Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cRqLEW9wUWFO30wxWkzs8giReEs.roa
File:                     cRqLEW9wUWFO30wxWkzs8giReEs.roa (raw, json)
Hash identifier:          4yu185wU8cpzhjVsjSAOJcElGEH6mRm81UcHivbg9Vk=
Subject key identifier:   71:1A:8B:11:6F:70:51:61:4E:DF:4C:31:5A:4C:EC:F2:08:91:78:4B
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E2EBD5E6894BADDAA7187B06D1FCD
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cRqLEW9wUWFO30wxWkzs8giReEs.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26636
IP address blocks:        212.87.212.0/22 maxlen: 22
                          2.56.246.0/23 maxlen: 23
                          147.78.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2e:bd:5e:68:94:ba:dd:aa:71:87:b0:6d:1f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=711a8b116f7051614edf4c315a4cecf20891784b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c0:e8:da:87:9d:5a:65:69:fd:a3:0a:fc:96:
                    4a:3a:94:35:e6:3b:a5:71:07:26:a2:d1:9f:a5:b8:
                    b1:d0:4d:ee:67:61:8e:e5:c9:41:7c:c0:f6:31:7d:
                    30:57:ac:9d:63:a0:54:c4:a0:81:37:ad:80:38:b3:
                    60:9b:cd:29:cd:60:5b:82:d8:c7:fc:b9:56:81:6b:
                    11:7e:a6:06:15:ec:c4:ad:06:a4:34:6f:70:87:ab:
                    86:8b:aa:80:50:0b:1e:ed:23:ce:41:4e:09:53:d3:
                    aa:13:eb:67:86:d2:8f:ce:eb:10:fe:6e:4e:f2:67:
                    e1:00:5a:0f:4e:62:ca:0e:37:75:4e:78:20:10:da:
                    87:3f:a4:30:24:2c:be:09:18:5f:e3:9b:77:d6:41:
                    f5:5d:1d:83:de:2d:05:30:6d:88:2e:59:0f:40:11:
                    d8:c8:1c:f6:73:0e:21:bb:fe:a8:08:30:72:01:a1:
                    e6:55:18:73:34:51:bf:7d:52:dd:c2:93:a2:48:ea:
                    b6:6f:a7:89:92:20:c6:76:4a:da:8f:b6:ca:d2:23:
                    cf:21:4a:b9:31:b9:c1:35:5d:85:c3:59:76:22:62:
                    30:75:e5:c0:07:e4:9a:aa:09:83:0f:f9:97:df:a0:
                    9f:25:8d:de:89:29:a1:72:5b:46:12:b8:fa:4f:43:
                    93:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1A:8B:11:6F:70:51:61:4E:DF:4C:31:5A:4C:EC:F2:08:91:78:4B
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/cRqLEW9wUWFO30wxWkzs8giReEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.246.0/23
                  147.78.124.0/22
                  212.87.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:44:e3:76:04:3b:74:09:6d:42:2a:16:dc:f1:48:93:99:a9:
         c3:e3:ee:f7:65:1f:47:67:30:a7:67:20:25:c5:34:30:58:e6:
         84:c5:50:a8:73:cc:fe:1a:3c:a2:d8:1e:c7:cc:4d:8f:66:7e:
         52:df:a3:6c:77:d5:3d:ff:7f:20:31:fe:29:62:8d:69:d1:3d:
         bf:0b:fc:6d:9d:04:11:2c:f3:dd:04:07:ea:6c:d8:bc:d2:80:
         ff:e7:c5:80:a2:b8:dd:6e:70:0c:2b:54:81:fb:ea:82:c5:a9:
         08:b5:30:71:7d:a9:8f:a1:c4:5a:bd:f8:4d:fc:79:b0:30:44:
         b8:12:de:1a:b7:53:a8:37:18:7c:7d:29:a6:c6:ae:a8:55:d4:
         22:cc:d5:cc:9e:f2:b7:36:a1:ac:67:85:a7:f1:ef:79:ee:a3:
         66:b9:e3:4b:98:4e:f1:a2:1d:48:d6:c3:7e:c6:5a:96:52:e3:
         62:c4:7e:c9:a3:c6:21:47:ea:5d:d8:e5:3e:2b:1f:93:a4:1f:
         cb:d2:de:c7:35:6a:22:8b:b7:30:3e:56:00:f0:ba:31:34:eb:
         63:a9:e4:7b:32:41:42:4a:56:84:df:21:a8:41:36:03:d5:cd:
         0c:24:09:6c:d8:f1:0d:06:46:79:eb:b4:a9:7a:30:7d:70:c1:
         f5:5c:3e:79
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTi69XmiUut2qcYewbR/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFhOGIxMTZmNzA1MTYxNGVkZjRjMzE1YTRjZWNmMjA4OTE3ODRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcDo2oedWmVp/aMK/JZKOpQ15jul
cQcmotGfpbix0E3uZ2GO5clBfMD2MX0wV6ydY6BUxKCBN62AOLNgm80pzWBbgtjH
/LlWgWsRfqYGFezErQakNG9wh6uGi6qAUAse7SPOQU4JU9OqE+tnhtKPzusQ/m5O
8mfhAFoPTmLKDjd1TnggENqHP6QwJCy+CRhf45t31kH1XR2D3i0FMG2ILlkPQBHY
yBz2cw4hu/6oCDByAaHmVRhzNFG/fVLdwpOiSOq2b6eJkiDGdkraj7bK0iPPIUq5
MbnBNV2Fw1l2ImIwdeXAB+SaqgmDD/mX36CfJY3eiSmhcltGErj6T0OTPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHEaixFvcFFhTt9MMVpM7PIIkXhLMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvY1JxTEVXOXdVV0ZPMzB3eFdrenM4Z2lSZUVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBAjj2AwQC
k058AwQC1FfUMA0GCSqGSIb3DQEBCwUAA4IBAQBARON2BDt0CW1CKhbc8UiTmanD
4+73ZR9HZzCnZyAlxTQwWOaExVCoc8z+Gjyi2B7HzE2PZn5S36Nsd9U9/38gMf4p
Yo1p0T2/C/xtnQQRLPPdBAfqbNi80oD/58WAorjdbnAMK1SB++qCxakItTBxfamP
ocRavfhN/HmwMES4Et4at1OoNxh8fSmmxq6oVdQizNXMnvK3NqGsZ4Wn8e957qNm
ueNLmE7xoh1I1sN+xlqWUuNixH7Jo8YhR+pd2OU+Kx+TpB/L0t7HNWoii7cwPlYA
8LoxNOtjqeR7MkFCSlaE3yGoQTYD1c0MJAls2PENBkZ567SpejB9cMH1XD55
-----END CERTIFICATE-----