Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/kCluYn7nqoHH4SSOepPfvh-y1yk.roa
File:                     kCluYn7nqoHH4SSOepPfvh-y1yk.roa (raw, json)
Hash identifier:          nTq6la6myCABttwP6zRbIZ4fLxwO0QnV6q+uhEwUj8A=
Subject key identifier:   90:29:6E:62:7E:E7:AA:81:C7:E1:24:8E:7A:93:DF:BE:1F:B2:D7:29
Certificate issuer:       /CN=6506096695f7e6610b19b08e1d7fd9c4d914a4f0
Certificate serial:       018FE1C1879A2A8334D55976A77A20C46AB6
Authority key identifier: 65:06:09:66:95:F7:E6:61:0B:19:B0:8E:1D:7F:D9:C4:D9:14:A4:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZQYJZpX35mELGbCOHX_ZxNkUpPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/kCluYn7nqoHH4SSOepPfvh-y1yk.roa
Signing time:             Tue 04 Jun 2024 05:38:27 +0000
ROA not before:           Tue 04 Jun 2024 05:38:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21473
IP address blocks:        94.176.168.0/22 maxlen: 22
                          185.142.8.0/22 maxlen: 22
                          2a07:2800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/ZQYJZpX35mELGbCOHX_ZxNkUpPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/ZQYJZpX35mELGbCOHX_ZxNkUpPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZQYJZpX35mELGbCOHX_ZxNkUpPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e1:c1:87:9a:2a:83:34:d5:59:76:a7:7a:20:c4:6a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6506096695f7e6610b19b08e1d7fd9c4d914a4f0
        Validity
            Not Before: Jun  4 05:38:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90296e627ee7aa81c7e1248e7a93dfbe1fb2d729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:86:b8:85:60:a8:87:41:2c:25:5c:25:44:5a:
                    7c:dd:76:4d:b7:70:94:d8:b6:7c:3a:cf:05:58:36:
                    f4:f2:f6:dc:b6:af:73:25:38:91:dd:8f:a9:00:db:
                    cf:db:3a:b3:71:11:80:1a:5a:54:c3:f9:54:b7:2b:
                    ea:3c:86:92:20:f0:6b:8c:c7:60:77:5e:0c:49:d1:
                    75:0f:0c:62:dc:02:b0:b0:48:9d:2d:7b:2c:46:f9:
                    95:da:4a:6c:f6:ae:f7:2e:8f:58:b2:0a:3e:c2:e8:
                    3d:3e:22:b0:15:0a:0c:71:e6:e4:fb:c4:b8:17:07:
                    58:78:70:b7:24:70:17:1f:68:bf:ce:6c:bf:8b:c3:
                    63:9b:aa:c4:f1:1e:9f:97:b7:cd:9c:29:03:03:68:
                    6f:b2:c7:bb:85:81:5f:53:25:cd:92:fb:6f:5c:a1:
                    b1:7f:84:18:e7:d8:0c:d0:d4:ea:75:f8:64:5d:3c:
                    56:26:e7:c0:eb:7e:42:68:7d:9f:36:56:a9:c5:4b:
                    ab:c5:80:70:84:78:06:6e:32:de:74:aa:98:5b:c7:
                    95:3c:c8:61:95:a1:6d:72:60:c4:f1:76:6a:26:70:
                    07:ac:f7:c5:45:64:ca:a6:db:7d:f5:5b:22:85:9a:
                    7d:09:3f:ee:07:14:52:db:9f:01:bb:4a:6e:85:02:
                    da:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:29:6E:62:7E:E7:AA:81:C7:E1:24:8E:7A:93:DF:BE:1F:B2:D7:29
            X509v3 Authority Key Identifier:
                keyid:65:06:09:66:95:F7:E6:61:0B:19:B0:8E:1D:7F:D9:C4:D9:14:A4:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZQYJZpX35mELGbCOHX_ZxNkUpPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/kCluYn7nqoHH4SSOepPfvh-y1yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/f5baa4-f670-4385-bc38-a4152558d18c/1/ZQYJZpX35mELGbCOHX_ZxNkUpPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.168.0/22
                  185.142.8.0/22
                IPv6:
                  2a07:2800::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:a1:5c:60:cf:4d:68:5e:67:fa:09:0b:37:2b:aa:d8:bf:13:
         63:fb:d3:60:d2:53:98:f7:64:4e:81:6a:b5:bb:01:79:5b:5b:
         57:ad:91:74:b5:06:00:11:a6:08:30:f1:21:c6:e9:36:d2:08:
         7b:28:12:b9:b8:71:c5:dd:78:10:f2:dc:7d:c6:24:18:1f:3d:
         6c:94:02:b3:4c:dc:9c:b1:01:45:34:ba:9e:66:c9:d4:c9:7e:
         98:b3:f1:e8:10:e8:35:00:e6:91:38:f2:b9:61:86:ee:b6:8e:
         e2:bd:e6:f2:30:55:5b:27:48:e5:a4:0e:5b:41:7c:69:ac:a3:
         cd:15:41:5d:76:c9:b8:88:48:c1:71:5c:fc:1f:67:21:6e:c6:
         98:46:18:c4:dd:1a:73:2c:10:69:eb:ef:e6:1a:82:41:c4:da:
         e0:29:ef:83:78:11:27:7a:37:2d:ae:bb:7d:f9:f1:70:7e:a4:
         58:82:c6:35:c7:ea:d3:64:df:8f:db:40:3e:c8:96:53:45:95:
         fa:46:33:0d:79:d6:91:d6:6f:bd:d6:34:3d:07:30:f7:35:b2:
         5a:1a:d4:bc:01:ab:7b:2f:9f:10:a0:61:61:14:d6:24:41:a9:
         e5:c6:56:83:21:fb:bb:9d:ce:c4:fc:73:47:63:de:20:b9:d3:
         49:cf:d7:88
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY/hwYeaKoM01Vl2p3ogxGq2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MDYwOTY2OTVmN2U2NjEwYjE5YjA4ZTFkN2ZkOWM0ZDkx
NGE0ZjAwHhcNMjQwNjA0MDUzODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDI5NmU2MjdlZTdhYTgxYzdlMTI0OGU3YTkzZGZiZTFmYjJkNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYa4hWCoh0EsJVwlRFp83XZNt3CU
2LZ8Os8FWDb08vbctq9zJTiR3Y+pANvP2zqzcRGAGlpUw/lUtyvqPIaSIPBrjMdg
d14MSdF1Dwxi3AKwsEidLXssRvmV2kps9q73Lo9Ysgo+wug9PiKwFQoMcebk+8S4
FwdYeHC3JHAXH2i/zmy/i8Njm6rE8R6fl7fNnCkDA2hvsse7hYFfUyXNkvtvXKGx
f4QY59gM0NTqdfhkXTxWJufA635CaH2fNlapxUurxYBwhHgGbjLedKqYW8eVPMhh
laFtcmDE8XZqJnAHrPfFRWTKptt99VsihZp9CT/uBxRS258Bu0puhQLaRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJApbmJ+56qBx+EkjnqT374fstcpMB8GA1UdIwQY
MBaAFGUGCWaV9+ZhCxmwjh1/2cTZFKTwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlFZSlpwWDM1bUVMR2JDT0hYX1p4TmtVcFBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9mNWJhYTQtZjY3MC00Mzg1LWJjMzgt
YTQxNTI1NThkMThjLzEva0NsdVluN25xb0hINFNTT2VwUGZ2aC15MXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9mNWJhYTQtZjY3MC00Mzg1LWJjMzgtYTQxNTI1NThkMThj
LzEvWlFZSlpwWDM1bUVMR2JDT0hYX1p4TmtVcFBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCXrCoAwQC
uY4IMA0EAgACMAcDBQMqBygAMA0GCSqGSIb3DQEBCwUAA4IBAQCQoVxgz01oXmf6
CQs3K6rYvxNj+9Ng0lOY92ROgWq1uwF5W1tXrZF0tQYAEaYIMPEhxuk20gh7KBK5
uHHF3XgQ8tx9xiQYHz1slAKzTNycsQFFNLqeZsnUyX6Ys/HoEOg1AOaROPK5YYbu
to7ivebyMFVbJ0jlpA5bQXxprKPNFUFddsm4iEjBcVz8H2chbsaYRhjE3RpzLBBp
6+/mGoJBxNrgKe+DeBEnejctrrt9+fFwfqRYgsY1x+rTZN+P20A+yJZTRZX6RjMN
edaR1m+91jQ9BzD3NbJaGtS8Aat7L58QoGFhFNYkQanlxlaDIfu7nc7E/HNHY94g
udNJz9eI
-----END CERTIFICATE-----