Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-tiAvThJ7fnaFLaukKs-lrGEH_o.roa
File:                     1-tiAvThJ7fnaFLaukKs-lrGEH_o.roa (raw, json)
Hash identifier:          aBCwzvYTN6Ao8JT5ywhLA/wehWZCXt4pIldSqgnWEr8=
Subject key identifier:   FA:D8:80:BD:38:49:ED:F9:DA:14:B6:AE:90:AB:3E:96:B1:84:1F:FA
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F90E195E91A1E5AFFC2D98D1C761B4C
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-tiAvThJ7fnaFLaukKs-lrGEH_o.roa
Signing time:             Wed 27 Mar 2024 10:59:45 +0000
ROA not before:           Wed 27 Mar 2024 10:59:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7303
IP address blocks:        2.18.56.0/22 maxlen: 22
                          2.23.102.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 12:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:90:e1:95:e9:1a:1e:5a:ff:c2:d9:8d:1c:76:1b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 10:59:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fad880bd3849edf9da14b6ae90ab3e96b1841ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:56:99:46:8a:b6:bf:e5:81:d8:0b:e3:63:da:
                    9f:dc:34:4d:1d:ef:77:9c:5b:8b:4c:62:c7:2c:0e:
                    ad:27:8f:a0:ea:e5:2e:fa:a0:1a:81:6a:11:23:f2:
                    4b:b0:59:8f:5e:30:fe:a2:bf:40:73:ba:2c:a3:08:
                    f0:8d:f0:6a:23:f0:f0:64:62:a2:3d:1a:ff:21:94:
                    c5:c3:d0:ca:d5:08:64:47:a7:3c:1f:da:05:5c:23:
                    7d:d2:29:03:d2:68:93:0a:25:93:5e:ad:95:3a:f4:
                    ec:4d:d4:14:26:3c:a5:89:94:a9:f7:b8:1c:56:60:
                    97:99:43:cc:79:b8:f0:78:17:60:7b:f9:d0:02:02:
                    13:bd:86:01:50:06:0a:f4:8c:c6:0d:22:bc:43:d4:
                    2e:a9:b8:7e:17:1d:32:47:89:62:b1:05:01:c6:07:
                    ac:37:98:01:b4:4a:30:ec:83:be:73:61:24:5f:74:
                    a3:0e:4a:2f:2b:e2:48:4a:bd:d1:c7:77:b8:39:88:
                    55:32:15:7d:77:07:b0:2f:58:70:a4:90:ea:6c:fb:
                    48:c4:c2:c9:63:16:af:32:eb:12:c2:3d:1d:28:c9:
                    da:42:ff:d6:87:de:4f:f4:60:78:82:5e:0e:20:08:
                    48:a0:95:65:a8:ab:34:91:c2:bb:27:fd:6c:0d:cd:
                    9d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D8:80:BD:38:49:ED:F9:DA:14:B6:AE:90:AB:3E:96:B1:84:1F:FA
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-tiAvThJ7fnaFLaukKs-lrGEH_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.18.56.0/22
                  2.23.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:19:04:ff:d6:1e:12:f7:e8:66:63:16:f1:a8:e4:c7:6d:16:
         ef:2b:8e:09:b5:aa:ed:89:9a:4c:3d:df:c8:78:f0:4e:77:53:
         33:bf:f3:af:b2:46:77:34:4e:83:22:d3:59:93:0d:be:cb:8b:
         02:ff:2e:dc:ae:14:24:7a:05:5c:54:3e:c9:c9:1d:d9:d7:7e:
         46:8f:86:d9:c5:74:69:c9:46:42:c0:36:04:67:67:e9:bc:f5:
         1d:08:1a:7f:70:81:cf:c7:26:d8:44:85:4b:ed:4a:db:a7:a0:
         8c:8f:15:f2:d7:91:d7:e1:ed:62:2d:be:17:81:07:fd:8e:bf:
         0e:7a:36:53:15:40:2d:74:05:7c:41:da:75:fc:3b:41:f7:23:
         a3:85:62:d7:c6:4c:c0:7e:7f:6a:31:a0:12:fc:ca:d9:a8:f8:
         03:d8:89:39:de:4b:4d:44:63:d3:cb:b5:90:92:35:26:c7:ff:
         76:d1:57:d3:ec:a0:56:d1:50:ee:97:80:43:03:05:cc:b6:fc:
         b3:83:db:79:19:42:e0:5a:7a:2c:89:77:db:65:62:51:95:fa:
         08:0f:d5:0e:1d:4b:00:86:9b:23:34:cf:03:55:e9:81:f3:10:
         a4:43:c5:02:1d:e8:a4:41:c8:ba:5a:5b:cf:df:fa:1f:84:7c:
         93:fc:c3:58
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAY5/kOGV6RoeWv/C2Y0cdhtMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTA1OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWQ4ODBiZDM4NDllZGY5ZGExNGI2YWU5MGFiM2U5NmIxODQxZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFaZRoq2v+WB2AvjY9qf3DRNHe93
nFuLTGLHLA6tJ4+g6uUu+qAagWoRI/JLsFmPXjD+or9Ac7osowjwjfBqI/DwZGKi
PRr/IZTFw9DK1QhkR6c8H9oFXCN90ikD0miTCiWTXq2VOvTsTdQUJjyliZSp97gc
VmCXmUPMebjweBdge/nQAgITvYYBUAYK9IzGDSK8Q9Quqbh+Fx0yR4lisQUBxges
N5gBtEow7IO+c2EkX3SjDkovK+JISr3Rx3e4OYhVMhV9dwewL1hwpJDqbPtIxMLJ
YxavMusSwj0dKMnaQv/Wh95P9GB4gl4OIAhIoJVlqKs0kcK7J/1sDc2dNQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPrYgL04Se352hS2rpCrPpaxhB/6MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvMS10aUF2VGhKN2ZuYUZMYXVrS3MtbHJHRUhfby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzAvMDQyMTg4LWRmYjYtNGFkNC05MWE0LTg4ZDFjYWM5ZTRm
MS8xL2ExX0x2cVNKTjZSQ3VyMnpNQ0V5eEx5YjFxby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAgISOAME
AQIXZjANBgkqhkiG9w0BAQsFAAOCAQEAhBkE/9YeEvfoZmMW8ajkx20W7yuOCbWq
7YmaTD3fyHjwTndTM7/zr7JGdzROgyLTWZMNvsuLAv8u3K4UJHoFXFQ+yckd2dd+
Ro+G2cV0aclGQsA2BGdn6bz1HQgaf3CBz8cm2ESFS+1K26egjI8V8teR1+HtYi2+
F4EH/Y6/Dno2UxVALXQFfEHadfw7Qfcjo4Vi18ZMwH5/ajGgEvzK2aj4A9iJOd5L
TURj08u1kJI1Jsf/dtFX0+ygVtFQ7peAQwMFzLb8s4PbeRlC4Fp6LIl322ViUZX6
CA/VDh1LAIabIzTPA1XpgfMQpEPFAh3opEHIulpbz9/6H4R8k/zDWA==
-----END CERTIFICATE-----