Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/ivZfk5HpqKIqJ4GDhAjDHbW2DLo.roa
File:                     ivZfk5HpqKIqJ4GDhAjDHbW2DLo.roa (raw, json)
Hash identifier:          /sk8NrBfRIfXtSeLhgveY+KWe3zlmLci5BVWDfOa/h0=
Subject key identifier:   8A:F6:5F:93:91:E9:A8:A2:2A:27:81:83:84:08:C3:1D:B5:B6:0C:BA
Certificate issuer:       /CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
Certificate serial:       018CC26D598012E04293F804C858E727103D
Authority key identifier: 1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/ivZfk5HpqKIqJ4GDhAjDHbW2DLo.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1935
IP address blocks:        164.81.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:59:80:12:e0:42:93:f8:04:c8:58:e7:27:10:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cbbfa49877bc5d9e4cf446950fd14279929f49a
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8af65f9391e9a8a22a2781838408c31db5b60cba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:75:5a:74:98:61:b8:a5:de:f3:7b:24:9e:94:
                    d2:f4:08:4e:b0:28:fa:3f:ed:67:33:d8:58:ca:80:
                    f7:b7:a1:1f:b2:cc:df:04:4f:7d:34:1b:47:d1:63:
                    66:d8:00:9e:de:48:43:29:9a:9e:0e:71:b4:c4:12:
                    14:c7:73:8e:eb:3b:2b:80:5d:0c:fb:78:c8:c2:d8:
                    64:f6:4b:3a:12:d6:41:fb:1a:44:ae:ca:c0:a7:58:
                    18:aa:8b:06:85:1b:c4:57:3f:f4:19:44:52:32:8e:
                    41:37:40:ff:2c:f1:e0:f0:b6:7d:ce:1e:02:f5:bf:
                    9c:4c:27:5a:47:dd:e3:26:c1:b9:18:17:ed:5f:02:
                    c9:b0:23:69:5f:25:7e:53:92:f7:7d:5f:f4:99:34:
                    7d:d7:bc:2a:a7:83:5b:8f:eb:55:c7:c6:ba:a7:43:
                    f5:fa:0e:fb:88:17:15:88:d7:f0:c8:63:66:d0:62:
                    41:aa:b9:95:21:c0:f3:f6:3f:9c:3b:64:b3:62:0c:
                    b6:a9:75:35:75:3a:1c:da:9e:9b:b7:e3:29:c6:86:
                    93:5e:a3:9e:65:53:54:ee:cd:4c:4c:94:e9:07:c0:
                    f0:35:4d:50:82:15:4d:eb:28:aa:3f:db:d9:ae:99:
                    30:bf:17:81:b2:00:c4:75:60:19:27:d1:0d:82:e4:
                    29:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F6:5F:93:91:E9:A8:A2:2A:27:81:83:84:08:C3:1D:B5:B6:0C:BA
            X509v3 Authority Key Identifier:
                keyid:1C:BB:FA:49:87:7B:C5:D9:E4:CF:44:69:50:FD:14:27:99:29:F4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/ivZfk5HpqKIqJ4GDhAjDHbW2DLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/851cac-e1d8-4571-82a6-46bf762618e7/1/HLv6SYd7xdnkz0RpUP0UJ5kp9Jo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:54:cc:f4:c3:b2:e2:6d:3a:d0:cc:59:b3:58:a8:72:af:91:
         72:17:63:3c:d0:49:29:f8:bc:94:c7:92:56:46:69:68:07:ad:
         03:54:15:46:0d:1d:b7:26:89:6f:1a:38:36:db:6d:65:fe:c4:
         5f:3d:ce:80:a8:b4:1b:61:c7:87:b9:aa:68:93:30:27:0d:f3:
         57:7a:81:c2:a5:4f:88:3d:7e:7f:c8:d7:3d:71:e5:b4:f9:fe:
         c6:72:43:65:48:7f:18:9b:91:09:6d:3d:8a:92:fa:48:86:72:
         73:81:af:b4:ec:b2:c2:43:44:b7:21:d8:73:95:70:c8:74:22:
         3d:83:d8:a0:59:bf:97:24:b7:c8:70:4b:2d:4e:fb:68:9c:d5:
         4b:58:e5:27:e9:a3:91:23:23:c6:ff:79:2b:c9:bf:7d:ba:f1:
         ca:49:83:e8:5a:b3:13:61:94:13:63:52:8b:fd:9c:dd:fd:03:
         03:da:c7:a4:af:fd:54:df:99:53:ee:65:0d:11:6d:ea:a0:7c:
         7d:1d:ce:2c:58:b6:56:78:e7:7a:e2:54:fb:30:34:69:4f:a3:
         2a:29:7b:92:6e:e1:a2:a5:dc:93:a7:b7:7d:1b:2e:37:ad:55:
         80:2f:d3:bc:4d:7e:e2:99:93:1a:05:93:5f:48:60:67:67:ba:
         cb:6f:52:19
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzCbVmAEuBCk/gEyFjnJxA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYmJmYTQ5ODc3YmM1ZDllNGNmNDQ2OTUwZmQxNDI3OTky
OWY0OWEwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWY2NWY5MzkxZTlhOGEyMmEyNzgxODM4NDA4YzMxZGI1YjYwY2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXVadJhhuKXe83sknpTS9AhOsCj6
P+1nM9hYyoD3t6EfsszfBE99NBtH0WNm2ACe3khDKZqeDnG0xBIUx3OO6zsrgF0M
+3jIwthk9ks6EtZB+xpErsrAp1gYqosGhRvEVz/0GURSMo5BN0D/LPHg8LZ9zh4C
9b+cTCdaR93jJsG5GBftXwLJsCNpXyV+U5L3fV/0mTR917wqp4Nbj+tVx8a6p0P1
+g77iBcViNfwyGNm0GJBqrmVIcDz9j+cO2SzYgy2qXU1dToc2p6bt+MpxoaTXqOe
ZVNU7s1MTJTpB8DwNU1QghVN6yiqP9vZrpkwvxeBsgDEdWAZJ9ENguQpPQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIr2X5OR6aiiKieBg4QIwx21tgy6MB8GA1UdIwQY
MBaAFBy7+kmHe8XZ5M9EaVD9FCeZKfSaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEx2NlNZZDd4ZG5rejBScFVQMFVKNWtwOUpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84NTFjYWMtZTFkOC00NTcxLTgyYTYt
NDZiZjc2MjYxOGU3LzEvaXZaZms1SHBxS0lxSjRHRGhBakRIYlcyRExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84NTFjYWMtZTFkOC00NTcxLTgyYTYtNDZiZjc2MjYxOGU3
LzEvSEx2NlNZZDd4ZG5rejBScFVQMFVKNWtwOUpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMApFEwDQYJ
KoZIhvcNAQELBQADggEBAApUzPTDsuJtOtDMWbNYqHKvkXIXYzzQSSn4vJTHklZG
aWgHrQNUFUYNHbcmiW8aODbbbWX+xF89zoCotBthx4e5qmiTMCcN81d6gcKlT4g9
fn/I1z1x5bT5/sZyQ2VIfxibkQltPYqS+kiGcnOBr7TsssJDRLch2HOVcMh0Ij2D
2KBZv5ckt8hwSy1O+2ic1UtY5Sfpo5EjI8b/eSvJv3268cpJg+hasxNhlBNjUov9
nN39AwPax6Sv/VTfmVPuZQ0RbeqgfH0dzixYtlZ453riVPswNGlPoyope5Ju4aKl
3JOnt30bLjetVYAv07xNfuKZkxoFk19IYGdnustvUhk=
-----END CERTIFICATE-----