Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/8ccd6d-134c-4ebb-aefc-ec603926600b/1/1-izWGkdPu-EpXUtlZsCAvYeDZnE.roa
File:                     1-izWGkdPu-EpXUtlZsCAvYeDZnE.roa (raw, json)
Hash identifier:          y9Ey50TyDG+6KysZR03lmJ98Gyu7BgwnKo3EdC7idCA=
Subject key identifier:   FA:2C:D6:1A:47:4F:BB:E1:29:5D:4B:65:66:C0:80:BD:87:83:66:71
Certificate issuer:       /CN=316b3f334e269110690e9ec6a7a585dfe4fe8704
Certificate serial:       018CC4938E1082E923568E01354D1DC15148
Authority key identifier: 31:6B:3F:33:4E:26:91:10:69:0E:9E:C6:A7:A5:85:DF:E4:FE:87:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MWs_M04mkRBpDp7Gp6WF3-T-hwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/8ccd6d-134c-4ebb-aefc-ec603926600b/1/1-izWGkdPu-EpXUtlZsCAvYeDZnE.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210444
IP address blocks:        194.9.90.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/8ccd6d-134c-4ebb-aefc-ec603926600b/1/MWs_M04mkRBpDp7Gp6WF3-T-hwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/8ccd6d-134c-4ebb-aefc-ec603926600b/1/MWs_M04mkRBpDp7Gp6WF3-T-hwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MWs_M04mkRBpDp7Gp6WF3-T-hwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8e:10:82:e9:23:56:8e:01:35:4d:1d:c1:51:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=316b3f334e269110690e9ec6a7a585dfe4fe8704
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa2cd61a474fbbe1295d4b6566c080bd87836671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2d:25:a5:27:7a:f9:56:83:a8:a6:42:ae:c5:
                    23:3d:dd:c1:44:a2:3b:64:df:d4:c0:a0:be:8b:04:
                    de:95:c5:56:34:ab:75:9e:8f:9f:14:42:76:cf:87:
                    1e:2f:3d:93:c4:a0:56:51:f4:7c:21:a8:ae:4d:5b:
                    8a:06:47:08:0f:86:2e:c1:6c:33:1e:52:5b:a1:9d:
                    28:f0:16:65:5f:39:e1:30:87:b8:3b:c4:6d:31:9f:
                    ab:99:3c:99:d9:4a:ef:82:cb:4d:ec:b7:02:8f:b0:
                    8e:dc:ab:76:6f:3e:e5:20:38:aa:33:a7:2a:36:16:
                    28:63:1e:08:52:9d:57:b6:71:84:7c:ba:55:ae:65:
                    85:fb:fb:c7:24:64:92:e5:94:72:ba:02:66:18:43:
                    92:5f:df:1e:38:a9:4b:87:c7:55:f7:16:75:f2:e2:
                    64:2b:bb:4b:bd:99:db:9c:d6:0e:c5:a7:64:64:a1:
                    7f:41:f1:94:7b:08:e7:f1:90:3b:4c:7b:6d:d2:fa:
                    8d:e5:b5:d3:50:7e:31:bd:f4:c6:b4:b0:1c:b5:2e:
                    3c:a1:e1:a8:32:0e:e2:fa:7c:2f:24:d8:26:e6:35:
                    58:88:92:89:95:f1:cb:f1:72:2c:1d:23:79:55:d2:
                    e2:f7:bf:f1:8b:88:2c:8a:c9:9e:52:c1:4d:8f:7e:
                    ed:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:2C:D6:1A:47:4F:BB:E1:29:5D:4B:65:66:C0:80:BD:87:83:66:71
            X509v3 Authority Key Identifier:
                keyid:31:6B:3F:33:4E:26:91:10:69:0E:9E:C6:A7:A5:85:DF:E4:FE:87:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MWs_M04mkRBpDp7Gp6WF3-T-hwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ccd6d-134c-4ebb-aefc-ec603926600b/1/1-izWGkdPu-EpXUtlZsCAvYeDZnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ccd6d-134c-4ebb-aefc-ec603926600b/1/MWs_M04mkRBpDp7Gp6WF3-T-hwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f0:a6:4a:be:c6:54:7b:32:f4:c6:09:df:90:3c:33:db:00:
         62:a6:ff:a4:27:d7:33:bd:f1:a1:99:6a:c9:42:a5:38:93:74:
         fe:a9:1f:25:3d:29:64:b7:ea:2d:fc:bd:b9:25:b9:d6:81:0c:
         90:84:18:03:33:17:22:bf:d5:8b:37:4a:02:04:3b:0a:b2:9f:
         67:b2:c3:f6:5c:c4:a5:df:c1:f1:31:6b:b6:5b:75:51:52:08:
         f8:80:a9:78:d1:34:6d:e2:35:7c:a7:76:c3:48:e4:7b:42:1c:
         b2:6e:c9:27:14:94:7c:c8:e9:75:aa:1f:58:18:5e:54:ff:eb:
         91:d6:e7:e8:21:da:ff:df:8e:c3:42:17:50:18:58:d5:72:63:
         ec:1f:6f:e9:ac:ec:d6:c2:23:be:c2:0e:71:47:54:59:7e:66:
         04:0a:22:92:97:91:44:58:b3:aa:3b:9d:57:51:fc:a6:eb:45:
         9b:d2:f5:33:44:64:dc:c4:e9:20:02:8b:33:22:c4:ad:4b:dd:
         50:5f:2b:f0:19:4b:f3:0a:17:12:fe:59:9a:62:a8:34:27:c9:
         2b:29:a8:97:f4:a1:af:85:61:5b:53:46:13:50:fa:57:1d:b8:
         81:02:0b:b9:e5:21:c9:60:e4:de:6e:82:a2:f4:a0:c2:72:88:
         90:9c:f0:5f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk44QgukjVo4BNU0dwVFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNmIzZjMzNGUyNjkxMTA2OTBlOWVjNmE3YTU4NWRmZTRm
ZTg3MDQwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTJjZDYxYTQ3NGZiYmUxMjk1ZDRiNjU2NmMwODBiZDg3ODM2NjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAly0lpSd6+VaDqKZCrsUjPd3BRKI7
ZN/UwKC+iwTelcVWNKt1no+fFEJ2z4ceLz2TxKBWUfR8IaiuTVuKBkcID4YuwWwz
HlJboZ0o8BZlXznhMIe4O8RtMZ+rmTyZ2UrvgstN7LcCj7CO3Kt2bz7lIDiqM6cq
NhYoYx4IUp1XtnGEfLpVrmWF+/vHJGSS5ZRyugJmGEOSX98eOKlLh8dV9xZ18uJk
K7tLvZnbnNYOxadkZKF/QfGUewjn8ZA7THtt0vqN5bXTUH4xvfTGtLActS48oeGo
Mg7i+nwvJNgm5jVYiJKJlfHL8XIsHSN5VdLi97/xi4gsismeUsFNj37tHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPos1hpHT7vhKV1LZWbAgL2Hg2ZxMB8GA1UdIwQY
MBaAFDFrPzNOJpEQaQ6exqelhd/k/ocEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVdzX00wNG1rUkJwRHA3R3A2V0YzLVQtaHdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84Y2NkNmQtMTM0Yy00ZWJiLWFlZmMt
ZWM2MDM5MjY2MDBiLzEvMS1peldHa2RQdS1FcFhVdGxac0NBdlllRFpuRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2QvOGNjZDZkLTEzNGMtNGViYi1hZWZjLWVjNjAzOTI2NjAw
Yi8xL01Xc19NMDRta1JCcERwN0dwNldGMy1ULWh3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIJWjAN
BgkqhkiG9w0BAQsFAAOCAQEAGvCmSr7GVHsy9MYJ35A8M9sAYqb/pCfXM73xoZlq
yUKlOJN0/qkfJT0pZLfqLfy9uSW51oEMkIQYAzMXIr/VizdKAgQ7CrKfZ7LD9lzE
pd/B8TFrtlt1UVII+ICpeNE0beI1fKd2w0jke0Icsm7JJxSUfMjpdaofWBheVP/r
kdbn6CHa/9+Ow0IXUBhY1XJj7B9v6azs1sIjvsIOcUdUWX5mBAoikpeRRFizqjud
V1H8putFm9L1M0Rk3MTpIAKLMyLErUvdUF8r8BlL8woXEv5ZmmKoNCfJKymol/Sh
r4VhW1NGE1D6Vx24gQILueUhyWDk3m6CovSgwnKIkJzwXw==
-----END CERTIFICATE-----