Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/oXTdroaBYTLo1RbL9xBRSSnLuUI.roa
File:                     oXTdroaBYTLo1RbL9xBRSSnLuUI.roa (raw, json)
Hash identifier:          ybEdPtWokHTU6SOSfW1JE9dVldl5wppNRbVll1qtwZI=
Subject key identifier:   A1:74:DD:AE:86:81:61:32:E8:D5:16:CB:F7:10:51:49:29:CB:B9:42
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F91EF504E654E2CF5E90BCBE70F0433
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/oXTdroaBYTLo1RbL9xBRSSnLuUI.roa
Signing time:             Wed 27 Mar 2024 11:00:54 +0000
ROA not before:           Wed 27 Mar 2024 11:00:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        2.17.116.0/22 maxlen: 22
                          2.20.96.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:91:ef:50:4e:65:4e:2c:f5:e9:0b:cb:e7:0f:04:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 11:00:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a174ddae86816132e8d516cbf710514929cbb942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:39:d2:af:96:54:d1:29:89:c7:39:be:12:6f:
                    16:6a:72:d7:e3:73:5c:8f:52:99:e1:96:89:6f:a9:
                    7d:f0:b8:dd:d6:97:85:63:5b:03:8e:c3:c3:ae:f4:
                    6f:b0:ca:e5:c6:81:c3:a9:53:fc:0a:54:f6:1d:33:
                    f3:20:64:2a:a3:0e:7d:af:dc:82:b0:75:4a:ce:88:
                    68:d4:57:15:12:5a:43:c5:9f:09:66:eb:d5:39:8a:
                    cc:7a:49:f1:10:a0:f0:c6:00:1a:0d:61:cb:57:92:
                    5e:81:83:60:ee:29:ac:a8:34:5d:58:b5:41:cc:f6:
                    29:92:88:63:bf:d4:8d:f3:af:69:6d:ed:17:c8:88:
                    17:b4:fc:cc:75:f2:3d:d0:03:cd:9f:22:b9:74:c3:
                    a0:b5:9b:07:08:60:cc:9b:c4:e5:74:cc:fb:23:0b:
                    4c:01:06:27:09:2e:3a:d7:e8:c7:fa:06:6d:e2:5b:
                    ea:9f:d5:5f:c4:86:68:1f:89:4a:e2:ff:9b:46:8c:
                    94:9c:cd:c0:71:fc:85:fd:70:9e:7c:2a:50:e7:80:
                    4d:cb:33:fa:a6:a1:81:3b:83:8b:0c:71:5f:f5:ad:
                    65:2b:51:ca:9b:e7:6a:4f:ab:ec:24:b9:50:81:5d:
                    3a:e2:ec:62:35:4c:ed:30:1e:4a:ee:9a:b5:35:64:
                    92:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:74:DD:AE:86:81:61:32:E8:D5:16:CB:F7:10:51:49:29:CB:B9:42
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/oXTdroaBYTLo1RbL9xBRSSnLuUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.17.116.0/22
                  2.20.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7c:c2:ec:d2:b4:1c:e1:5b:aa:b0:41:13:89:dc:1a:9c:5a:e3:
         23:ac:23:b7:08:9e:bf:10:56:43:37:df:cb:1c:4f:96:27:bc:
         e5:0b:33:c9:d5:66:79:9b:88:0c:0b:cf:b7:e9:8b:41:38:c1:
         8c:49:21:e3:06:5d:c9:ea:a6:d0:ff:0b:1d:cb:e7:46:a7:85:
         d3:d4:61:be:5b:48:da:74:6c:23:00:54:71:96:56:23:e8:bc:
         74:e5:ad:5a:9c:47:de:ee:df:56:1d:2a:e0:d0:06:ed:63:39:
         a6:16:b1:f2:c1:70:81:1a:17:27:3f:4f:08:cf:cb:0d:96:f2:
         84:c4:ed:d7:1d:47:df:e5:89:24:00:cf:06:8c:d1:c8:e5:a6:
         71:aa:b4:35:9c:79:ce:7c:c3:fc:21:2f:40:35:65:d9:d6:57:
         c6:7b:dd:99:6e:2e:7d:15:74:54:b5:bf:c7:23:d6:dc:32:0d:
         30:0d:11:08:dd:5c:c3:52:47:fd:71:e5:7e:6c:05:49:1d:d8:
         28:6d:b7:a2:a1:76:72:d8:03:f1:eb:59:4a:82:02:f3:5d:9a:
         65:32:c2:e3:b5:02:46:2d:ae:83:ce:d4:fc:03:a3:c0:e9:a5:
         e5:86:89:76:db:52:6d:21:eb:60:ad:87:3c:fc:7b:cb:44:d4:
         39:35:06:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5/ke9QTmVOLPXpC8vnDwQzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTEwMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTc0ZGRhZTg2ODE2MTMyZThkNTE2Y2JmNzEwNTE0OTI5Y2JiOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjnSr5ZU0SmJxzm+Em8WanLX43Nc
j1KZ4ZaJb6l98Ljd1peFY1sDjsPDrvRvsMrlxoHDqVP8ClT2HTPzIGQqow59r9yC
sHVKzoho1FcVElpDxZ8JZuvVOYrMeknxEKDwxgAaDWHLV5JegYNg7imsqDRdWLVB
zPYpkohjv9SN869pbe0XyIgXtPzMdfI90APNnyK5dMOgtZsHCGDMm8TldMz7IwtM
AQYnCS461+jH+gZt4lvqn9VfxIZoH4lK4v+bRoyUnM3AcfyF/XCefCpQ54BNyzP6
pqGBO4OLDHFf9a1lK1HKm+dqT6vsJLlQgV064uxiNUztMB5K7pq1NWSSPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKF03a6GgWEy6NUWy/cQUUkpy7lCMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvb1hUZHJvYUJZVExvMVJiTDl4QlJTU25MdVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAhF0AwQF
AhRgMA0GCSqGSIb3DQEBCwUAA4IBAQB8wuzStBzhW6qwQROJ3BqcWuMjrCO3CJ6/
EFZDN9/LHE+WJ7zlCzPJ1WZ5m4gMC8+36YtBOMGMSSHjBl3J6qbQ/wsdy+dGp4XT
1GG+W0jadGwjAFRxllYj6Lx05a1anEfe7t9WHSrg0AbtYzmmFrHywXCBGhcnP08I
z8sNlvKExO3XHUff5YkkAM8GjNHI5aZxqrQ1nHnOfMP8IS9ANWXZ1lfGe92Zbi59
FXRUtb/HI9bcMg0wDREI3VzDUkf9ceV+bAVJHdgobbeioXZy2APx61lKggLzXZpl
MsLjtQJGLa6DztT8A6PA6aXlhol221JtIetgrYc8/HvLRNQ5NQal
-----END CERTIFICATE-----