Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/aQWoBe2SEFl3Lh6yqUH9D_pdq1g.roa
File:                     aQWoBe2SEFl3Lh6yqUH9D_pdq1g.roa (raw, json)
Hash identifier:          ypasa4jTYYlaSIlhOEEAjw9RrKwo8caWXT8sxE1DxJo=
Subject key identifier:   69:05:A8:05:ED:92:10:59:77:2E:1E:B2:A9:41:FD:0F:FA:5D:AB:58
Certificate issuer:       /CN=702c39f18682077f072b62116fd4f1690874af96
Certificate serial:       018CC26D16BED290D41B1C6DD3DC4C0D492E
Authority key identifier: 70:2C:39:F1:86:82:07:7F:07:2B:62:11:6F:D4:F1:69:08:74:AF:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cCw58YaCB38HK2IRb9TxaQh0r5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/aQWoBe2SEFl3Lh6yqUH9D_pdq1g.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35133
IP address blocks:        217.18.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/cCw58YaCB38HK2IRb9TxaQh0r5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/cCw58YaCB38HK2IRb9TxaQh0r5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cCw58YaCB38HK2IRb9TxaQh0r5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:16:be:d2:90:d4:1b:1c:6d:d3:dc:4c:0d:49:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=702c39f18682077f072b62116fd4f1690874af96
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6905a805ed921059772e1eb2a941fd0ffa5dab58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0d:55:07:93:cd:a0:46:ef:ff:66:ad:16:f0:
                    b4:97:68:e7:97:d1:61:94:70:df:99:04:99:e1:2d:
                    7c:4f:df:1d:df:9a:c4:3b:d4:d8:59:b9:cd:fb:ce:
                    9e:23:cd:d4:c9:80:37:5a:eb:d8:64:aa:a0:09:2c:
                    8d:4b:af:c5:15:c9:99:93:6d:b8:77:c9:61:8f:42:
                    51:69:85:02:c2:40:5d:79:e5:95:d5:d6:b8:4e:4f:
                    c3:ff:90:e3:f5:ac:d6:3c:f2:40:9f:41:bf:31:75:
                    e7:ce:21:8c:0e:f9:ac:ed:64:7d:11:1a:10:30:07:
                    c7:bc:00:42:f4:f7:74:31:e8:84:8f:79:58:34:75:
                    db:b2:65:7a:72:18:76:e9:3f:d1:26:d7:01:fb:8b:
                    b1:18:bb:f7:a5:63:95:d3:7d:f4:de:46:64:6f:72:
                    59:1e:ca:0c:65:44:67:2c:97:92:d2:b5:0b:84:dc:
                    dd:1f:36:f3:9d:8a:bd:c6:1b:6a:95:c6:cb:e5:5a:
                    7d:6c:2a:df:62:ee:77:a2:ba:6b:29:fb:44:0a:be:
                    39:74:90:cf:53:6a:7f:79:f0:64:7d:0a:7a:bc:65:
                    14:cf:5b:68:38:3b:4e:0a:87:38:a2:cb:31:fa:da:
                    f3:f9:dc:cc:b0:46:b0:7f:f9:e6:01:ee:cf:66:fd:
                    26:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:05:A8:05:ED:92:10:59:77:2E:1E:B2:A9:41:FD:0F:FA:5D:AB:58
            X509v3 Authority Key Identifier:
                keyid:70:2C:39:F1:86:82:07:7F:07:2B:62:11:6F:D4:F1:69:08:74:AF:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCw58YaCB38HK2IRb9TxaQh0r5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/aQWoBe2SEFl3Lh6yqUH9D_pdq1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8365af-f851-4b7c-a891-38805dbff719/1/cCw58YaCB38HK2IRb9TxaQh0r5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:58:78:20:d1:ec:c0:a7:1c:b4:74:5a:9a:1d:bf:47:30:d3:
         f3:1e:70:5b:d4:95:ad:2e:53:b7:4c:2c:f5:3d:31:97:76:e4:
         06:26:68:dc:4b:58:84:78:c3:6e:bc:26:c4:66:fb:a2:72:37:
         21:db:8b:b7:fb:91:90:41:99:ed:82:a2:4d:f3:2c:c1:f6:3d:
         18:0b:c6:9b:8e:7c:6f:4e:bd:3d:f4:e1:c7:b3:d8:79:f0:cd:
         a4:26:fb:2b:fd:30:25:2b:de:56:52:ac:57:ff:79:82:99:36:
         54:56:c5:e6:be:fc:49:cd:97:e4:07:59:a2:3b:1f:8f:1f:58:
         51:c3:ed:ed:f1:c1:eb:10:9e:e4:26:27:77:b1:ca:0a:b5:58:
         17:65:92:3d:af:70:ba:98:f8:04:0c:22:bc:ec:dc:d0:80:cb:
         e4:73:69:9c:71:a0:ef:fb:7a:dd:26:b3:63:01:47:50:4e:f4:
         9e:6e:ac:28:67:d0:8a:d7:06:65:18:6a:07:bc:a3:c9:74:46:
         d2:31:45:77:2a:56:a3:c6:d5:49:ba:3b:b5:4f:c8:d8:a5:71:
         3b:3c:b2:31:2b:9e:2d:4e:93:9a:d2:63:5b:1a:7a:b4:71:f3:
         7d:c5:de:8b:3b:67:4a:8d:f0:c7:e3:d6:a8:fe:65:9c:0e:cf:
         bd:86:2f:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRa+0pDUGxxt09xMDUkuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMmMzOWYxODY4MjA3N2YwNzJiNjIxMTZmZDRmMTY5MDg3
NGFmOTYwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTA1YTgwNWVkOTIxMDU5NzcyZTFlYjJhOTQxZmQwZmZhNWRhYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArg1VB5PNoEbv/2atFvC0l2jnl9Fh
lHDfmQSZ4S18T98d35rEO9TYWbnN+86eI83UyYA3WuvYZKqgCSyNS6/FFcmZk224
d8lhj0JRaYUCwkBdeeWV1da4Tk/D/5Dj9azWPPJAn0G/MXXnziGMDvms7WR9ERoQ
MAfHvABC9Pd0MeiEj3lYNHXbsmV6chh26T/RJtcB+4uxGLv3pWOV03303kZkb3JZ
HsoMZURnLJeS0rULhNzdHzbznYq9xhtqlcbL5Vp9bCrfYu53orprKftECr45dJDP
U2p/efBkfQp6vGUUz1toODtOCoc4ossx+trz+dzMsEawf/nmAe7PZv0mjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkFqAXtkhBZdy4esqlB/Q/6XatYMB8GA1UdIwQY
MBaAFHAsOfGGggd/BytiEW/U8WkIdK+WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0N3NThZYUNCMzhISzJJUmI5VHhhUWgwcjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84MzY1YWYtZjg1MS00YjdjLWE4OTEt
Mzg4MDVkYmZmNzE5LzEvYVFXb0JlMlNFRmwzTGg2eXFVSDlEX3BkcTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84MzY1YWYtZjg1MS00YjdjLWE4OTEtMzg4MDVkYmZmNzE5
LzEvY0N3NThZYUNCMzhISzJJUmI5VHhhUWgwcjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RJfMA0G
CSqGSIb3DQEBCwUAA4IBAQCiWHgg0ezApxy0dFqaHb9HMNPzHnBb1JWtLlO3TCz1
PTGXduQGJmjcS1iEeMNuvCbEZvuicjch24u3+5GQQZntgqJN8yzB9j0YC8abjnxv
Tr099OHHs9h58M2kJvsr/TAlK95WUqxX/3mCmTZUVsXmvvxJzZfkB1miOx+PH1hR
w+3t8cHrEJ7kJid3scoKtVgXZZI9r3C6mPgEDCK87NzQgMvkc2mccaDv+3rdJrNj
AUdQTvSebqwoZ9CK1wZlGGoHvKPJdEbSMUV3KlajxtVJuju1T8jYpXE7PLIxK54t
TpOa0mNbGnq0cfN9xd6LO2dKjfDH49ao/mWcDs+9hi9W
-----END CERTIFICATE-----