Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bhgEe--d4xzO2EmDWFs7Tm2hKHg.roa
File:                     bhgEe--d4xzO2EmDWFs7Tm2hKHg.roa (raw, json)
Hash identifier:          +haU7Yf9Us31lU+OhM6yZyxOJxkr74mwBfT2jiqAMjg=
Subject key identifier:   6E:18:04:7B:EF:9D:E3:1C:CE:D8:49:83:58:5B:3B:4E:6D:A1:28:78
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       018CC6B8F0AB56477B8EAE32FB8A7E42E489
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bhgEe--d4xzO2EmDWFs7Tm2hKHg.roa
Signing time:             Mon 01 Jan 2024 20:30:58 +0000
ROA not before:           Mon 01 Jan 2024 20:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        103.101.88.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f0:ab:56:47:7b:8e:ae:32:fb:8a:7e:42:e4:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jan  1 20:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e18047bef9de31cced84983585b3b4e6da12878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6d:a1:ff:b2:f4:a0:ae:ef:00:ba:4b:86:4f:
                    fd:fc:8c:05:f6:9c:4e:4b:27:0e:09:5e:56:de:5d:
                    e3:aa:94:75:77:7a:3f:6c:c6:f1:be:52:4e:b4:9c:
                    ae:cd:7c:01:63:08:c0:e0:c1:af:3b:ed:65:4f:a4:
                    32:f9:b1:27:de:c1:62:33:a0:cb:16:96:50:83:92:
                    6d:12:5a:b0:71:7e:ce:f4:f7:35:cb:7a:78:2f:dc:
                    28:5b:04:aa:79:5f:3b:03:85:2e:5f:4a:37:e4:81:
                    cb:03:77:b9:95:61:44:0a:53:6b:e0:b7:66:54:36:
                    38:e7:08:c3:44:c5:bf:8a:af:fd:04:93:4e:7a:2f:
                    77:2d:68:1d:47:c7:fe:0c:e2:d4:72:68:c4:7a:e8:
                    27:7f:ad:1e:a3:37:7e:e5:b7:b5:81:fa:51:b3:0b:
                    af:95:e3:c6:10:ca:47:2b:1d:dc:92:7f:61:7e:80:
                    3c:1f:1f:3f:a3:e4:14:6c:39:87:6c:d4:30:71:50:
                    61:57:7a:11:39:f5:9b:8d:d1:ce:20:00:b5:aa:21:
                    47:e4:2e:5b:84:c1:8e:e3:20:1c:91:aa:84:be:76:
                    51:1d:1a:fc:c6:7e:2b:cb:c7:c5:ed:59:1f:1e:d5:
                    45:20:ce:91:7e:52:11:6f:b4:a6:32:2e:39:e2:5e:
                    f3:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:18:04:7B:EF:9D:E3:1C:CE:D8:49:83:58:5B:3B:4E:6D:A1:28:78
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bhgEe--d4xzO2EmDWFs7Tm2hKHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.101.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:68:65:a5:d1:8c:b4:e2:40:f4:d9:84:67:9e:31:8b:8c:3a:
         2e:61:dd:9b:2c:48:17:e9:c5:d0:8a:9b:61:45:2f:cf:10:7a:
         d0:54:b2:7d:11:8b:ea:b1:3c:5b:56:3c:b5:6c:e9:07:77:58:
         e9:bf:f7:32:06:3f:e7:7c:cb:e9:e3:b7:e5:d9:30:8d:3b:4b:
         40:3a:7b:85:b0:be:5c:b8:b5:1f:b9:a7:cc:d1:cd:36:3c:2a:
         a1:49:b3:2c:3b:b5:85:2e:53:22:ff:aa:37:e4:18:87:2f:e9:
         5a:66:63:c2:07:e5:ee:35:48:bd:07:87:43:bd:c4:45:8a:c0:
         4e:ec:bf:0d:87:c2:46:6a:50:52:c8:4b:3f:78:6b:57:ce:4b:
         e5:2a:81:40:19:51:a7:60:a3:c9:f6:0b:dc:d6:46:a6:f6:03:
         40:88:04:33:6b:e7:64:9a:a2:4c:a4:71:c5:32:75:d8:c5:76:
         0b:e3:4f:8d:f3:13:8a:b5:f2:71:e5:da:85:06:12:66:97:27:
         c4:6d:35:39:e5:39:24:59:66:12:c2:1d:97:20:1c:47:d8:fa:
         e1:13:a3:35:7f:39:40:d5:b3:76:35:ec:8c:df:3a:ee:93:63:
         5a:25:0e:6d:6d:fd:50:f1:16:9a:f9:d3:28:3a:1f:46:73:23:
         63:49:ce:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPCrVkd7jq4y+4p+QuSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjQwMTAxMjAzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTE4MDQ3YmVmOWRlMzFjY2VkODQ5ODM1ODViM2I0ZTZkYTEyODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA022h/7L0oK7vALpLhk/9/IwF9pxO
SycOCV5W3l3jqpR1d3o/bMbxvlJOtJyuzXwBYwjA4MGvO+1lT6Qy+bEn3sFiM6DL
FpZQg5JtElqwcX7O9Pc1y3p4L9woWwSqeV87A4UuX0o35IHLA3e5lWFEClNr4Ldm
VDY45wjDRMW/iq/9BJNOei93LWgdR8f+DOLUcmjEeugnf60eozd+5be1gfpRswuv
lePGEMpHKx3ckn9hfoA8Hx8/o+QUbDmHbNQwcVBhV3oROfWbjdHOIAC1qiFH5C5b
hMGO4yAckaqEvnZRHRr8xn4ry8fF7VkfHtVFIM6RflIRb7SmMi454l7zTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4YBHvvneMczthJg1hbO05toSh4MB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvYmhnRWUtLWQ0eHpPMkVtRFdGczdUbTJoS0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCZ2VYMA0G
CSqGSIb3DQEBCwUAA4IBAQBGaGWl0Yy04kD02YRnnjGLjDouYd2bLEgX6cXQipth
RS/PEHrQVLJ9EYvqsTxbVjy1bOkHd1jpv/cyBj/nfMvp47fl2TCNO0tAOnuFsL5c
uLUfuafM0c02PCqhSbMsO7WFLlMi/6o35BiHL+laZmPCB+XuNUi9B4dDvcRFisBO
7L8Nh8JGalBSyEs/eGtXzkvlKoFAGVGnYKPJ9gvc1kam9gNAiAQza+dkmqJMpHHF
MnXYxXYL40+N8xOKtfJx5dqFBhJmlyfEbTU55TkkWWYSwh2XIBxH2PrhE6M1fzlA
1bN2NeyM3zruk2NaJQ5tbf1Q8Raa+dMoOh9GcyNjSc50
-----END CERTIFICATE-----