Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/RLxTr-p8b8JODzpFFZnStANBlLY.roa
File:                     RLxTr-p8b8JODzpFFZnStANBlLY.roa (raw, json)
Hash identifier:          6VADD2e9Lr1SZs1yGSmZsiu270jn2b42hupmHjvQLio=
Subject key identifier:   44:BC:53:AF:EA:7C:6F:C2:4E:0F:3A:45:15:99:D2:B4:03:41:94:B6
Certificate issuer:       /CN=0701b929fd9edbabae35dd44adc161d7d470b1fa
Certificate serial:       018CC26D3909DAC8E582B5320AE40C56238D
Authority key identifier: 07:01:B9:29:FD:9E:DB:AB:AE:35:DD:44:AD:C1:61:D7:D4:70:B1:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwG5Kf2e26uuNd1ErcFh19Rwsfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/RLxTr-p8b8JODzpFFZnStANBlLY.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16019
IP address blocks:        185.31.36.0/22 maxlen: 22
                          2a04:4d40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/BwG5Kf2e26uuNd1ErcFh19Rwsfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/BwG5Kf2e26uuNd1ErcFh19Rwsfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwG5Kf2e26uuNd1ErcFh19Rwsfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 01:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:39:09:da:c8:e5:82:b5:32:0a:e4:0c:56:23:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0701b929fd9edbabae35dd44adc161d7d470b1fa
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44bc53afea7c6fc24e0f3a451599d2b4034194b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:18:03:b1:1e:58:68:fb:af:24:b2:24:a0:31:
                    5e:56:f2:58:2b:19:45:e6:e8:f7:4c:f6:4a:32:d2:
                    ba:20:8f:0b:b4:f6:9a:7c:89:25:75:ba:2d:de:6f:
                    bb:c2:8c:9a:32:25:b3:23:65:c7:cc:d7:3b:cc:93:
                    80:3c:72:8b:61:0d:ca:c2:c6:d3:a2:b4:05:b9:34:
                    91:d6:13:3c:b2:e5:a2:3e:d3:16:36:c7:13:f9:fc:
                    05:10:88:0b:27:b5:d4:4c:08:1b:76:85:9f:66:1e:
                    c5:9a:f2:47:45:d3:e7:e3:f0:24:f7:ad:c9:63:58:
                    1a:b6:ba:83:e5:bd:2d:36:60:0f:2e:21:c8:1e:7b:
                    a9:a6:e5:97:04:8c:76:da:ab:99:8b:9a:69:cd:2b:
                    e5:61:0e:dc:79:f4:45:6c:8f:9e:4c:0a:87:d3:bc:
                    79:c7:1d:87:c2:9a:41:fa:dc:4d:47:1b:77:83:65:
                    b2:8d:c6:3a:51:cc:ef:ea:ba:32:ab:ad:06:a1:a6:
                    f1:15:d2:14:f3:bc:ca:c3:5f:80:b2:3a:78:c0:46:
                    23:1d:f6:3d:ab:7f:49:15:77:9e:33:f6:26:fc:db:
                    d2:5b:33:5d:26:13:c7:63:b5:dc:97:7c:63:17:ed:
                    95:2d:1e:cc:14:52:96:9a:54:e3:65:59:17:e6:a6:
                    69:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:BC:53:AF:EA:7C:6F:C2:4E:0F:3A:45:15:99:D2:B4:03:41:94:B6
            X509v3 Authority Key Identifier:
                keyid:07:01:B9:29:FD:9E:DB:AB:AE:35:DD:44:AD:C1:61:D7:D4:70:B1:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwG5Kf2e26uuNd1ErcFh19Rwsfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/RLxTr-p8b8JODzpFFZnStANBlLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/2b42fc-49bc-4f81-987b-85493046ec46/1/BwG5Kf2e26uuNd1ErcFh19Rwsfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.36.0/22
                IPv6:
                  2a04:4d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:99:80:d9:af:5a:90:ef:f6:4c:6b:8f:07:7d:b1:f1:34:20:
         7a:23:39:04:6d:10:cc:37:af:5c:0e:40:c3:05:a8:18:09:21:
         21:af:78:6f:73:41:33:f3:01:7c:c6:39:6c:5b:71:d9:30:9a:
         5c:9f:8d:08:7e:ed:94:56:24:f0:3e:db:75:56:3c:2f:be:96:
         62:d1:63:4c:06:e4:23:14:ed:05:f6:64:cc:0c:04:23:fc:48:
         d8:74:2b:1f:2d:3e:1e:99:f8:24:b1:71:bf:1c:c2:21:a3:98:
         fa:8a:32:a7:33:4a:ed:87:d1:7e:71:57:9d:13:5c:0b:75:b6:
         10:71:37:b0:54:38:3a:66:32:da:24:6c:60:12:a5:88:e6:6a:
         25:75:11:3e:7d:92:18:00:46:91:fd:00:68:33:cf:0a:c7:ad:
         f5:ce:0a:8c:04:68:a6:2b:2b:14:79:ea:fb:f6:91:f4:c0:ce:
         f6:2c:07:0d:c2:7d:8f:f2:c4:1a:5d:ef:57:ee:56:10:02:32:
         e5:72:5e:9d:ca:58:7e:55:5f:2d:21:78:87:50:02:1a:8f:05:
         05:ed:90:f0:b7:c4:55:4c:ac:b2:48:76:9c:cf:c5:ea:fe:c7:
         da:13:34:31:4a:30:30:43:62:4d:88:c8:0f:58:30:84:0f:46:
         c1:b3:5b:c4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbTkJ2sjlgrUyCuQMViONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDFiOTI5ZmQ5ZWRiYWJhZTM1ZGQ0NGFkYzE2MWQ3ZDQ3
MGIxZmEwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGJjNTNhZmVhN2M2ZmMyNGUwZjNhNDUxNTk5ZDJiNDAzNDE5NGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxgDsR5YaPuvJLIkoDFeVvJYKxlF
5uj3TPZKMtK6II8LtPaafIkldbot3m+7woyaMiWzI2XHzNc7zJOAPHKLYQ3KwsbT
orQFuTSR1hM8suWiPtMWNscT+fwFEIgLJ7XUTAgbdoWfZh7FmvJHRdPn4/Ak963J
Y1gatrqD5b0tNmAPLiHIHnuppuWXBIx22quZi5ppzSvlYQ7cefRFbI+eTAqH07x5
xx2HwppB+txNRxt3g2WyjcY6Uczv6royq60GoabxFdIU87zKw1+Asjp4wEYjHfY9
q39JFXeeM/Ym/NvSWzNdJhPHY7Xcl3xjF+2VLR7MFFKWmlTjZVkX5qZpnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFES8U6/qfG/CTg86RRWZ0rQDQZS2MB8GA1UdIwQY
MBaAFAcBuSn9nturrjXdRK3BYdfUcLH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndHNUtmMmUyNnV1TmQxRXJjRmgxOVJ3c2ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8yYjQyZmMtNDliYy00ZjgxLTk4N2It
ODU0OTMwNDZlYzQ2LzEvUkx4VHItcDhiOEpPRHpwRkZablN0QU5CbExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8yYjQyZmMtNDliYy00ZjgxLTk4N2ItODU0OTMwNDZlYzQ2
LzEvQndHNUtmMmUyNnV1TmQxRXJjRmgxOVJ3c2ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR8kMA0E
AgACMAcDBQMqBE1AMA0GCSqGSIb3DQEBCwUAA4IBAQCPmYDZr1qQ7/ZMa48HfbHx
NCB6IzkEbRDMN69cDkDDBagYCSEhr3hvc0Ez8wF8xjlsW3HZMJpcn40Ifu2UViTw
Ptt1VjwvvpZi0WNMBuQjFO0F9mTMDAQj/EjYdCsfLT4emfgksXG/HMIho5j6ijKn
M0rth9F+cVedE1wLdbYQcTewVDg6ZjLaJGxgEqWI5moldRE+fZIYAEaR/QBoM88K
x631zgqMBGimKysUeer79pH0wM72LAcNwn2P8sQaXe9X7lYQAjLlcl6dylh+VV8t
IXiHUAIajwUF7ZDwt8RVTKyySHacz8Xq/sfaEzQxSjAwQ2JNiMgPWDCED0bBs1vE
-----END CERTIFICATE-----