:
                    bf:90:c2:0d:0d:11:91:6f:c3:ad:e3:f3:75:76:f6:
                    d1:fd:97:c2:29:e6:ab:2e:a2:27:f2:8d:0c:6e:ec:
                    f6:45:72:f2:0a:29:36:c6:45:19:6f:7c:ff:5e:9c:
                    6e:7c:12:2b:41:98:0e:23:e0:3a:10:a1:46:57:3c:
                    70:04:c0:71:e6:f9:14:81:ed:34:17:9b:3c:cc:28:
                    78:7d:f7:fb:c4:f7:ef:38:1a:58:44:5d:e8:f9:c7:
                    a6:31:5e:5d:81:0f:fd:59:7e:19:8b:f8:94:d4:9a:
                    41:0c:f5:cf:b3:14:d2:c6:89:d3:4b:2a:ed:f4:2f:
                    85:6d:a1:dc:19:69:eb:0d:a7:0b:7a:58:50:1c:b2:
                    e7:2a:d8:b8:10:81:bb:4b:58:e3:4b:7b:cf:8e:46:
                    54:43:a0:5e:3e:ea:c3:08:00:48:f0:b6:9d:1a:17:
                    d0:60:d4:48:76:e4:90:b7:e4:8e:02:59:3f:7b:59:
                    0d:96:17:88:b6:0d:f5:20:98:e5:94:98:4f:48:4c:
                    3a:81:2c:a5:11:2a:5a:bc:71:70:7d:b9:6d:c7:aa:
                    56:c2:59:13:17:0c:c7:c5:90:97:62:d6:57:fd:14:
                    6e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:AD:5E:2B:A9:A5:D8:CC:4D:8A:D3:98:58:56:EA:46:B2:A7:BE:72
            X509v3 Authority Key Identifier:
                keyid:B1:94:0F:00:09:96:EB:FD:2D:AB:71:C4:69:CC:51:EE:88:1B:3F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZQPAAmW6_0tq3HEacxR7ogbP14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/Ha1eK6ml2MxNitOYWFbqRrKnvnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/sZQPAAmW6_0tq3HEacxR7ogbP14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.96.0/23
                  194.42.104.0/23
                IPv6:
                  2a0f:340::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:6d:13:54:18:cf:90:95:b7:aa:3e:e6:6a:79:9e:6d:bf:0d:
         fd:fb:e0:d1:21:80:d1:78:e8:cc:4b:d8:b8:db:67:ba:de:f2:
         69:f0:24:b3:96:c2:13:77:fc:a2:d1:91:51:3e:c8:7c:31:c2:
         07:95:5d:06:62:63:1a:f9:8f:04:b5:e8:4d:89:58:aa:76:5a:
         7f:90:b4:33:98:bd:ff:a5:c4:7a:a3:d5:bf:2c:9b:48:88:f8:
         55:57:1d:47:c2:ca:32:3c:ae:49:5d:77:7e:d8:e5:90:b1:3d:
         b1:72:9f:85:9a:96:aa:e1:09:00:73:90:07:c3:fe:8b:d4:54:
         86:a2:27:bd:07:45:05:1c:ac:c4:e7:6a:6a:40:11:52:7f:b8:
         4e:71:b9:59:37:0b:e1:58:87:c3:ea:64:f9:7b:38:57:43:ee:
         5b:11:69:d0:7e:3a:56:9c:d4:98:01:5e:20:fb:42:8b:04:c0:
         e8:68:e1:63:35:d5:50:65:b9:25:fa:4f:77:89:2e:af:d4:ad:
         39:c4:5f:b7:f2:b0:ce:ba:e5:da:13:b4:60:2b:45:b6:72:19:
         dd:6e:e5:c5:aa:cf:ee:d5:71:ca:62:22:ba:07:3d:17:c7:71:
         91:9e:ba:44:af:72:b8:a3:56:b1:9f:17:9b:df:f6:a8:3e:cf:
         d5:d3:5d:4c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbYMxuwtpX77BLrddTligMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOTQwZjAwMDk5NmViZmQyZGFiNzFjNDY5Y2M1MWVlODgx
YjNmNWUwHhcNMjQwMTAxMDAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGFkNWUyYmE5YTVkOGNjNGQ4YWQzOTg1ODU2ZWE0NmIyYTdiZTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8VMAXUCglefcF3O9tk9T+BZ5LqO
J/S/8RFE9OK/kMINDRGRb8Ot4/N1dvbR/ZfCKearLqIn8o0Mbuz2RXLyCik2xkUZ
b3z/XpxufBIrQZgOI+A6EKFGVzxwBMBx5vkUge00F5s8zCh4fff7xPfvOBpYRF3o
+cemMV5dgQ/9WX4Zi/iU1JpBDPXPsxTSxonTSyrt9C+FbaHcGWnrDacLelhQHLLn
Kti4EIG7S1jjS3vPjkZUQ6BePurDCABI8LadGhfQYNRIduSQt+SOAlk/e1kNlheI
tg31IJjllJhPSEw6gSylESpavHFwfbltx6pWwlkTFwzHxZCXYtZX/RRumQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB2tXiuppdjMTYrTmFhW6kayp75yMB8GA1UdIwQY
MBaAFLGUDwAJluv9LatxxGnMUe6IGz9eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1pRUEFBbVc2XzB0cTNIRWFjeFI3b2diUDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xYzEzZDktODFkNS00Y2RiLWEyZTEt
YTVhYmIyMGQyNDYyLzEvSGExZUs2bWwyTXhOaXRPWVdGYnFScktudm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xYzEzZDktODFkNS00Y2RiLWEyZTEtYTVhYmIyMGQyNDYy
LzEvc1pRUEFBbVc2XzB0cTNIRWFjeFI3b2diUDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwipgAwQB
wipoMA0EAgACMAcDBQMqDwNAMA0GCSqGSIb3DQEBCwUAA4IBAQCEbRNUGM+Qlbeq
PuZqeZ5tvw39++DRIYDReOjMS9i422e63vJp8CSzlsITd/yi0ZFRPsh8McIHlV0G
YmMa+Y8EtehNiViqdlp/kLQzmL3/pcR6o9W/LJtIiPhVVx1HwsoyPK5JXXd+2OWQ
sT2xcp+Fmpaq4QkAc5AHw/6L1FSGoie9B0UFHKzE52pqQBFSf7hOcblZNwvhWIfD
6mT5ezhXQ+5bEWnQfjpWnNSYAV4g+0KLBMDoaOFjNdVQZbkl+k93iS6v1K05xF+3
8rDOuuXaE7RgK0W2chndbuXFqs/u1XHKYiK6Bz0Xx3GRnrpEr3K4o1axnxeb3/ao
Ps/V011M
-----END CERTIFICATE-----