Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/o_eR2rFgdZdYbG6KMpWCaYYuuCY.roa
File:                     o_eR2rFgdZdYbG6KMpWCaYYuuCY.roa (raw, json)
Hash identifier:          OUFnlGHvV7cebj1QeUqwLSw7MEyvalVghSViHHX3NMo=
Subject key identifier:   A3:F7:91:DA:B1:60:75:97:58:6C:6E:8A:32:95:82:69:86:2E:B8:26
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7FA99AF03CA6F26AC5C338C6BA4630ED
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/o_eR2rFgdZdYbG6KMpWCaYYuuCY.roa
Signing time:             Wed 27 Mar 2024 11:26:45 +0000
ROA not before:           Wed 27 Mar 2024 11:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200612
IP address blocks:        2.23.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:a9:9a:f0:3c:a6:f2:6a:c5:c3:38:c6:ba:46:30:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3f791dab1607597586c6e8a32958269862eb826
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9a:14:9a:b2:58:f4:ab:12:3e:57:11:e4:d9:
                    33:e0:62:2b:6f:bf:17:d9:ce:29:2b:06:66:22:ac:
                    52:99:fe:79:8d:8e:bc:46:ea:91:84:0b:16:c2:5b:
                    eb:23:09:12:31:8c:0b:d3:57:9d:59:94:ea:24:7c:
                    24:f7:19:97:ec:b6:f9:10:50:df:41:37:df:70:7e:
                    3b:4b:da:05:95:ed:e7:8b:92:21:88:32:9c:bd:1b:
                    03:04:da:22:a1:20:f0:58:99:3e:a9:53:67:e5:f9:
                    25:cb:f2:e7:2e:4a:de:99:e0:7e:cf:c7:80:34:ed:
                    29:c6:32:b3:f7:3c:95:e2:ae:1f:b8:85:1f:b4:03:
                    a5:e8:c3:89:c8:19:e4:f8:95:40:33:ce:e4:93:dc:
                    0b:52:d9:c4:71:1a:66:6a:f9:03:3b:15:1c:79:09:
                    28:bd:00:90:de:87:05:e1:95:78:77:8e:2b:66:16:
                    1d:d3:b2:22:37:4c:de:36:e0:d7:3a:10:2c:bb:45:
                    79:72:eb:4d:82:f8:e5:cc:55:f3:78:3d:15:5b:40:
                    5a:d0:ee:00:ba:f6:5b:0a:14:b5:1f:ac:1b:94:61:
                    f1:2c:68:34:08:a8:40:0b:78:1e:58:e4:54:d8:21:
                    d0:a5:fc:4b:41:4d:14:87:96:45:aa:6b:33:5d:d0:
                    dc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F7:91:DA:B1:60:75:97:58:6C:6E:8A:32:95:82:69:86:2E:B8:26
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/o_eR2rFgdZdYbG6KMpWCaYYuuCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.23.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:d0:27:bb:0d:cd:1c:ba:bb:b6:bf:70:73:c0:77:61:41:de:
         a3:17:69:84:e4:78:0d:a9:8c:4b:44:4b:35:df:99:00:82:61:
         59:d1:3e:a1:82:b9:b6:c1:53:68:af:3b:10:e7:52:9e:9c:02:
         bb:72:db:7e:51:10:12:4d:ae:0c:11:eb:bf:90:59:3a:a2:8d:
         55:b4:a2:c4:d3:8c:d6:28:06:89:55:e9:95:84:e3:f4:47:96:
         08:ac:f4:1c:79:11:49:a8:fa:e3:a4:ca:1c:47:c8:0c:3e:04:
         34:13:fd:c9:ab:34:3d:81:95:db:25:43:31:93:ff:4e:cc:f7:
         58:32:47:1b:95:66:5f:6f:75:dd:7d:ea:ad:cc:64:f4:c8:11:
         13:54:a7:57:c2:a1:e7:09:f0:a2:8e:cf:b9:e1:13:a0:9c:ab:
         aa:11:95:3c:40:1f:4d:b4:6f:04:99:7a:24:8f:f2:7b:d2:fe:
         32:72:bc:30:54:f5:2e:89:46:39:c6:4e:cc:3d:94:b0:0f:eb:
         f8:86:bd:f9:b2:d7:08:ee:cf:0c:b2:0f:6b:ae:07:83:71:50:
         08:db:95:fb:db:d3:63:e4:30:ad:ba:86:44:5f:02:28:86:77:
         a2:3b:af:fa:a7:f0:ae:34:19:93:bd:20:22:a1:e8:02:78:7c:
         58:3e:db:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/qZrwPKbyasXDOMa6RjDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Y3OTFkYWIxNjA3NTk3NTg2YzZlOGEzMjk1ODI2OTg2MmViODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5oUmrJY9KsSPlcR5Nkz4GIrb78X
2c4pKwZmIqxSmf55jY68RuqRhAsWwlvrIwkSMYwL01edWZTqJHwk9xmX7Lb5EFDf
QTffcH47S9oFle3ni5IhiDKcvRsDBNoioSDwWJk+qVNn5fkly/LnLkremeB+z8eA
NO0pxjKz9zyV4q4fuIUftAOl6MOJyBnk+JVAM87kk9wLUtnEcRpmavkDOxUceQko
vQCQ3ocF4ZV4d44rZhYd07IiN0zeNuDXOhAsu0V5cutNgvjlzFXzeD0VW0Ba0O4A
uvZbChS1H6wblGHxLGg0CKhAC3geWORU2CHQpfxLQU0Uh5ZFqmszXdDcoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKP3kdqxYHWXWGxuijKVgmmGLrgmMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvb19lUjJyRmdkWmRZYkc2S01wV0NhWVl1dUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAheoMA0G
CSqGSIb3DQEBCwUAA4IBAQBE0Ce7Dc0curu2v3BzwHdhQd6jF2mE5HgNqYxLREs1
35kAgmFZ0T6hgrm2wVNorzsQ51KenAK7ctt+URASTa4MEeu/kFk6oo1VtKLE04zW
KAaJVemVhOP0R5YIrPQceRFJqPrjpMocR8gMPgQ0E/3JqzQ9gZXbJUMxk/9OzPdY
MkcblWZfb3XdfeqtzGT0yBETVKdXwqHnCfCijs+54ROgnKuqEZU8QB9NtG8EmXok
j/J70v4ycrwwVPUuiUY5xk7MPZSwD+v4hr35stcI7s8Msg9rrgeDcVAI25X729Nj
5DCtuoZEXwIohneiO6/6p/CuNBmTvSAioegCeHxYPttH
-----END CERTIFICATE-----