Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Hdu2TTdsBFXLQyzFmsf6Sx6eXRc.roa
File:                     Hdu2TTdsBFXLQyzFmsf6Sx6eXRc.roa (raw, json)
Hash identifier:          Jjvj8fRAGRmWPMD/LhUR8JWyL4bCUKChDYF5+CtVkWI=
Subject key identifier:   1D:DB:B6:4D:37:6C:04:55:CB:43:2C:C5:9A:C7:FA:4B:1E:9E:5D:17
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F974ADF09339F19D51CE87615047D62
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Hdu2TTdsBFXLQyzFmsf6Sx6eXRc.roa
Signing time:             Wed 27 Mar 2024 11:06:45 +0000
ROA not before:           Wed 27 Mar 2024 11:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15897
IP address blocks:        2.18.4.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:97:4a:df:09:33:9f:19:d5:1c:e8:76:15:04:7d:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ddbb64d376c0455cb432cc59ac7fa4b1e9e5d17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c9:3c:3f:c8:9e:be:20:c7:65:51:ff:2d:6a:
                    f4:10:4b:38:fe:87:36:c7:59:91:a1:c9:99:41:5b:
                    1c:ad:2a:62:a6:6d:97:74:82:b4:16:72:d6:28:18:
                    13:8a:f9:43:0e:53:a2:6b:56:c1:9f:42:20:83:6b:
                    c0:85:57:ba:08:8c:4c:2a:a5:e1:00:bd:25:62:20:
                    b6:7f:63:fd:f7:40:e2:9b:23:d8:82:69:ac:86:5e:
                    58:ee:26:8e:a6:30:bd:84:11:d9:2b:58:08:f4:0c:
                    ca:55:9b:cd:14:e9:bf:00:1e:7c:ad:97:e5:94:32:
                    30:98:d6:89:d1:0a:69:57:31:a4:9f:49:de:77:78:
                    0a:f1:ae:35:2d:92:9d:32:0a:e5:6c:af:44:72:e2:
                    1c:94:72:ba:ee:7f:5c:7e:22:56:48:83:b7:86:ab:
                    e1:15:ef:68:c1:78:49:1b:71:c3:05:77:a4:49:ae:
                    3f:f2:06:26:22:cb:ee:be:2c:82:24:a0:89:b5:44:
                    bc:ac:ea:98:2b:90:f9:a8:35:b2:32:99:a1:50:30:
                    fb:32:f5:8b:87:8c:2b:d1:90:58:02:e7:07:63:37:
                    e4:7b:7f:04:bf:0d:d8:18:fa:31:51:5a:75:0c:df:
                    42:30:6e:bc:a0:2b:6c:10:21:db:29:be:0a:01:9c:
                    ad:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DB:B6:4D:37:6C:04:55:CB:43:2C:C5:9A:C7:FA:4B:1E:9E:5D:17
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Hdu2TTdsBFXLQyzFmsf6Sx6eXRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.18.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:88:bc:ef:56:9a:9f:02:53:84:49:d6:7d:96:24:07:da:06:
         54:65:b6:ad:b2:57:e5:5f:79:b6:82:ef:58:9a:cf:0f:bf:11:
         e9:0e:bd:de:5a:43:e6:ef:82:10:c8:e5:a1:f5:53:f5:9e:5f:
         c0:c3:1d:7f:16:21:26:53:44:1e:5f:94:c5:48:9d:9e:13:f3:
         36:38:3a:a3:1f:8e:94:a3:29:36:46:bd:e4:24:be:d4:f2:30:
         c3:55:5e:fe:4f:02:2d:aa:30:66:8c:01:8a:cc:5b:2c:57:ca:
         a3:39:d6:56:f9:ba:2a:87:45:17:84:c1:ba:7d:d2:35:6b:94:
         9d:64:61:7a:59:d3:dc:c5:ae:4d:70:63:59:a7:b5:0e:70:d4:
         cf:92:88:44:13:23:70:9b:f7:7d:69:1b:11:bf:f7:0a:d7:2d:
         d4:e8:0a:84:ea:3f:e0:38:cc:b8:8d:39:5c:3e:1f:b5:27:53:
         b4:04:ad:b9:a2:cd:1c:4e:92:88:a1:e5:1b:0e:5c:7b:0c:28:
         54:22:e7:10:af:14:2a:24:87:50:84:bb:4c:a1:56:e4:26:dc:
         33:cc:c2:0e:22:90:b7:e5:58:d6:1a:b0:18:fb:71:d3:c3:72:
         84:22:52:51:ce:fb:16:54:19:02:3e:c5:89:c1:92:17:06:90:
         7b:9a:19:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/l0rfCTOfGdUc6HYVBH1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRiYjY0ZDM3NmMwNDU1Y2I0MzJjYzU5YWM3ZmE0YjFlOWU1ZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArck8P8ieviDHZVH/LWr0EEs4/oc2
x1mRocmZQVscrSpipm2XdIK0FnLWKBgTivlDDlOia1bBn0Igg2vAhVe6CIxMKqXh
AL0lYiC2f2P990DimyPYgmmshl5Y7iaOpjC9hBHZK1gI9AzKVZvNFOm/AB58rZfl
lDIwmNaJ0QppVzGkn0ned3gK8a41LZKdMgrlbK9EcuIclHK67n9cfiJWSIO3hqvh
Fe9owXhJG3HDBXekSa4/8gYmIsvuviyCJKCJtUS8rOqYK5D5qDWyMpmhUDD7MvWL
h4wr0ZBYAucHYzfke38Evw3YGPoxUVp1DN9CMG68oCtsECHbKb4KAZytawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3btk03bARVy0MsxZrH+ksenl0XMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvSGR1MlRUZHNCRlhMUXl6Rm1zZjZTeDZlWFJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhIEMA0G
CSqGSIb3DQEBCwUAA4IBAQBMiLzvVpqfAlOESdZ9liQH2gZUZbatslflX3m2gu9Y
ms8PvxHpDr3eWkPm74IQyOWh9VP1nl/Awx1/FiEmU0QeX5TFSJ2eE/M2ODqjH46U
oyk2Rr3kJL7U8jDDVV7+TwItqjBmjAGKzFssV8qjOdZW+boqh0UXhMG6fdI1a5Sd
ZGF6WdPcxa5NcGNZp7UOcNTPkohEEyNwm/d9aRsRv/cK1y3U6AqE6j/gOMy4jTlc
Ph+1J1O0BK25os0cTpKIoeUbDlx7DChUIucQrxQqJIdQhLtMoVbkJtwzzMIOIpC3
5VjWGrAY+3HTw3KEIlJRzvsWVBkCPsWJwZIXBpB7mhnD
-----END CERTIFICATE-----