Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7d2f34-affd-4d1c-b416-aac2ebcbf5d4/1/bt1xLFkblT5HtIL9wXPjqnC8pBA.roa
File:                     bt1xLFkblT5HtIL9wXPjqnC8pBA.roa (raw, json)
Hash identifier:          CUwckqrlnWlbWRSXDH7QNyl/JRmqNysep9H9G+sEQ/0=
Subject key identifier:   6E:DD:71:2C:59:1B:95:3E:47:B4:82:FD:C1:73:E3:AA:70:BC:A4:10
Certificate issuer:       /CN=3616ab18e6bcede0850bcaaebd959993e84086eb
Certificate serial:       018CC5013DB96BF498F255E073212692ED2E
Authority key identifier: 36:16:AB:18:E6:BC:ED:E0:85:0B:CA:AE:BD:95:99:93:E8:40:86:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NharGOa87eCFC8quvZWZk-hAhus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7d2f34-affd-4d1c-b416-aac2ebcbf5d4/1/bt1xLFkblT5HtIL9wXPjqnC8pBA.roa
Signing time:             Mon 01 Jan 2024 12:30:41 +0000
ROA not before:           Mon 01 Jan 2024 12:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        158.196.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7d2f34-affd-4d1c-b416-aac2ebcbf5d4/1/NharGOa87eCFC8quvZWZk-hAhus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7d2f34-affd-4d1c-b416-aac2ebcbf5d4/1/NharGOa87eCFC8quvZWZk-hAhus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NharGOa87eCFC8quvZWZk-hAhus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 21:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3d:b9:6b:f4:98:f2:55:e0:73:21:26:92:ed:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3616ab18e6bcede0850bcaaebd959993e84086eb
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6edd712c591b953e47b482fdc173e3aa70bca410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:27:2c:9f:17:44:44:4e:98:d9:59:7d:07:42:
                    73:21:1e:4d:0b:3d:7d:ef:44:d8:ae:80:5f:d1:91:
                    c6:c6:23:fc:16:9c:cf:28:ab:3d:5d:3a:fb:f4:13:
                    d1:4f:14:1f:e8:32:51:44:e8:50:c9:b2:f1:2c:34:
                    93:f8:b2:d2:7d:26:c8:d4:dd:54:44:04:8d:63:63:
                    d5:68:69:6b:31:8e:7e:2b:ec:74:08:e3:53:56:cd:
                    9c:78:10:6d:2a:3a:8a:76:9d:f0:61:99:7d:63:f4:
                    b2:49:de:c0:ad:f5:1c:41:29:f0:a8:e1:57:88:83:
                    fe:b8:ca:e9:04:3c:ff:fd:1a:73:a1:37:2c:d5:dd:
                    10:a8:70:22:97:c9:2b:cd:14:87:80:01:ae:96:55:
                    28:d2:d7:3c:4d:15:2a:ec:4c:6d:fa:f3:20:ce:86:
                    28:e2:cd:79:90:bd:d8:2d:4d:88:d1:9e:b9:b0:91:
                    aa:ea:18:69:dc:fd:53:5e:10:a6:5f:90:b0:e4:e2:
                    7d:d5:64:cd:ee:4d:7c:6e:01:67:31:69:db:95:99:
                    4f:17:6f:bd:65:61:03:da:ca:57:4d:78:06:1c:d7:
                    d7:1a:a2:98:d6:e4:28:02:b8:9b:2e:8e:c7:90:50:
                    1a:cc:d7:4e:d1:bc:04:7d:4e:43:51:fd:5a:a1:bd:
                    b9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:DD:71:2C:59:1B:95:3E:47:B4:82:FD:C1:73:E3:AA:70:BC:A4:10
            X509v3 Authority Key Identifier:
                keyid:36:16:AB:18:E6:BC:ED:E0:85:0B:CA:AE:BD:95:99:93:E8:40:86:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NharGOa87eCFC8quvZWZk-hAhus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7d2f34-affd-4d1c-b416-aac2ebcbf5d4/1/bt1xLFkblT5HtIL9wXPjqnC8pBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7d2f34-affd-4d1c-b416-aac2ebcbf5d4/1/NharGOa87eCFC8quvZWZk-hAhus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.196.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         35:0a:a4:ac:11:4d:da:12:21:65:a3:20:c3:8e:08:f5:38:46:
         cb:f6:3f:3a:1a:5f:77:82:7f:b7:f3:a7:f4:69:81:0c:2a:98:
         2d:95:53:52:d6:97:0a:ea:91:2e:c1:11:45:56:57:b7:4a:49:
         35:a3:39:3c:0c:88:54:0f:98:3c:5d:db:16:80:a1:42:24:dc:
         d9:00:8d:f0:ee:39:df:6b:4f:2d:7e:d8:0c:8a:32:00:14:2c:
         b7:38:24:13:4e:25:1c:cf:0a:b1:e9:4d:91:9b:e1:a9:4d:12:
         eb:12:e7:86:dd:19:73:a5:d2:e5:9c:bf:22:ed:0e:51:10:c0:
         03:b8:84:11:51:53:8a:44:2e:af:e4:c1:d4:eb:9e:5a:e3:13:
         42:9e:94:90:b7:e1:00:59:1e:a0:84:c9:7f:91:b0:0c:08:0e:
         5a:f0:b7:0e:c3:6a:53:ad:1a:0e:c5:91:21:2c:76:10:78:f0:
         27:d3:88:dc:0f:f2:a7:ec:69:97:9a:40:df:bb:d9:48:74:9b:
         cd:af:ba:85:d3:89:63:6d:85:10:2a:5a:bd:ce:3a:fe:59:7c:
         83:93:0a:61:0c:75:ea:71:86:ff:8c:db:4f:d9:c2:f4:c3:64:
         b4:0d:4b:d7:b3:f2:cf:70:04:0f:9a:20:d8:48:b2:45:f6:37:
         fc:24:28:13
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFAT25a/SY8lXgcyEmku0uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MTZhYjE4ZTZiY2VkZTA4NTBiY2FhZWJkOTU5OTkzZTg0
MDg2ZWIwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWRkNzEyYzU5MWI5NTNlNDdiNDgyZmRjMTczZTNhYTcwYmNhNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCcsnxdERE6Y2Vl9B0JzIR5NCz19
70TYroBf0ZHGxiP8FpzPKKs9XTr79BPRTxQf6DJRROhQybLxLDST+LLSfSbI1N1U
RASNY2PVaGlrMY5+K+x0CONTVs2ceBBtKjqKdp3wYZl9Y/SySd7ArfUcQSnwqOFX
iIP+uMrpBDz//RpzoTcs1d0QqHAil8krzRSHgAGullUo0tc8TRUq7Ext+vMgzoYo
4s15kL3YLU2I0Z65sJGq6hhp3P1TXhCmX5Cw5OJ91WTN7k18bgFnMWnblZlPF2+9
ZWED2spXTXgGHNfXGqKY1uQoAribLo7HkFAazNdO0bwEfU5DUf1aob258QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFG7dcSxZG5U+R7SC/cFz46pwvKQQMB8GA1UdIwQY
MBaAFDYWqxjmvO3ghQvKrr2VmZPoQIbrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhhckdPYTg3ZUNGQzhxdXZaV1prLWhBaHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83ZDJmMzQtYWZmZC00ZDFjLWI0MTYt
YWFjMmViY2JmNWQ0LzEvYnQxeExGa2JsVDVIdElMOXdYUGpxbkM4cEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83ZDJmMzQtYWZmZC00ZDFjLWI0MTYtYWFjMmViY2JmNWQ0
LzEvTmhhckdPYTg3ZUNGQzhxdXZaV1prLWhBaHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnsQwDQYJ
KoZIhvcNAQELBQADggEBADUKpKwRTdoSIWWjIMOOCPU4Rsv2PzoaX3eCf7fzp/Rp
gQwqmC2VU1LWlwrqkS7BEUVWV7dKSTWjOTwMiFQPmDxd2xaAoUIk3NkAjfDuOd9r
Ty1+2AyKMgAULLc4JBNOJRzPCrHpTZGb4alNEusS54bdGXOl0uWcvyLtDlEQwAO4
hBFRU4pELq/kwdTrnlrjE0KelJC34QBZHqCEyX+RsAwIDlrwtw7DalOtGg7FkSEs
dhB48CfTiNwP8qfsaZeaQN+72Uh0m82vuoXTiWNthRAqWr3OOv5ZfIOTCmEMdepx
hv+M20/ZwvTDZLQNS9ez8s9wBA+aINhIskX2N/wkKBM=
-----END CERTIFICATE-----