Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/pBZLCHsKLy0jHfpODXEfDBVhn6M.roa
File:                     pBZLCHsKLy0jHfpODXEfDBVhn6M.roa (raw, json)
Hash identifier:          7n82bgK8x8PUx2/PnavSfsOWpeSj+aKrBa1fJv19u7Y=
Subject key identifier:   A4:16:4B:08:7B:0A:2F:2D:23:1D:FA:4E:0D:71:1F:0C:15:61:9F:A3
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018E5C170C1F09BB9D23016B6BB522F33324
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/pBZLCHsKLy0jHfpODXEfDBVhn6M.roa
Signing time:             Wed 20 Mar 2024 13:39:57 +0000
ROA not before:           Wed 20 Mar 2024 13:39:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202855
IP address blocks:        168.199.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:17:0c:1f:09:bb:9d:23:01:6b:6b:b5:22:f3:33:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Mar 20 13:39:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4164b087b0a2f2d231dfa4e0d711f0c15619fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:01:ef:ba:00:78:16:f6:9a:83:5e:66:7e:cf:
                    c5:58:06:17:3b:15:3d:f1:87:45:4b:3a:b1:36:6d:
                    0f:dd:1b:aa:72:8e:d8:15:97:c2:a8:fa:33:e7:4a:
                    97:8e:91:21:36:93:61:88:81:e2:ce:18:02:d4:05:
                    e6:4b:1b:25:fb:28:cc:a2:d1:28:a9:b7:cd:13:68:
                    8b:d5:0c:69:26:8f:37:02:d8:c2:1e:c9:c9:3b:fc:
                    67:c5:26:96:55:02:88:90:a9:87:b9:8a:2c:a3:6b:
                    58:e4:38:29:0d:ae:1d:10:46:e0:d4:0a:c6:12:bf:
                    e4:3e:db:00:54:7c:00:16:44:3b:4c:c3:2d:68:7b:
                    73:fd:8e:74:a7:ac:c5:e3:8c:62:e1:91:eb:40:0f:
                    29:38:9b:e7:dc:2e:06:89:f6:84:a7:0c:39:d8:fe:
                    4f:1d:0c:5b:9f:f7:84:d9:4f:ff:4d:35:d0:51:c4:
                    ea:3b:aa:dd:f2:ac:9e:d9:94:0f:dd:17:c7:31:6b:
                    39:90:df:0c:8b:40:66:3c:c1:43:d8:e7:11:39:97:
                    09:91:ca:ad:f3:e5:3e:3d:d8:c4:0d:3a:05:61:5d:
                    05:bb:cf:8b:36:87:cf:0c:c7:9f:71:4a:ad:c9:bd:
                    91:c2:b8:c3:4d:27:5a:75:ea:dc:2a:21:8a:bb:f9:
                    09:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:16:4B:08:7B:0A:2F:2D:23:1D:FA:4E:0D:71:1F:0C:15:61:9F:A3
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/pBZLCHsKLy0jHfpODXEfDBVhn6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:4f:f1:9d:64:ae:b3:0f:95:a2:e6:7e:68:c4:c2:ab:59:84:
         d6:a1:d5:a9:4d:79:53:fc:5d:c9:30:13:be:c0:e9:b1:ca:45:
         74:c2:b1:97:3f:75:7a:89:0c:5f:27:c8:4d:0c:a5:4a:9b:3f:
         2a:89:12:e8:0d:4c:ce:e6:6c:e2:9e:e4:cb:a0:bf:b8:2e:3f:
         6f:ca:9e:31:4e:28:80:d9:84:47:f5:c3:5c:83:25:c0:0a:89:
         3e:3c:0b:6f:be:57:bd:e9:4c:e9:da:20:08:1b:e3:4d:21:3a:
         9f:e3:73:da:fc:f2:86:72:68:43:36:08:8e:d9:f8:15:f1:16:
         e2:0e:1f:7f:98:f6:49:2d:61:28:c7:0c:09:46:b1:c3:0a:8a:
         6c:f0:ca:2b:44:f5:10:aa:28:9f:0c:46:3e:3f:2c:3b:07:c6:
         d2:8b:f8:84:ef:a5:6a:65:6d:a8:52:09:ee:c0:2f:00:b3:c0:
         f7:ed:6e:2c:05:49:e7:4c:cc:57:04:b8:c6:f2:08:d7:1d:ba:
         16:af:d0:70:3e:7a:f1:c7:28:e0:94:1f:5d:85:41:bb:d0:a4:
         92:eb:1f:51:94:af:63:94:61:d0:21:2c:1f:96:da:da:a8:cb:
         9e:db:b5:b1:11:10:a6:10:71:87:07:5c:92:ad:8a:84:d9:9a:
         47:53:67:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5cFwwfCbudIwFra7Ui8zMkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwMzIwMTMzOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE2NGIwODdiMGEyZjJkMjMxZGZhNGUwZDcxMWYwYzE1NjE5ZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwHvugB4Fvaag15mfs/FWAYXOxU9
8YdFSzqxNm0P3Ruqco7YFZfCqPoz50qXjpEhNpNhiIHizhgC1AXmSxsl+yjMotEo
qbfNE2iL1QxpJo83AtjCHsnJO/xnxSaWVQKIkKmHuYoso2tY5DgpDa4dEEbg1ArG
Er/kPtsAVHwAFkQ7TMMtaHtz/Y50p6zF44xi4ZHrQA8pOJvn3C4GifaEpww52P5P
HQxbn/eE2U//TTXQUcTqO6rd8qye2ZQP3RfHMWs5kN8Mi0BmPMFD2OcROZcJkcqt
8+U+PdjEDToFYV0Fu8+LNofPDMefcUqtyb2RwrjDTSdadercKiGKu/kJJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQWSwh7Ci8tIx36Tg1xHwwVYZ+jMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvcEJaTENIc0tMeTBqSGZwT0RYRWZEQlZobjZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqMcSMA0G
CSqGSIb3DQEBCwUAA4IBAQBRT/GdZK6zD5Wi5n5oxMKrWYTWodWpTXlT/F3JMBO+
wOmxykV0wrGXP3V6iQxfJ8hNDKVKmz8qiRLoDUzO5mzinuTLoL+4Lj9vyp4xTiiA
2YRH9cNcgyXACok+PAtvvle96Uzp2iAIG+NNITqf43Pa/PKGcmhDNgiO2fgV8Rbi
Dh9/mPZJLWEoxwwJRrHDCops8MorRPUQqiifDEY+Pyw7B8bSi/iE76VqZW2oUgnu
wC8As8D37W4sBUnnTMxXBLjG8gjXHboWr9BwPnrxxyjglB9dhUG70KSS6x9RlK9j
lGHQISwfltraqMue27WxERCmEHGHB1ySrYqE2ZpHU2fp
-----END CERTIFICATE-----