Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/IYa9XdwBzBJAv_CYy_AqauKsu18.roa
File:                     IYa9XdwBzBJAv_CYy_AqauKsu18.roa (raw, json)
Hash identifier:          9wjDnr6e6855OxlzYd+VQPOavqD4gHSR08DKeo6gmYA=
Subject key identifier:   21:86:BD:5D:DC:01:CC:12:40:BF:F0:98:CB:F0:2A:6A:E2:AC:BB:5F
Certificate issuer:       /CN=f571bbf1d3d3c0efe36de110392be0c7ac447a84
Certificate serial:       018CC3B7376B9B0A8535DBD29E6ED9978CE3
Authority key identifier: F5:71:BB:F1:D3:D3:C0:EF:E3:6D:E1:10:39:2B:E0:C7:AC:44:7A:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/IYa9XdwBzBJAv_CYy_AqauKsu18.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201178
IP address blocks:        213.128.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:37:6b:9b:0a:85:35:db:d2:9e:6e:d9:97:8c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f571bbf1d3d3c0efe36de110392be0c7ac447a84
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2186bd5ddc01cc1240bff098cbf02a6ae2acbb5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f2:f8:50:27:05:a0:45:bb:1b:48:74:d7:be:
                    9b:c8:6e:30:28:af:00:e0:ae:8e:4c:fc:75:6d:06:
                    f2:04:fb:48:b5:19:78:0f:b1:58:49:c1:6c:76:74:
                    1f:48:7f:51:98:16:2d:f9:15:48:bd:a6:8a:0c:24:
                    27:1f:fe:36:84:f0:52:90:d6:59:ed:85:7b:03:a0:
                    39:04:03:b4:c3:98:f8:9d:f0:9a:4a:2f:3d:0a:72:
                    4c:52:28:87:29:0f:1a:d4:07:a7:35:7d:4d:13:af:
                    98:31:d1:db:5a:9b:14:69:0f:4c:f1:6e:61:07:f2:
                    51:22:8a:2a:ba:3a:64:e5:a7:c6:e8:86:42:90:ea:
                    86:e4:c3:91:42:fa:8d:18:66:c1:d3:3b:b1:86:e3:
                    99:ce:be:4f:93:45:f0:e0:c3:01:74:95:5b:49:03:
                    47:99:9d:ed:91:eb:c0:4a:58:9e:c6:07:a6:ae:98:
                    0f:3c:c7:66:7c:7e:94:ad:f3:c1:99:53:a5:41:05:
                    37:84:53:56:7c:34:25:15:d2:69:82:c7:03:56:85:
                    11:ee:19:f9:c4:0f:7b:74:af:b7:46:7b:35:52:13:
                    af:a7:31:c9:9b:42:f4:70:f1:cd:be:ae:74:4a:50:
                    1f:5e:64:41:b6:fb:88:b0:87:b0:da:20:bb:82:5a:
                    54:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:86:BD:5D:DC:01:CC:12:40:BF:F0:98:CB:F0:2A:6A:E2:AC:BB:5F
            X509v3 Authority Key Identifier:
                keyid:F5:71:BB:F1:D3:D3:C0:EF:E3:6D:E1:10:39:2B:E0:C7:AC:44:7A:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XG78dPTwO_jbeEQOSvgx6xEeoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/IYa9XdwBzBJAv_CYy_AqauKsu18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/68303f-e8b0-4fe0-96b6-a9657eb1f8d7/1/9XG78dPTwO_jbeEQOSvgx6xEeoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.128.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:48:55:39:7e:e4:30:38:ed:a0:61:3f:c8:e3:b5:72:73:6d:
         8e:d7:6f:06:08:2a:b1:07:2a:cc:6b:1e:5d:77:6a:d8:87:8d:
         d9:1f:0e:fe:d9:30:21:d8:bf:8c:d8:eb:9a:72:33:94:ce:c1:
         44:16:a6:29:d1:e8:8f:6b:55:e8:ed:bb:bd:73:7e:fd:be:ad:
         d4:2c:08:79:84:5e:50:14:b0:10:b3:ce:b1:6f:5c:f5:57:56:
         74:45:45:d4:24:20:fa:54:74:34:a9:e7:9b:d5:97:a3:b9:e1:
         9c:1a:40:fc:10:a6:cb:3e:61:19:35:8a:84:b2:8e:01:20:43:
         17:74:27:62:17:90:f1:53:91:cb:8c:67:6a:99:4f:cc:89:97:
         a5:3c:fc:3f:9d:3a:2f:17:98:df:89:be:ad:4c:84:2c:a4:76:
         b7:0f:9c:69:9b:d8:3a:bf:a6:ab:27:e6:8a:cb:00:94:b6:46:
         f5:7d:59:f0:2c:7e:2f:86:8e:fa:b7:97:dd:e6:32:bb:06:22:
         d9:b6:48:d5:29:96:4c:1f:c3:15:d1:21:3a:4b:df:7a:81:c8:
         09:fc:2d:04:8c:4e:df:13:11:5c:e4:b7:d4:2c:ba:0e:45:c4:
         5a:98:74:9b:5e:10:36:5c:1c:ec:07:95:d6:ce:83:cc:38:6c:
         24:47:c3:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzdrmwqFNdvSnm7Zl4zjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NzFiYmYxZDNkM2MwZWZlMzZkZTExMDM5MmJlMGM3YWM0
NDdhODQwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTg2YmQ1ZGRjMDFjYzEyNDBiZmYwOThjYmYwMmE2YWUyYWNiYjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPL4UCcFoEW7G0h0176byG4wKK8A
4K6OTPx1bQbyBPtItRl4D7FYScFsdnQfSH9RmBYt+RVIvaaKDCQnH/42hPBSkNZZ
7YV7A6A5BAO0w5j4nfCaSi89CnJMUiiHKQ8a1AenNX1NE6+YMdHbWpsUaQ9M8W5h
B/JRIooqujpk5afG6IZCkOqG5MORQvqNGGbB0zuxhuOZzr5Pk0Xw4MMBdJVbSQNH
mZ3tkevASliexgemrpgPPMdmfH6UrfPBmVOlQQU3hFNWfDQlFdJpgscDVoUR7hn5
xA97dK+3Rns1UhOvpzHJm0L0cPHNvq50SlAfXmRBtvuIsIew2iC7glpUZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGGvV3cAcwSQL/wmMvwKmrirLtfMB8GA1UdIwQY
MBaAFPVxu/HT08Dv423hEDkr4MesRHqEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhHNzhkUFR3T19qYmVFUU9Tdmd4NnhFZW9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82ODMwM2YtZThiMC00ZmUwLTk2YjYt
YTk2NTdlYjFmOGQ3LzEvSVlhOVhkd0J6QkpBdl9DWXlfQXFhdUtzdTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82ODMwM2YtZThiMC00ZmUwLTk2YjYtYTk2NTdlYjFmOGQ3
LzEvOVhHNzhkUFR3T19qYmVFUU9Tdmd4NnhFZW9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YBGMA0G
CSqGSIb3DQEBCwUAA4IBAQBjSFU5fuQwOO2gYT/I47Vyc22O128GCCqxByrMax5d
d2rYh43ZHw7+2TAh2L+M2OuacjOUzsFEFqYp0eiPa1Xo7bu9c379vq3ULAh5hF5Q
FLAQs86xb1z1V1Z0RUXUJCD6VHQ0qeeb1ZejueGcGkD8EKbLPmEZNYqEso4BIEMX
dCdiF5DxU5HLjGdqmU/MiZelPPw/nTovF5jfib6tTIQspHa3D5xpm9g6v6arJ+aK
ywCUtkb1fVnwLH4vho76t5fd5jK7BiLZtkjVKZZMH8MV0SE6S996gcgJ/C0EjE7f
ExFc5LfULLoORcRamHSbXhA2XBzsB5XWzoPMOGwkR8MV
-----END CERTIFICATE-----