Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/3OFZzchxlaK0ldhaQDn2Nn0vfYE.roa
File:                     3OFZzchxlaK0ldhaQDn2Nn0vfYE.roa (raw, json)
Hash identifier:          fqnHiXjyJ8YpHAq2ubzycu0QXaT0+rm8yyW9xDiZu6M=
Subject key identifier:   DC:E1:59:CD:C8:71:95:A2:B4:95:D8:5A:40:39:F6:36:7D:2F:7D:81
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018EC343A0E6C75B8EBD8712712647CA7E55
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/3OFZzchxlaK0ldhaQDn2Nn0vfYE.roa
Signing time:             Tue 09 Apr 2024 14:29:32 +0000
ROA not before:           Tue 09 Apr 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1267
IP address blocks:        2.21.164.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:43:a0:e6:c7:5b:8e:bd:87:12:71:26:47:ca:7e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Apr  9 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dce159cdc87195a2b495d85a4039f6367d2f7d81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a3:66:ff:c8:cf:b8:4c:2a:2f:0d:2a:99:f4:
                    37:08:95:45:fd:45:9b:09:ba:3d:5d:67:c8:1c:94:
                    de:7f:c2:73:6e:ed:2c:4a:d7:d9:65:4a:f1:a7:5d:
                    65:93:73:45:0d:d1:5d:5f:74:e9:d5:df:7b:16:d1:
                    01:b5:92:07:68:6a:40:db:81:3a:5e:f9:5f:99:c2:
                    c1:ef:83:92:4b:6e:42:b6:e7:0d:ba:76:84:5d:21:
                    69:a7:df:8a:99:8e:0a:2f:5e:dc:a7:29:75:9f:79:
                    a1:a3:69:de:be:70:ff:df:26:6f:9f:99:8b:1b:f3:
                    fa:57:bf:f3:02:ee:49:28:3d:88:37:f7:c5:1b:a5:
                    52:76:01:ee:e0:15:53:14:ff:2c:49:f5:a7:a9:29:
                    a9:81:e0:bc:a4:0c:9c:ea:71:6d:31:55:e3:c9:e1:
                    38:01:e0:bf:94:fb:83:fc:72:e1:51:9d:7a:2a:06:
                    f1:5c:72:64:84:48:49:3e:48:df:88:1a:7b:80:3a:
                    e1:c3:52:46:0c:c0:ae:21:70:1c:2a:6a:2e:4f:27:
                    16:ba:a8:5d:83:58:1e:0f:26:9c:83:7f:56:07:5f:
                    7f:85:14:b7:70:f9:67:84:be:c0:38:b7:98:0a:97:
                    a9:9b:63:73:06:80:50:8d:ef:8e:fd:92:00:33:66:
                    0b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E1:59:CD:C8:71:95:A2:B4:95:D8:5A:40:39:F6:36:7D:2F:7D:81
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/3OFZzchxlaK0ldhaQDn2Nn0vfYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.21.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:65:c9:f3:4e:3d:ae:fc:10:ce:42:f1:f7:75:34:4c:d2:39:
         a0:3d:45:d8:58:03:42:c9:34:59:00:30:e0:6a:dd:8d:60:fe:
         4c:a2:33:8c:6d:ae:0b:f6:ce:f9:6c:9d:96:b7:7a:8d:15:81:
         5a:ee:8d:60:31:28:a3:67:f5:68:e5:cf:d5:c3:f0:54:99:7b:
         36:eb:3e:14:8d:01:15:83:46:69:ea:ee:58:c6:f3:b8:f7:6a:
         3b:e6:17:16:d5:f5:b7:14:00:ed:e8:14:98:34:74:63:ec:f2:
         a9:1c:c4:d2:f5:11:56:b4:7c:40:1b:54:35:c5:91:ca:d6:dc:
         6d:3a:60:32:92:7c:87:ea:5f:f4:73:5b:66:04:b6:fe:cc:ec:
         ba:ab:81:c6:15:ff:cf:5f:b0:2a:e5:f1:58:9a:a1:07:11:46:
         ab:0b:78:50:ab:50:33:d9:71:61:1a:39:81:f6:50:61:68:58:
         a8:f7:b7:0c:e0:7b:87:b8:33:28:82:94:b9:9c:6a:9c:a4:23:
         e4:ca:2c:66:16:be:ed:e3:84:23:e1:28:64:8c:99:7a:a6:d3:
         27:6e:47:35:65:2a:b0:7a:70:5e:84:0a:d2:9f:ad:5d:a1:67:
         5d:c5:82:6b:ca:88:6f:8a:99:92:35:7e:7f:5a:b4:56:18:13:
         31:60:d5:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7DQ6Dmx1uOvYcScSZHyn5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwNDA5MTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UxNTljZGM4NzE5NWEyYjQ5NWQ4NWE0MDM5ZjYzNjdkMmY3ZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaNm/8jPuEwqLw0qmfQ3CJVF/UWb
Cbo9XWfIHJTef8Jzbu0sStfZZUrxp11lk3NFDdFdX3Tp1d97FtEBtZIHaGpA24E6
XvlfmcLB74OSS25CtucNunaEXSFpp9+KmY4KL17cpyl1n3mho2nevnD/3yZvn5mL
G/P6V7/zAu5JKD2IN/fFG6VSdgHu4BVTFP8sSfWnqSmpgeC8pAyc6nFtMVXjyeE4
AeC/lPuD/HLhUZ16KgbxXHJkhEhJPkjfiBp7gDrhw1JGDMCuIXAcKmouTycWuqhd
g1geDyacg39WB19/hRS3cPlnhL7AOLeYCpepm2NzBoBQje+O/ZIAM2YLOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzhWc3IcZWitJXYWkA59jZ9L32BMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvM09GWnpjaHhsYUswbGRoYVFEbjJObjB2ZllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhWkMA0G
CSqGSIb3DQEBCwUAA4IBAQB7ZcnzTj2u/BDOQvH3dTRM0jmgPUXYWANCyTRZADDg
at2NYP5MojOMba4L9s75bJ2Wt3qNFYFa7o1gMSijZ/Vo5c/Vw/BUmXs26z4UjQEV
g0Zp6u5YxvO492o75hcW1fW3FADt6BSYNHRj7PKpHMTS9RFWtHxAG1Q1xZHK1txt
OmAyknyH6l/0c1tmBLb+zOy6q4HGFf/PX7Aq5fFYmqEHEUarC3hQq1Az2XFhGjmB
9lBhaFio97cM4HuHuDMogpS5nGqcpCPkyixmFr7t44Qj4ShkjJl6ptMnbkc1ZSqw
enBehArSn61doWddxYJryohvipmSNX5/WrRWGBMxYNWR
-----END CERTIFICATE-----