Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/547a7f-4baf-4b7e-afb8-466013435079/1/T2ccNjXqPyHz-67exdYfDx1UPWs.roa
File:                     T2ccNjXqPyHz-67exdYfDx1UPWs.roa (raw, json)
Hash identifier:          FZMkEdio96oeglJhpOM9r88InCXnrmlfRjV0uZjE8E0=
Subject key identifier:   4F:67:1C:36:35:EA:3F:21:F3:FB:AE:DE:C5:D6:1F:0F:1D:54:3D:6B
Certificate issuer:       /CN=6bb95cfc2d187f40530ef083bbd10c88c4956c1d
Certificate serial:       018EC9F34442DDDA71312E817C5FE6F8485C
Authority key identifier: 6B:B9:5C:FC:2D:18:7F:40:53:0E:F0:83:BB:D1:0C:88:C4:95:6C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a7lc_C0Yf0BTDvCDu9EMiMSVbB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/547a7f-4baf-4b7e-afb8-466013435079/1/T2ccNjXqPyHz-67exdYfDx1UPWs.roa
Signing time:             Wed 10 Apr 2024 21:39:06 +0000
ROA not before:           Wed 10 Apr 2024 21:39:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        188.172.137.0/24 maxlen: 24
                          188.172.138.0/24 maxlen: 24
                          2a03:7d40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/547a7f-4baf-4b7e-afb8-466013435079/1/a7lc_C0Yf0BTDvCDu9EMiMSVbB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/547a7f-4baf-4b7e-afb8-466013435079/1/a7lc_C0Yf0BTDvCDu9EMiMSVbB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a7lc_C0Yf0BTDvCDu9EMiMSVbB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:f3:44:42:dd:da:71:31:2e:81:7c:5f:e6:f8:48:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6bb95cfc2d187f40530ef083bbd10c88c4956c1d
        Validity
            Not Before: Apr 10 21:39:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f671c3635ea3f21f3fbaedec5d61f0f1d543d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a8:cd:eb:f3:88:7e:f0:3f:59:b8:22:30:47:
                    a5:13:63:1e:f0:14:56:98:05:9c:9a:64:bd:66:07:
                    62:9a:7a:67:11:c7:c1:17:cf:79:6e:79:6c:22:8e:
                    97:92:14:c8:a7:b3:52:f4:fe:19:03:66:50:e9:d8:
                    77:65:e9:20:09:f2:d0:9d:e7:46:92:ad:4b:c7:1a:
                    19:c4:6d:50:07:42:03:ba:75:d5:e4:c5:62:43:65:
                    92:a1:04:02:05:92:07:78:df:cd:9a:96:3b:10:4e:
                    9e:87:94:0e:d8:55:c6:ce:11:81:89:c1:39:fd:0d:
                    71:09:84:c2:89:eb:a0:69:03:a0:b1:51:68:82:8a:
                    ca:57:d3:b1:52:3b:59:3d:13:56:fc:19:2b:74:69:
                    b3:cd:22:59:8d:e3:e2:1d:90:db:56:15:0a:76:50:
                    b1:13:b8:7c:cd:19:ca:fa:77:2e:f0:f1:f1:da:a3:
                    a3:e2:77:d0:fe:c7:69:e4:c1:f3:cd:57:3f:b3:6a:
                    bb:9e:5e:75:78:1e:48:52:d6:02:0e:5b:10:44:32:
                    99:ce:47:2c:13:b9:63:1b:7e:99:14:80:5d:61:25:
                    63:17:be:e4:43:b2:9e:1f:0b:8f:ed:df:df:c0:ce:
                    b0:d7:38:fc:58:a8:41:77:1b:fb:50:08:f4:cf:e0:
                    52:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:67:1C:36:35:EA:3F:21:F3:FB:AE:DE:C5:D6:1F:0F:1D:54:3D:6B
            X509v3 Authority Key Identifier:
                keyid:6B:B9:5C:FC:2D:18:7F:40:53:0E:F0:83:BB:D1:0C:88:C4:95:6C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7lc_C0Yf0BTDvCDu9EMiMSVbB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/547a7f-4baf-4b7e-afb8-466013435079/1/T2ccNjXqPyHz-67exdYfDx1UPWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/547a7f-4baf-4b7e-afb8-466013435079/1/a7lc_C0Yf0BTDvCDu9EMiMSVbB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.172.137.0-188.172.138.255
                IPv6:
                  2a03:7d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:2c:d6:0d:a4:df:ec:45:1c:83:6b:fd:a2:48:4e:68:4f:67:
         36:ce:e9:69:12:69:41:fe:df:57:f3:6f:ac:fa:c6:8f:f0:c1:
         7a:b9:02:04:c2:77:c0:2f:7b:7d:fc:18:ea:5f:c5:a2:9f:00:
         78:56:f0:3a:11:f2:6d:60:23:a1:6c:f4:34:49:51:b4:51:14:
         bf:d2:de:74:d0:29:89:d7:c3:84:e0:e8:89:38:b9:02:36:06:
         85:d1:a2:ac:ea:0c:6c:c2:64:ba:e9:bc:87:df:19:61:d9:31:
         93:a8:76:14:45:0c:b3:29:f9:e4:9f:de:64:fb:d6:df:f8:15:
         bb:3a:a6:35:95:34:a3:98:30:00:ea:c4:52:4b:96:32:ae:14:
         04:03:6d:43:93:63:a8:59:0e:7a:45:60:64:af:1d:93:a7:22:
         b8:61:88:d9:d5:ba:fc:ab:2d:21:d5:c7:08:75:9f:5c:b7:b1:
         2a:be:18:30:be:2e:13:a5:9e:a0:7f:41:95:19:85:f5:d7:99:
         8e:99:66:b6:79:aa:7c:2c:ca:01:9b:0b:8a:d9:77:aa:4e:ff:
         ab:7d:72:95:ca:79:e8:80:b8:6d:95:b4:a1:b8:de:2a:ed:36:
         ac:46:85:3f:af:59:05:60:0b:02:3f:5b:1c:10:ce:75:b3:6a:
         4a:93:6b:11
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY7J80RC3dpxMS6BfF/m+EhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYjk1Y2ZjMmQxODdmNDA1MzBlZjA4M2JiZDEwYzg4YzQ5
NTZjMWQwHhcNMjQwNDEwMjEzOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjY3MWMzNjM1ZWEzZjIxZjNmYmFlZGVjNWQ2MWYwZjFkNTQzZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6jN6/OIfvA/WbgiMEelE2Me8BRW
mAWcmmS9ZgdimnpnEcfBF895bnlsIo6XkhTIp7NS9P4ZA2ZQ6dh3ZekgCfLQnedG
kq1LxxoZxG1QB0IDunXV5MViQ2WSoQQCBZIHeN/NmpY7EE6eh5QO2FXGzhGBicE5
/Q1xCYTCieugaQOgsVFogorKV9OxUjtZPRNW/BkrdGmzzSJZjePiHZDbVhUKdlCx
E7h8zRnK+ncu8PHx2qOj4nfQ/sdp5MHzzVc/s2q7nl51eB5IUtYCDlsQRDKZzkcs
E7ljG36ZFIBdYSVjF77kQ7KeHwuP7d/fwM6w1zj8WKhBdxv7UAj0z+BSzwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFE9nHDY16j8h8/uu3sXWHw8dVD1rMB8GA1UdIwQY
MBaAFGu5XPwtGH9AUw7wg7vRDIjElWwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTdsY19DMFlmMEJURHZDRHU5RU1pTVNWYkIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81NDdhN2YtNGJhZi00YjdlLWFmYjgt
NDY2MDEzNDM1MDc5LzEvVDJjY05qWHFQeUh6LTY3ZXhkWWZEeDFVUFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81NDdhN2YtNGJhZi00YjdlLWFmYjgtNDY2MDEzNDM1MDc5
LzEvYTdsY19DMFlmMEJURHZDRHU5RU1pTVNWYkIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAC8rIkD
BAC8rIowDQQCAAIwBwMFACoDfUAwDQYJKoZIhvcNAQELBQADggEBAIYs1g2k3+xF
HINr/aJITmhPZzbO6WkSaUH+31fzb6z6xo/wwXq5AgTCd8Ave338GOpfxaKfAHhW
8DoR8m1gI6Fs9DRJUbRRFL/S3nTQKYnXw4Tg6Ik4uQI2BoXRoqzqDGzCZLrpvIff
GWHZMZOodhRFDLMp+eSf3mT71t/4Fbs6pjWVNKOYMADqxFJLljKuFAQDbUOTY6hZ
DnpFYGSvHZOnIrhhiNnVuvyrLSHVxwh1n1y3sSq+GDC+LhOlnqB/QZUZhfXXmY6Z
ZrZ5qnwsygGbC4rZd6pO/6t9cpXKeeiAuG2VtKG43irtNqxGhT+vWQVgCwI/WxwQ
znWzakqTaxE=
-----END CERTIFICATE-----