Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/RxnAA5jZzVMxxT76aomejmMoqk8.roa
File:                     RxnAA5jZzVMxxT76aomejmMoqk8.roa (raw, json)
Hash identifier:          8+FFQk19Y/OopKOyldstbYTe8oZ3Jq/HGdI6o7QiLTM=
Subject key identifier:   47:19:C0:03:98:D9:CD:53:31:C5:3E:FA:6A:89:9E:8E:63:28:AA:4F
Certificate issuer:       /CN=1c4c26273da2821fce26075aa0a6e2301ec84927
Certificate serial:       018CC49367F2E2869A48A4717A26910CFA96
Authority key identifier: 1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/RxnAA5jZzVMxxT76aomejmMoqk8.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        143.239.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:67:f2:e2:86:9a:48:a4:71:7a:26:91:0c:fa:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4c26273da2821fce26075aa0a6e2301ec84927
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4719c00398d9cd5331c53efa6a899e8e6328aa4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:25:99:55:b1:0a:76:5a:9e:25:b9:e7:70:d0:
                    c0:bb:8b:9a:c6:d9:6d:bc:db:a0:d7:aa:0d:7b:7c:
                    70:29:d4:85:78:81:3e:4c:c3:8f:71:03:82:a5:7e:
                    dd:12:e3:8b:1f:b9:08:28:52:2b:aa:bf:b5:6e:ee:
                    0c:a4:a9:2b:4d:d1:ce:ce:88:b1:95:1a:03:ec:ea:
                    6f:45:69:3c:2a:a7:b7:f9:d2:73:00:15:4d:78:f5:
                    1a:72:65:79:63:98:c3:0e:82:6d:f7:14:71:1d:73:
                    6c:e3:ed:84:5d:4c:b8:3e:b6:cf:e4:b6:12:a1:ad:
                    4f:7c:54:ad:c5:32:65:6a:08:30:0a:8e:dc:a1:46:
                    04:43:67:9d:03:16:ea:ee:8e:84:be:84:9e:58:f6:
                    09:fb:10:5b:3b:80:fc:fd:67:10:0f:f2:8c:6a:45:
                    95:ff:8d:31:ee:cc:62:e9:81:f8:42:3d:84:36:36:
                    33:9c:b2:6d:b2:16:c2:2b:40:d9:4e:df:cb:99:a5:
                    ee:cb:ee:4b:23:de:e6:7c:f8:02:06:62:d2:0e:dc:
                    c0:de:88:5b:45:51:9a:4b:ad:b1:f9:57:16:93:f9:
                    6c:a5:2a:e7:37:1e:72:02:99:fd:14:2c:87:73:18:
                    1e:ea:46:1f:aa:b3:21:e9:51:59:c5:b2:62:95:c7:
                    b4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:19:C0:03:98:D9:CD:53:31:C5:3E:FA:6A:89:9E:8E:63:28:AA:4F
            X509v3 Authority Key Identifier:
                keyid:1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/RxnAA5jZzVMxxT76aomejmMoqk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         09:b3:3d:65:c3:1a:72:08:65:91:3d:50:8e:04:d9:7c:db:85:
         56:84:77:30:0d:c7:cf:ea:79:cc:9a:2a:de:c7:28:e0:eb:37:
         28:00:41:d0:b5:75:af:2b:44:21:d1:0d:34:d1:08:d9:75:16:
         fd:59:31:65:9a:28:cf:1e:0d:e4:25:f6:a9:50:7a:a9:85:dd:
         ec:29:47:ea:fe:14:3f:1b:fd:a4:13:ac:c9:3d:1e:5f:7f:d2:
         4e:c1:21:06:0f:d9:2b:3a:44:d3:db:3f:35:e5:34:2d:05:49:
         d0:ce:8a:71:80:5f:1d:c6:ca:0f:fc:92:a7:b7:5f:3b:ff:f7:
         81:d5:fd:20:ee:51:f8:ac:14:2b:03:ca:b3:9a:29:3c:a9:4f:
         89:64:a6:e4:74:70:3a:f7:dc:b9:a2:9d:b2:f8:7b:d0:59:79:
         ff:ba:d6:3d:79:7e:c4:20:ff:eb:59:33:ef:21:70:2b:42:60:
         1d:37:ed:e6:0e:49:e0:31:3d:4b:18:a6:b1:1f:10:a2:89:0d:
         93:1e:28:7f:6d:56:b8:f0:31:4d:fb:c8:0b:3d:bc:12:5c:3a:
         d9:ef:38:a1:a5:26:96:20:f6:9c:a0:f0:d0:72:e1:d6:72:99:
         e7:cf:fe:55:3c:b5:00:c4:87:f2:06:dd:d8:44:75:9c:7e:91:
         c1:26:86:0d
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEk2fy4oaaSKRxeiaRDPqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGMyNjI3M2RhMjgyMWZjZTI2MDc1YWEwYTZlMjMwMWVj
ODQ5MjcwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzE5YzAwMzk4ZDljZDUzMzFjNTNlZmE2YTg5OWU4ZTYzMjhhYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyWZVbEKdlqeJbnncNDAu4uaxtlt
vNug16oNe3xwKdSFeIE+TMOPcQOCpX7dEuOLH7kIKFIrqr+1bu4MpKkrTdHOzoix
lRoD7OpvRWk8Kqe3+dJzABVNePUacmV5Y5jDDoJt9xRxHXNs4+2EXUy4PrbP5LYS
oa1PfFStxTJlaggwCo7coUYEQ2edAxbq7o6EvoSeWPYJ+xBbO4D8/WcQD/KMakWV
/40x7sxi6YH4Qj2ENjYznLJtshbCK0DZTt/LmaXuy+5LI97mfPgCBmLSDtzA3ohb
RVGaS62x+VcWk/lspSrnNx5yApn9FCyHcxge6kYfqrMh6VFZxbJilce0uwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEcZwAOY2c1TMcU++mqJno5jKKpPMB8GA1UdIwQY
MBaAFBxMJic9ooIfziYHWqCm4jAeyEknMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQt
ZDM1YjQzMGFmMjZkLzEvUnhuQUE1alp6Vk14eFQ3NmFvbWVqbU1vcWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQtZDM1YjQzMGFmMjZk
LzEvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAj+8wDQYJ
KoZIhvcNAQELBQADggEBAAmzPWXDGnIIZZE9UI4E2XzbhVaEdzANx8/qecyaKt7H
KODrNygAQdC1da8rRCHRDTTRCNl1Fv1ZMWWaKM8eDeQl9qlQeqmF3ewpR+r+FD8b
/aQTrMk9Hl9/0k7BIQYP2Ss6RNPbPzXlNC0FSdDOinGAXx3Gyg/8kqe3Xzv/94HV
/SDuUfisFCsDyrOaKTypT4lkpuR0cDr33LminbL4e9BZef+61j15fsQg/+tZM+8h
cCtCYB037eYOSeAxPUsYprEfEKKJDZMeKH9tVrjwMU37yAs9vBJcOtnvOKGlJpYg
9pyg8NBy4dZymefP/lU8tQDEh/IG3dhEdZx+kcEmhg0=
-----END CERTIFICATE-----