Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/326bbc-d061-4af1-8964-41d79efb49a9/1/brCh7kffdYNzOeyTzGOpf5czQZ0.roa
File:                     brCh7kffdYNzOeyTzGOpf5czQZ0.roa (raw, json)
Hash identifier:          opBVlzxehQviGzufAVbIiCa0q4+W2sh5BKRFJ8O7jSo=
Subject key identifier:   6E:B0:A1:EE:47:DF:75:83:73:39:EC:93:CC:63:A9:7F:97:33:41:9D
Certificate issuer:       /CN=99efbb2b1653422837937dd27de354e68f9e01a3
Certificate serial:       018CC424705CC91C04CF0F794CF14A249715
Authority key identifier: 99:EF:BB:2B:16:53:42:28:37:93:7D:D2:7D:E3:54:E6:8F:9E:01:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/me-7KxZTQig3k33SfeNU5o-eAaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/326bbc-d061-4af1-8964-41d79efb49a9/1/brCh7kffdYNzOeyTzGOpf5czQZ0.roa
Signing time:             Mon 01 Jan 2024 08:29:31 +0000
ROA not before:           Mon 01 Jan 2024 08:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203676
IP address blocks:        185.137.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/326bbc-d061-4af1-8964-41d79efb49a9/1/me-7KxZTQig3k33SfeNU5o-eAaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/326bbc-d061-4af1-8964-41d79efb49a9/1/me-7KxZTQig3k33SfeNU5o-eAaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/me-7KxZTQig3k33SfeNU5o-eAaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:70:5c:c9:1c:04:cf:0f:79:4c:f1:4a:24:97:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99efbb2b1653422837937dd27de354e68f9e01a3
        Validity
            Not Before: Jan  1 08:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6eb0a1ee47df75837339ec93cc63a97f9733419d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:11:03:54:30:a6:61:a6:70:2e:ac:9a:85:f5:
                    63:8b:3c:29:32:d2:55:44:ae:fb:ef:c3:e2:bc:09:
                    54:c4:e3:85:47:27:b8:91:84:52:2d:03:9d:f0:ae:
                    ce:1f:08:4c:8a:47:c4:29:af:d0:c6:01:c9:a3:74:
                    08:88:bb:0b:60:73:d4:4e:c6:9b:08:08:6b:76:d3:
                    d6:54:2e:4c:74:c5:5f:0b:14:95:98:fc:4b:07:2a:
                    bf:f7:c8:2a:45:e9:1b:67:f7:0f:97:c6:5e:fc:97:
                    5b:59:14:c6:ab:1a:29:56:b7:da:2e:2c:b5:39:75:
                    b8:be:5c:57:cd:58:b1:8a:ac:a8:8c:f1:ab:3f:7d:
                    b7:6c:e6:bb:69:2b:f2:d6:d1:41:4e:e9:57:e6:36:
                    5d:b7:9f:c0:20:92:d9:20:46:b0:51:31:cd:c9:7d:
                    99:15:e5:7a:c2:0c:29:33:11:86:24:c9:33:5d:e9:
                    54:cf:c9:4b:b9:6f:81:41:ed:42:6d:dd:cd:41:71:
                    80:41:0a:97:c1:85:0d:51:d9:f5:47:b7:6a:e0:3e:
                    e7:fe:7b:bf:82:b8:f0:73:10:a6:db:fc:3e:79:a2:
                    ea:a4:2a:cd:a1:f0:18:47:26:a9:d1:bf:7a:5a:01:
                    7c:ec:99:e5:72:ec:03:4a:01:ef:62:6f:0f:d5:aa:
                    50:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B0:A1:EE:47:DF:75:83:73:39:EC:93:CC:63:A9:7F:97:33:41:9D
            X509v3 Authority Key Identifier:
                keyid:99:EF:BB:2B:16:53:42:28:37:93:7D:D2:7D:E3:54:E6:8F:9E:01:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/me-7KxZTQig3k33SfeNU5o-eAaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/326bbc-d061-4af1-8964-41d79efb49a9/1/brCh7kffdYNzOeyTzGOpf5czQZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/326bbc-d061-4af1-8964-41d79efb49a9/1/me-7KxZTQig3k33SfeNU5o-eAaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:9a:0d:b4:05:93:2a:3e:e6:c5:78:1e:74:3e:f8:ff:33:d4:
         7e:8b:51:56:02:8a:b4:15:40:e7:e2:7e:07:6e:b0:8e:e9:e5:
         60:0b:d5:20:8e:11:bd:fd:f4:66:cc:30:5f:22:e6:04:c1:22:
         c2:02:95:36:4b:96:00:27:a4:f8:93:a2:ef:cf:40:2b:dc:56:
         60:45:66:b1:c6:fb:db:cd:bb:ff:d6:ec:de:8b:04:f3:67:2e:
         db:fc:69:cb:52:c1:2d:42:fd:34:bb:0c:42:aa:8f:27:bb:6a:
         02:a8:3e:f2:16:6a:ff:98:cd:81:c7:f1:8c:64:ad:95:55:98:
         9c:40:5a:e0:14:b6:3e:7d:ad:db:ad:2f:ec:88:84:55:1f:7c:
         dc:af:59:03:6c:53:64:cf:02:b1:48:fd:8c:43:6a:9e:ff:1c:
         8d:1c:a6:45:98:f9:c6:3c:94:a8:d3:a7:e8:8a:81:61:24:d7:
         4f:42:e5:9b:22:ab:f5:fe:fa:12:37:50:e8:bc:5b:96:a1:59:
         2d:78:02:6e:04:a5:6f:c2:68:ff:84:70:c6:ea:b0:e6:42:ed:
         5b:dc:63:dd:27:fc:0d:9d:2c:59:cc:f3:05:23:bf:6d:ec:a6:
         90:01:30:79:9c:6f:b1:11:77:87:6a:ca:03:65:19:41:a6:43:
         aa:f4:80:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHBcyRwEzw95TPFKJJcVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZWZiYjJiMTY1MzQyMjgzNzkzN2RkMjdkZTM1NGU2OGY5
ZTAxYTMwHhcNMjQwMTAxMDgyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWIwYTFlZTQ3ZGY3NTgzNzMzOWVjOTNjYzYzYTk3Zjk3MzM0MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxEDVDCmYaZwLqyahfVjizwpMtJV
RK7778PivAlUxOOFRye4kYRSLQOd8K7OHwhMikfEKa/QxgHJo3QIiLsLYHPUTsab
CAhrdtPWVC5MdMVfCxSVmPxLByq/98gqRekbZ/cPl8Ze/JdbWRTGqxopVrfaLiy1
OXW4vlxXzVixiqyojPGrP323bOa7aSvy1tFBTulX5jZdt5/AIJLZIEawUTHNyX2Z
FeV6wgwpMxGGJMkzXelUz8lLuW+BQe1Cbd3NQXGAQQqXwYUNUdn1R7dq4D7n/nu/
grjwcxCm2/w+eaLqpCrNofAYRyap0b96WgF87JnlcuwDSgHvYm8P1apQhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6woe5H33WDcznsk8xjqX+XM0GdMB8GA1UdIwQY
MBaAFJnvuysWU0IoN5N90n3jVOaPngGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWUtN0t4WlRRaWczazMzU2ZlTlU1by1lQWFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMjZiYmMtZDA2MS00YWYxLTg5NjQt
NDFkNzllZmI0OWE5LzEvYnJDaDdrZmZkWU56T2V5VHpHT3BmNWN6UVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMjZiYmMtZDA2MS00YWYxLTg5NjQtNDFkNzllZmI0OWE5
LzEvbWUtN0t4WlRRaWczazMzU2ZlTlU1by1lQWFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYnwMA0G
CSqGSIb3DQEBCwUAA4IBAQAImg20BZMqPubFeB50Pvj/M9R+i1FWAoq0FUDn4n4H
brCO6eVgC9UgjhG9/fRmzDBfIuYEwSLCApU2S5YAJ6T4k6Lvz0Ar3FZgRWaxxvvb
zbv/1uzeiwTzZy7b/GnLUsEtQv00uwxCqo8nu2oCqD7yFmr/mM2Bx/GMZK2VVZic
QFrgFLY+fa3brS/siIRVH3zcr1kDbFNkzwKxSP2MQ2qe/xyNHKZFmPnGPJSo06fo
ioFhJNdPQuWbIqv1/voSN1DovFuWoVkteAJuBKVvwmj/hHDG6rDmQu1b3GPdJ/wN
nSxZzPMFI79t7KaQATB5nG+xEXeHasoDZRlBpkOq9IDN
-----END CERTIFICATE-----