Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/u2iF4C6V5cUyU-sxZd_oDZu0ufU.roa
File:                     u2iF4C6V5cUyU-sxZd_oDZu0ufU.roa (raw, json)
Hash identifier:          rh6p4kUmcmaRa9jfZsU0Bhn4KelUJX2aa448V7kWKaQ=
Subject key identifier:   BB:68:85:E0:2E:95:E5:C5:32:53:EB:31:65:DF:E8:0D:9B:B4:B9:F5
Certificate issuer:       /CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
Certificate serial:       018E3C17A0EEB4ED49338D192D70E02E40EF
Authority key identifier: B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/u2iF4C6V5cUyU-sxZd_oDZu0ufU.roa
Signing time:             Thu 14 Mar 2024 08:32:45 +0000
ROA not before:           Thu 14 Mar 2024 08:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        217.145.160.0/20 maxlen: 24
                          217.145.162.0/24 maxlen: 24
                          217.145.164.0/24 maxlen: 24
                          217.145.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3c:17:a0:ee:b4:ed:49:33:8d:19:2d:70:e0:2e:40:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
        Validity
            Not Before: Mar 14 08:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb6885e02e95e5c53253eb3165dfe80d9bb4b9f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:57:3d:e4:36:76:4c:7f:14:e4:11:6d:54:a5:
                    f0:b0:8e:80:4c:d7:46:9d:39:1d:53:c8:03:25:90:
                    ac:81:b3:01:60:64:95:e0:f7:25:41:21:d5:d5:ee:
                    25:be:5d:3c:89:9c:44:a8:1b:51:ac:2f:c7:14:80:
                    91:c1:c9:c7:1c:e6:8f:bc:6e:ac:c4:a3:e8:22:34:
                    71:28:cc:ee:b3:84:18:ce:cb:82:91:91:f1:8c:2d:
                    45:77:b2:51:f7:a0:96:62:69:c2:05:6d:6e:c5:60:
                    3f:45:8a:ef:12:7f:d0:5f:48:7a:02:96:52:9c:f1:
                    3f:8e:7a:ea:10:9d:e5:1c:89:25:d3:46:e7:af:d6:
                    dd:06:f5:5a:a7:ee:b8:c5:31:66:74:20:bd:a5:70:
                    ac:84:40:cf:06:21:fb:37:cc:f9:a9:95:76:c4:d8:
                    27:02:a1:01:05:ee:96:73:ef:8f:9c:cf:67:55:b8:
                    e4:ba:8c:59:5a:fc:40:f2:86:e3:08:5d:b5:8b:2b:
                    4f:2e:8c:96:57:43:d8:17:ae:37:76:06:02:73:78:
                    85:dc:5a:5f:71:3f:b4:7d:c2:a0:15:c8:2c:35:a6:
                    19:ef:f4:08:e5:4f:10:b5:be:3c:1f:43:62:02:3b:
                    1f:d4:bd:df:1d:5b:55:dc:11:90:a9:f5:9c:56:54:
                    7d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:68:85:E0:2E:95:E5:C5:32:53:EB:31:65:DF:E8:0D:9B:B4:B9:F5
            X509v3 Authority Key Identifier:
                keyid:B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/u2iF4C6V5cUyU-sxZd_oDZu0ufU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:54:39:ad:b7:46:17:55:ac:95:a3:c6:ee:a5:d6:f9:7f:36:
         03:f7:93:67:ca:cc:28:81:0b:fb:2e:7d:8e:8a:06:08:40:d6:
         a1:38:c5:2d:de:a3:50:44:21:d4:ea:77:d7:7d:6c:60:bc:e8:
         1a:21:1c:ef:4b:e2:95:3a:39:13:9e:b5:a7:57:b6:15:11:2d:
         28:16:29:8c:eb:b4:6f:72:d9:1c:ac:45:91:92:18:3c:7c:6e:
         62:1b:f3:9e:fa:da:af:f5:d6:fd:e8:36:8a:4b:56:6b:cc:ed:
         c4:e9:28:27:8c:de:07:88:0a:5a:5d:d8:98:a9:73:da:99:ab:
         f5:29:27:62:a6:97:f5:9d:fb:70:c6:72:27:96:ee:09:1d:ee:
         ce:45:b6:c8:97:65:91:b0:ab:a7:60:b5:87:4d:68:e2:01:01:
         8f:6c:d7:e9:d6:a7:6f:4e:e9:2e:e7:1d:18:8a:40:1b:da:40:
         02:a8:19:58:3e:e4:3c:8f:94:22:0d:c7:41:cd:62:b8:aa:d0:
         04:21:8a:ad:1e:92:47:49:da:7c:51:b8:82:e1:4d:bc:27:24:
         c0:82:71:1b:ab:a2:13:d2:64:d5:07:b6:a5:84:ff:48:63:b4:
         4f:36:a1:11:c1:31:9e:5e:86:05:1e:a7:d1:d4:63:5e:4a:17:
         bf:48:74:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY48F6DutO1JM40ZLXDgLkDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZWQxZDYwNjZmNGU0NjU0ZWY1ZjNjYzcwYTVkOTA1YTlh
ZjgyOTAwHhcNMjQwMzE0MDgzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjY4ODVlMDJlOTVlNWM1MzI1M2ViMzE2NWRmZTgwZDliYjRiOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFc95DZ2TH8U5BFtVKXwsI6ATNdG
nTkdU8gDJZCsgbMBYGSV4PclQSHV1e4lvl08iZxEqBtRrC/HFICRwcnHHOaPvG6s
xKPoIjRxKMzus4QYzsuCkZHxjC1Fd7JR96CWYmnCBW1uxWA/RYrvEn/QX0h6ApZS
nPE/jnrqEJ3lHIkl00bnr9bdBvVap+64xTFmdCC9pXCshEDPBiH7N8z5qZV2xNgn
AqEBBe6Wc++PnM9nVbjkuoxZWvxA8objCF21iytPLoyWV0PYF643dgYCc3iF3Fpf
cT+0fcKgFcgsNaYZ7/QI5U8Qtb48H0NiAjsf1L3fHVtV3BGQqfWcVlR9twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtoheAuleXFMlPrMWXf6A2btLn1MB8GA1UdIwQY
MBaAFLLtHWBm9ORlTvXzzHCl2QWpr4KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYt
NDZiNDZmYzBlNDk2LzEvdTJpRjRDNlY1Y1V5VS1zeFpkX29EWnUwdWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYtNDZiNDZmYzBlNDk2
LzEvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZGgMA0G
CSqGSIb3DQEBCwUAA4IBAQBjVDmtt0YXVayVo8bupdb5fzYD95NnyswogQv7Ln2O
igYIQNahOMUt3qNQRCHU6nfXfWxgvOgaIRzvS+KVOjkTnrWnV7YVES0oFimM67Rv
ctkcrEWRkhg8fG5iG/Oe+tqv9db96DaKS1ZrzO3E6SgnjN4HiApaXdiYqXPamav1
KSdippf1nftwxnInlu4JHe7ORbbIl2WRsKunYLWHTWjiAQGPbNfp1qdvTuku5x0Y
ikAb2kACqBlYPuQ8j5QiDcdBzWK4qtAEIYqtHpJHSdp8UbiC4U28JyTAgnEbq6IT
0mTVB7alhP9IY7RPNqERwTGeXoYFHqfR1GNeShe/SHSP
-----END CERTIFICATE-----