Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/eqVWqN-iuQKvZMTXi1LEaRpKndc.roa
File:                     eqVWqN-iuQKvZMTXi1LEaRpKndc.roa (raw, json)
Hash identifier:          cjhdPIsB1745Yxm7FSEB3aJnr9qjzc0NNqLuUcPwJBI=
Subject key identifier:   7A:A5:56:A8:DF:A2:B9:02:AF:64:C4:D7:8B:52:C4:69:1A:4A:9D:D7
Certificate issuer:       /CN=8b0cd696ada8911302563ba4e442e6cfa6a28ffb
Certificate serial:       018CC500C52E56382E642C6DDE09F3202BB3
Authority key identifier: 8B:0C:D6:96:AD:A8:91:13:02:56:3B:A4:E4:42:E6:CF:A6:A2:8F:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iwzWlq2okRMCVjuk5ELmz6aij_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/eqVWqN-iuQKvZMTXi1LEaRpKndc.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        160.6.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/iwzWlq2okRMCVjuk5ELmz6aij_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/iwzWlq2okRMCVjuk5ELmz6aij_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iwzWlq2okRMCVjuk5ELmz6aij_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c5:2e:56:38:2e:64:2c:6d:de:09:f3:20:2b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b0cd696ada8911302563ba4e442e6cfa6a28ffb
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7aa556a8dfa2b902af64c4d78b52c4691a4a9dd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5b:d6:3d:ab:e5:f9:ae:22:4d:6f:46:d4:32:
                    21:fb:a0:6d:bf:29:3a:f6:88:ce:89:19:4f:25:b0:
                    b4:96:1b:5f:fd:a6:d7:97:b4:d4:f7:4d:5f:79:eb:
                    5c:d6:cc:49:9f:f3:2e:32:17:47:f6:ab:44:66:fc:
                    c7:a2:db:cb:d6:ef:1d:19:9a:5d:3e:b2:d0:fb:7e:
                    a9:c9:74:19:45:9b:99:6f:01:48:b8:20:e8:00:e3:
                    5b:28:2e:d4:c6:4c:56:64:04:42:07:ff:8e:35:1a:
                    7b:29:64:1c:83:55:9f:10:0c:a3:ac:90:84:32:d0:
                    8c:03:bb:ff:94:e8:82:6c:03:e1:10:29:16:d6:73:
                    02:9c:24:76:85:fa:73:dc:36:08:ea:10:e0:ef:f9:
                    eb:fe:5a:e6:37:22:51:80:c9:40:d4:ae:73:f8:c7:
                    45:8a:cf:d7:ce:77:0e:f7:7a:f6:73:3e:96:ee:d5:
                    49:60:e9:46:7d:e8:1e:71:70:7b:a6:0c:54:6a:95:
                    b7:f4:04:41:3c:b0:dd:06:6b:67:9c:bb:91:b9:65:
                    3a:55:1c:ef:45:34:20:67:90:97:ea:5b:a9:8f:a1:
                    b3:e2:ca:26:d9:61:20:f6:ac:ff:a0:c7:bc:e0:e6:
                    3f:d1:a9:ac:97:4e:5b:fa:96:5a:7b:3d:8b:85:68:
                    29:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A5:56:A8:DF:A2:B9:02:AF:64:C4:D7:8B:52:C4:69:1A:4A:9D:D7
            X509v3 Authority Key Identifier:
                keyid:8B:0C:D6:96:AD:A8:91:13:02:56:3B:A4:E4:42:E6:CF:A6:A2:8F:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iwzWlq2okRMCVjuk5ELmz6aij_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/eqVWqN-iuQKvZMTXi1LEaRpKndc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b3c443-b199-4041-8247-b403d10c3e91/1/iwzWlq2okRMCVjuk5ELmz6aij_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.6.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4f:59:f8:93:68:76:56:ee:92:4f:71:24:c5:04:4f:a0:42:ae:
         28:f1:7f:e0:d9:61:87:73:98:a1:ea:4a:8b:42:20:72:28:34:
         7e:c1:ab:f7:f6:d5:8e:7c:9e:fa:9e:88:67:d6:d4:31:e0:22:
         b2:78:6b:0c:5e:c0:de:32:0b:c8:b2:27:92:d3:a0:12:67:8d:
         9f:d5:cf:a9:79:ea:92:b5:2d:c1:c3:ac:53:1e:a1:05:bd:06:
         8c:b2:a1:6a:84:53:c0:80:fd:61:b3:2b:6b:7c:14:76:78:ec:
         b5:ee:de:0a:6c:5c:31:da:e0:45:66:76:df:5b:78:78:a0:e1:
         5c:c1:42:9a:88:6b:02:cb:25:fc:a3:17:aa:95:a8:0e:0f:2f:
         01:59:9f:40:12:39:14:53:45:4a:2d:72:77:e2:5e:6b:5a:11:
         3b:f6:1c:cd:c7:6c:fa:b1:c5:4d:fc:bc:42:9f:9c:f4:a2:12:
         5d:50:5b:42:22:11:43:e5:28:d5:aa:a5:76:9c:fc:57:39:5f:
         d4:75:db:c7:0f:2e:1a:2b:db:ab:02:cb:b0:47:c2:c3:98:a0:
         d4:0d:1f:e8:8a:52:99:5a:f4:b4:b7:28:70:69:c9:08:1c:64:
         f4:3f:7c:ba:b8:87:e6:53:db:ef:7c:32:ad:d5:39:eb:44:64:
         b8:99:3a:59
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFAMUuVjguZCxt3gnzICuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMGNkNjk2YWRhODkxMTMwMjU2M2JhNGU0NDJlNmNmYTZh
MjhmZmIwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWE1NTZhOGRmYTJiOTAyYWY2NGM0ZDc4YjUyYzQ2OTFhNGE5ZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVvWPavl+a4iTW9G1DIh+6Btvyk6
9ojOiRlPJbC0lhtf/abXl7TU901feetc1sxJn/MuMhdH9qtEZvzHotvL1u8dGZpd
PrLQ+36pyXQZRZuZbwFIuCDoAONbKC7UxkxWZARCB/+ONRp7KWQcg1WfEAyjrJCE
MtCMA7v/lOiCbAPhECkW1nMCnCR2hfpz3DYI6hDg7/nr/lrmNyJRgMlA1K5z+MdF
is/XzncO93r2cz6W7tVJYOlGfegecXB7pgxUapW39ARBPLDdBmtnnLuRuWU6VRzv
RTQgZ5CX6lupj6Gz4som2WEg9qz/oMe84OY/0amsl05b+pZaez2LhWgpQQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHqlVqjforkCr2TE14tSxGkaSp3XMB8GA1UdIwQY
MBaAFIsM1patqJETAlY7pORC5s+moo/7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXd6V2xxMm9rUk1DVmp1azVFTG16NmFpal9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iM2M0NDMtYjE5OS00MDQxLTgyNDct
YjQwM2QxMGMzZTkxLzEvZXFWV3FOLWl1UUt2Wk1UWGkxTEVhUnBLbmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iM2M0NDMtYjE5OS00MDQxLTgyNDctYjQwM2QxMGMzZTkx
LzEvaXd6V2xxMm9rUk1DVmp1azVFTG16NmFpal9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoAYwDQYJ
KoZIhvcNAQELBQADggEBAE9Z+JNodlbukk9xJMUET6BCrijxf+DZYYdzmKHqSotC
IHIoNH7Bq/f21Y58nvqeiGfW1DHgIrJ4awxewN4yC8iyJ5LToBJnjZ/Vz6l56pK1
LcHDrFMeoQW9BoyyoWqEU8CA/WGzK2t8FHZ47LXu3gpsXDHa4EVmdt9beHig4VzB
QpqIawLLJfyjF6qVqA4PLwFZn0ASORRTRUotcnfiXmtaETv2HM3HbPqxxU38vEKf
nPSiEl1QW0IiEUPlKNWqpXac/Fc5X9R128cPLhor26sCy7BHwsOYoNQNH+iKUpla
9LS3KHBpyQgcZPQ/fLq4h+ZT2+98Mq3VOetEZLiZOlk=
-----END CERTIFICATE-----