Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/aQtBUyqFklxoZ_Xv9YAv_seZ_1s.roa
File:                     aQtBUyqFklxoZ_Xv9YAv_seZ_1s.roa (raw, json)
Hash identifier:          5tcFNPveh0BSGji/0CizrtqjrZVBFpvmEiL/Wzg2hYg=
Subject key identifier:   69:0B:41:53:2A:85:92:5C:68:67:F5:EF:F5:80:2F:FE:C7:99:FF:5B
Certificate issuer:       /CN=afa929be73491acd99d590372a52b815fa1f23f5
Certificate serial:       018CC2DB0A12759B330E20BB9A4D19FA9146
Authority key identifier: AF:A9:29:BE:73:49:1A:CD:99:D5:90:37:2A:52:B8:15:FA:1F:23:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/aQtBUyqFklxoZ_Xv9YAv_seZ_1s.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57774
IP address blocks:        176.107.192.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0a:12:75:9b:33:0e:20:bb:9a:4d:19:fa:91:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afa929be73491acd99d590372a52b815fa1f23f5
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=690b41532a85925c6867f5eff5802ffec799ff5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:52:cf:64:73:76:bb:eb:8c:a5:14:37:33:56:
                    b6:29:b3:00:ba:b3:e4:7f:0f:ef:1a:fc:f6:9b:45:
                    8a:e2:79:a4:24:78:f4:7c:83:c4:ce:9d:f0:27:4d:
                    99:5e:bc:e7:f8:9c:d4:34:8d:cf:00:93:59:1e:a2:
                    4f:e7:48:94:e7:2e:79:33:e1:2a:5b:cb:a6:e1:51:
                    89:82:35:c3:03:19:08:49:cd:3e:01:12:8c:d2:c4:
                    d8:ca:4b:6c:af:d3:a6:63:58:26:39:8c:8b:1d:f6:
                    4f:16:4e:bc:7f:d7:12:65:8c:18:5f:aa:18:6d:d7:
                    ad:cd:00:34:b9:62:0c:a3:25:f9:d8:e6:66:8a:2e:
                    7e:a7:5e:76:0f:7f:87:08:1c:4b:df:6b:01:d6:ab:
                    99:4e:f4:34:45:a2:e4:c3:55:9e:e8:2f:6b:7a:9b:
                    19:9f:2d:7d:bf:a3:73:19:d0:c1:87:9e:03:15:3d:
                    3a:4d:e8:f5:72:c9:f7:36:15:21:85:33:48:2a:b5:
                    3e:83:a7:28:d9:c9:fd:33:6b:de:99:72:37:73:06:
                    18:50:0f:2e:b9:ea:04:06:5a:6e:5f:73:89:b6:ec:
                    fe:15:c1:80:a3:de:9a:e0:54:32:c0:60:8a:50:25:
                    26:a1:bf:2a:d3:50:10:51:0b:a5:12:e9:18:d5:1b:
                    dd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:0B:41:53:2A:85:92:5C:68:67:F5:EF:F5:80:2F:FE:C7:99:FF:5B
            X509v3 Authority Key Identifier:
                keyid:AF:A9:29:BE:73:49:1A:CD:99:D5:90:37:2A:52:B8:15:FA:1F:23:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/aQtBUyqFklxoZ_Xv9YAv_seZ_1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2694f8-fa1f-4c81-8312-3b6f1bdf412a/1/r6kpvnNJGs2Z1ZA3KlK4FfofI_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.107.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         31:9c:31:d6:0a:68:7b:8b:d7:6a:d9:af:ca:63:f4:0d:36:9d:
         db:01:2d:04:7d:2d:a9:4a:bc:96:ae:f2:d4:67:c5:a6:be:e4:
         1e:cc:93:f5:ca:c9:29:b3:65:1c:99:58:88:5d:e0:bd:58:77:
         07:84:12:e4:3a:b2:9b:42:4e:ab:32:50:a7:55:c3:35:09:cb:
         c5:e8:54:95:42:89:d0:ef:43:e1:4d:a8:1b:45:9e:ed:5a:79:
         1d:08:c8:5d:db:c9:6f:e4:90:cb:21:0d:45:2a:d6:73:7a:56:
         69:ca:e0:5d:39:e0:ab:f3:95:d2:a0:ea:7c:76:19:0a:08:f7:
         83:16:01:29:40:2f:2a:4e:19:80:49:68:8c:2c:d2:c4:c9:f4:
         b1:8f:89:7d:83:ef:94:b2:11:39:bb:20:b2:01:e6:97:66:49:
         1b:2e:3b:01:87:b6:10:c0:c7:ac:3b:65:e9:5c:31:39:9f:aa:
         45:2f:26:55:dd:01:1b:f7:63:a8:b3:3d:51:49:58:fa:83:7b:
         0a:21:0a:3c:04:1a:f3:70:b4:7b:d3:9d:08:89:7b:5b:8c:c0:
         72:84:40:bc:a7:28:59:65:cd:d0:19:2e:2e:92:af:68:e4:87:
         e4:15:87:48:47:b6:f1:8f:f1:51:6a:3e:db:f7:0b:c1:18:bc:
         a5:4c:63:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2woSdZszDiC7mk0Z+pFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYTkyOWJlNzM0OTFhY2Q5OWQ1OTAzNzJhNTJiODE1ZmEx
ZjIzZjUwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTBiNDE1MzJhODU5MjVjNjg2N2Y1ZWZmNTgwMmZmZWM3OTlmZjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9FLPZHN2u+uMpRQ3M1a2KbMAurPk
fw/vGvz2m0WK4nmkJHj0fIPEzp3wJ02ZXrzn+JzUNI3PAJNZHqJP50iU5y55M+Eq
W8um4VGJgjXDAxkISc0+ARKM0sTYyktsr9OmY1gmOYyLHfZPFk68f9cSZYwYX6oY
bdetzQA0uWIMoyX52OZmii5+p152D3+HCBxL32sB1quZTvQ0RaLkw1We6C9repsZ
ny19v6NzGdDBh54DFT06Tej1csn3NhUhhTNIKrU+g6co2cn9M2vemXI3cwYYUA8u
ueoEBlpuX3OJtuz+FcGAo96a4FQywGCKUCUmob8q01AQUQulEukY1RvdtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkLQVMqhZJcaGf17/WAL/7Hmf9bMB8GA1UdIwQY
MBaAFK+pKb5zSRrNmdWQNypSuBX6HyP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjZrcHZuTkpHczJaMVpBM0tsSzRGZm9mSV9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8yNjk0ZjgtZmExZi00YzgxLTgzMTIt
M2I2ZjFiZGY0MTJhLzEvYVF0QlV5cUZrbHhvWl9YdjlZQXZfc2VaXzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8yNjk0ZjgtZmExZi00YzgxLTgzMTItM2I2ZjFiZGY0MTJh
LzEvcjZrcHZuTkpHczJaMVpBM0tsSzRGZm9mSV9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGvAMA0G
CSqGSIb3DQEBCwUAA4IBAQAxnDHWCmh7i9dq2a/KY/QNNp3bAS0EfS2pSryWrvLU
Z8WmvuQezJP1yskps2UcmViIXeC9WHcHhBLkOrKbQk6rMlCnVcM1CcvF6FSVQonQ
70PhTagbRZ7tWnkdCMhd28lv5JDLIQ1FKtZzelZpyuBdOeCr85XSoOp8dhkKCPeD
FgEpQC8qThmASWiMLNLEyfSxj4l9g++UshE5uyCyAeaXZkkbLjsBh7YQwMesO2Xp
XDE5n6pFLyZV3QEb92Oosz1RSVj6g3sKIQo8BBrzcLR7050IiXtbjMByhEC8pyhZ
Zc3QGS4ukq9o5IfkFYdIR7bxj/FRaj7b9wvBGLylTGPP
-----END CERTIFICATE-----