Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/h6kFpWmZXJsvpsSDZcJ8M-UXXVY.roa
File:                     h6kFpWmZXJsvpsSDZcJ8M-UXXVY.roa (raw, json)
Hash identifier:          PqtU97xO/wTP/SHkbfREWjeVwSQUwdz+bcSygNgCPGQ=
Subject key identifier:   87:A9:05:A5:69:99:5C:9B:2F:A6:C4:83:65:C2:7C:33:E5:17:5D:56
Certificate issuer:       /CN=8e90bd2870050c84477a161eb090f05eb962016c
Certificate serial:       018CC5011400F5B7C94343763BF0BC1F4614
Authority key identifier: 8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/h6kFpWmZXJsvpsSDZcJ8M-UXXVY.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        136.201.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:14:00:f5:b7:c9:43:43:76:3b:f0:bc:1f:46:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e90bd2870050c84477a161eb090f05eb962016c
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87a905a569995c9b2fa6c48365c27c33e5175d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:bd:04:a2:56:67:c2:fc:45:58:05:c1:4b:e1:
                    b9:2d:a7:57:de:9f:61:96:7b:11:7d:62:5e:31:a4:
                    76:d2:af:ae:cc:f7:a8:b1:f6:c3:01:30:85:9a:5e:
                    74:a6:b8:62:12:01:aa:e0:11:55:7d:43:be:93:93:
                    a0:5c:f9:27:ef:03:74:71:4b:f7:fe:2c:e9:20:35:
                    4d:b9:4b:53:88:6f:be:2e:7a:df:1d:8d:9b:68:ca:
                    4d:c7:0d:bd:4a:30:54:fb:7e:e2:57:0c:a0:e8:f2:
                    f3:ed:9d:8f:0f:33:10:38:cd:bd:de:04:4a:82:71:
                    5d:a0:2e:3a:ed:93:a0:8c:06:59:cd:ff:08:7e:12:
                    16:c7:e3:2d:b0:fe:73:16:79:f2:2a:03:a3:8e:11:
                    e4:32:2f:ad:00:46:96:eb:99:27:8e:74:a1:ca:d1:
                    f1:49:2f:77:79:d4:39:93:12:00:2c:1c:e3:c8:97:
                    cd:1e:40:43:74:4e:00:59:70:f4:dd:7c:3f:24:d0:
                    bf:c1:bc:f1:67:91:1f:a3:aa:08:ab:b1:56:73:31:
                    99:53:f3:28:34:86:82:ec:3e:5d:42:9d:be:60:7c:
                    10:0e:b1:33:34:c9:dc:35:07:b1:ce:4b:f3:bd:5b:
                    5e:38:e5:1d:73:a2:62:67:0f:84:32:29:9d:b1:83:
                    b9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A9:05:A5:69:99:5C:9B:2F:A6:C4:83:65:C2:7C:33:E5:17:5D:56
            X509v3 Authority Key Identifier:
                keyid:8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/h6kFpWmZXJsvpsSDZcJ8M-UXXVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.201.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1e:55:ec:11:6e:60:d7:8e:8e:76:8f:43:9f:76:87:fb:de:48:
         d8:20:67:af:18:8b:72:cf:1f:78:95:ec:2c:63:82:f1:a9:f1:
         73:04:47:68:60:15:2f:5b:b2:71:6c:5e:c9:ab:39:3b:3a:3c:
         e1:49:a8:53:0b:f7:d5:c0:66:5d:87:0f:1f:40:6a:06:86:8e:
         61:fc:9c:0a:76:96:3b:83:2f:50:15:9d:e1:0d:ea:a2:da:b2:
         d5:ed:59:2d:e1:8a:06:3c:5a:66:b6:28:d9:7a:3f:b1:80:84:
         db:15:9c:29:e5:e1:ac:a1:63:34:9c:28:bc:46:3e:55:16:cb:
         74:e6:6a:60:8f:26:73:9f:59:97:06:01:45:c9:ea:78:c6:8c:
         82:90:ff:91:e1:93:b2:26:39:73:4d:ed:58:77:ae:74:3e:f7:
         c8:10:14:77:3a:ab:33:7d:1d:ee:82:6a:4c:1b:78:71:5a:60:
         fd:b3:1b:13:97:56:c4:df:60:a1:66:f1:e7:b9:22:52:45:6d:
         24:e4:2f:0a:18:2c:c4:9b:a6:e7:7d:43:24:2f:e5:ea:a2:3c:
         72:da:44:9e:70:53:d9:0b:4b:c6:19:88:ca:83:f3:1b:2b:5a:
         a1:9f:d0:05:83:bc:2a:e9:c6:49:df:09:1c:79:33:c7:c2:a6:
         84:e9:16:5c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFARQA9bfJQ0N2O/C8H0YUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTBiZDI4NzAwNTBjODQ0NzdhMTYxZWIwOTBmMDVlYjk2
MjAxNmMwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2E5MDVhNTY5OTk1YzliMmZhNmM0ODM2NWMyN2MzM2U1MTc1ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjb0EolZnwvxFWAXBS+G5LadX3p9h
lnsRfWJeMaR20q+uzPeosfbDATCFml50prhiEgGq4BFVfUO+k5OgXPkn7wN0cUv3
/izpIDVNuUtTiG++LnrfHY2baMpNxw29SjBU+37iVwyg6PLz7Z2PDzMQOM293gRK
gnFdoC467ZOgjAZZzf8IfhIWx+MtsP5zFnnyKgOjjhHkMi+tAEaW65knjnShytHx
SS93edQ5kxIALBzjyJfNHkBDdE4AWXD03Xw/JNC/wbzxZ5Efo6oIq7FWczGZU/Mo
NIaC7D5dQp2+YHwQDrEzNMncNQexzkvzvVteOOUdc6JiZw+EMimdsYO5jQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIepBaVpmVybL6bEg2XCfDPlF11WMB8GA1UdIwQY
MBaAFI6QvShwBQyER3oWHrCQ8F65YgFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMt
ZWNiODA3MDJhMTE3LzEvaDZrRnBXbVpYSnN2cHNTRFpjSjhNLVVYWFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMtZWNiODA3MDJhMTE3
LzEvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiMkwDQYJ
KoZIhvcNAQELBQADggEBAB5V7BFuYNeOjnaPQ592h/veSNggZ68Yi3LPH3iV7Cxj
gvGp8XMER2hgFS9bsnFsXsmrOTs6POFJqFML99XAZl2HDx9AagaGjmH8nAp2ljuD
L1AVneEN6qLastXtWS3higY8Wma2KNl6P7GAhNsVnCnl4ayhYzScKLxGPlUWy3Tm
amCPJnOfWZcGAUXJ6njGjIKQ/5Hhk7ImOXNN7Vh3rnQ+98gQFHc6qzN9He6Cakwb
eHFaYP2zGxOXVsTfYKFm8ee5IlJFbSTkLwoYLMSbpud9QyQv5eqiPHLaRJ5wU9kL
S8YZiMqD8xsrWqGf0AWDvCrpxknfCRx5M8fCpoTpFlw=
-----END CERTIFICATE-----