Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/tLSmGNwaoHcquuk5kh18O6FNL8g.roa
File:                     tLSmGNwaoHcquuk5kh18O6FNL8g.roa (raw, json)
Hash identifier:          byO+upBAOxVd2u4ZvF0NHJSZRtP84gAbarEhqUbU+6w=
Subject key identifier:   B4:B4:A6:18:DC:1A:A0:77:2A:BA:E9:39:92:1D:7C:3B:A1:4D:2F:C8
Certificate issuer:       /CN=fd74deb4184426fa62225b6120c36706f737b8e2
Certificate serial:       018CC7951CEF46F9F6A1CB723CF5528FEC60
Authority key identifier: FD:74:DE:B4:18:44:26:FA:62:22:5B:61:20:C3:67:06:F7:37:B8:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_XTetBhEJvpiIlthIMNnBvc3uOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/tLSmGNwaoHcquuk5kh18O6FNL8g.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47616
IP address blocks:        160.40.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/_XTetBhEJvpiIlthIMNnBvc3uOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/_XTetBhEJvpiIlthIMNnBvc3uOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_XTetBhEJvpiIlthIMNnBvc3uOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1c:ef:46:f9:f6:a1:cb:72:3c:f5:52:8f:ec:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd74deb4184426fa62225b6120c36706f737b8e2
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4b4a618dc1aa0772abae939921d7c3ba14d2fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ef:a1:e7:33:55:c9:88:aa:5f:13:68:87:ba:
                    7f:9d:b7:2e:fa:ec:82:ea:51:35:ba:1a:6a:d6:fe:
                    4b:70:f6:d1:6a:9d:a2:02:cd:80:8c:c3:73:09:66:
                    b2:26:7f:13:19:c8:8f:f5:81:73:55:56:16:2b:f8:
                    8f:df:60:34:1a:cc:20:ae:3d:66:40:cf:c5:ef:e1:
                    3d:b7:94:04:e8:7e:44:ad:ba:70:36:dd:a4:1f:9d:
                    c8:40:b0:5b:80:e6:d2:f9:ea:f1:14:4a:8c:88:f1:
                    84:1f:2f:b6:09:f8:a6:8c:13:a6:61:7e:e0:8c:d2:
                    1d:b2:96:83:c6:15:82:40:44:ff:b6:b2:da:7e:e1:
                    9e:cc:3f:a7:73:e4:c5:3c:e8:39:38:ed:40:81:50:
                    a8:11:ce:1e:c8:31:12:bf:1e:06:b4:2f:39:35:26:
                    b8:d7:d4:7b:a1:86:95:92:ec:d1:90:0b:3f:21:87:
                    6d:92:73:8c:96:ad:6d:c5:97:c4:7b:a8:ea:40:b4:
                    7f:b7:b3:75:61:64:df:51:d1:cc:4f:00:02:a5:00:
                    68:ed:be:5f:82:82:db:8d:f2:09:81:40:89:fd:86:
                    38:b1:4c:ef:c8:fd:69:8a:73:5e:f4:5f:b9:83:b7:
                    0c:1e:c3:a4:b0:35:c4:a4:11:06:5c:7c:ca:57:0c:
                    6c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B4:A6:18:DC:1A:A0:77:2A:BA:E9:39:92:1D:7C:3B:A1:4D:2F:C8
            X509v3 Authority Key Identifier:
                keyid:FD:74:DE:B4:18:44:26:FA:62:22:5B:61:20:C3:67:06:F7:37:B8:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_XTetBhEJvpiIlthIMNnBvc3uOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/tLSmGNwaoHcquuk5kh18O6FNL8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/_XTetBhEJvpiIlthIMNnBvc3uOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:7e:fe:f9:c4:ed:14:b7:6b:2d:a8:d1:75:0e:76:9a:45:ee:
         a1:45:a9:81:98:3d:2b:e1:70:24:98:2e:86:23:5a:b7:21:6a:
         f0:17:37:c1:95:3b:71:7a:56:18:d3:d5:70:19:77:74:60:b0:
         af:4c:d6:26:8b:a2:1c:e9:03:29:2e:37:73:9f:89:c5:0e:9a:
         56:d4:9b:a1:d2:1d:41:3b:f6:93:40:85:9c:a9:b6:c3:0d:ad:
         a7:c3:44:ed:d8:ce:b2:2b:3b:38:e0:08:36:8b:d8:29:ee:d6:
         a4:f3:40:94:7f:ce:84:38:54:c2:5c:9c:4c:0b:1b:ed:e8:a6:
         55:47:6b:cd:de:06:f6:04:68:4f:44:53:02:55:be:fb:f9:2b:
         33:29:c5:56:b1:c4:e0:7f:90:37:81:dd:4d:f4:34:06:c5:63:
         90:9f:33:35:76:4e:c4:53:a8:e7:21:50:e9:b8:6b:51:81:81:
         b6:94:55:2c:cf:31:5e:ed:d1:aa:e3:df:bc:bb:f0:c7:3d:5b:
         08:65:47:66:de:49:55:bf:51:55:c8:76:ae:96:7d:a1:7c:b5:
         96:48:46:c4:a6:e9:37:b4:5e:0d:8f:9e:8e:f8:73:8b:31:e6:
         45:8f:29:d3:10:a2:f7:eb:d3:c6:e5:f1:29:1a:1f:1f:97:b0:
         31:fd:86:43
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHlRzvRvn2octyPPVSj+xgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNzRkZWI0MTg0NDI2ZmE2MjIyNWI2MTIwYzM2NzA2Zjcz
N2I4ZTIwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGI0YTYxOGRjMWFhMDc3MmFiYWU5Mzk5MjFkN2MzYmExNGQyZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO+h5zNVyYiqXxNoh7p/nbcu+uyC
6lE1uhpq1v5LcPbRap2iAs2AjMNzCWayJn8TGciP9YFzVVYWK/iP32A0Gswgrj1m
QM/F7+E9t5QE6H5ErbpwNt2kH53IQLBbgObS+erxFEqMiPGEHy+2CfimjBOmYX7g
jNIdspaDxhWCQET/trLafuGezD+nc+TFPOg5OO1AgVCoEc4eyDESvx4GtC85NSa4
19R7oYaVkuzRkAs/IYdtknOMlq1txZfEe6jqQLR/t7N1YWTfUdHMTwACpQBo7b5f
goLbjfIJgUCJ/YY4sUzvyP1pinNe9F+5g7cMHsOksDXEpBEGXHzKVwxsCQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLS0phjcGqB3KrrpOZIdfDuhTS/IMB8GA1UdIwQY
MBaAFP103rQYRCb6YiJbYSDDZwb3N7jiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1hUZXRCaEVKdnBpSWx0aElNTm5CdmMzdU9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODQ5MWYtYjA0ZC00YjBkLTkwN2It
ZDU3MDVhZTM3MDE0LzEvdExTbUdOd2FvSGNxdXVrNWtoMThPNkZOTDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODQ5MWYtYjA0ZC00YjBkLTkwN2ItZDU3MDVhZTM3MDE0
LzEvX1hUZXRCaEVKdnBpSWx0aElNTm5CdmMzdU9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoCgwDQYJ
KoZIhvcNAQELBQADggEBAKh+/vnE7RS3ay2o0XUOdppF7qFFqYGYPSvhcCSYLoYj
WrchavAXN8GVO3F6VhjT1XAZd3RgsK9M1iaLohzpAykuN3OficUOmlbUm6HSHUE7
9pNAhZyptsMNrafDRO3YzrIrOzjgCDaL2Cnu1qTzQJR/zoQ4VMJcnEwLG+3oplVH
a83eBvYEaE9EUwJVvvv5KzMpxVaxxOB/kDeB3U30NAbFY5CfMzV2TsRTqOchUOm4
a1GBgbaUVSzPMV7t0arj37y78Mc9WwhlR2beSVW/UVXIdq6WfaF8tZZIRsSm6Te0
Xg2Pno74c4sx5kWPKdMQovfr08bl8SkaHx+XsDH9hkM=
-----END CERTIFICATE-----