Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/1-sTGYdagkvzPjuSriqp_nUgDRKA.roa
File:                     1-sTGYdagkvzPjuSriqp_nUgDRKA.roa (raw, json)
Hash identifier:          sQIjfJ8EHWHy+vbL0C9uoNym8oHIKFhTuf8fPaXwPtk=
Subject key identifier:   FA:C4:C6:61:D6:A0:92:FC:CF:8E:E4:AB:8A:AA:7F:9D:48:03:44:A0
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64AEDD0F4C6611B2B59BD132184479A
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/1-sTGYdagkvzPjuSriqp_nUgDRKA.roa
Signing time:             Mon 01 Jan 2024 18:30:48 +0000
ROA not before:           Mon 01 Jan 2024 18:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212349
IP address blocks:        5.1.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 12:09:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ed:d0:f4:c6:61:1b:2b:59:bd:13:21:84:47:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fac4c661d6a092fccf8ee4ab8aaa7f9d480344a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:af:7b:16:33:73:17:9e:0f:cf:f9:fe:df:0a:
                    f5:f6:33:52:c6:74:d2:8e:bd:39:02:f7:eb:df:97:
                    50:ca:aa:a4:96:dc:97:1e:9c:f5:2b:f6:c9:5b:d0:
                    cd:ee:94:f6:3e:a8:ce:26:4b:54:ff:d0:0c:3e:54:
                    12:20:14:49:54:43:68:3c:46:ec:db:95:2a:64:7c:
                    12:a4:b9:db:46:37:21:7d:8a:d0:a9:bf:5b:b8:e5:
                    ba:73:5b:e6:e5:e3:2d:8e:db:49:7e:ea:25:45:83:
                    ec:13:b5:af:b4:25:96:4f:24:7c:4a:cf:22:64:e3:
                    92:3f:62:c5:72:b7:6e:65:af:5f:6b:f3:61:ef:df:
                    4b:2a:ea:45:54:87:0d:53:a7:80:fe:ea:7c:5d:9a:
                    85:16:98:d8:36:df:7b:4e:19:9d:2b:1d:60:24:cb:
                    db:df:d0:a4:e7:0e:f4:e3:c8:92:51:da:97:7f:e5:
                    ae:a5:ae:28:db:78:80:d7:e0:99:55:a6:d1:a0:c7:
                    e0:f2:63:8a:2b:08:a9:1d:d9:26:e8:f5:1e:c8:43:
                    7a:0c:a8:b7:7e:a3:bc:e2:16:86:2e:c2:68:ed:f1:
                    cd:da:4d:76:8c:43:64:f1:89:76:87:1e:97:54:8f:
                    26:90:e5:98:b6:a7:ff:b6:4a:89:d0:bd:6f:15:d2:
                    83:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:C4:C6:61:D6:A0:92:FC:CF:8E:E4:AB:8A:AA:7F:9D:48:03:44:A0
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/1-sTGYdagkvzPjuSriqp_nUgDRKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e6:7e:6c:ff:4d:c4:d5:be:69:ac:cf:f5:98:60:c6:64:70:
         eb:2c:33:cc:80:f9:83:7c:f1:1e:6b:7a:9c:bf:e8:3e:76:ab:
         4c:40:75:0e:45:74:26:e3:6c:5b:74:aa:c4:1c:18:b2:b0:06:
         f6:d2:71:3c:ce:ae:68:26:10:2e:a3:b4:75:24:9c:9e:ad:6c:
         11:d9:fb:97:b8:80:cc:08:cf:df:c4:79:a1:20:ae:58:a1:4d:
         59:79:71:b2:70:44:2c:1f:7a:af:d3:34:87:d0:b2:ab:6f:fa:
         dc:80:90:0b:e1:b7:a6:18:a0:79:59:5c:42:41:d8:ab:e1:64:
         40:c8:d6:8f:74:ce:37:6d:e5:77:21:92:91:d0:ad:de:2a:1d:
         f6:5b:dc:06:e5:30:ea:5f:4a:a5:fb:a5:7e:86:df:af:ca:ee:
         2d:60:d1:2a:83:73:b1:2a:95:6f:4c:ab:b9:17:c7:50:fb:f2:
         b6:d1:02:87:cb:62:96:73:75:be:3e:38:a6:f0:f7:88:e3:2a:
         86:7b:a1:75:35:52:a1:e4:a4:49:9d:d5:57:56:4f:65:ec:bf:
         84:9b:c4:23:fa:57:12:19:8b:1e:f6:e9:6d:65:c3:91:6e:9b:
         a5:bb:28:c9:7d:9a:75:25:6d:a8:70:ff:f1:76:a2:df:17:b3:
         e8:ee:2d:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSu3Q9MZhGytZvRMhhEeaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWM0YzY2MWQ2YTA5MmZjY2Y4ZWU0YWI4YWFhN2Y5ZDQ4MDM0NGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhq97FjNzF54Pz/n+3wr19jNSxnTS
jr05Avfr35dQyqqkltyXHpz1K/bJW9DN7pT2PqjOJktU/9AMPlQSIBRJVENoPEbs
25UqZHwSpLnbRjchfYrQqb9buOW6c1vm5eMtjttJfuolRYPsE7WvtCWWTyR8Ss8i
ZOOSP2LFcrduZa9fa/Nh799LKupFVIcNU6eA/up8XZqFFpjYNt97ThmdKx1gJMvb
39Ck5w7048iSUdqXf+Wupa4o23iA1+CZVabRoMfg8mOKKwipHdkm6PUeyEN6DKi3
fqO84haGLsJo7fHN2k12jENk8Yl2hx6XVI8mkOWYtqf/tkqJ0L1vFdKDBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrExmHWoJL8z47kq4qqf51IA0SgMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvMS1zVEdZZGFna3Z6UGp1U3JpcXBfblVnRFJLQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDAvNDFkNmUxLTVjYWQtNDBkYi05NzczLTU4YjM4ZjVhYzgw
Yi8xL3RDVThUeU04NllSMm1hNW83TDlkZFJTdy10cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAUBTzAN
BgkqhkiG9w0BAQsFAAOCAQEAPuZ+bP9NxNW+aazP9ZhgxmRw6ywzzID5g3zxHmt6
nL/oPnarTEB1DkV0JuNsW3SqxBwYsrAG9tJxPM6uaCYQLqO0dSScnq1sEdn7l7iA
zAjP38R5oSCuWKFNWXlxsnBELB96r9M0h9Cyq2/63ICQC+G3phigeVlcQkHYq+Fk
QMjWj3TON23ldyGSkdCt3iod9lvcBuUw6l9Kpfulfobfr8ruLWDRKoNzsSqVb0yr
uRfHUPvyttECh8tilnN1vj44pvD3iOMqhnuhdTVSoeSkSZ3VV1ZPZey/hJvEI/pX
EhmLHvbpbWXDkW6bpbsoyX2adSVtqHD/8Xai3xez6O4tBQ==
-----END CERTIFICATE-----