Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/pH6P0l-70BahgEH94W8nBmj9LoU.roa
File:                     pH6P0l-70BahgEH94W8nBmj9LoU.roa (raw, json)
Hash identifier:          0GKTTNpJVcWv2G8l5BmW94fE83OGjmkg0xU+A0JjUHs=
Subject key identifier:   A4:7E:8F:D2:5F:BB:D0:16:A1:80:41:FD:E1:6F:27:06:68:FD:2E:85
Certificate issuer:       /CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
Certificate serial:       018D83F6EF540DA8A8242FBD80647AE98F71
Authority key identifier: 12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/pH6P0l-70BahgEH94W8nBmj9LoU.roa
Signing time:             Wed 07 Feb 2024 14:26:54 +0000
ROA not before:           Wed 07 Feb 2024 14:26:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41555
IP address blocks:        170.236.180.0/24 maxlen: 24
                          170.237.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:83:f6:ef:54:0d:a8:a8:24:2f:bd:80:64:7a:e9:8f:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
        Validity
            Not Before: Feb  7 14:26:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a47e8fd25fbbd016a18041fde16f270668fd2e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:74:aa:14:61:83:96:33:15:b7:6e:5f:2e:4c:
                    7d:45:ab:34:b3:9b:ab:1d:ba:54:33:ad:15:4f:41:
                    c5:d3:00:1b:0a:b7:ce:4a:48:b1:2c:de:f7:5f:94:
                    5f:9d:b0:60:e1:3e:ba:4c:a2:be:5b:d2:1b:3e:cb:
                    e8:4d:1f:bb:02:94:99:e2:9f:5e:6a:73:dc:ab:27:
                    ec:41:19:c7:f0:2c:b3:26:8c:fd:2b:cb:bc:29:54:
                    d1:a7:b8:03:9c:d3:30:e2:fe:51:aa:3f:47:cd:ae:
                    ec:3e:53:f2:c8:a3:c4:83:e6:3d:cd:03:f2:b6:e2:
                    63:08:e8:9b:bb:a7:bc:57:08:5c:b8:45:0e:55:95:
                    00:9f:e0:33:ae:27:34:cc:a1:a4:c4:59:7f:9c:2c:
                    13:4e:dc:f3:37:88:46:5c:2a:2b:40:5d:66:8a:c3:
                    e4:e9:7a:50:0d:95:4f:25:cc:01:a6:f2:13:b8:29:
                    d0:d2:2d:52:b7:80:44:8f:e5:ba:22:af:d4:30:12:
                    44:ca:1d:a5:f3:62:70:d7:6b:49:f1:57:20:3c:5b:
                    2d:58:73:6b:f8:af:f9:35:ba:75:f8:21:9a:59:78:
                    0a:3e:b7:73:a9:7c:c0:ec:c3:65:d7:a0:96:6c:c2:
                    00:a2:4a:1b:94:07:42:15:55:08:2c:c1:51:dc:bb:
                    c0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7E:8F:D2:5F:BB:D0:16:A1:80:41:FD:E1:6F:27:06:68:FD:2E:85
            X509v3 Authority Key Identifier:
                keyid:12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/pH6P0l-70BahgEH94W8nBmj9LoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.236.180.0/24
                  170.237.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:de:71:a5:d1:44:fa:7f:ff:24:f7:e5:81:d6:48:5c:ef:37:
         76:7b:e3:23:47:25:dc:dd:af:21:53:89:39:13:c3:c6:f4:84:
         f3:bb:31:6c:00:7e:ea:1c:67:b9:cb:bc:42:74:97:76:55:23:
         fb:ac:e9:91:d1:15:d3:43:96:5d:5a:67:81:a5:75:43:d4:e5:
         c0:f1:ed:65:27:0e:d1:4d:4e:b3:5d:68:b4:fe:0a:ee:38:71:
         4a:06:86:d6:a1:d9:df:59:48:84:ae:85:a2:8e:a5:b7:30:8a:
         40:51:4c:b6:96:a2:9e:1c:c2:5e:48:10:d9:73:6e:e7:80:e9:
         57:8c:f9:f7:c2:68:1e:c3:75:5b:e3:76:89:59:1f:4c:19:96:
         95:a9:a4:80:70:5e:56:35:cb:e1:e9:66:ef:54:5d:c9:59:d3:
         c9:b0:b9:c2:9d:66:7c:c1:3b:d5:29:e1:28:7d:6d:6e:d7:98:
         02:61:a5:89:ca:85:ee:1a:e8:a1:cb:df:c9:17:5d:fc:c8:81:
         01:47:a2:1a:13:99:66:b1:dd:b0:a7:ce:6c:44:b5:93:d8:e8:
         ae:26:27:77:de:97:69:83:e4:8d:f6:8e:fc:1b:d2:18:84:2f:
         c2:45:44:ad:53:b5:5b:03:42:63:fc:d8:87:07:b7:2a:13:76:
         96:2f:66:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2D9u9UDaioJC+9gGR66Y9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjRlNWVmZjFhYmMwZTZkOGJmMDI5ZTRmNzMyZTBhYjcx
YmMxNmEwHhcNMjQwMjA3MTQyNjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDdlOGZkMjVmYmJkMDE2YTE4MDQxZmRlMTZmMjcwNjY4ZmQyZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHSqFGGDljMVt25fLkx9Ras0s5ur
HbpUM60VT0HF0wAbCrfOSkixLN73X5RfnbBg4T66TKK+W9IbPsvoTR+7ApSZ4p9e
anPcqyfsQRnH8CyzJoz9K8u8KVTRp7gDnNMw4v5Rqj9Hza7sPlPyyKPEg+Y9zQPy
tuJjCOibu6e8VwhcuEUOVZUAn+Azric0zKGkxFl/nCwTTtzzN4hGXCorQF1misPk
6XpQDZVPJcwBpvITuCnQ0i1St4BEj+W6Iq/UMBJEyh2l82Jw12tJ8VcgPFstWHNr
+K/5Nbp1+CGaWXgKPrdzqXzA7MNl16CWbMIAokoblAdCFVUILMFR3LvAnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKR+j9Jfu9AWoYBB/eFvJwZo/S6FMB8GA1UdIwQY
MBaAFBIk5e/xq8Dm2L8Cnk9zLgq3G8FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEt
NTM4NmIxZDk2M2JjLzEvcEg2UDBsLTcwQmFoZ0VIOTRXOG5CbWo5TG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEtNTM4NmIxZDk2M2Jj
LzEvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAquy0AwQA
qu1fMA0GCSqGSIb3DQEBCwUAA4IBAQAZ3nGl0UT6f/8k9+WB1khc7zd2e+MjRyXc
3a8hU4k5E8PG9ITzuzFsAH7qHGe5y7xCdJd2VSP7rOmR0RXTQ5ZdWmeBpXVD1OXA
8e1lJw7RTU6zXWi0/gruOHFKBobWodnfWUiEroWijqW3MIpAUUy2lqKeHMJeSBDZ
c27ngOlXjPn3wmgew3Vb43aJWR9MGZaVqaSAcF5WNcvh6WbvVF3JWdPJsLnCnWZ8
wTvVKeEofW1u15gCYaWJyoXuGuihy9/JF138yIEBR6IaE5lmsd2wp85sRLWT2Oiu
Jid33pdpg+SN9o78G9IYhC/CRUStU7VbA0Jj/NiHB7cqE3aWL2bO
-----END CERTIFICATE-----