Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/8c1323-afcc-4b44-9881-06308a44856d/1/tV4yKV1KjsiwEU4zPqOuE-ebLHI.roa
File:                     tV4yKV1KjsiwEU4zPqOuE-ebLHI.roa (raw, json)
Hash identifier:          5tPNgMabqFm37Dd3PTiHvabBlXD69/WkPnjMwyChUHk=
Subject key identifier:   B5:5E:32:29:5D:4A:8E:C8:B0:11:4E:33:3E:A3:AE:13:E7:9B:2C:72
Certificate issuer:       /CN=2cb035707202d4013a4479be5112d7fa227b7275
Certificate serial:       018CC649C1DB452E2BEFA21163CE1FFC1766
Authority key identifier: 2C:B0:35:70:72:02:D4:01:3A:44:79:BE:51:12:D7:FA:22:7B:72:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LLA1cHIC1AE6RHm-URLX-iJ7cnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/8c1323-afcc-4b44-9881-06308a44856d/1/tV4yKV1KjsiwEU4zPqOuE-ebLHI.roa
Signing time:             Mon 01 Jan 2024 18:29:31 +0000
ROA not before:           Mon 01 Jan 2024 18:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209566
IP address blocks:        194.62.129.0/24 maxlen: 24
                          2a0d:8c40:209::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/8c1323-afcc-4b44-9881-06308a44856d/1/LLA1cHIC1AE6RHm-URLX-iJ7cnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/8c1323-afcc-4b44-9881-06308a44856d/1/LLA1cHIC1AE6RHm-URLX-iJ7cnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LLA1cHIC1AE6RHm-URLX-iJ7cnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:c1:db:45:2e:2b:ef:a2:11:63:ce:1f:fc:17:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cb035707202d4013a4479be5112d7fa227b7275
        Validity
            Not Before: Jan  1 18:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b55e32295d4a8ec8b0114e333ea3ae13e79b2c72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dd:27:88:e0:01:24:34:2b:d3:15:cd:ad:12:
                    28:fd:d0:e9:73:37:13:9f:5c:8f:98:32:9c:c2:0d:
                    b2:e4:03:2f:1e:94:61:f3:27:a4:dc:65:f1:db:9e:
                    c1:67:ac:c3:a2:a0:86:76:1e:92:6f:02:c9:ae:d7:
                    6f:3e:5c:7d:62:04:a4:b7:97:17:a5:24:c4:3b:71:
                    6b:32:f8:04:96:36:39:ec:a7:32:f3:ed:d5:f5:b7:
                    24:22:d4:1d:d9:32:76:0d:35:a9:54:ed:fe:d6:60:
                    83:ac:ec:1c:8a:d0:36:43:48:d2:a2:91:30:a1:f1:
                    98:40:c5:c7:cc:07:21:81:94:60:3f:10:90:29:d3:
                    71:e5:01:11:65:d6:22:dc:b6:f8:bd:bf:14:b5:4f:
                    29:4e:f4:07:94:85:f7:83:1c:15:1e:bd:82:56:59:
                    eb:c7:a5:bb:f8:34:76:2d:e4:bb:28:76:c0:b9:da:
                    66:43:54:37:34:07:78:34:aa:fb:d1:7b:7c:94:d0:
                    e2:16:af:00:38:53:0c:2e:2b:6d:1c:63:6a:af:f0:
                    01:eb:b9:38:2c:11:1b:ed:90:03:a4:fe:a3:7f:3d:
                    a8:a0:85:e4:d8:5c:31:9f:d5:8f:7f:93:3f:e0:42:
                    31:2a:76:0f:7e:17:43:67:d9:fb:41:02:16:ac:ca:
                    d0:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:5E:32:29:5D:4A:8E:C8:B0:11:4E:33:3E:A3:AE:13:E7:9B:2C:72
            X509v3 Authority Key Identifier:
                keyid:2C:B0:35:70:72:02:D4:01:3A:44:79:BE:51:12:D7:FA:22:7B:72:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LLA1cHIC1AE6RHm-URLX-iJ7cnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8c1323-afcc-4b44-9881-06308a44856d/1/tV4yKV1KjsiwEU4zPqOuE-ebLHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8c1323-afcc-4b44-9881-06308a44856d/1/LLA1cHIC1AE6RHm-URLX-iJ7cnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.129.0/24
                IPv6:
                  2a0d:8c40:209::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:7c:e9:a2:dc:d0:7c:11:d1:20:cf:c0:85:96:dd:da:bc:39:
         2d:62:e5:76:02:ab:71:66:39:03:5d:34:66:45:9f:2a:98:81:
         03:ed:52:94:e6:f8:c4:95:c1:15:bf:f4:29:ce:6a:11:ce:79:
         e3:ad:6f:93:6c:d0:a9:44:e9:93:43:4c:e5:29:9a:5b:60:45:
         26:5c:20:94:f1:0a:5f:42:83:ff:eb:60:20:b1:29:46:b0:23:
         cc:19:9d:0c:62:e9:0c:3c:a7:52:5f:87:8d:c3:ff:cf:0a:38:
         a2:c1:bb:89:4c:77:bb:0a:0e:8a:bc:15:74:e5:27:40:2e:a5:
         7e:74:b6:40:78:dc:ef:b9:4d:f0:f4:55:cf:8c:d4:9f:b9:9d:
         e4:0f:57:6a:a5:89:0f:c0:c4:e7:81:6c:01:2f:6d:0a:29:ba:
         93:ee:4c:44:64:7a:51:8f:81:1c:47:97:41:46:eb:69:04:16:
         e4:94:97:fc:34:87:e0:1a:fa:24:ee:03:5b:65:a4:a8:b7:b9:
         28:78:ab:60:d2:a1:9f:4b:74:a4:2c:92:f5:11:54:2f:21:da:
         f7:ec:5a:6b:f0:13:04:5c:e3:a9:35:89:58:46:2a:30:63:85:
         8d:5a:fe:ef:fb:ad:f3:d2:4d:f9:0f:9b:6a:ab:ca:2d:94:70:
         5a:85:55:64
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGScHbRS4r76IRY84f/BdmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYjAzNTcwNzIwMmQ0MDEzYTQ0NzliZTUxMTJkN2ZhMjI3
YjcyNzUwHhcNMjQwMTAxMTgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTVlMzIyOTVkNGE4ZWM4YjAxMTRlMzMzZWEzYWUxM2U3OWIyYzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtd0niOABJDQr0xXNrRIo/dDpczcT
n1yPmDKcwg2y5AMvHpRh8yek3GXx257BZ6zDoqCGdh6SbwLJrtdvPlx9YgSkt5cX
pSTEO3FrMvgEljY57Kcy8+3V9bckItQd2TJ2DTWpVO3+1mCDrOwcitA2Q0jSopEw
ofGYQMXHzAchgZRgPxCQKdNx5QERZdYi3Lb4vb8UtU8pTvQHlIX3gxwVHr2CVlnr
x6W7+DR2LeS7KHbAudpmQ1Q3NAd4NKr70Xt8lNDiFq8AOFMMLittHGNqr/AB67k4
LBEb7ZADpP6jfz2ooIXk2Fwxn9WPf5M/4EIxKnYPfhdDZ9n7QQIWrMrQzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLVeMildSo7IsBFOMz6jrhPnmyxyMB8GA1UdIwQY
MBaAFCywNXByAtQBOkR5vlES1/oie3J1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTExBMWNISUMxQUU2UkhtLVVSTFgtaUo3Y25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84YzEzMjMtYWZjYy00YjQ0LTk4ODEt
MDYzMDhhNDQ4NTZkLzEvdFY0eUtWMUtqc2l3RVU0elBxT3VFLWViTEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84YzEzMjMtYWZjYy00YjQ0LTk4ODEtMDYzMDhhNDQ4NTZk
LzEvTExBMWNISUMxQUU2UkhtLVVSTFgtaUo3Y25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwj6BMA8E
AgACMAkDBwAqDYxAAgkwDQYJKoZIhvcNAQELBQADggEBAEh86aLc0HwR0SDPwIWW
3dq8OS1i5XYCq3FmOQNdNGZFnyqYgQPtUpTm+MSVwRW/9CnOahHOeeOtb5Ns0KlE
6ZNDTOUpmltgRSZcIJTxCl9Cg//rYCCxKUawI8wZnQxi6Qw8p1Jfh43D/88KOKLB
u4lMd7sKDoq8FXTlJ0AupX50tkB43O+5TfD0Vc+M1J+5neQPV2qliQ/AxOeBbAEv
bQopupPuTERkelGPgRxHl0FG62kEFuSUl/w0h+Aa+iTuA1tlpKi3uSh4q2DSoZ9L
dKQskvURVC8h2vfsWmvwEwRc46k1iVhGKjBjhY1a/u/7rfPSTfkPm2qryi2UcFqF
VWQ=
-----END CERTIFICATE-----