Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/aMkslMPtuerO9mVgj5xsm7a5u_Y.roa
File:                     aMkslMPtuerO9mVgj5xsm7a5u_Y.roa (raw, json)
Hash identifier:          7CGHjHkpVwmT9e7e6R+zM5hnthZnRRKuiThNT8P8ODQ=
Subject key identifier:   68:C9:2C:94:C3:ED:B9:EA:CE:F6:65:60:8F:9C:6C:9B:B6:B9:BB:F6
Certificate issuer:       /CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
Certificate serial:       018CC795256578D203F6CF2C5F1D7356111A
Authority key identifier: 4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/aMkslMPtuerO9mVgj5xsm7a5u_Y.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196858
IP address blocks:        213.227.66.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:25:65:78:d2:03:f6:cf:2c:5f:1d:73:56:11:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68c92c94c3edb9eacef665608f9c6c9bb6b9bbf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:49:1b:e2:78:37:3e:4b:20:aa:02:f5:fc:14:
                    3b:b2:a4:a5:c0:40:9b:69:56:8f:53:95:35:21:1c:
                    55:69:a3:11:39:28:35:87:8c:a0:61:be:6f:b6:00:
                    1e:ef:0f:71:74:7d:1d:6a:e0:cf:55:e9:e4:54:8b:
                    bd:8c:4c:fe:6a:82:c9:92:06:98:f9:a3:ad:54:8f:
                    b5:d0:5c:fe:bb:b3:61:ed:f0:81:bd:e2:7a:49:cb:
                    30:c8:dd:f8:14:01:01:02:0d:7f:03:bd:ae:55:d4:
                    bd:14:f5:7c:c0:9b:1d:83:6b:64:fb:8d:96:c4:8f:
                    03:23:f6:7b:a8:d9:c1:c1:86:81:1b:83:96:f1:10:
                    8b:1a:f6:f7:ae:e9:d0:75:eb:79:11:7b:ac:8d:c5:
                    d2:0b:8b:98:96:3a:5d:66:68:48:78:09:23:27:7a:
                    8f:d9:4d:32:38:df:72:9a:a0:55:7f:a2:7f:34:aa:
                    40:af:89:de:17:79:6a:7d:c2:89:8a:33:8d:58:65:
                    e9:fb:f7:5a:1e:bc:0f:55:b9:54:a8:8f:81:a7:73:
                    04:dc:c4:82:8d:c7:a0:46:f2:d3:a2:c7:6c:17:bb:
                    ce:7e:1f:d2:34:a0:03:fd:af:b7:45:11:c0:a4:2d:
                    5c:69:41:87:f7:cb:32:bf:11:c6:f0:69:06:42:95:
                    3f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C9:2C:94:C3:ED:B9:EA:CE:F6:65:60:8F:9C:6C:9B:B6:B9:BB:F6
            X509v3 Authority Key Identifier:
                keyid:4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/aMkslMPtuerO9mVgj5xsm7a5u_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.227.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:2f:87:8f:0c:4f:f7:87:f2:c3:8b:e6:56:e5:e0:d1:e0:09:
         8b:46:88:77:67:bf:3f:98:0c:d2:9a:10:1f:cb:d5:be:c8:89:
         56:41:4b:bf:20:a1:7c:32:1e:68:04:78:02:64:ab:f8:d9:48:
         1a:72:0e:5d:1a:3a:05:8f:30:72:d1:48:90:95:3a:16:ad:6a:
         08:24:36:91:2c:f2:1a:e1:a4:1c:07:12:49:b2:bd:9a:2c:83:
         c5:52:4c:10:23:a2:e7:d4:57:3d:77:fb:4d:bc:10:b8:35:e0:
         f9:ea:28:0e:26:d0:1e:eb:7d:0c:7c:20:01:a7:cd:4f:2b:42:
         cc:27:43:ad:bc:0f:90:19:6c:ce:f2:73:78:a8:4b:96:44:4d:
         9c:05:b3:b6:9c:de:5a:c3:b6:72:73:ff:9f:84:47:87:d4:cb:
         ca:5a:6d:34:fd:a1:28:3b:ee:89:33:ac:ac:16:d0:d5:b5:8c:
         4c:93:50:cb:e0:42:48:7d:a1:72:12:8d:64:23:b1:53:87:ed:
         1f:5e:37:e3:2e:1f:0e:e5:b9:90:5d:3c:08:fa:0a:a1:88:ef:
         2a:6b:b4:bb:91:2a:53:f7:21:3f:86:54:9a:51:00:c9:90:eb:
         39:52:a6:2a:d6:8e:4e:a9:0d:7f:3e:86:39:5b:66:77:97:48:
         28:2e:bf:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSVleNID9s8sXx1zVhEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDA1Y2FhYjM0YmJmZGU2YjhlZTY2YzYwMDg2MGM2Y2U5
NmYzMmIwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM5MmM5NGMzZWRiOWVhY2VmNjY1NjA4ZjljNmM5YmI2YjliYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0kb4ng3PksgqgL1/BQ7sqSlwECb
aVaPU5U1IRxVaaMROSg1h4ygYb5vtgAe7w9xdH0dauDPVenkVIu9jEz+aoLJkgaY
+aOtVI+10Fz+u7Nh7fCBveJ6ScswyN34FAEBAg1/A72uVdS9FPV8wJsdg2tk+42W
xI8DI/Z7qNnBwYaBG4OW8RCLGvb3runQdet5EXusjcXSC4uYljpdZmhIeAkjJ3qP
2U0yON9ymqBVf6J/NKpAr4neF3lqfcKJijONWGXp+/daHrwPVblUqI+Bp3ME3MSC
jcegRvLTosdsF7vOfh/SNKAD/a+3RRHApC1caUGH98syvxHG8GkGQpU/ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjJLJTD7bnqzvZlYI+cbJu2ubv2MB8GA1UdIwQY
MBaAFEtAXKqzS7/ea47mbGAIYMbOlvMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYt
ZDg3YWZmYjhiYzYxLzEvYU1rc2xNUHR1ZXJPOW1WZ2o1eHNtN2E1dV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYtZDg3YWZmYjhiYzYx
LzEvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1eNCMA0G
CSqGSIb3DQEBCwUAA4IBAQBuL4ePDE/3h/LDi+ZW5eDR4AmLRoh3Z78/mAzSmhAf
y9W+yIlWQUu/IKF8Mh5oBHgCZKv42Ugacg5dGjoFjzBy0UiQlToWrWoIJDaRLPIa
4aQcBxJJsr2aLIPFUkwQI6Ln1Fc9d/tNvBC4NeD56igOJtAe630MfCABp81PK0LM
J0OtvA+QGWzO8nN4qEuWRE2cBbO2nN5aw7Zyc/+fhEeH1MvKWm00/aEoO+6JM6ys
FtDVtYxMk1DL4EJIfaFyEo1kI7FTh+0fXjfjLh8O5bmQXTwI+gqhiO8qa7S7kSpT
9yE/hlSaUQDJkOs5UqYq1o5OqQ1/PoY5W2Z3l0goLr9f
-----END CERTIFICATE-----