Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/c55be7-fe64-4e73-a063-1b0ef44f7884/1/cEqMbci7qlz4eYyWOj_0b4bLBnQ.roa
File:                     cEqMbci7qlz4eYyWOj_0b4bLBnQ.roa (raw, json)
Hash identifier:          vTDcFvOG/YUBG9j5gGkMvS6rWzJ+Eez7Ev1HH3E/n/U=
Subject key identifier:   70:4A:8C:6D:C8:BB:AA:5C:F8:79:8C:96:3A:3F:F4:6F:86:CB:06:74
Certificate issuer:       /CN=b3c856e956c4addb61598f3c2489f2bdf6ed1d18
Certificate serial:       018CC2DB2D1C88E0CA3E7837616B99B3CA79
Authority key identifier: B3:C8:56:E9:56:C4:AD:DB:61:59:8F:3C:24:89:F2:BD:F6:ED:1D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8hW6VbErdthWY88JInyvfbtHRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/c55be7-fe64-4e73-a063-1b0ef44f7884/1/cEqMbci7qlz4eYyWOj_0b4bLBnQ.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41289
IP address blocks:        141.17.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/c55be7-fe64-4e73-a063-1b0ef44f7884/1/s8hW6VbErdthWY88JInyvfbtHRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/c55be7-fe64-4e73-a063-1b0ef44f7884/1/s8hW6VbErdthWY88JInyvfbtHRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8hW6VbErdthWY88JInyvfbtHRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2d:1c:88:e0:ca:3e:78:37:61:6b:99:b3:ca:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c856e956c4addb61598f3c2489f2bdf6ed1d18
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=704a8c6dc8bbaa5cf8798c963a3ff46f86cb0674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d8:8e:c7:b8:86:94:2c:0e:37:0b:09:80:5a:
                    ae:94:67:e6:f4:68:62:7f:a3:c7:d3:72:32:d3:a8:
                    b4:21:4c:6b:f9:94:3e:60:98:92:60:cb:81:b4:14:
                    3f:5b:2a:09:74:5b:ea:39:4c:22:82:03:00:fb:03:
                    8f:eb:14:b3:06:34:25:73:31:79:14:2b:16:84:ce:
                    0f:5e:5b:c2:32:dc:b2:6a:e5:9b:1a:3b:4e:34:71:
                    a6:12:8d:2f:e3:c1:40:36:b3:de:54:70:75:9f:d3:
                    a5:ef:fa:39:f9:eb:63:87:20:ea:e7:b3:17:4c:df:
                    7f:73:b9:a2:fe:ab:1a:83:3c:d2:ad:26:81:a0:cb:
                    db:99:2e:0f:b2:96:97:bf:aa:59:4f:e3:ee:e8:e7:
                    c1:a5:6e:19:d2:8b:0b:01:92:20:7f:cb:a5:e5:6e:
                    e9:a4:a3:6e:ff:04:70:bc:98:f9:19:03:ff:20:c2:
                    2e:30:37:15:cb:1b:77:32:e9:11:ae:8c:e8:4c:18:
                    ae:69:f4:64:59:91:bd:b5:d1:49:f6:6f:5b:cc:42:
                    7c:e8:2e:83:f6:60:0e:2d:4e:70:af:57:2e:c4:e0:
                    12:54:17:a6:42:35:36:7b:c9:49:44:ec:74:20:43:
                    ca:34:82:59:47:b0:39:ed:cc:b0:45:cf:6c:e3:5f:
                    50:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:4A:8C:6D:C8:BB:AA:5C:F8:79:8C:96:3A:3F:F4:6F:86:CB:06:74
            X509v3 Authority Key Identifier:
                keyid:B3:C8:56:E9:56:C4:AD:DB:61:59:8F:3C:24:89:F2:BD:F6:ED:1D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8hW6VbErdthWY88JInyvfbtHRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c55be7-fe64-4e73-a063-1b0ef44f7884/1/cEqMbci7qlz4eYyWOj_0b4bLBnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/c55be7-fe64-4e73-a063-1b0ef44f7884/1/s8hW6VbErdthWY88JInyvfbtHRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1c:59:1f:24:57:4a:43:b2:28:bb:f5:52:d0:e6:c5:a5:df:bc:
         f9:fb:e5:d2:47:fc:a5:0c:07:f5:bf:fc:a2:4f:be:0c:39:b2:
         13:ab:cd:a5:96:ac:8a:ab:38:9f:53:15:5b:a5:95:21:63:f3:
         a9:ef:7a:f8:6b:c6:92:62:72:23:dc:9a:36:cf:d2:10:c3:6f:
         07:6d:4e:f4:45:ec:22:ca:61:0a:a9:d4:1a:84:23:18:08:34:
         11:d7:de:f9:c9:1b:27:40:00:80:d8:fe:68:bd:49:8a:e8:89:
         0e:4c:a3:a8:19:1f:e6:4d:e9:d6:19:91:27:28:9c:c7:ad:a0:
         72:ec:45:a3:5b:b5:5e:18:07:15:36:fe:29:8e:76:1c:26:3e:
         a3:fb:63:71:7d:4e:13:5a:c2:87:7e:df:59:0e:81:44:eb:2e:
         27:8e:54:8a:db:39:0d:b7:b4:d1:c8:3f:cb:cc:fd:25:13:ee:
         6f:86:d0:b8:21:8e:ea:1a:32:15:34:87:6d:69:89:46:99:ac:
         5c:c2:d1:c0:e6:00:e8:ab:e3:15:88:b3:eb:df:06:f2:f9:8b:
         07:07:ee:b5:f5:8d:44:b4:2f:d5:11:ea:fa:4a:e1:bf:3b:9c:
         91:e1:9b:0a:27:1d:01:c0:8a:22:cc:8a:fd:ca:c1:94:ee:48:
         4d:cb:77:2c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzC2y0ciODKPng3YWuZs8p5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzg1NmU5NTZjNGFkZGI2MTU5OGYzYzI0ODlmMmJkZjZl
ZDFkMTgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRhOGM2ZGM4YmJhYTVjZjg3OThjOTYzYTNmZjQ2Zjg2Y2IwNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNiOx7iGlCwONwsJgFqulGfm9Ghi
f6PH03Iy06i0IUxr+ZQ+YJiSYMuBtBQ/WyoJdFvqOUwiggMA+wOP6xSzBjQlczF5
FCsWhM4PXlvCMtyyauWbGjtONHGmEo0v48FANrPeVHB1n9Ol7/o5+etjhyDq57MX
TN9/c7mi/qsagzzSrSaBoMvbmS4PspaXv6pZT+Pu6OfBpW4Z0osLAZIgf8ul5W7p
pKNu/wRwvJj5GQP/IMIuMDcVyxt3MukRrozoTBiuafRkWZG9tdFJ9m9bzEJ86C6D
9mAOLU5wr1cuxOASVBemQjU2e8lJROx0IEPKNIJZR7A57cywRc9s419Q9wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHBKjG3Iu6pc+HmMljo/9G+GywZ0MB8GA1UdIwQY
MBaAFLPIVulWxK3bYVmPPCSJ8r327R0YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhoVzZWYkVyZHRoV1k4OEpJbnl2ZmJ0SFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9jNTViZTctZmU2NC00ZTczLWEwNjMt
MWIwZWY0NGY3ODg0LzEvY0VxTWJjaTdxbHo0ZVl5V09qXzBiNGJMQm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9jNTViZTctZmU2NC00ZTczLWEwNjMtMWIwZWY0NGY3ODg0
LzEvczhoVzZWYkVyZHRoV1k4OEpJbnl2ZmJ0SFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjREwDQYJ
KoZIhvcNAQELBQADggEBABxZHyRXSkOyKLv1UtDmxaXfvPn75dJH/KUMB/W//KJP
vgw5shOrzaWWrIqrOJ9TFVullSFj86nvevhrxpJiciPcmjbP0hDDbwdtTvRF7CLK
YQqp1BqEIxgINBHX3vnJGydAAIDY/mi9SYroiQ5Mo6gZH+ZN6dYZkSconMetoHLs
RaNbtV4YBxU2/imOdhwmPqP7Y3F9ThNawod+31kOgUTrLieOVIrbOQ23tNHIP8vM
/SUT7m+G0LghjuoaMhU0h21piUaZrFzC0cDmAOir4xWIs+vfBvL5iwcH7rX1jUS0
L9UR6vpK4b87nJHhmwonHQHAiiLMiv3KwZTuSE3Ldyw=
-----END CERTIFICATE-----