Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-y9Ucu_6k2H_c233OyZoN1LAcZ8.roa
File:                     1-y9Ucu_6k2H_c233OyZoN1LAcZ8.roa (raw, json)
Hash identifier:          W0LITDRdgcyYyf8u59R/E1BNwqnBj4HmU1ZGOJoeAio=
Subject key identifier:   FB:2F:54:72:EF:FA:93:61:FF:73:6D:F7:3B:26:68:37:52:C0:71:9F
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       01924C7E28B82B921F5BF34350DBB8C8BB7D
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-y9Ucu_6k2H_c233OyZoN1LAcZ8.roa
Signing time:             Wed 02 Oct 2024 09:09:49 +0000
ROA not before:           Wed 02 Oct 2024 09:09:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        2.17.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:4c:7e:28:b8:2b:92:1f:5b:f3:43:50:db:b8:c8:bb:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Oct  2 09:09:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb2f5472effa9361ff736df73b26683752c0719f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:53:97:b4:75:ee:a5:f1:68:a9:93:4b:b5:0c:
                    0d:36:0c:6d:4c:11:31:fa:3c:b9:5f:9b:ca:28:0e:
                    4f:69:31:73:5b:8d:fb:c5:42:4e:12:ee:81:53:e8:
                    89:d3:7d:55:93:0d:c0:f5:9b:44:e4:a5:03:10:12:
                    d6:99:d4:9d:c0:ef:d9:f0:15:d9:20:f2:32:0e:2c:
                    fe:7b:3c:b8:eb:b1:06:6e:5b:23:ca:ca:fd:7b:9b:
                    41:d7:3d:f9:8d:4e:fd:46:50:49:62:99:10:f3:b6:
                    e9:5e:52:d9:c8:9b:92:ce:49:b8:21:c5:e3:2c:c8:
                    79:60:d4:0b:4d:0e:25:98:dd:d1:91:05:b4:28:e9:
                    ba:7a:64:bb:1e:3b:19:5e:2a:49:e7:78:18:82:ba:
                    b3:38:d3:d9:31:4b:77:84:64:70:72:7c:73:af:c2:
                    b0:67:8f:5f:85:2d:5e:6d:26:71:ac:97:24:52:d8:
                    70:66:7d:02:83:19:b3:23:b3:dd:a5:3b:3f:7c:7c:
                    e2:f7:0a:89:96:e9:1a:52:18:44:60:b6:51:39:2a:
                    05:0d:2f:aa:8b:6a:f8:f8:0c:bc:f7:74:d0:10:cf:
                    b7:4b:6b:90:96:9e:1c:86:2d:35:60:6d:7b:aa:b5:
                    0f:88:ae:c2:b5:4b:aa:4b:b8:dd:b5:9b:9a:c6:a0:
                    44:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:2F:54:72:EF:FA:93:61:FF:73:6D:F7:3B:26:68:37:52:C0:71:9F
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/1-y9Ucu_6k2H_c233OyZoN1LAcZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.17.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:81:46:fc:b0:1a:94:cd:4b:97:2f:6c:d3:40:6c:1d:d4:c1:
         87:47:53:0d:c5:84:ee:c4:70:d3:52:2d:f2:22:b8:3a:4c:ae:
         c9:af:86:da:87:d8:0e:b4:27:b8:aa:14:6c:af:e5:33:dc:81:
         e7:f8:e1:76:b2:cf:92:93:6d:23:c4:6f:fa:44:1f:0f:2a:17:
         ca:63:51:ff:33:13:c9:31:1d:25:44:00:18:df:71:c8:1c:af:
         66:d0:0c:1c:60:fb:ba:60:eb:51:21:52:64:c6:e6:a0:a1:1d:
         fa:9d:f7:f3:fe:7b:c4:d0:ad:bf:ee:16:b9:6f:f8:25:3e:c7:
         86:85:b7:18:2d:7e:51:8c:db:e3:d1:f4:4b:41:a8:b2:a3:c8:
         ff:0d:9b:17:e1:b7:a7:f0:a6:62:68:07:56:9f:5d:88:05:60:
         b5:9a:c8:ac:3d:d2:e2:96:2f:3a:6c:e0:46:77:33:aa:28:57:
         01:90:7e:f5:8e:14:8b:da:2e:a2:82:a8:94:02:00:85:e8:3d:
         54:3e:65:07:e4:31:eb:1d:6c:c7:f3:36:ea:1c:8b:da:00:3f:
         62:36:ce:cd:6d:03:4d:9b:cf:47:e4:9b:6c:93:58:f7:58:8b:
         44:75:13:67:d7:25:ed:8f:9f:5a:ec:14:8c:a0:a4:42:87:af:
         67:49:6b:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJMfii4K5IfW/NDUNu4yLt9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQxMDAyMDkwOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJmNTQ3MmVmZmE5MzYxZmY3MzZkZjczYjI2NjgzNzUyYzA3MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VOXtHXupfFoqZNLtQwNNgxtTBEx
+jy5X5vKKA5PaTFzW437xUJOEu6BU+iJ031Vkw3A9ZtE5KUDEBLWmdSdwO/Z8BXZ
IPIyDiz+ezy467EGblsjysr9e5tB1z35jU79RlBJYpkQ87bpXlLZyJuSzkm4IcXj
LMh5YNQLTQ4lmN3RkQW0KOm6emS7HjsZXipJ53gYgrqzONPZMUt3hGRwcnxzr8Kw
Z49fhS1ebSZxrJckUthwZn0CgxmzI7PdpTs/fHzi9wqJlukaUhhEYLZROSoFDS+q
i2r4+Ay893TQEM+3S2uQlp4chi01YG17qrUPiK7CtUuqS7jdtZuaxqBEhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsvVHLv+pNh/3Nt9zsmaDdSwHGfMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvMS15OVVjdV82azJIX2MyMzNPeVpvTjFMQWNaOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzAvMDQyMTg4LWRmYjYtNGFkNC05MWE0LTg4ZDFjYWM5ZTRm
MS8xL2ExX0x2cVNKTjZSQ3VyMnpNQ0V5eEx5YjFxby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgIRdDAN
BgkqhkiG9w0BAQsFAAOCAQEAOIFG/LAalM1Lly9s00BsHdTBh0dTDcWE7sRw01It
8iK4Okyuya+G2ofYDrQnuKoUbK/lM9yB5/jhdrLPkpNtI8Rv+kQfDyoXymNR/zMT
yTEdJUQAGN9xyByvZtAMHGD7umDrUSFSZMbmoKEd+p338/57xNCtv+4WuW/4JT7H
hoW3GC1+UYzb49H0S0GosqPI/w2bF+G3p/CmYmgHVp9diAVgtZrIrD3S4pYvOmzg
RnczqihXAZB+9Y4Ui9ouooKolAIAheg9VD5lB+Qx6x1sx/M26hyL2gA/YjbOzW0D
TZvPR+SbbJNY91iLRHUTZ9cl7Y+fWuwUjKCkQoevZ0lrsg==
-----END CERTIFICATE-----