Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/98d41e-234e-45e7-82eb-3d1e0ee4b651/1/H2Gl6r-sx_kg92CD30cIG3tuPCg.roa
File:                     H2Gl6r-sx_kg92CD30cIG3tuPCg.roa (raw, json)
Hash identifier:          UpJiZQRPZY2HIWJEh4M6veBeH/0oK+GHY3P3ZwMxnD0=
Subject key identifier:   1F:61:A5:EA:BF:AC:C7:F9:20:F7:60:83:DF:47:08:1B:7B:6E:3C:28
Certificate issuer:       /CN=5bcaab7aa1ac7143f8bc823c734b1673a09bb880
Certificate serial:       018CC94D58F2B466A0C20846392DBD2CEED9
Authority key identifier: 5B:CA:AB:7A:A1:AC:71:43:F8:BC:82:3C:73:4B:16:73:A0:9B:B8:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W8qreqGscUP4vII8c0sWc6CbuIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/98d41e-234e-45e7-82eb-3d1e0ee4b651/1/H2Gl6r-sx_kg92CD30cIG3tuPCg.roa
Signing time:             Tue 02 Jan 2024 08:32:18 +0000
ROA not before:           Tue 02 Jan 2024 08:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16263
IP address blocks:        193.111.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/98d41e-234e-45e7-82eb-3d1e0ee4b651/1/W8qreqGscUP4vII8c0sWc6CbuIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/98d41e-234e-45e7-82eb-3d1e0ee4b651/1/W8qreqGscUP4vII8c0sWc6CbuIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W8qreqGscUP4vII8c0sWc6CbuIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:58:f2:b4:66:a0:c2:08:46:39:2d:bd:2c:ee:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bcaab7aa1ac7143f8bc823c734b1673a09bb880
        Validity
            Not Before: Jan  2 08:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f61a5eabfacc7f920f76083df47081b7b6e3c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ad:85:df:5e:c5:c3:92:c2:1d:31:b1:0b:5f:
                    ab:fc:58:d8:10:fa:86:31:f6:61:74:15:c1:30:d3:
                    fe:a5:de:77:b9:97:e6:a4:e2:15:1a:dc:d5:35:df:
                    6f:0b:a4:f1:4a:cc:dc:1f:05:00:c1:ca:60:15:3e:
                    c0:5f:b0:b3:e3:58:b2:2b:da:8d:f6:eb:55:d1:7c:
                    c5:40:ac:61:12:af:af:d4:e4:f2:30:c4:33:1a:90:
                    1b:2e:ac:cb:57:3e:07:56:6e:7f:2b:0e:93:82:05:
                    4b:e0:10:fa:ef:40:50:fd:a6:a1:83:28:dc:6e:bd:
                    7f:1b:ba:eb:1b:5f:f1:04:c4:7b:6e:64:bc:6e:b2:
                    63:2e:75:44:e7:f2:15:6c:64:a3:83:4a:c8:5a:0f:
                    91:22:8f:17:ed:ad:9c:a9:15:ab:d7:05:c6:0f:78:
                    fa:30:88:59:d4:3b:ea:55:89:16:dd:7a:f3:69:39:
                    f1:d2:fe:7b:a8:27:b1:be:3a:1a:36:87:c0:bb:95:
                    ad:9f:b0:9e:dc:4c:92:47:1c:c8:f8:c4:19:cc:7b:
                    5f:e6:7c:09:17:80:02:02:48:3f:09:33:b0:9b:2e:
                    88:0d:08:19:6d:43:26:c2:04:45:12:69:4b:a8:b2:
                    60:23:46:35:7f:1f:79:ba:46:4b:07:91:c7:89:2a:
                    2b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:61:A5:EA:BF:AC:C7:F9:20:F7:60:83:DF:47:08:1B:7B:6E:3C:28
            X509v3 Authority Key Identifier:
                keyid:5B:CA:AB:7A:A1:AC:71:43:F8:BC:82:3C:73:4B:16:73:A0:9B:B8:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W8qreqGscUP4vII8c0sWc6CbuIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/98d41e-234e-45e7-82eb-3d1e0ee4b651/1/H2Gl6r-sx_kg92CD30cIG3tuPCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/98d41e-234e-45e7-82eb-3d1e0ee4b651/1/W8qreqGscUP4vII8c0sWc6CbuIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:b6:d6:ee:d5:78:96:f6:2a:d2:89:68:c1:ba:39:f0:79:81:
         26:74:11:f4:78:33:9a:7a:fc:67:0c:ab:27:f3:49:fd:8d:4d:
         24:4f:26:2c:52:64:c9:78:ab:fe:61:bf:17:3c:4a:eb:06:1d:
         75:bc:cd:bf:1e:0f:f3:a4:20:90:06:33:43:03:83:9b:57:2f:
         51:65:14:57:bd:4f:39:fc:0c:45:37:16:29:f5:d2:a2:5d:38:
         65:b4:b4:9e:f7:b9:b7:97:e9:bc:02:b8:83:35:99:9d:f0:ab:
         1a:5e:f3:07:90:c9:6f:6b:ad:5f:42:07:66:79:63:5e:b2:2a:
         2a:39:ae:78:3b:f4:84:1c:78:27:df:67:b6:58:c7:1e:42:55:
         ea:92:fc:e6:a2:a2:b1:9f:f1:17:62:16:2d:88:d7:38:a2:ac:
         7d:46:fe:a8:bf:e5:df:3f:3d:16:9c:1f:ca:f2:b1:60:a8:37:
         7a:e7:a7:83:c1:58:80:a7:e6:0e:be:41:cf:fc:09:a9:d3:9a:
         e9:c8:55:24:82:28:ee:c9:71:b1:56:8c:ee:22:d3:d3:31:55:
         07:6b:7a:d6:f5:49:1e:65:25:23:37:03:56:61:18:ef:90:00:
         f3:30:bb:70:7a:1a:7e:b6:1f:08:bb:74:a5:e3:d9:9d:a2:34:
         b0:5d:2f:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTVjytGagwghGOS29LO7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViY2FhYjdhYTFhYzcxNDNmOGJjODIzYzczNGIxNjczYTA5
YmI4ODAwHhcNMjQwMTAyMDgzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjYxYTVlYWJmYWNjN2Y5MjBmNzYwODNkZjQ3MDgxYjdiNmUzYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq2F317Fw5LCHTGxC1+r/FjYEPqG
MfZhdBXBMNP+pd53uZfmpOIVGtzVNd9vC6TxSszcHwUAwcpgFT7AX7Cz41iyK9qN
9utV0XzFQKxhEq+v1OTyMMQzGpAbLqzLVz4HVm5/Kw6TggVL4BD670BQ/aahgyjc
br1/G7rrG1/xBMR7bmS8brJjLnVE5/IVbGSjg0rIWg+RIo8X7a2cqRWr1wXGD3j6
MIhZ1DvqVYkW3XrzaTnx0v57qCexvjoaNofAu5Wtn7Ce3EySRxzI+MQZzHtf5nwJ
F4ACAkg/CTOwmy6IDQgZbUMmwgRFEmlLqLJgI0Y1fx95ukZLB5HHiSorLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9hpeq/rMf5IPdgg99HCBt7bjwoMB8GA1UdIwQY
MBaAFFvKq3qhrHFD+LyCPHNLFnOgm7iAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzhxcmVxR3NjVVA0dklJOGMwc1djNkNidUlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi85OGQ0MWUtMjM0ZS00NWU3LTgyZWIt
M2QxZTBlZTRiNjUxLzEvSDJHbDZyLXN4X2tnOTJDRDMwY0lHM3R1UENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi85OGQ0MWUtMjM0ZS00NWU3LTgyZWItM2QxZTBlZTRiNjUx
LzEvVzhxcmVxR3NjVVA0dklJOGMwc1djNkNidUlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW+QMA0G
CSqGSIb3DQEBCwUAA4IBAQAEttbu1XiW9irSiWjBujnweYEmdBH0eDOaevxnDKsn
80n9jU0kTyYsUmTJeKv+Yb8XPErrBh11vM2/Hg/zpCCQBjNDA4ObVy9RZRRXvU85
/AxFNxYp9dKiXThltLSe97m3l+m8AriDNZmd8KsaXvMHkMlva61fQgdmeWNesioq
Oa54O/SEHHgn32e2WMceQlXqkvzmoqKxn/EXYhYtiNc4oqx9Rv6ov+XfPz0WnB/K
8rFgqDd656eDwViAp+YOvkHP/Amp05rpyFUkgijuyXGxVozuItPTMVUHa3rW9Uke
ZSUjNwNWYRjvkADzMLtwehp+th8Iu3Sl49mdojSwXS9q
-----END CERTIFICATE-----