Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/8a476a-3455-4e3a-8c33-ff824b415693/1/1-xD0oxOlYwtfEwCcOWV5f83ysdQ.roa
File:                     1-xD0oxOlYwtfEwCcOWV5f83ysdQ.roa (raw, json)
Hash identifier:          3e/L9Y/1rkcsR0w34gTG0kaenzeXc28ONydimjzccTs=
Subject key identifier:   FB:10:F4:A3:13:A5:63:0B:5F:13:00:9C:39:65:79:7F:CD:F2:B1:D4
Certificate issuer:       /CN=b0b1b126dac0aa0b779486400ede7254b25eeaa6
Certificate serial:       018CC348AE3A00B9D865D7BC41A304173DB0
Authority key identifier: B0:B1:B1:26:DA:C0:AA:0B:77:94:86:40:0E:DE:72:54:B2:5E:EA:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLGxJtrAqgt3lIZADt5yVLJe6qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/8a476a-3455-4e3a-8c33-ff824b415693/1/1-xD0oxOlYwtfEwCcOWV5f83ysdQ.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.12.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/8a476a-3455-4e3a-8c33-ff824b415693/1/sLGxJtrAqgt3lIZADt5yVLJe6qY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/8a476a-3455-4e3a-8c33-ff824b415693/1/sLGxJtrAqgt3lIZADt5yVLJe6qY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLGxJtrAqgt3lIZADt5yVLJe6qY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ae:3a:00:b9:d8:65:d7:bc:41:a3:04:17:3d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b1b126dac0aa0b779486400ede7254b25eeaa6
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb10f4a313a5630b5f13009c3965797fcdf2b1d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6b:bd:cc:97:bb:93:12:a6:83:03:ac:d1:30:
                    11:d1:38:61:02:ed:30:c0:10:52:43:e1:db:62:fd:
                    ad:4d:46:00:0a:15:8d:3e:86:07:ca:57:b7:45:ab:
                    e5:c1:b3:d8:d4:00:87:c7:cb:e5:4a:0c:13:68:cf:
                    60:9e:90:1c:fc:c3:6e:72:0a:e9:57:e6:0b:21:39:
                    c8:dd:42:77:c4:fe:a9:92:02:00:63:97:01:10:f6:
                    53:24:2a:57:c7:0d:79:e3:31:36:3d:74:d2:ea:c7:
                    a5:58:14:da:70:6a:a9:35:1d:f0:d0:74:b2:94:51:
                    7a:5c:48:85:82:62:a6:2e:83:fb:7d:c9:24:37:bf:
                    b6:2c:a9:5f:d3:b4:6e:c5:5a:07:73:6e:8a:15:21:
                    e4:1b:fa:af:ce:c5:d9:38:98:b9:ee:e3:16:3a:75:
                    1f:56:6e:ad:f6:4d:f7:0a:5f:8f:55:01:d1:47:ab:
                    32:68:d0:09:64:c1:81:6f:ef:ce:2c:80:60:eb:be:
                    dd:90:c5:64:fd:79:c3:c4:be:e7:b8:4e:c1:e9:fa:
                    9f:2e:a3:72:d6:6a:d5:ac:cd:b0:c7:42:99:be:89:
                    c5:55:bf:43:0f:1e:40:aa:f0:43:a4:00:21:2b:5e:
                    90:cd:bf:3f:39:16:63:1b:3a:92:d9:81:48:54:56:
                    cb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:10:F4:A3:13:A5:63:0B:5F:13:00:9C:39:65:79:7F:CD:F2:B1:D4
            X509v3 Authority Key Identifier:
                keyid:B0:B1:B1:26:DA:C0:AA:0B:77:94:86:40:0E:DE:72:54:B2:5E:EA:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLGxJtrAqgt3lIZADt5yVLJe6qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/8a476a-3455-4e3a-8c33-ff824b415693/1/1-xD0oxOlYwtfEwCcOWV5f83ysdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/8a476a-3455-4e3a-8c33-ff824b415693/1/sLGxJtrAqgt3lIZADt5yVLJe6qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.12.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:c8:b1:af:a6:54:aa:18:ec:28:9d:0a:31:29:87:48:05:61:
         4d:7e:e8:b1:59:a3:9f:77:1d:4b:99:2c:99:b2:87:ce:dd:21:
         21:e5:b2:e3:0b:31:16:3f:95:d2:a2:73:74:a3:60:85:01:3f:
         76:28:18:1a:54:f4:2a:07:2e:91:c3:43:69:31:2f:e6:50:6d:
         89:82:0f:34:09:f0:72:21:e6:48:24:99:84:f1:d9:e4:8c:83:
         c9:7c:68:c3:05:11:a1:2a:fc:97:23:3b:d7:9a:51:cd:55:35:
         ed:42:7a:cd:cf:2d:1a:7b:6e:38:ac:f2:79:87:60:a0:a9:b9:
         c6:28:2e:1d:53:4c:29:72:1b:ee:a2:5a:b7:f7:90:d4:2d:7f:
         3f:44:29:07:6a:93:5e:92:6e:af:71:c8:17:5a:43:a4:f1:1b:
         2e:d5:cd:05:ab:99:de:9d:79:a4:8b:e0:6c:1c:76:16:7a:5e:
         ea:22:08:c5:0d:44:0b:bf:0c:ad:8f:72:28:b2:f7:04:6f:4f:
         a0:c2:e6:4d:0f:c0:8b:d3:76:ba:e8:80:87:3c:42:99:8f:64:
         d2:ec:eb:2e:b0:bf:81:f2:dc:7a:72:8f:22:d5:ae:82:c0:0d:
         49:bb:ab:98:05:ac:0c:69:16:d3:e9:e3:d0:7c:09:85:dd:eb:
         d2:36:27:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSK46ALnYZde8QaMEFz2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjFiMTI2ZGFjMGFhMGI3Nzk0ODY0MDBlZGU3MjU0YjI1
ZWVhYTYwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjEwZjRhMzEzYTU2MzBiNWYxMzAwOWMzOTY1Nzk3ZmNkZjJiMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2u9zJe7kxKmgwOs0TAR0ThhAu0w
wBBSQ+HbYv2tTUYAChWNPoYHyle3RavlwbPY1ACHx8vlSgwTaM9gnpAc/MNucgrp
V+YLITnI3UJ3xP6pkgIAY5cBEPZTJCpXxw154zE2PXTS6selWBTacGqpNR3w0HSy
lFF6XEiFgmKmLoP7fckkN7+2LKlf07RuxVoHc26KFSHkG/qvzsXZOJi57uMWOnUf
Vm6t9k33Cl+PVQHRR6syaNAJZMGBb+/OLIBg677dkMVk/XnDxL7nuE7B6fqfLqNy
1mrVrM2wx0KZvonFVb9DDx5AqvBDpAAhK16Qzb8/ORZjGzqS2YFIVFbLrwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsQ9KMTpWMLXxMAnDlleX/N8rHUMB8GA1UdIwQY
MBaAFLCxsSbawKoLd5SGQA7eclSyXuqmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xHeEp0ckFxZ3QzbElaQUR0NXlWTEplNnFZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi84YTQ3NmEtMzQ1NS00ZTNhLThjMzMt
ZmY4MjRiNDE1NjkzLzEvMS14RDBveE9sWXd0ZkV3Q2NPV1Y1ZjgzeXNkUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzYvOGE0NzZhLTM0NTUtNGUzYS04YzMzLWZmODI0YjQxNTY5
My8xL3NMR3hKdHJBcWd0M2xJWkFEdDV5VkxKZTZxWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMAMUTAN
BgkqhkiG9w0BAQsFAAOCAQEAOsixr6ZUqhjsKJ0KMSmHSAVhTX7osVmjn3cdS5ks
mbKHzt0hIeWy4wsxFj+V0qJzdKNghQE/digYGlT0KgcukcNDaTEv5lBtiYIPNAnw
ciHmSCSZhPHZ5IyDyXxowwURoSr8lyM715pRzVU17UJ6zc8tGntuOKzyeYdgoKm5
xiguHVNMKXIb7qJat/eQ1C1/P0QpB2qTXpJur3HIF1pDpPEbLtXNBauZ3p15pIvg
bBx2Fnpe6iIIxQ1EC78MrY9yKLL3BG9PoMLmTQ/Ai9N2uuiAhzxCmY9k0uzrLrC/
gfLcenKPItWugsANSburmAWsDGkW0+nj0HwJhd3r0jYnxA==
-----END CERTIFICATE-----