Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/mTl1Q9NJrlNien0Lq-lylkQdYfM.roa
File:                     mTl1Q9NJrlNien0Lq-lylkQdYfM.roa (raw, json)
Hash identifier:          fOFyFjl/ce24/wQQECt2mU3fTo086FJ+C778+H0N/o8=
Subject key identifier:   99:39:75:43:D3:49:AE:53:62:7A:7D:0B:AB:E9:72:96:44:1D:61:F3
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7FA41C087BA7564D7A8D096341D7CDC7
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/mTl1Q9NJrlNien0Lq-lylkQdYfM.roa
Signing time:             Wed 27 Mar 2024 11:20:45 +0000
ROA not before:           Wed 27 Mar 2024 11:20:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     37457
IP address blocks:        2.21.160.0/22 maxlen: 22
                          2.21.232.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:a4:1c:08:7b:a7:56:4d:7a:8d:09:63:41:d7:cd:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:20:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99397543d349ae53627a7d0babe97296441d61f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6b:8b:09:3b:92:07:1a:53:0e:34:30:6f:e0:
                    4f:75:bf:22:23:e1:c7:b8:42:35:1b:64:b2:de:31:
                    d5:70:3a:c0:05:af:29:22:91:63:44:d1:5c:77:3f:
                    13:23:be:1d:b7:90:6e:df:73:6a:9b:80:e4:54:25:
                    29:80:fd:22:ab:12:0d:53:7b:06:3c:8d:95:2d:6f:
                    43:8f:58:af:56:4e:ae:59:a4:8b:5a:28:f8:07:9b:
                    4a:ac:e8:89:9b:18:bd:a5:81:50:b8:26:8f:a1:41:
                    fd:7d:e9:b2:75:46:98:84:18:cd:ba:2b:97:d2:4d:
                    0e:e7:bc:c2:d9:2c:1f:2c:fa:ed:8d:a4:58:d8:a6:
                    70:d2:4c:44:81:ab:8a:9b:95:04:6c:48:4d:b9:d0:
                    56:33:52:11:91:7e:33:da:81:8a:a4:59:f4:e3:9b:
                    29:b7:6e:3c:09:ee:57:2f:9e:80:3c:cd:56:20:7e:
                    48:e5:6b:d9:28:7c:75:b0:52:a8:80:be:79:9f:0d:
                    ee:4a:15:00:38:12:58:ac:08:28:be:ae:27:b0:fe:
                    f6:f1:33:00:9b:00:de:23:f6:41:f6:fa:3e:42:96:
                    7a:71:30:19:09:f8:a7:50:4d:36:de:31:3a:2b:b3:
                    8c:97:0c:32:69:13:2b:c1:49:45:23:aa:43:fc:b2:
                    4d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:39:75:43:D3:49:AE:53:62:7A:7D:0B:AB:E9:72:96:44:1D:61:F3
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/mTl1Q9NJrlNien0Lq-lylkQdYfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.21.160.0/22
                  2.21.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:87:dc:4f:c8:9e:8e:d7:ac:ed:4d:ae:f9:81:16:53:24:f1:
         a4:9e:05:13:f8:93:e3:e1:27:93:eb:c6:43:ec:2b:c3:cd:6a:
         22:6a:d9:53:5c:8e:f7:ac:78:fa:77:44:e0:87:97:3a:45:66:
         e0:2d:a2:b8:af:8a:51:c5:87:f0:e3:89:26:e6:ce:54:38:3c:
         89:b8:c6:b4:84:d1:bc:e2:33:b7:3e:95:03:77:5f:0e:d9:cf:
         77:4b:27:02:3d:7a:75:3d:63:55:65:88:0c:db:52:73:07:b3:
         4a:7d:fa:6c:5c:68:b7:4e:9d:aa:10:47:6f:ff:73:91:ef:e2:
         3f:da:b4:e0:2e:63:6c:b5:da:b9:25:f9:cc:46:df:fe:f4:1e:
         ba:40:cd:9f:05:68:ca:22:6d:34:00:80:c6:a1:4d:2b:90:08:
         74:94:a7:1c:ca:48:76:cb:03:1b:96:4d:54:69:8a:0a:bc:4f:
         1b:38:0f:4d:44:33:1c:a9:45:c9:05:e1:75:08:2b:28:d1:9a:
         a3:aa:7e:bb:b1:fe:42:80:7a:e3:84:10:02:7f:d1:bd:30:9f:
         00:c3:6e:b2:1f:18:c4:a4:fb:7e:6c:8f:5c:09:f8:78:c4:3a:
         69:95:08:6b:dc:c0:7b:27:f3:c6:c1:f9:eb:ff:91:5f:b1:5f:
         d9:79:ff:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5/pBwIe6dWTXqNCWNB183HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEyMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTM5NzU0M2QzNDlhZTUzNjI3YTdkMGJhYmU5NzI5NjQ0MWQ2MWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWuLCTuSBxpTDjQwb+BPdb8iI+HH
uEI1G2Sy3jHVcDrABa8pIpFjRNFcdz8TI74dt5Bu33Nqm4DkVCUpgP0iqxINU3sG
PI2VLW9Dj1ivVk6uWaSLWij4B5tKrOiJmxi9pYFQuCaPoUH9femydUaYhBjNuiuX
0k0O57zC2SwfLPrtjaRY2KZw0kxEgauKm5UEbEhNudBWM1IRkX4z2oGKpFn045sp
t248Ce5XL56APM1WIH5I5WvZKHx1sFKogL55nw3uShUAOBJYrAgovq4nsP728TMA
mwDeI/ZB9vo+QpZ6cTAZCfinUE023jE6K7OMlwwyaRMrwUlFI6pD/LJNFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJk5dUPTSa5TYnp9C6vpcpZEHWHzMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvbVRsMVE5TkpybE5pZW4wTHEtbHlsa1FkWWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAhWgAwQC
AhXoMA0GCSqGSIb3DQEBCwUAA4IBAQAih9xPyJ6O16ztTa75gRZTJPGkngUT+JPj
4SeT68ZD7CvDzWoiatlTXI73rHj6d0Tgh5c6RWbgLaK4r4pRxYfw44km5s5UODyJ
uMa0hNG84jO3PpUDd18O2c93SycCPXp1PWNVZYgM21JzB7NKffpsXGi3Tp2qEEdv
/3OR7+I/2rTgLmNstdq5JfnMRt/+9B66QM2fBWjKIm00AIDGoU0rkAh0lKccykh2
ywMblk1UaYoKvE8bOA9NRDMcqUXJBeF1CCso0Zqjqn67sf5CgHrjhBACf9G9MJ8A
w26yHxjEpPt+bI9cCfh4xDpplQhr3MB7J/PGwfnr/5FfsV/Zef+6
-----END CERTIFICATE-----