Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/z6EZwvb3PIBa6HVxMUA6MLzzdEo.roa
File:                     z6EZwvb3PIBa6HVxMUA6MLzzdEo.roa (raw, json)
Hash identifier:          vEzHs2Ej61iBsL+QcUEDJqXuDHeeKlArrHDNs2p1fO0=
Subject key identifier:   CF:A1:19:C2:F6:F7:3C:80:5A:E8:75:71:31:40:3A:30:BC:F3:74:4A
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC79453D6EFE74F38D43E03742F7A3F2A
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/z6EZwvb3PIBa6HVxMUA6MLzzdEo.roa
Signing time:             Tue 02 Jan 2024 00:30:35 +0000
ROA not before:           Tue 02 Jan 2024 00:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56616
IP address blocks:        2.188.168.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:53:d6:ef:e7:4f:38:d4:3e:03:74:2f:7a:3f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfa119c2f6f73c805ae8757131403a30bcf3744a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:34:8d:b8:c9:c5:a9:e6:81:cd:ad:95:de:21:
                    30:1a:b1:0c:cc:78:20:b8:7e:64:7f:a9:6e:ba:17:
                    cd:b8:ea:67:ce:fd:b7:bb:40:2a:40:94:b2:4f:d3:
                    db:b5:5a:ad:83:d7:3b:66:e2:7c:3c:6d:0b:04:72:
                    29:6e:0d:db:0c:75:e6:36:ec:57:72:11:f1:97:3a:
                    a0:20:07:73:4e:f7:f0:d5:1d:d4:6f:86:2e:f3:4e:
                    06:31:75:ec:9e:91:54:04:04:db:0a:e8:10:6c:91:
                    69:ba:a0:a8:a2:2e:b2:49:05:3d:45:b8:3e:09:37:
                    62:20:dd:6c:6e:67:a2:d6:9b:77:a4:3e:8b:ca:56:
                    23:cb:62:fb:82:d4:03:6d:d0:b1:d3:ea:bd:52:77:
                    e8:7a:8b:b0:c8:53:58:a8:5d:d2:10:54:aa:32:a2:
                    b9:f6:96:ac:17:a0:7a:90:43:04:93:c7:e9:46:b1:
                    e9:43:e9:e5:23:2b:3b:9b:a7:42:ed:e4:8c:b0:ff:
                    43:b4:a5:ee:30:9f:01:12:99:4e:48:00:4b:a6:0f:
                    dd:d9:dc:cd:10:a7:b1:30:d7:f7:b2:52:11:ba:6b:
                    cf:4c:18:60:af:f0:8d:6f:e4:ab:87:84:d5:ef:70:
                    3e:27:7a:92:20:42:4d:3e:fd:17:f7:99:2e:12:51:
                    ad:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A1:19:C2:F6:F7:3C:80:5A:E8:75:71:31:40:3A:30:BC:F3:74:4A
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/z6EZwvb3PIBa6HVxMUA6MLzzdEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3f:23:ac:23:6e:eb:82:6e:2a:67:6d:d5:ce:69:37:64:84:2c:
         a1:31:d0:b5:42:ca:60:ea:cf:b3:93:1c:99:af:1a:9a:71:c5:
         81:90:32:77:32:51:ba:8d:45:ef:8c:b5:4c:5f:6f:0f:9e:35:
         8f:c1:3e:02:ba:48:3a:e5:0a:fb:4c:cc:76:51:9a:81:d3:73:
         6a:06:0b:93:42:46:27:f5:a6:19:da:cb:d4:61:64:39:ce:73:
         26:f4:bb:dc:6a:bc:9c:56:af:37:33:fb:b3:11:31:2c:8c:88:
         3d:2f:8f:a8:09:b1:57:d5:e3:a2:4f:ea:10:c8:f5:a0:da:24:
         2f:cd:fd:5c:0a:51:a8:f2:3d:14:b1:ec:2d:30:cb:c0:2c:ca:
         03:24:2a:d9:ba:25:f9:ea:89:ab:74:08:52:29:b7:da:bf:e2:
         18:11:b1:68:29:f2:71:fc:fe:31:b8:81:2e:3d:bb:49:49:97:
         4a:ca:87:b4:c6:f2:58:ca:89:86:31:3a:b1:84:0d:c0:64:2f:
         63:ff:92:af:56:8a:d1:a6:12:ef:61:ad:0f:33:ab:cb:92:b8:
         c6:7d:22:72:62:89:d5:79:c7:bf:b1:f5:67:45:32:da:98:bb:
         d0:17:6d:6b:e9:2d:77:71:ea:0c:18:50:0e:0f:85:fc:8f:47:
         9b:4d:8f:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFPW7+dPONQ+A3Qvej8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmExMTljMmY2ZjczYzgwNWFlODc1NzEzMTQwM2EzMGJjZjM3NDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjSNuMnFqeaBza2V3iEwGrEMzHgg
uH5kf6luuhfNuOpnzv23u0AqQJSyT9PbtVqtg9c7ZuJ8PG0LBHIpbg3bDHXmNuxX
chHxlzqgIAdzTvfw1R3Ub4Yu804GMXXsnpFUBATbCugQbJFpuqCooi6ySQU9Rbg+
CTdiIN1sbmei1pt3pD6LylYjy2L7gtQDbdCx0+q9UnfoeouwyFNYqF3SEFSqMqK5
9pasF6B6kEMEk8fpRrHpQ+nlIys7m6dC7eSMsP9DtKXuMJ8BEplOSABLpg/d2dzN
EKexMNf3slIRumvPTBhgr/CNb+Srh4TV73A+J3qSIEJNPv0X95kuElGt3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+hGcL29zyAWuh1cTFAOjC883RKMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvejZFWnd2YjNQSUJhNkhWeE1VQTZNTHp6ZEVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDAryoMA0G
CSqGSIb3DQEBCwUAA4IBAQA/I6wjbuuCbipnbdXOaTdkhCyhMdC1Qspg6s+zkxyZ
rxqaccWBkDJ3MlG6jUXvjLVMX28PnjWPwT4Cukg65Qr7TMx2UZqB03NqBguTQkYn
9aYZ2svUYWQ5znMm9LvcarycVq83M/uzETEsjIg9L4+oCbFX1eOiT+oQyPWg2iQv
zf1cClGo8j0UsewtMMvALMoDJCrZuiX56omrdAhSKbfav+IYEbFoKfJx/P4xuIEu
PbtJSZdKyoe0xvJYyomGMTqxhA3AZC9j/5KvVorRphLvYa0PM6vLkrjGfSJyYonV
ece/sfVnRTLamLvQF21r6S13ceoMGFAOD4X8j0ebTY/H
-----END CERTIFICATE-----