Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Epg1vF_5BJLjAYfOFist2Y6crhc.roa
File:                     Epg1vF_5BJLjAYfOFist2Y6crhc.roa (raw, json)
Hash identifier:          ieBl1a7+qmeo5b+2RNrfuka7CUQuc4IHZMuqL1Uvrjo=
Subject key identifier:   12:98:35:BC:5F:F9:04:92:E3:01:87:CE:16:2B:2D:D9:8E:9C:AE:17
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F91EF92DFACB739E2566BA30478C32E
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Epg1vF_5BJLjAYfOFist2Y6crhc.roa
Signing time:             Wed 27 Mar 2024 11:00:54 +0000
ROA not before:           Wed 27 Mar 2024 11:00:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8781
IP address blocks:        2.23.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:91:ef:92:df:ac:b7:39:e2:56:6b:a3:04:78:c3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:00:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=129835bc5ff90492e30187ce162b2dd98e9cae17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c1:b0:4c:0e:cd:7f:11:6d:13:64:12:47:7b:
                    71:a8:26:75:de:d8:f7:70:9b:14:c7:45:86:25:b4:
                    e5:c8:fe:55:78:73:3d:5e:31:6c:63:94:ac:18:52:
                    70:17:d6:fb:ce:91:08:71:cd:f6:8f:e3:84:be:cd:
                    27:be:3e:a6:98:db:6c:df:68:72:1e:5d:75:66:2e:
                    78:ff:a5:68:7b:dc:89:30:2f:87:3d:3b:5e:81:1d:
                    3d:5b:26:9d:c6:41:93:59:0f:33:97:5b:3a:c2:f2:
                    02:fc:01:dc:ab:ee:20:39:b7:5c:37:ac:ce:da:79:
                    cf:5f:1f:7e:c3:11:da:b2:6e:5a:20:dd:e9:ce:b8:
                    ca:71:a5:eb:75:2d:e5:8c:f1:18:2c:dc:0b:d4:1f:
                    ae:77:5d:31:46:ed:cd:2a:2e:01:71:44:51:b9:30:
                    4e:81:d7:f0:87:56:3c:fa:07:82:1c:8c:79:e9:ac:
                    74:0b:2d:6a:b8:d8:01:e9:08:eb:5f:bd:e4:b6:97:
                    07:4c:74:a6:ca:25:98:35:bc:d2:68:1c:c0:c6:90:
                    86:e4:fa:e7:a4:39:7a:f3:39:f0:64:7c:9b:d8:06:
                    4f:e6:6d:7c:41:97:20:9f:7c:63:39:07:55:ef:b0:
                    19:65:86:6b:fe:d9:b9:79:3d:e0:a7:d0:f6:34:56:
                    73:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:98:35:BC:5F:F9:04:92:E3:01:87:CE:16:2B:2D:D9:8E:9C:AE:17
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Epg1vF_5BJLjAYfOFist2Y6crhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.23.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         75:7f:cd:b1:c6:12:21:f3:e7:e7:71:87:f9:74:9a:dc:36:a6:
         fb:bd:c0:dc:31:17:c5:64:a0:06:9d:d7:9d:2f:7d:ec:7f:b4:
         4e:53:6f:c6:5c:c5:fd:87:04:d1:7b:ec:53:e6:f2:df:6a:38:
         a3:16:df:8e:be:b4:e1:42:c6:fe:e1:31:c5:15:01:a2:f9:50:
         ea:bf:21:bd:c3:19:ac:73:e8:c1:20:c8:4c:63:19:cc:f6:b5:
         26:6a:99:81:5e:ad:9b:ee:d5:b2:b1:3b:f7:87:fe:fc:47:f4:
         14:d9:ad:d1:e4:c6:4f:86:a4:23:fc:b9:17:f1:38:4c:37:bb:
         62:34:1f:2f:d6:cd:e2:eb:55:22:f7:11:ac:90:c6:7a:aa:e4:
         cb:02:63:57:dc:62:99:db:c1:0c:fe:99:6a:c2:2d:c4:e6:f6:
         3e:f1:b5:78:68:5f:19:2d:2a:01:8f:18:1a:c3:3f:78:3f:ce:
         00:88:69:73:d4:0d:09:dc:0d:21:2c:3d:68:0f:7c:71:d6:f9:
         aa:71:2f:04:b0:80:66:40:e5:3d:03:ee:52:cb:f0:07:27:a3:
         41:19:7a:61:a3:0a:b7:86:47:fe:fd:47:5c:21:1f:d1:e7:13:
         1b:3c:50:4a:60:dc:12:d7:da:5c:2b:2e:f3:fc:a9:95:f7:bf:
         bc:9d:23:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/ke+S36y3OeJWa6MEeMMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEwMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjk4MzViYzVmZjkwNDkyZTMwMTg3Y2UxNjJiMmRkOThlOWNhZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsGwTA7NfxFtE2QSR3txqCZ13tj3
cJsUx0WGJbTlyP5VeHM9XjFsY5SsGFJwF9b7zpEIcc32j+OEvs0nvj6mmNts32hy
Hl11Zi54/6Voe9yJMC+HPTtegR09WyadxkGTWQ8zl1s6wvIC/AHcq+4gObdcN6zO
2nnPXx9+wxHasm5aIN3pzrjKcaXrdS3ljPEYLNwL1B+ud10xRu3NKi4BcURRuTBO
gdfwh1Y8+geCHIx56ax0Cy1quNgB6QjrX73ktpcHTHSmyiWYNbzSaBzAxpCG5Prn
pDl68znwZHyb2AZP5m18QZcgn3xjOQdV77AZZYZr/tm5eT3gp9D2NFZzzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKYNbxf+QSS4wGHzhYrLdmOnK4XMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvRXBnMXZGXzVCSkxqQVlmT0Zpc3QyWTZjcmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFAhfgMA0G
CSqGSIb3DQEBCwUAA4IBAQB1f82xxhIh8+fncYf5dJrcNqb7vcDcMRfFZKAGnded
L33sf7ROU2/GXMX9hwTRe+xT5vLfajijFt+OvrThQsb+4THFFQGi+VDqvyG9wxms
c+jBIMhMYxnM9rUmapmBXq2b7tWysTv3h/78R/QU2a3R5MZPhqQj/LkX8ThMN7ti
NB8v1s3i61Ui9xGskMZ6quTLAmNX3GKZ28EM/plqwi3E5vY+8bV4aF8ZLSoBjxga
wz94P84AiGlz1A0J3A0hLD1oD3xx1vmqcS8EsIBmQOU9A+5Sy/AHJ6NBGXphowq3
hkf+/UdcIR/R5xMbPFBKYNwS19pcKy7z/KmV97+8nSMy
-----END CERTIFICATE-----