Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/1VjHw5HEWylZtpn53VuYsR9koR8.roa
File:                     1VjHw5HEWylZtpn53VuYsR9koR8.roa (raw, json)
Hash identifier:          1sHTG9myqpOVEf9hm52sNqgg+TVKMCGFvRpFqLyCFQs=
Subject key identifier:   D5:58:C7:C3:91:C4:5B:29:59:B6:99:F9:DD:5B:98:B1:1F:64:A1:1F
Certificate issuer:       /CN=43496584e5cf39b56874de8dc77aa3a6ff9e8a1e
Certificate serial:       018CC8DF7B73E9BA878F1CB0CC090DC2A278
Authority key identifier: 43:49:65:84:E5:CF:39:B5:68:74:DE:8D:C7:7A:A3:A6:FF:9E:8A:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q0llhOXPObVodN6Nx3qjpv-eih4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/1VjHw5HEWylZtpn53VuYsR9koR8.roa
Signing time:             Tue 02 Jan 2024 06:32:18 +0000
ROA not before:           Tue 02 Jan 2024 06:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.106.0/24 maxlen: 24
                          2001:7f8:c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/Q0llhOXPObVodN6Nx3qjpv-eih4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/Q0llhOXPObVodN6Nx3qjpv-eih4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q0llhOXPObVodN6Nx3qjpv-eih4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7b:73:e9:ba:87:8f:1c:b0:cc:09:0d:c2:a2:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43496584e5cf39b56874de8dc77aa3a6ff9e8a1e
        Validity
            Not Before: Jan  2 06:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d558c7c391c45b2959b699f9dd5b98b11f64a11f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:9a:6e:75:fc:eb:33:cf:3d:ec:63:bd:90:de:
                    71:37:5a:32:2c:08:9e:2c:50:d1:2e:ac:28:43:43:
                    cd:92:fa:3a:b0:1d:93:5d:b2:58:9c:b6:e5:91:6d:
                    8b:0c:ee:de:02:83:c8:79:db:42:3c:fb:16:70:f2:
                    25:d0:63:b8:98:d7:b7:5f:0c:d0:9e:0e:ff:5f:0e:
                    44:4c:86:49:ca:a6:17:cc:fa:29:67:22:71:d4:88:
                    a5:5f:9b:bf:86:ce:97:48:5a:af:fb:43:87:2e:e1:
                    fb:de:ba:51:de:00:d0:a4:4a:69:0b:c7:f7:e3:11:
                    47:60:26:3d:bf:31:e4:62:ac:74:26:ca:6b:51:24:
                    17:9f:b9:c6:a7:3c:99:9c:9b:1e:55:1e:26:8a:5a:
                    72:cf:41:68:3a:6c:1d:6e:de:e5:25:01:c4:06:c8:
                    05:fe:8e:1c:5e:60:9d:f4:bb:54:9f:86:ec:e8:f5:
                    c1:06:02:01:1d:04:c4:01:85:2b:08:16:11:ea:e4:
                    f7:38:72:fc:e0:6a:e0:14:18:7f:fd:b4:4a:31:a0:
                    dc:2d:5c:95:69:8b:ac:a7:ae:20:d3:17:5d:9f:66:
                    03:de:bf:93:b0:0e:8d:f6:db:68:19:a8:cc:1a:4b:
                    55:1a:d3:0b:ac:16:bf:86:05:0b:1d:c4:5a:de:2d:
                    f0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:58:C7:C3:91:C4:5B:29:59:B6:99:F9:DD:5B:98:B1:1F:64:A1:1F
            X509v3 Authority Key Identifier:
                keyid:43:49:65:84:E5:CF:39:B5:68:74:DE:8D:C7:7A:A3:A6:FF:9E:8A:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q0llhOXPObVodN6Nx3qjpv-eih4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/1VjHw5HEWylZtpn53VuYsR9koR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/fbc3a9-0564-4a2c-ab11-e2c9228aac53/1/Q0llhOXPObVodN6Nx3qjpv-eih4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.106.0/24
                IPv6:
                  2001:7f8:c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:62:a6:d0:b0:d1:10:f9:8a:9d:d1:44:a6:87:bc:de:08:91:
         fb:22:19:7d:49:95:6b:a0:03:f2:9e:63:7e:eb:22:ba:d3:fd:
         8e:5e:ae:28:5c:fe:56:5b:3c:fe:d6:86:01:4b:5c:99:12:da:
         25:c4:e7:c5:5c:44:03:4f:02:d9:87:b1:e8:16:ab:97:13:ae:
         e7:cb:c1:60:1f:7e:17:fd:5d:5b:75:1f:0a:b7:c8:b8:9c:d3:
         b1:7f:81:e4:fd:a7:fd:bd:9a:42:24:2a:a7:b6:f4:b0:f4:bf:
         64:0b:73:67:31:5e:bb:29:c6:c1:6c:1a:82:23:9c:a7:2f:4b:
         85:43:e6:0e:01:15:70:af:6b:93:7b:b8:94:65:84:56:6b:fb:
         b9:5b:f2:16:61:63:db:f6:28:f5:bd:b2:5b:43:79:66:c0:df:
         99:5a:d8:3a:9d:3b:02:f8:b8:67:5f:32:d8:17:33:87:49:d6:
         d7:a2:6a:ff:22:a4:61:6f:21:f9:15:2c:c5:55:08:29:3e:66:
         72:d0:9b:66:68:8b:d4:cd:8e:67:47:d0:8b:e5:8b:1c:63:73:
         60:09:2d:38:6c:c2:94:0f:11:b3:27:d9:28:c6:b9:f6:85:6c:
         19:1c:4a:cd:44:25:70:57:05:21:f2:f6:85:e4:d5:1e:7c:be:
         e6:35:3f:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI33tz6bqHjxywzAkNwqJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNDk2NTg0ZTVjZjM5YjU2ODc0ZGU4ZGM3N2FhM2E2ZmY5
ZThhMWUwHhcNMjQwMTAyMDYzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTU4YzdjMzkxYzQ1YjI5NTliNjk5ZjlkZDViOThiMTFmNjRhMTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzppudfzrM8897GO9kN5xN1oyLAie
LFDRLqwoQ0PNkvo6sB2TXbJYnLblkW2LDO7eAoPIedtCPPsWcPIl0GO4mNe3XwzQ
ng7/Xw5ETIZJyqYXzPopZyJx1IilX5u/hs6XSFqv+0OHLuH73rpR3gDQpEppC8f3
4xFHYCY9vzHkYqx0JsprUSQXn7nGpzyZnJseVR4milpyz0FoOmwdbt7lJQHEBsgF
/o4cXmCd9LtUn4bs6PXBBgIBHQTEAYUrCBYR6uT3OHL84GrgFBh//bRKMaDcLVyV
aYusp64g0xddn2YD3r+TsA6N9ttoGajMGktVGtMLrBa/hgULHcRa3i3wuwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNVYx8ORxFspWbaZ+d1bmLEfZKEfMB8GA1UdIwQY
MBaAFENJZYTlzzm1aHTejcd6o6b/nooeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTBsbGhPWFBPYlZvZE42TngzcWpwdi1laWg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mYmMzYTktMDU2NC00YTJjLWFiMTEt
ZTJjOTIyOGFhYzUzLzEvMVZqSHc1SEVXeWxadHBuNTNWdVlzUjlrb1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mYmMzYTktMDU2NC00YTJjLWFiMTEtZTJjOTIyOGFhYzUz
LzEvUTBsbGhPWFBPYlZvZE42TngzcWpwdi1laWg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQFqMA8E
AgACMAkDBwAgAQf4AMAwDQYJKoZIhvcNAQELBQADggEBAA1iptCw0RD5ip3RRKaH
vN4IkfsiGX1JlWugA/KeY37rIrrT/Y5erihc/lZbPP7WhgFLXJkS2iXE58VcRANP
AtmHsegWq5cTrufLwWAffhf9XVt1Hwq3yLic07F/geT9p/29mkIkKqe29LD0v2QL
c2cxXrspxsFsGoIjnKcvS4VD5g4BFXCva5N7uJRlhFZr+7lb8hZhY9v2KPW9sltD
eWbA35la2DqdOwL4uGdfMtgXM4dJ1teiav8ipGFvIfkVLMVVCCk+ZnLQm2Zoi9TN
jmdH0Ivlixxjc2AJLThswpQPEbMn2SjGufaFbBkcSs1EJXBXBSHy9oXk1R58vuY1
Pwo=
-----END CERTIFICATE-----