Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2de158-b19a-49eb-a6ec-284ea425e405/1/cBz_sRQynCbyckXVJcll-kLy3ps.roa
File:                     cBz_sRQynCbyckXVJcll-kLy3ps.roa (raw, json)
Hash identifier:          RNGhL8+9CctMB8QTeJRUOo4oXE7iUKLUP5FIGjzRKYU=
Subject key identifier:   70:1C:FF:B1:14:32:9C:26:F2:72:45:D5:25:C9:65:FA:42:F2:DE:9B
Certificate issuer:       /CN=9e18aee8fe70354f75ea6dabf89ed8f94b6a1e58
Certificate serial:       018CC348C149B2470B56B38FDE5691381B42
Authority key identifier: 9E:18:AE:E8:FE:70:35:4F:75:EA:6D:AB:F8:9E:D8:F9:4B:6A:1E:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhiu6P5wNU916m2r-J7Y-UtqHlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2de158-b19a-49eb-a6ec-284ea425e405/1/cBz_sRQynCbyckXVJcll-kLy3ps.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59950
IP address blocks:        212.6.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2de158-b19a-49eb-a6ec-284ea425e405/1/nhiu6P5wNU916m2r-J7Y-UtqHlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2de158-b19a-49eb-a6ec-284ea425e405/1/nhiu6P5wNU916m2r-J7Y-UtqHlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhiu6P5wNU916m2r-J7Y-UtqHlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c1:49:b2:47:0b:56:b3:8f:de:56:91:38:1b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e18aee8fe70354f75ea6dabf89ed8f94b6a1e58
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=701cffb114329c26f27245d525c965fa42f2de9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:26:b0:02:e7:57:c8:74:1c:fa:fd:e7:f4:7a:
                    73:40:98:c1:04:e3:04:f0:b3:7a:0b:e1:e2:44:91:
                    fd:f2:0e:d5:48:a4:66:92:b2:9f:1e:74:ca:55:ce:
                    33:cb:0f:8f:b0:38:33:e4:40:6f:c0:54:a6:5e:8e:
                    57:23:d3:e0:a8:2b:5c:1f:b0:53:42:81:f6:b2:0c:
                    f8:11:48:17:85:3b:3b:be:20:52:7d:38:68:ee:81:
                    38:97:cd:a1:bd:51:bf:d1:42:cf:98:37:94:90:d3:
                    d8:8f:fd:7d:13:c4:5e:ab:0d:8b:ea:11:29:2e:e7:
                    35:eb:fc:4a:56:1c:a7:84:c7:29:83:e0:54:7e:c4:
                    6f:8a:1b:74:74:17:43:55:d6:7d:3f:63:23:0a:33:
                    e0:bf:b2:e9:18:e8:2e:e9:9b:ca:bb:ab:e0:4e:03:
                    22:9c:6c:6a:79:f3:b5:90:12:50:1e:68:bb:3d:96:
                    c2:1e:93:cf:54:4f:0f:49:a3:ad:87:9d:4b:53:e1:
                    ba:eb:b6:40:3e:e6:6d:16:4b:f4:c9:a4:2c:ba:bd:
                    e4:e5:77:c9:9d:a0:f5:a7:22:1d:1e:4e:2a:96:16:
                    46:54:e6:55:0c:6f:7d:9a:e4:4a:3a:e4:5c:23:f2:
                    65:ae:02:b8:29:56:b7:b8:0d:cc:fc:08:ad:93:da:
                    94:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:1C:FF:B1:14:32:9C:26:F2:72:45:D5:25:C9:65:FA:42:F2:DE:9B
            X509v3 Authority Key Identifier:
                keyid:9E:18:AE:E8:FE:70:35:4F:75:EA:6D:AB:F8:9E:D8:F9:4B:6A:1E:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhiu6P5wNU916m2r-J7Y-UtqHlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2de158-b19a-49eb-a6ec-284ea425e405/1/cBz_sRQynCbyckXVJcll-kLy3ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2de158-b19a-49eb-a6ec-284ea425e405/1/nhiu6P5wNU916m2r-J7Y-UtqHlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:f5:07:16:d2:b0:b0:9a:c9:d9:6e:a7:15:13:68:56:e9:02:
         b6:d2:1e:2c:ae:4a:d3:70:60:1b:1a:5f:c6:d3:53:44:52:54:
         f4:a7:10:5b:a5:4a:32:10:15:46:1c:8c:5b:86:93:4b:1b:a0:
         15:39:cb:65:64:ad:97:a7:73:f7:7f:21:31:11:f2:ba:40:9e:
         33:3e:49:d4:0b:5c:65:3a:5d:ee:dc:57:cc:38:57:c9:62:bd:
         3d:ac:fb:e0:23:58:37:c5:82:ce:86:b2:b5:c2:32:3d:1a:10:
         31:8e:8b:fe:c5:b9:0b:2d:54:ef:4b:ae:1c:0b:6e:12:f3:ec:
         37:4b:96:37:a2:31:ec:51:48:5b:0a:05:19:cb:16:29:a9:82:
         d2:a4:75:f7:92:a9:dd:54:e1:31:88:df:c1:6f:cd:28:d4:f3:
         84:e1:f2:9f:14:06:ae:b6:70:1d:08:2d:f8:78:c2:57:73:e2:
         fc:2e:76:06:0b:32:b6:c5:16:f9:90:71:d7:e4:e4:f8:fe:df:
         8f:22:d0:54:cf:3e:bb:f7:3d:3b:7f:27:9d:a4:3c:e0:85:30:
         9b:2a:0d:92:90:cb:b4:fa:89:e3:80:a0:fd:0c:5b:64:07:8c:
         2f:0f:d4:fc:fa:f4:9d:70:73:36:6c:c5:b2:bd:44:e0:67:61:
         7d:45:57:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMFJskcLVrOP3laROBtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMThhZWU4ZmU3MDM1NGY3NWVhNmRhYmY4OWVkOGY5NGI2
YTFlNTgwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFjZmZiMTE0MzI5YzI2ZjI3MjQ1ZDUyNWM5NjVmYTQyZjJkZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniawAudXyHQc+v3n9HpzQJjBBOME
8LN6C+HiRJH98g7VSKRmkrKfHnTKVc4zyw+PsDgz5EBvwFSmXo5XI9PgqCtcH7BT
QoH2sgz4EUgXhTs7viBSfTho7oE4l82hvVG/0ULPmDeUkNPYj/19E8Reqw2L6hEp
Luc16/xKVhynhMcpg+BUfsRviht0dBdDVdZ9P2MjCjPgv7LpGOgu6ZvKu6vgTgMi
nGxqefO1kBJQHmi7PZbCHpPPVE8PSaOth51LU+G667ZAPuZtFkv0yaQsur3k5XfJ
naD1pyIdHk4qlhZGVOZVDG99muRKOuRcI/JlrgK4KVa3uA3M/Aitk9qUFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAc/7EUMpwm8nJF1SXJZfpC8t6bMB8GA1UdIwQY
MBaAFJ4Yruj+cDVPdeptq/ie2PlLah5YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhpdTZQNXdOVTkxNm0yci1KN1ktVXRxSGxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yZGUxNTgtYjE5YS00OWViLWE2ZWMt
Mjg0ZWE0MjVlNDA1LzEvY0J6X3NSUXluQ2J5Y2tYVkpjbGwta0x5M3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yZGUxNTgtYjE5YS00OWViLWE2ZWMtMjg0ZWE0MjVlNDA1
LzEvbmhpdTZQNXdOVTkxNm0yci1KN1ktVXRxSGxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1AYwMA0G
CSqGSIb3DQEBCwUAA4IBAQAj9QcW0rCwmsnZbqcVE2hW6QK20h4srkrTcGAbGl/G
01NEUlT0pxBbpUoyEBVGHIxbhpNLG6AVOctlZK2Xp3P3fyExEfK6QJ4zPknUC1xl
Ol3u3FfMOFfJYr09rPvgI1g3xYLOhrK1wjI9GhAxjov+xbkLLVTvS64cC24S8+w3
S5Y3ojHsUUhbCgUZyxYpqYLSpHX3kqndVOExiN/Bb80o1POE4fKfFAautnAdCC34
eMJXc+L8LnYGCzK2xRb5kHHX5OT4/t+PItBUzz679z07fyedpDzghTCbKg2SkMu0
+onjgKD9DFtkB4wvD9T8+vSdcHM2bMWyvUTgZ2F9RVfK
-----END CERTIFICATE-----