Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/N2yQoXBdSEElBZu-RGNwwAxXDtk.roa
File:                     N2yQoXBdSEElBZu-RGNwwAxXDtk.roa (raw, json)
Hash identifier:          tOTk1JIGa1EPcGJlrhiAVq6xF6ocNRc65R8CKTRX+UI=
Subject key identifier:   37:6C:90:A1:70:5D:48:41:25:05:9B:BE:44:63:70:C0:0C:57:0E:D9
Certificate issuer:       /CN=6c1a761795f0f66bff2478b468cde0d851ed1887
Certificate serial:       018DEAEB093157C10A35163197B134D964EF
Authority key identifier: 6C:1A:76:17:95:F0:F6:6B:FF:24:78:B4:68:CD:E0:D8:51:ED:18:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/N2yQoXBdSEElBZu-RGNwwAxXDtk.roa
Signing time:             Tue 27 Feb 2024 14:14:48 +0000
ROA not before:           Tue 27 Feb 2024 14:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        46.60.128.0/17 maxlen: 24
                          185.224.12.0/22 maxlen: 24
                          2a03:c500::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:eb:09:31:57:c1:0a:35:16:31:97:b1:34:d9:64:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1a761795f0f66bff2478b468cde0d851ed1887
        Validity
            Not Before: Feb 27 14:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=376c90a1705d484125059bbe446370c00c570ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6e:18:72:db:61:4a:93:7a:9b:f2:1c:13:13:
                    0b:07:d0:f7:ac:07:22:87:8d:f7:a1:f4:6a:a5:51:
                    51:4e:ba:f8:03:1d:fd:88:89:e5:bc:04:0a:03:09:
                    9e:4f:ee:eb:a8:91:3e:0d:85:bf:35:de:0f:f1:34:
                    4a:67:42:c0:40:73:a3:d9:d2:97:6a:be:75:ec:63:
                    8c:aa:7a:7f:f6:7d:f3:60:a5:31:e5:3e:6c:c6:02:
                    cc:14:34:e1:dc:27:1d:3e:3a:b2:32:e6:ad:1e:e1:
                    bd:ef:c6:73:31:a1:2d:e4:90:1d:c5:10:17:0e:3b:
                    b9:d5:e7:c1:16:cf:a6:b7:0a:b3:ed:c3:cd:1f:b8:
                    f0:5d:7e:66:06:59:eb:14:97:ba:91:40:fc:bb:1a:
                    7a:e1:2b:ee:64:18:82:71:35:85:a1:d3:e6:00:6a:
                    c2:7a:b7:23:1b:02:f6:68:c8:e2:12:c9:58:49:ef:
                    c2:a5:ab:31:47:15:e9:3a:5d:22:6b:d3:24:30:03:
                    c9:df:a5:02:3b:33:3e:c5:14:e2:ab:74:0a:2a:cf:
                    1c:f8:03:85:e2:71:6c:15:72:be:97:4b:44:37:dd:
                    cf:a4:e5:18:f1:ce:90:6e:c9:2d:ed:5e:a6:b7:31:
                    8f:c8:8c:71:73:3a:d0:c6:37:b1:de:a7:22:a6:93:
                    3a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6C:90:A1:70:5D:48:41:25:05:9B:BE:44:63:70:C0:0C:57:0E:D9
            X509v3 Authority Key Identifier:
                keyid:6C:1A:76:17:95:F0:F6:6B:FF:24:78:B4:68:CD:E0:D8:51:ED:18:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/N2yQoXBdSEElBZu-RGNwwAxXDtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a2c386-d5e9-4ad9-938a-0d1d174c4351/1/bBp2F5Xw9mv_JHi0aM3g2FHtGIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.60.128.0/17
                  185.224.12.0/22
                IPv6:
                  2a03:c500::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:b2:95:23:94:19:70:c1:a9:99:53:57:3a:e1:95:5e:8d:54:
         88:c4:74:48:c8:93:cb:c9:c1:5d:81:ae:58:0f:d3:96:73:86:
         f3:a2:65:0b:f2:ae:75:f1:d5:31:cf:44:cb:71:b9:40:6b:fe:
         a0:be:c5:54:5c:04:ee:5d:78:a8:05:df:90:b8:2c:b4:a0:ae:
         16:47:2a:0f:8d:21:ec:f0:81:e2:a3:4b:9f:97:ec:b0:36:c0:
         be:44:8c:be:5f:8a:90:3a:ab:62:77:7b:b9:8e:b9:92:20:bf:
         ba:b2:db:67:38:a1:b8:84:5c:02:6b:af:b6:82:69:c7:98:27:
         e6:72:87:ae:62:f7:4e:44:43:09:62:07:75:8f:54:8b:ac:8f:
         61:70:06:b8:be:7c:9d:31:05:bc:b5:31:33:46:a5:6c:c5:c9:
         a3:c7:1f:f8:b3:c3:92:a8:fe:dc:1b:8a:3f:4c:c8:66:72:7c:
         ed:03:54:9a:3f:19:5b:27:6f:1e:d4:60:c0:bf:3f:e4:13:7e:
         c9:7a:65:2a:e7:22:c0:36:53:95:df:f1:61:3b:a3:7e:02:8a:
         dc:4f:47:a8:f5:d5:cf:53:dd:ac:fd:45:f6:d8:a3:88:18:8e:
         a9:58:13:06:95:a6:44:3f:8b:8f:4e:c6:ef:71:44:0c:a4:0c:
         95:3d:a5:0c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY3q6wkxV8EKNRYxl7E02WTvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMWE3NjE3OTVmMGY2NmJmZjI0NzhiNDY4Y2RlMGQ4NTFl
ZDE4ODcwHhcNMjQwMjI3MTQxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZjOTBhMTcwNWQ0ODQxMjUwNTliYmU0NDYzNzBjMDBjNTcwZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW4YctthSpN6m/IcExMLB9D3rAci
h433ofRqpVFRTrr4Ax39iInlvAQKAwmeT+7rqJE+DYW/Nd4P8TRKZ0LAQHOj2dKX
ar517GOMqnp/9n3zYKUx5T5sxgLMFDTh3CcdPjqyMuatHuG978ZzMaEt5JAdxRAX
Dju51efBFs+mtwqz7cPNH7jwXX5mBlnrFJe6kUD8uxp64SvuZBiCcTWFodPmAGrC
ercjGwL2aMjiEslYSe/CpasxRxXpOl0ia9MkMAPJ36UCOzM+xRTiq3QKKs8c+AOF
4nFsFXK+l0tEN93PpOUY8c6Qbskt7V6mtzGPyIxxczrQxjex3qcippM6VwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDdskKFwXUhBJQWbvkRjcMAMVw7ZMB8GA1UdIwQY
MBaAFGwadheV8PZr/yR4tGjN4NhR7RiHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJwMkY1WHc5bXZfSkhpMGFNM2cyRkh0R0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMmMzODYtZDVlOS00YWQ5LTkzOGEt
MGQxZDE3NGM0MzUxLzEvTjJ5UW9YQmRTRUVsQlp1LVJHTnd3QXhYRHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMmMzODYtZDVlOS00YWQ5LTkzOGEtMGQxZDE3NGM0MzUx
LzEvYkJwMkY1WHc5bXZfSkhpMGFNM2cyRkh0R0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHLjyAAwQC
ueAMMA0EAgACMAcDBQAqA8UAMA0GCSqGSIb3DQEBCwUAA4IBAQARspUjlBlwwamZ
U1c64ZVejVSIxHRIyJPLycFdga5YD9OWc4bzomUL8q518dUxz0TLcblAa/6gvsVU
XATuXXioBd+QuCy0oK4WRyoPjSHs8IHio0ufl+ywNsC+RIy+X4qQOqtid3u5jrmS
IL+6sttnOKG4hFwCa6+2gmnHmCfmcoeuYvdOREMJYgd1j1SLrI9hcAa4vnydMQW8
tTEzRqVsxcmjxx/4s8OSqP7cG4o/TMhmcnztA1SaPxlbJ28e1GDAvz/kE37JemUq
5yLANlOV3/FhO6N+AorcT0eo9dXPU92s/UX22KOIGI6pWBMGlaZEP4uPTsbvcUQM
pAyVPaUM
-----END CERTIFICATE-----