Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/i2inhFcag4zVHlsRAd7LQhTMNEI.roa
File:                     i2inhFcag4zVHlsRAd7LQhTMNEI.roa (raw, json)
Hash identifier:          LFQccJg4kBn7GQvVUddbmEUFSLbgcXqlub/faw+Y9bg=
Subject key identifier:   8B:68:A7:84:57:1A:83:8C:D5:1E:5B:11:01:DE:CB:42:14:CC:34:42
Certificate issuer:       /CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
Certificate serial:       018CC86FCC5E818415E52FA583916185284F
Authority key identifier: 96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/i2inhFcag4zVHlsRAd7LQhTMNEI.roa
Signing time:             Tue 02 Jan 2024 04:30:19 +0000
ROA not before:           Tue 02 Jan 2024 04:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31595
IP address blocks:        83.167.160.0/19 maxlen: 19
                          2001:4be8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:cc:5e:81:84:15:e5:2f:a5:83:91:61:85:28:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
        Validity
            Not Before: Jan  2 04:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b68a784571a838cd51e5b1101decb4214cc3442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:47:b5:c5:07:1a:76:0d:2d:5f:8d:b1:1c:f5:
                    fa:fe:b7:65:b8:51:b1:1d:e5:ea:40:08:61:cb:cf:
                    52:ed:ce:32:5d:cf:3d:60:3a:15:66:7c:78:c4:9e:
                    e7:bd:d8:aa:21:fd:ee:6a:11:85:83:5f:74:73:fb:
                    0e:dd:a0:5e:aa:04:c9:60:b0:31:f6:a7:2d:5e:ad:
                    b5:38:c2:c5:20:db:99:47:38:d7:a6:58:27:61:86:
                    12:83:6e:c4:fe:ba:dd:df:98:68:ee:01:bf:27:0b:
                    73:07:45:42:e2:2b:91:6e:44:d5:9d:45:a8:04:3b:
                    65:28:5a:54:15:a8:33:f1:6c:7c:1e:dc:97:6c:48:
                    6b:36:7a:8f:3f:43:f6:ee:11:65:d9:f2:b6:2d:ae:
                    e2:df:4c:45:cd:d1:35:4d:d3:0f:85:de:73:68:e1:
                    0e:4a:da:37:e1:23:a8:5c:e6:50:c7:65:2a:50:04:
                    9b:83:6b:83:50:16:71:fd:aa:47:94:aa:1e:8c:61:
                    27:f1:dd:27:59:de:0c:f8:b3:f4:8e:a2:88:08:c4:
                    8d:d7:69:96:cb:04:41:04:4a:03:eb:f4:08:71:d0:
                    cd:93:73:82:07:d7:03:30:87:02:fb:9f:67:23:fa:
                    82:d2:0d:48:e8:e8:93:0e:69:47:66:5b:40:e8:a9:
                    31:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:68:A7:84:57:1A:83:8C:D5:1E:5B:11:01:DE:CB:42:14:CC:34:42
            X509v3 Authority Key Identifier:
                keyid:96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/i2inhFcag4zVHlsRAd7LQhTMNEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.167.160.0/19
                IPv6:
                  2001:4be8::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:f1:07:c0:0c:e8:18:3a:c8:9d:70:43:40:74:79:46:1b:b4:
         c2:a7:60:95:94:43:5d:52:c1:41:f9:ac:98:96:3d:6f:dc:f8:
         3b:ca:be:9d:ca:d0:e9:c2:04:66:7e:0c:8c:d7:d8:eb:27:82:
         5f:6e:17:0a:2a:30:bb:db:87:a9:7c:b3:c2:21:aa:46:48:29:
         aa:67:c4:c8:74:70:bf:a8:39:4d:27:cd:d5:7a:38:9e:a3:f6:
         89:f4:29:fc:c8:1f:01:aa:10:fa:af:43:97:86:13:5b:99:59:
         e2:9d:3b:08:24:4e:6d:14:7f:60:9b:17:7f:9c:3b:23:ce:3c:
         6d:fd:92:ff:93:31:f3:2d:70:81:07:dd:78:86:38:8e:da:a3:
         b1:14:5c:27:d2:90:97:92:c2:07:df:ed:67:70:5b:e4:61:78:
         0e:10:39:0d:ad:f4:f8:99:6a:b9:1e:2a:81:78:a7:1c:30:47:
         0d:e5:b1:16:6b:10:12:39:fb:f5:25:45:c3:ab:f0:08:05:05:
         58:aa:1d:e9:db:37:3d:88:56:ba:78:e5:d2:79:bf:cb:cd:88:
         ba:1f:c7:4e:26:0c:3b:b8:d1:d6:45:a5:d5:65:a4:68:d8:8e:
         98:62:dd:23:9a:74:d4:ec:81:69:b8:d1:81:7e:ac:86:fb:06:
         1a:93:73:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb8xegYQV5S+lg5FhhShPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZTZmNzdjYmRhMTAxOTg3ZDlkZmM4NGJlOTBiNmZiYTY2
YWRjOWYwHhcNMjQwMTAyMDQzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjY4YTc4NDU3MWE4MzhjZDUxZTViMTEwMWRlY2I0MjE0Y2MzNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ke1xQcadg0tX42xHPX6/rdluFGx
HeXqQAhhy89S7c4yXc89YDoVZnx4xJ7nvdiqIf3uahGFg190c/sO3aBeqgTJYLAx
9qctXq21OMLFINuZRzjXplgnYYYSg27E/rrd35ho7gG/JwtzB0VC4iuRbkTVnUWo
BDtlKFpUFagz8Wx8HtyXbEhrNnqPP0P27hFl2fK2La7i30xFzdE1TdMPhd5zaOEO
Sto34SOoXOZQx2UqUASbg2uDUBZx/apHlKoejGEn8d0nWd4M+LP0jqKICMSN12mW
ywRBBEoD6/QIcdDNk3OCB9cDMIcC+59nI/qC0g1I6OiTDmlHZltA6KkxJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFItop4RXGoOM1R5bEQHey0IUzDRCMB8GA1UdIwQY
MBaAFJbm93y9oQGYfZ38hL6QtvumatyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDkt
MzIwOGRlMzljMDlkLzEvaTJpbmhGY2FnNHpWSGxzUkFkN0xRaFRNTkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDktMzIwOGRlMzljMDlk
LzEvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFU6egMA0E
AgACMAcDBQAgAUvoMA0GCSqGSIb3DQEBCwUAA4IBAQCS8QfADOgYOsidcENAdHlG
G7TCp2CVlENdUsFB+ayYlj1v3Pg7yr6dytDpwgRmfgyM19jrJ4JfbhcKKjC724ep
fLPCIapGSCmqZ8TIdHC/qDlNJ83Vejieo/aJ9Cn8yB8BqhD6r0OXhhNbmVninTsI
JE5tFH9gmxd/nDsjzjxt/ZL/kzHzLXCBB914hjiO2qOxFFwn0pCXksIH3+1ncFvk
YXgOEDkNrfT4mWq5HiqBeKccMEcN5bEWaxASOfv1JUXDq/AIBQVYqh3p2zc9iFa6
eOXSeb/LzYi6H8dOJgw7uNHWRaXVZaRo2I6YYt0jmnTU7IFpuNGBfqyG+wYak3Om
-----END CERTIFICATE-----