Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/t1jCrIR5MsL-pRpL43nEJ66JbII.roa
File:                     t1jCrIR5MsL-pRpL43nEJ66JbII.roa (raw, json)
Hash identifier:          CeG6ugSgJIhGAklDg7OOe4tqnWFJzNUD/kkAQWLfiGU=
Subject key identifier:   B7:58:C2:AC:84:79:32:C2:FE:A5:1A:4B:E3:79:C4:27:AE:89:6C:82
Certificate issuer:       /CN=bcb4e6294e7fe4673f7bc6f57f48138e958fcced
Certificate serial:       018CC4246B1B15ECE68D974C6E87590EED43
Authority key identifier: BC:B4:E6:29:4E:7F:E4:67:3F:7B:C6:F5:7F:48:13:8E:95:8F:CC:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/t1jCrIR5MsL-pRpL43nEJ66JbII.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42541
IP address blocks:        194.62.216.0/23 maxlen: 23
                          2a0c:fec0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6b:1b:15:ec:e6:8d:97:4c:6e:87:59:0e:ed:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcb4e6294e7fe4673f7bc6f57f48138e958fcced
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b758c2ac847932c2fea51a4be379c427ae896c82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:33:4c:7b:2a:22:3a:ef:f7:0b:d0:eb:21:7c:
                    52:f1:4d:58:c3:7e:06:2b:c1:6c:b9:58:6b:40:52:
                    b1:28:0b:e2:47:b7:1b:2d:4a:f6:25:f2:c0:52:43:
                    69:87:9d:b5:4e:e4:7a:3d:75:df:fa:6e:93:da:f5:
                    dd:71:7e:3e:78:c1:ba:21:d9:6c:30:cc:87:04:0b:
                    aa:f2:cd:75:e9:a1:de:b3:dd:21:47:e6:dc:be:97:
                    46:c4:84:72:1e:46:75:e2:95:3c:2a:70:20:9d:e6:
                    fa:fe:21:f3:a0:69:a8:ac:54:ee:e8:86:d8:5f:c6:
                    82:77:46:b1:1f:17:85:bf:d0:4f:94:94:10:16:25:
                    78:7c:88:9a:8c:d1:cf:44:67:79:24:f1:4f:2b:04:
                    97:2b:b0:02:e1:cf:99:90:e7:d0:d4:1d:bb:3b:eb:
                    4e:bb:36:45:4e:a7:aa:f3:e6:9d:91:48:51:7e:0d:
                    fc:2c:b0:a8:34:b6:66:be:5a:fe:29:5c:1e:ce:58:
                    8f:81:72:0c:81:46:4c:2b:86:23:0b:4f:46:12:ea:
                    54:a6:b5:c9:2d:1f:64:a2:b2:19:97:9a:02:73:71:
                    b2:df:fd:aa:dc:1d:47:05:94:f5:8b:49:b5:4a:98:
                    3a:bc:78:68:58:32:e6:14:4e:2e:c0:e6:0e:1d:5e:
                    6b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:58:C2:AC:84:79:32:C2:FE:A5:1A:4B:E3:79:C4:27:AE:89:6C:82
            X509v3 Authority Key Identifier:
                keyid:BC:B4:E6:29:4E:7F:E4:67:3F:7B:C6:F5:7F:48:13:8E:95:8F:CC:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/t1jCrIR5MsL-pRpL43nEJ66JbII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.216.0/23
                IPv6:
                  2a0c:fec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:9b:8e:f5:e7:7e:a9:34:d4:57:24:3c:2f:14:67:bd:ed:da:
         6a:d5:cf:5a:7f:13:f9:d5:ef:3b:70:4b:57:ff:52:05:b9:aa:
         75:29:46:d7:8b:4d:28:ed:af:66:32:b7:92:96:66:e0:00:38:
         7b:87:6f:3b:8e:75:08:42:88:d3:af:f5:0c:d4:2f:bc:c8:db:
         68:af:e9:e2:98:85:86:11:58:f2:33:ba:81:24:b0:4c:e2:8c:
         10:95:99:f4:c2:d6:0b:de:df:2c:f6:3b:7f:3f:80:14:b5:37:
         f9:9a:ff:eb:11:c5:63:8f:4a:91:2d:06:7f:13:bf:0f:10:13:
         b7:9c:82:ad:c6:40:d3:44:b3:63:b0:88:98:93:17:8d:b1:a2:
         eb:fb:fd:b0:b1:71:59:fc:db:db:74:32:55:8d:d7:84:1b:f4:
         3b:6d:b0:c6:c0:df:33:7a:80:11:dc:7e:9f:2e:0f:59:86:d4:
         4a:f9:10:f1:ea:54:58:3c:fb:20:25:d9:29:33:9f:6e:70:d4:
         ef:7c:94:8d:5e:5f:1e:34:13:b4:82:e3:c7:45:14:04:4a:34:
         47:48:52:9f:bb:d5:ef:4e:4a:ad:21:a1:0e:84:18:a2:78:b6:
         f0:f8:65:4a:7c:6a:57:4b:ab:40:92:87:51:00:00:1d:b3:6b:
         0e:1c:be:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJGsbFezmjZdMbodZDu1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYjRlNjI5NGU3ZmU0NjczZjdiYzZmNTdmNDgxMzhlOTU4
ZmNjZWQwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzU4YzJhYzg0NzkzMmMyZmVhNTFhNGJlMzc5YzQyN2FlODk2YzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDNMeyoiOu/3C9DrIXxS8U1Yw34G
K8FsuVhrQFKxKAviR7cbLUr2JfLAUkNph521TuR6PXXf+m6T2vXdcX4+eMG6Idls
MMyHBAuq8s116aHes90hR+bcvpdGxIRyHkZ14pU8KnAgneb6/iHzoGmorFTu6IbY
X8aCd0axHxeFv9BPlJQQFiV4fIiajNHPRGd5JPFPKwSXK7AC4c+ZkOfQ1B27O+tO
uzZFTqeq8+adkUhRfg38LLCoNLZmvlr+KVwezliPgXIMgUZMK4YjC09GEupUprXJ
LR9korIZl5oCc3Gy3/2q3B1HBZT1i0m1Spg6vHhoWDLmFE4uwOYOHV5rFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLdYwqyEeTLC/qUaS+N5xCeuiWyCMB8GA1UdIwQY
MBaAFLy05ilOf+RnP3vG9X9IE46Vj8ztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkxUbUtVNV81R2NfZThiMWYwZ1RqcFdQek8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9hZDRmNTItOWMyOC00NTEyLThjMWEt
MGQ1OTdjN2RhOWM4LzEvdDFqQ3JJUjVNc0wtcFJwTDQzbkVKNjZKYklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9hZDRmNTItOWMyOC00NTEyLThjMWEtMGQ1OTdjN2RhOWM4
LzEvdkxUbUtVNV81R2NfZThiMWYwZ1RqcFdQek8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwj7YMA0E
AgACMAcDBQAqDP7AMA0GCSqGSIb3DQEBCwUAA4IBAQAWm471536pNNRXJDwvFGe9
7dpq1c9afxP51e87cEtX/1IFuap1KUbXi00o7a9mMreSlmbgADh7h287jnUIQojT
r/UM1C+8yNtor+nimIWGEVjyM7qBJLBM4owQlZn0wtYL3t8s9jt/P4AUtTf5mv/r
EcVjj0qRLQZ/E78PEBO3nIKtxkDTRLNjsIiYkxeNsaLr+/2wsXFZ/NvbdDJVjdeE
G/Q7bbDGwN8zeoAR3H6fLg9ZhtRK+RDx6lRYPPsgJdkpM59ucNTvfJSNXl8eNBO0
guPHRRQESjRHSFKfu9XvTkqtIaEOhBiieLbw+GVKfGpXS6tAkodRAAAds2sOHL78
-----END CERTIFICATE-----