Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YIHfsQxMhnN2IXymXJ-CzpYGV7g.roa
File:                     YIHfsQxMhnN2IXymXJ-CzpYGV7g.roa (raw, json)
Hash identifier:          ICGkNeyIdYEoAUXy6rayCFUK84DOWhpkxCG7NO+OVF4=
Subject key identifier:   60:81:DF:B1:0C:4C:86:73:76:21:7C:A6:5C:9F:82:CE:96:06:57:B8
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F898F06B9DF9347FAE8630A9014D1F0
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YIHfsQxMhnN2IXymXJ-CzpYGV7g.roa
Signing time:             Wed 27 Mar 2024 10:51:45 +0000
ROA not before:           Wed 27 Mar 2024 10:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     852
IP address blocks:        2.22.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:89:8f:06:b9:df:93:47:fa:e8:63:0a:90:14:d1:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 10:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6081dfb10c4c867376217ca65c9f82ce960657b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d9:81:fa:56:70:c4:6a:da:7b:d1:d3:3c:a6:
                    16:26:1a:c2:9f:d0:4b:96:71:77:4e:90:36:0c:40:
                    43:3c:1d:4d:19:82:e8:17:90:91:fe:bd:f8:e4:36:
                    d1:e8:57:dd:12:fd:d3:ff:82:6f:b5:20:b6:07:30:
                    26:79:4c:f1:1b:a7:43:7f:1c:8a:a8:91:f5:63:93:
                    14:54:f0:3c:dc:0e:0a:c7:b8:b8:01:8c:ac:dd:3b:
                    62:47:8e:79:16:2c:7c:16:f8:a2:1c:cb:6d:c4:90:
                    a1:7e:33:91:1b:f9:d6:44:0f:6b:15:be:04:ce:7d:
                    71:07:27:b8:c0:26:18:39:00:03:29:68:7b:6f:63:
                    86:4f:ff:27:c3:a1:35:f0:80:6c:9c:53:9f:d3:d8:
                    77:38:40:94:b0:ba:b9:3e:1b:2c:50:f1:d2:62:36:
                    66:b9:96:6b:e9:cf:74:34:6c:65:41:16:25:c4:44:
                    bb:ab:48:68:dc:d7:28:30:1d:81:23:a3:21:b1:c3:
                    39:a0:2f:a0:47:89:62:06:02:75:6f:30:79:7c:8c:
                    93:56:5a:c3:1b:13:6e:23:2e:ba:98:d3:61:42:cc:
                    a6:83:cd:fa:85:a9:4f:f8:80:d5:e0:31:fc:21:86:
                    bc:e9:1c:6e:54:03:9c:1c:1c:1b:95:47:59:bb:fe:
                    c6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:81:DF:B1:0C:4C:86:73:76:21:7C:A6:5C:9F:82:CE:96:06:57:B8
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/YIHfsQxMhnN2IXymXJ-CzpYGV7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.22.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:e4:d2:3e:78:e8:ae:c7:eb:74:01:ee:e9:2f:34:b0:85:64:
         e5:0c:df:19:b3:6e:f9:0f:a8:a4:3e:6c:ba:6f:95:40:3a:83:
         d2:4a:c6:53:d6:95:88:3a:0e:38:a1:5f:c5:ba:8e:55:c0:23:
         a2:f3:9a:33:3d:01:eb:a0:a4:5e:a0:12:82:8a:47:dd:29:a9:
         48:78:65:62:e4:36:a7:66:98:16:27:bd:ac:d6:a8:00:6e:78:
         0c:ef:7f:2c:10:86:13:4a:49:e9:56:79:d6:56:41:cf:dd:c8:
         54:af:c1:62:ce:40:bc:52:60:67:34:2c:c4:eb:be:8e:d8:a5:
         af:fb:44:46:4e:bc:27:01:21:bc:4a:80:18:72:d9:1b:c7:02:
         62:b8:dc:12:3b:fc:04:b9:19:b4:ef:c3:ec:43:3c:bb:b2:8d:
         1c:e1:1b:af:85:30:32:a4:4f:3e:36:7b:25:cf:27:6c:87:0b:
         fa:d9:4f:ce:09:93:30:af:73:b3:21:20:cd:4d:c9:ae:02:18:
         0e:1b:2f:36:33:ea:89:f2:c5:4c:bb:a8:a0:52:28:12:39:f4:
         3c:1e:21:d0:8d:41:52:19:44:d1:d9:89:1d:62:6f:9f:37:5b:
         a3:1a:09:d3:b6:88:b8:14:b1:44:fe:4b:a3:80:2c:0c:7a:f4:
         ef:e2:47:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/iY8Gud+TR/roYwqQFNHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTA1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDgxZGZiMTBjNGM4NjczNzYyMTdjYTY1YzlmODJjZTk2MDY1N2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtmB+lZwxGrae9HTPKYWJhrCn9BL
lnF3TpA2DEBDPB1NGYLoF5CR/r345DbR6FfdEv3T/4JvtSC2BzAmeUzxG6dDfxyK
qJH1Y5MUVPA83A4Kx7i4AYys3TtiR455Fix8FviiHMttxJChfjORG/nWRA9rFb4E
zn1xBye4wCYYOQADKWh7b2OGT/8nw6E18IBsnFOf09h3OECUsLq5PhssUPHSYjZm
uZZr6c90NGxlQRYlxES7q0ho3NcoMB2BI6MhscM5oC+gR4liBgJ1bzB5fIyTVlrD
GxNuIy66mNNhQsymg836halP+IDV4DH8IYa86RxuVAOcHBwblUdZu/7GBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCB37EMTIZzdiF8plyfgs6WBle4MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWUlIZnNReE1obk4ySVh5bVhKLUN6cFlHVjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhZIMA0G
CSqGSIb3DQEBCwUAA4IBAQCI5NI+eOiux+t0Ae7pLzSwhWTlDN8Zs275D6ikPmy6
b5VAOoPSSsZT1pWIOg44oV/Fuo5VwCOi85ozPQHroKReoBKCikfdKalIeGVi5Dan
ZpgWJ72s1qgAbngM738sEIYTSknpVnnWVkHP3chUr8FizkC8UmBnNCzE676O2KWv
+0RGTrwnASG8SoAYctkbxwJiuNwSO/wEuRm078PsQzy7so0c4RuvhTAypE8+Nnsl
zydshwv62U/OCZMwr3OzISDNTcmuAhgOGy82M+qJ8sVMu6igUigSOfQ8HiHQjUFS
GUTR2YkdYm+fN1ujGgnTtoi4FLFE/kujgCwMevTv4kfh
-----END CERTIFICATE-----