Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/2LQjeA_NE0sFtu17mVS8zHA3RvI.roa
File:                     2LQjeA_NE0sFtu17mVS8zHA3RvI.roa (raw, json)
Hash identifier:          Ks31pzuc9g6OiIlDF2RLM1v90wnMSPssJXAdGF9qnrw=
Subject key identifier:   D8:B4:23:78:0F:CD:13:4B:05:B6:ED:7B:99:54:BC:CC:70:37:46:F2
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7FA99A6B063390111D572846762550E9
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/2LQjeA_NE0sFtu17mVS8zHA3RvI.roa
Signing time:             Wed 27 Mar 2024 11:26:45 +0000
ROA not before:           Wed 27 Mar 2024 11:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55836
IP address blocks:        2.22.176.0/20 maxlen: 20
                          2.23.32.0/19 maxlen: 19
                          95.100.0.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:a9:9a:6b:06:33:90:11:1d:57:28:46:76:25:50:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8b423780fcd134b05b6ed7b9954bccc703746f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:de:88:8b:27:d4:5a:bd:27:15:3e:16:4c:01:
                    6e:fc:23:cf:81:b0:84:f6:f8:70:6a:23:2b:24:67:
                    75:5c:77:42:af:f5:46:19:6d:fa:0d:39:86:c0:9a:
                    82:76:fb:f9:75:15:fc:72:05:ac:aa:b2:b6:53:bf:
                    92:4d:63:78:e1:cf:27:b9:21:38:9f:d2:00:3b:61:
                    60:04:35:15:44:8f:7d:75:3d:6f:c6:d3:0e:27:d3:
                    c8:91:1e:c3:07:17:4d:f7:66:d0:e6:cb:f4:37:e4:
                    3a:48:a4:c6:17:5c:23:0e:74:2e:24:71:5f:2e:65:
                    2c:2a:8e:50:20:6c:54:b0:34:07:77:fd:6c:f4:2a:
                    d3:2a:80:ee:58:e5:f9:bb:58:37:ba:ca:75:3b:5a:
                    e8:c4:05:db:33:db:f6:89:14:00:07:81:de:a7:9f:
                    5e:ea:6d:86:87:35:54:eb:39:d5:cd:99:62:22:2f:
                    8d:cf:bf:89:30:97:9a:5c:09:84:cf:1d:b6:e1:76:
                    be:c1:d2:ff:41:2d:88:02:00:5b:ba:cd:bc:a3:f9:
                    b1:66:c8:0e:83:4d:81:d5:73:b5:84:dd:93:a8:64:
                    3c:26:de:d0:62:a1:30:68:72:ad:0b:e4:a9:87:da:
                    69:4a:82:65:2e:f4:b4:21:a5:46:b2:d3:36:46:11:
                    f4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B4:23:78:0F:CD:13:4B:05:B6:ED:7B:99:54:BC:CC:70:37:46:F2
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/2LQjeA_NE0sFtu17mVS8zHA3RvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.22.176.0/20
                  2.23.32.0/19
                  95.100.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8b:83:c9:3f:8c:47:a3:f2:36:eb:3c:68:c4:16:e6:ee:3c:24:
         d0:9b:30:9d:27:bb:60:ea:c1:8a:76:d1:eb:af:1a:58:e1:8b:
         4b:1e:09:a8:4f:c5:c1:8c:5d:89:e5:c4:a9:17:44:75:9e:5b:
         b6:8d:58:d8:6c:2a:97:5f:8a:60:f2:04:f3:80:03:28:ef:70:
         c7:7f:5c:b0:8f:8d:36:45:6a:94:f4:cd:63:01:9f:b3:7e:8b:
         24:dd:fc:bd:de:d4:df:c1:55:8c:7d:4e:bf:37:1d:b4:ce:b0:
         b0:21:14:da:64:57:c2:53:1c:b5:22:e8:75:86:05:68:5d:e9:
         22:b3:f7:6f:b8:b4:9f:67:c3:76:06:c4:ce:ba:4c:ff:4f:d9:
         f4:9c:77:40:28:a7:2f:57:16:53:8f:13:e1:d5:05:19:bc:77:
         25:f2:e4:bd:36:7d:34:6c:f4:eb:33:16:ea:3a:6a:85:69:01:
         cb:d8:d9:1f:0f:6c:62:eb:26:cb:59:61:e2:45:db:7d:0d:cd:
         d0:42:f2:ef:f5:31:a2:97:68:32:d3:ce:3f:b8:c5:fb:49:98:
         58:fa:03:4a:db:a3:61:4e:8d:7f:ff:4f:95:cd:3e:fc:b4:40:
         19:d9:79:0d:3e:9d:08:f9:a7:e4:0c:17:04:d2:b4:5d:b7:d2:
         d3:f6:11:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5/qZprBjOQER1XKEZ2JVDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGI0MjM3ODBmY2QxMzRiMDViNmVkN2I5OTU0YmNjYzcwMzc0NmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsN6IiyfUWr0nFT4WTAFu/CPPgbCE
9vhwaiMrJGd1XHdCr/VGGW36DTmGwJqCdvv5dRX8cgWsqrK2U7+STWN44c8nuSE4
n9IAO2FgBDUVRI99dT1vxtMOJ9PIkR7DBxdN92bQ5sv0N+Q6SKTGF1wjDnQuJHFf
LmUsKo5QIGxUsDQHd/1s9CrTKoDuWOX5u1g3usp1O1roxAXbM9v2iRQAB4Hep59e
6m2GhzVU6znVzZliIi+Nz7+JMJeaXAmEzx224Xa+wdL/QS2IAgBbus28o/mxZsgO
g02B1XO1hN2TqGQ8Jt7QYqEwaHKtC+Sph9ppSoJlLvS0IaVGstM2RhH0xQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNi0I3gPzRNLBbbte5lUvMxwN0byMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvMkxRamVBX05FMHNGdHUxN21WUzh6SEEzUnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEAhawAwQF
AhcgAwQEX2QAMA0GCSqGSIb3DQEBCwUAA4IBAQCLg8k/jEej8jbrPGjEFubuPCTQ
mzCdJ7tg6sGKdtHrrxpY4YtLHgmoT8XBjF2J5cSpF0R1nlu2jVjYbCqXX4pg8gTz
gAMo73DHf1ywj402RWqU9M1jAZ+zfosk3fy93tTfwVWMfU6/Nx20zrCwIRTaZFfC
Uxy1Iuh1hgVoXekis/dvuLSfZ8N2BsTOukz/T9n0nHdAKKcvVxZTjxPh1QUZvHcl
8uS9Nn00bPTrMxbqOmqFaQHL2NkfD2xi6ybLWWHiRdt9Dc3QQvLv9TGil2gy084/
uMX7SZhY+gNK26NhTo1//0+VzT78tEAZ2XkNPp0I+afkDBcE0rRdt9LT9hEN
-----END CERTIFICATE-----