Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_KEpnSPEdc_Cdlbl5NabIXmCzzc.roa
File:                     _KEpnSPEdc_Cdlbl5NabIXmCzzc.roa (raw, json)
Hash identifier:          4OMM7vXzOme43UD50i99t97g39LJNJ3MSxLX4Gr+jAA=
Subject key identifier:   FC:A1:29:9D:23:C4:75:CF:C2:76:56:E5:E4:D6:9B:21:79:82:CF:37
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F948C2145953E840F1F824B982ACEB2
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_KEpnSPEdc_Cdlbl5NabIXmCzzc.roa
Signing time:             Wed 27 Mar 2024 11:03:45 +0000
ROA not before:           Wed 27 Mar 2024 11:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8966
IP address blocks:        2.16.44.0/24 maxlen: 24
                          2.20.249.0/24 maxlen: 24
                          2.21.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:94:8c:21:45:95:3e:84:0f:1f:82:4b:98:2a:ce:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fca1299d23c475cfc27656e5e4d69b217982cf37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:4a:af:f5:75:5f:10:74:4e:08:d0:17:0a:24:
                    75:0f:93:15:0e:8a:c1:5d:d0:b1:5e:00:12:4d:e3:
                    f3:61:36:9f:e8:00:4d:11:0f:dd:10:fa:77:7e:fa:
                    2c:40:e2:4b:f8:fd:cc:05:9c:38:ef:0e:51:d7:8f:
                    78:c1:f4:0f:37:f5:6d:68:50:11:55:5e:70:88:e7:
                    98:e6:2e:1c:52:30:03:08:55:3b:6e:60:f3:cf:ad:
                    e5:8d:7a:25:0b:d4:81:11:f2:69:90:8a:ea:d7:85:
                    3b:72:29:b4:94:c9:db:f5:d8:75:6b:f6:b5:11:54:
                    c3:45:22:b7:81:fc:f7:95:05:8a:a4:8c:17:28:c3:
                    c2:38:97:83:ec:17:be:96:9a:89:f6:ed:7a:27:ed:
                    1e:e8:60:b9:cd:ec:9e:1d:97:4e:b1:3d:e0:c2:e3:
                    f4:4e:98:cc:69:6a:ff:f6:8b:46:61:82:ac:65:ac:
                    43:c5:f0:85:df:0c:db:f6:2a:a9:45:77:c0:ca:f6:
                    bc:9a:1e:d3:a1:72:0a:2d:38:43:26:63:36:e7:4f:
                    27:5a:32:7f:cb:d3:6b:90:9d:f4:04:12:ea:7e:ee:
                    20:82:64:77:c5:41:83:5a:53:14:4f:ae:f8:27:ff:
                    9f:85:11:d6:28:6e:8d:9c:ed:da:16:dd:ea:e7:fb:
                    8e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A1:29:9D:23:C4:75:CF:C2:76:56:E5:E4:D6:9B:21:79:82:CF:37
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_KEpnSPEdc_Cdlbl5NabIXmCzzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.16.44.0/24
                  2.20.249.0/24
                  2.21.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:ea:f1:17:88:27:4e:c8:0f:53:bc:22:29:05:29:d2:6e:86:
         af:56:95:df:1d:a8:a7:36:6b:f8:14:2d:a5:09:37:8f:38:64:
         51:4e:5c:09:23:31:5c:26:43:94:e1:89:f9:9d:03:9f:98:d9:
         45:a5:39:f6:4f:cf:b7:dd:fb:9d:55:ba:63:e4:77:6d:77:8e:
         a3:ee:cd:9e:22:e9:58:4e:a7:78:b1:7c:97:6b:61:d2:08:1d:
         53:1d:3d:83:49:1a:71:53:49:04:75:eb:24:a9:9a:27:0a:ed:
         ef:0b:49:ee:b8:cd:9a:42:c7:f2:a1:04:5a:75:10:9c:8b:77:
         f4:8e:a0:5c:0e:ad:29:9a:26:e7:25:0a:01:3e:72:2f:b5:3e:
         71:58:fd:2f:db:bb:7e:f7:2f:bd:26:74:a7:92:f7:44:d5:bf:
         9f:c8:97:2d:eb:17:3e:63:0e:b3:95:a2:2d:21:b6:f1:6a:08:
         ac:bf:0d:30:ec:fb:5f:54:88:ab:47:7d:53:f0:91:87:70:ca:
         09:10:d9:d5:19:01:2c:0b:46:d4:7a:66:d6:22:59:77:ab:33:
         20:2b:0b:a9:b8:43:74:e6:ba:ea:3d:16:d4:23:80:94:eb:86:
         d0:6a:92:2b:be:90:5b:db:07:ee:58:91:b9:a1:48:32:33:57:
         41:fd:cf:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5/lIwhRZU+hA8fgkuYKs6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2ExMjk5ZDIzYzQ3NWNmYzI3NjU2ZTVlNGQ2OWIyMTc5ODJjZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kqv9XVfEHROCNAXCiR1D5MVDorB
XdCxXgASTePzYTaf6ABNEQ/dEPp3fvosQOJL+P3MBZw47w5R1494wfQPN/VtaFAR
VV5wiOeY5i4cUjADCFU7bmDzz63ljXolC9SBEfJpkIrq14U7cim0lMnb9dh1a/a1
EVTDRSK3gfz3lQWKpIwXKMPCOJeD7Be+lpqJ9u16J+0e6GC5zeyeHZdOsT3gwuP0
TpjMaWr/9otGYYKsZaxDxfCF3wzb9iqpRXfAyva8mh7ToXIKLThDJmM2508nWjJ/
y9NrkJ30BBLqfu4ggmR3xUGDWlMUT674J/+fhRHWKG6NnO3aFt3q5/uOLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPyhKZ0jxHXPwnZW5eTWmyF5gs83MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvX0tFcG5TUEVkY19DZGxibDVOYWJJWG1DenpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAhAsAwQA
AhT5AwQAAhXnMA0GCSqGSIb3DQEBCwUAA4IBAQAO6vEXiCdOyA9TvCIpBSnSboav
VpXfHainNmv4FC2lCTePOGRRTlwJIzFcJkOU4Yn5nQOfmNlFpTn2T8+33fudVbpj
5Hdtd46j7s2eIulYTqd4sXyXa2HSCB1THT2DSRpxU0kEdeskqZonCu3vC0nuuM2a
QsfyoQRadRCci3f0jqBcDq0pmibnJQoBPnIvtT5xWP0v27t+9y+9JnSnkvdE1b+f
yJct6xc+Yw6zlaItIbbxagisvw0w7PtfVIirR31T8JGHcMoJENnVGQEsC0bUembW
Ill3qzMgKwupuEN05rrqPRbUI4CU64bQapIrvpBb2wfuWJG5oUgyM1dB/c/4
-----END CERTIFICATE-----