Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/1-VJwgbKCQbjnWsAOmvQzwQQL2I.roa
File:                     1-VJwgbKCQbjnWsAOmvQzwQQL2I.roa (raw, json)
Hash identifier:          1cSJCbLXLvV56b+3dPMZhn5LwzCYtSYMBQw2dOKqS1I=
Subject key identifier:   D7:E5:49:C2:06:CA:09:06:E3:9D:6B:00:3A:6B:D0:CF:04:10:2F:62
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018CCA2BE0176CAEF3C84E083A343C57BE6C
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/1-VJwgbKCQbjnWsAOmvQzwQQL2I.roa
Signing time:             Tue 02 Jan 2024 12:35:22 +0000
ROA not before:           Tue 02 Jan 2024 12:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209742
IP address blocks:        193.151.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e0:17:6c:ae:f3:c8:4e:08:3a:34:3c:57:be:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  2 12:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7e549c206ca0906e39d6b003a6bd0cf04102f62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:57:4c:8f:08:07:18:66:50:6a:83:26:4c:39:
                    cc:a5:e7:16:f2:8e:a4:9f:9f:00:ab:02:06:b8:bf:
                    de:f2:cf:db:aa:ce:80:c7:f3:d4:78:d5:b1:f2:63:
                    ee:b3:7c:5b:b2:c1:b9:d3:54:41:0b:42:21:f7:4c:
                    95:d8:ba:cc:96:22:bf:9d:bc:1c:0a:54:08:75:f7:
                    04:6f:4c:7d:e1:a6:f0:c7:cd:9d:dd:57:b8:0c:68:
                    14:ba:57:27:0d:6c:da:49:4d:c8:15:15:ca:db:fd:
                    10:ff:6e:e0:c5:87:06:da:00:f7:3f:1b:4d:2b:f5:
                    71:fd:85:49:b1:04:a8:33:5a:00:d0:33:55:0a:dc:
                    4a:16:0a:cc:93:4c:ff:22:c2:56:5e:8b:88:79:62:
                    84:6a:49:45:b1:d6:d1:1e:2f:e2:01:b1:97:64:63:
                    f3:e8:3d:9f:95:24:b3:d0:2b:84:ce:6d:cf:ba:d1:
                    bb:1d:55:2b:f8:23:20:c9:83:6c:39:30:40:49:06:
                    43:8e:87:6e:c6:07:d8:b6:1a:03:b0:f8:ee:2b:3b:
                    f8:ea:b4:0b:36:01:8f:c8:13:47:ee:12:e0:7b:2f:
                    23:9e:ab:0b:76:39:02:17:6a:bc:30:be:7d:a8:19:
                    29:69:a0:9f:4c:65:dc:ce:13:95:bd:71:94:8a:48:
                    4d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E5:49:C2:06:CA:09:06:E3:9D:6B:00:3A:6B:D0:CF:04:10:2F:62
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/1-VJwgbKCQbjnWsAOmvQzwQQL2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:d1:61:7c:42:93:20:cd:80:3b:28:e4:f8:72:fc:c9:a5:fd:
         c2:c7:50:f4:ff:e4:fb:23:22:9b:84:00:62:72:28:e0:67:ae:
         4c:91:cb:4a:65:0c:5d:c8:29:d3:c2:f2:96:71:2b:b0:67:05:
         5b:68:e6:ce:e4:a5:a5:90:02:06:bf:8c:5d:6a:c8:0c:58:a3:
         26:a4:6b:52:fe:a9:5c:f4:56:ba:4b:4f:1d:7f:69:54:d4:2b:
         74:5d:36:fd:ec:0a:ab:79:a1:35:43:3b:ac:6f:65:db:ff:23:
         ef:fb:68:be:01:41:d4:6a:2a:9c:16:53:e8:dc:45:f5:86:fa:
         a0:cb:f7:f2:7a:e2:88:88:93:7a:8e:c6:38:59:d4:bc:c9:6e:
         cc:d1:fb:8e:13:1e:e3:1a:74:48:d0:87:09:a5:6f:fc:d8:83:
         59:81:35:2f:a6:ab:32:54:b7:fd:a6:12:d2:12:35:b5:1b:15:
         8c:09:96:6d:57:44:c1:3f:76:92:38:b4:cc:8d:81:73:f3:3e:
         08:13:6e:88:0f:97:3d:9a:9e:19:ca:84:19:05:a9:e6:ff:79:
         bc:cb:0d:bc:af:8c:8a:a4:f6:7d:e2:ab:e9:ff:06:42:a4:34:
         48:80:2c:65:97:7c:17:73:ca:e2:40:c7:e7:01:91:35:7b:f0:
         19:9e:1e:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+AXbK7zyE4IOjQ8V75sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMTAyMTIzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2U1NDljMjA2Y2EwOTA2ZTM5ZDZiMDAzYTZiZDBjZjA0MTAyZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjldMjwgHGGZQaoMmTDnMpecW8o6k
n58AqwIGuL/e8s/bqs6Ax/PUeNWx8mPus3xbssG501RBC0Ih90yV2LrMliK/nbwc
ClQIdfcEb0x94abwx82d3Ve4DGgUulcnDWzaSU3IFRXK2/0Q/27gxYcG2gD3PxtN
K/Vx/YVJsQSoM1oA0DNVCtxKFgrMk0z/IsJWXouIeWKEaklFsdbRHi/iAbGXZGPz
6D2flSSz0CuEzm3PutG7HVUr+CMgyYNsOTBASQZDjoduxgfYthoDsPjuKzv46rQL
NgGPyBNH7hLgey8jnqsLdjkCF2q8ML59qBkpaaCfTGXczhOVvXGUikhNKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNflScIGygkG451rADpr0M8EEC9iMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvMS1WSndnYktDUWJqbldzQU9tdlF6d1FRTDJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZemMA0G
CSqGSIb3DQEBCwUAA4IBAQAe0WF8QpMgzYA7KOT4cvzJpf3Cx1D0/+T7IyKbhABi
cijgZ65MkctKZQxdyCnTwvKWcSuwZwVbaObO5KWlkAIGv4xdasgMWKMmpGtS/qlc
9Fa6S08df2lU1Ct0XTb97AqreaE1Qzusb2Xb/yPv+2i+AUHUaiqcFlPo3EX1hvqg
y/fyeuKIiJN6jsY4WdS8yW7M0fuOEx7jGnRI0IcJpW/82INZgTUvpqsyVLf9phLS
EjW1GxWMCZZtV0TBP3aSOLTMjYFz8z4IE26ID5c9mp4ZyoQZBanm/3m8yw28r4yK
pPZ94qvp/wZCpDRIgCxll3wXc8riQMfnAZE1e/AZnh4L
-----END CERTIFICATE-----