Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/asG9LOEQ9a_qM7TR1c0zxytPaKU.roa
File:                     asG9LOEQ9a_qM7TR1c0zxytPaKU.roa (raw, json)
Hash identifier:          JKWvYwMg0EwxnlqCZRiPYBWRVe3dH1jUdws6l+ECsWk=
Subject key identifier:   6A:C1:BD:2C:E1:10:F5:AF:EA:33:B4:D1:D5:CD:33:C7:2B:4F:68:A5
Certificate issuer:       /CN=1fc8ed466de2e6ca5964d1eed0f240ddd251de48
Certificate serial:       018CC49304DB359BEAB008929BBEB15B9BA4
Authority key identifier: 1F:C8:ED:46:6D:E2:E6:CA:59:64:D1:EE:D0:F2:40:DD:D2:51:DE:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8jtRm3i5spZZNHu0PJA3dJR3kg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/asG9LOEQ9a_qM7TR1c0zxytPaKU.roa
Signing time:             Mon 01 Jan 2024 10:30:18 +0000
ROA not before:           Mon 01 Jan 2024 10:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51948
IP address blocks:        185.240.8.0/22 maxlen: 22
                          91.219.104.0/22 maxlen: 22
                          195.242.64.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/H8jtRm3i5spZZNHu0PJA3dJR3kg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/H8jtRm3i5spZZNHu0PJA3dJR3kg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8jtRm3i5spZZNHu0PJA3dJR3kg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:04:db:35:9b:ea:b0:08:92:9b:be:b1:5b:9b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc8ed466de2e6ca5964d1eed0f240ddd251de48
        Validity
            Not Before: Jan  1 10:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ac1bd2ce110f5afea33b4d1d5cd33c72b4f68a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:67:3d:2c:6d:7c:4e:be:e4:18:de:54:f0:20:
                    b7:89:08:5e:57:ef:03:66:73:cd:83:b8:db:e9:d3:
                    8c:0d:62:db:ff:fb:fe:b8:da:74:29:9d:8c:f3:0c:
                    b8:c2:39:9a:eb:5e:73:11:9e:b6:98:eb:7b:7b:d7:
                    3e:83:96:c8:20:9e:49:24:d0:9b:67:77:55:52:65:
                    0c:62:b0:6f:3b:6f:75:70:0d:c5:21:ec:b5:3a:94:
                    1e:60:93:ed:22:15:c2:34:f6:e3:45:64:3d:ba:78:
                    83:b4:1e:ea:60:e1:d4:3e:6d:c1:d1:57:ed:63:83:
                    da:e4:b7:b4:57:5b:ae:0c:6e:60:cf:43:3c:2a:18:
                    e7:3b:e1:1e:66:33:08:c7:27:69:bf:d3:2b:8e:d7:
                    88:fc:85:e0:f6:c7:f0:00:9d:ac:ab:1c:a4:69:fd:
                    09:67:72:f0:d1:23:2d:8f:36:1d:25:d1:dc:0f:7b:
                    8b:aa:46:e1:0c:5b:47:2d:4e:b8:28:c7:4c:04:36:
                    fe:f7:91:cc:3c:9d:fa:5d:ae:6e:fd:e7:95:d8:a7:
                    22:c3:11:4e:b8:34:70:2f:a5:d8:bf:22:6d:08:39:
                    7a:cd:bf:b6:6f:39:01:0a:26:48:70:36:92:7c:32:
                    6c:32:b0:da:da:7d:01:80:ed:da:6e:39:79:fa:35:
                    97:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C1:BD:2C:E1:10:F5:AF:EA:33:B4:D1:D5:CD:33:C7:2B:4F:68:A5
            X509v3 Authority Key Identifier:
                keyid:1F:C8:ED:46:6D:E2:E6:CA:59:64:D1:EE:D0:F2:40:DD:D2:51:DE:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8jtRm3i5spZZNHu0PJA3dJR3kg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/asG9LOEQ9a_qM7TR1c0zxytPaKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/H8jtRm3i5spZZNHu0PJA3dJR3kg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.104.0/22
                  185.240.8.0/22
                  195.242.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:d9:8d:a8:5c:68:65:fd:5d:e3:23:f7:77:01:a5:22:3c:41:
         d6:90:3c:9e:d6:c8:99:69:ea:99:35:12:eb:f8:16:52:a9:45:
         3b:a9:2e:c3:27:b3:9b:71:3c:d6:ef:22:fd:54:aa:c5:9c:c8:
         18:8c:04:4a:10:68:11:4d:35:c8:54:26:68:7a:a3:df:ff:4b:
         43:85:89:26:3f:bd:3a:cd:3b:26:b3:4e:4b:60:fb:78:c7:ec:
         79:18:d5:c3:8f:82:a4:0c:c7:4b:63:18:8d:b7:38:44:e6:b4:
         7e:c8:76:c5:ac:db:c3:25:ba:be:3f:5f:de:90:f4:30:1e:15:
         90:19:8b:db:41:d8:68:04:01:18:30:55:e0:3d:d5:ff:c8:d3:
         f2:a6:1a:51:48:59:30:ed:93:b5:d0:98:d5:51:38:18:21:93:
         51:de:99:2e:56:b1:bb:c6:ff:47:b1:16:88:78:dd:05:cc:e1:
         a3:d7:d9:fa:61:81:3b:2d:b7:41:ac:42:37:96:5c:90:51:8d:
         13:2d:f1:7c:9e:4a:44:77:51:ce:30:9a:12:59:d3:1e:d9:d1:
         12:25:e7:c8:81:a9:fb:c3:df:e3:1a:9b:57:36:2d:84:b7:e3:
         1b:ba:a7:4e:d6:4a:46:27:74:3b:0b:24:ed:0c:8b:9e:43:6e:
         60:f9:64:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkwTbNZvqsAiSm76xW5ukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzhlZDQ2NmRlMmU2Y2E1OTY0ZDFlZWQwZjI0MGRkZDI1
MWRlNDgwHhcNMjQwMTAxMTAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWMxYmQyY2UxMTBmNWFmZWEzM2I0ZDFkNWNkMzNjNzJiNGY2OGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Gc9LG18Tr7kGN5U8CC3iQheV+8D
ZnPNg7jb6dOMDWLb//v+uNp0KZ2M8wy4wjma615zEZ62mOt7e9c+g5bIIJ5JJNCb
Z3dVUmUMYrBvO291cA3FIey1OpQeYJPtIhXCNPbjRWQ9uniDtB7qYOHUPm3B0Vft
Y4Pa5Le0V1uuDG5gz0M8KhjnO+EeZjMIxydpv9MrjteI/IXg9sfwAJ2sqxykaf0J
Z3Lw0SMtjzYdJdHcD3uLqkbhDFtHLU64KMdMBDb+95HMPJ36Xa5u/eeV2KciwxFO
uDRwL6XYvyJtCDl6zb+2bzkBCiZIcDaSfDJsMrDa2n0BgO3abjl5+jWXMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGrBvSzhEPWv6jO00dXNM8crT2ilMB8GA1UdIwQY
MBaAFB/I7UZt4ubKWWTR7tDyQN3SUd5IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhqdFJtM2k1c3BaWk5IdTBQSkEzZEpSM2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jYTJhY2UtOTRhZC00NGNiLTk4MDkt
ZjQ4ZDRiYWJkNTBmLzEvYXNHOUxPRVE5YV9xTTdUUjFjMHp4eXRQYUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jYTJhY2UtOTRhZC00NGNiLTk4MDktZjQ4ZDRiYWJkNTBm
LzEvSDhqdFJtM2k1c3BaWk5IdTBQSkEzZEpSM2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9toAwQC
ufAIAwQBw/JAMA0GCSqGSIb3DQEBCwUAA4IBAQBn2Y2oXGhl/V3jI/d3AaUiPEHW
kDye1siZaeqZNRLr+BZSqUU7qS7DJ7ObcTzW7yL9VKrFnMgYjARKEGgRTTXIVCZo
eqPf/0tDhYkmP706zTsms05LYPt4x+x5GNXDj4KkDMdLYxiNtzhE5rR+yHbFrNvD
Jbq+P1/ekPQwHhWQGYvbQdhoBAEYMFXgPdX/yNPyphpRSFkw7ZO10JjVUTgYIZNR
3pkuVrG7xv9HsRaIeN0FzOGj19n6YYE7LbdBrEI3llyQUY0TLfF8nkpEd1HOMJoS
WdMe2dESJefIgan7w9/jGptXNi2Et+MbuqdO1kpGJ3Q7CyTtDIueQ25g+WQ7
-----END CERTIFICATE-----