Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/J4KXloaCMP2UDZiDCqkUKvTWBbo.roa
File:                     J4KXloaCMP2UDZiDCqkUKvTWBbo.roa (raw, json)
Hash identifier:          30RmeVS4RZ18Pc5MOAdCS+cUOWDS9MZ2FqI9hgnQs6o=
Subject key identifier:   27:82:97:96:86:82:30:FD:94:0D:98:83:0A:A9:14:2A:F4:D6:05:BA
Certificate issuer:       /CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
Certificate serial:       018CC64A3A0563E78BB6275C3B36B9E75B56
Authority key identifier: 6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/J4KXloaCMP2UDZiDCqkUKvTWBbo.roa
Signing time:             Mon 01 Jan 2024 18:30:02 +0000
ROA not before:           Mon 01 Jan 2024 18:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210017
IP address blocks:        193.58.112.0/22 maxlen: 24
                          2a0d:e640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:3a:05:63:e7:8b:b6:27:5c:3b:36:b9:e7:5b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
        Validity
            Not Before: Jan  1 18:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27829796868230fd940d98830aa9142af4d605ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2f:88:5b:14:c8:b3:3a:c5:8e:f2:da:1a:bd:
                    0a:53:b9:f7:af:f3:77:0f:7f:bf:05:e2:43:13:26:
                    d4:75:cc:09:75:5c:08:5f:13:94:67:03:fe:19:b1:
                    29:7b:86:21:46:9c:d4:42:69:d2:a4:c6:e3:b3:f6:
                    9c:97:46:99:56:0b:4d:c4:63:ca:00:65:45:90:1f:
                    36:3a:73:c9:79:c0:04:ba:71:d5:89:32:e0:6f:21:
                    a8:be:5c:0b:96:50:27:88:12:5c:cc:72:a1:e6:cd:
                    c3:f1:ab:89:8d:4e:00:58:9c:1d:d1:e6:d1:32:0a:
                    7e:6b:c7:1f:55:f1:b7:16:4e:cf:e8:82:e3:2c:d8:
                    d1:bc:27:96:ca:1b:57:9c:7a:19:f6:95:46:b5:0f:
                    79:f3:51:8a:ab:59:4d:04:fa:fc:10:13:12:e6:ba:
                    30:02:c3:ef:67:19:19:b7:b2:32:65:d1:a3:a3:bf:
                    0e:98:e5:a2:2d:65:18:a6:93:4b:fc:2f:0b:7d:4b:
                    b4:14:78:a8:3b:89:74:b1:ed:0b:36:5e:13:7e:40:
                    14:da:9d:1b:c7:48:9a:fd:a9:2c:ea:1c:8f:a8:33:
                    fd:81:ee:94:52:9b:b0:88:eb:37:79:88:59:06:fd:
                    c5:2c:51:b4:fa:fc:e2:b9:f0:8d:1b:cd:12:5f:5c:
                    c2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:82:97:96:86:82:30:FD:94:0D:98:83:0A:A9:14:2A:F4:D6:05:BA
            X509v3 Authority Key Identifier:
                keyid:6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/J4KXloaCMP2UDZiDCqkUKvTWBbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.112.0/22
                IPv6:
                  2a0d:e640::/29

    Signature Algorithm: sha256WithRSAEncryption
         82:0e:43:7c:67:75:2c:c7:f2:3b:8c:12:0d:43:8f:bd:20:51:
         38:6c:4f:99:18:e7:a6:94:ea:0c:bc:47:98:b6:92:53:bc:bb:
         9a:e8:f7:08:18:62:49:e2:02:16:52:14:32:90:d4:4f:ce:01:
         23:ac:db:5b:1c:50:73:a5:aa:e9:c1:b0:38:35:97:d9:07:a3:
         65:8e:ee:f8:cc:7e:8d:c5:5e:d4:61:d5:a1:16:15:77:2f:92:
         18:8a:b4:ae:a3:64:fe:6b:c9:e6:ec:05:de:e7:f1:d9:e8:a6:
         04:40:f9:86:86:67:e1:e1:94:89:d5:a3:2f:a4:f7:cd:98:8d:
         b5:3c:58:f1:34:68:42:eb:f3:3f:58:9f:87:b3:37:6a:10:81:
         77:77:9d:77:6e:18:2f:2a:00:37:92:3c:dd:96:ec:01:1e:2b:
         e6:dc:fc:f6:00:59:29:d3:86:b2:cf:94:f1:36:f6:1a:13:69:
         82:8f:c1:fa:50:14:24:37:c4:99:ba:d1:e6:b8:8d:b4:ff:e0:
         34:a9:ad:27:83:41:c8:98:8a:8c:d2:b5:5a:41:75:4f:f5:e5:
         df:01:9e:95:c4:58:70:41:38:f5:97:23:7c:7f:85:e6:b2:15:
         f6:2c:c2:f1:d3:ee:37:6a:6b:da:85:f0:b4:28:76:5d:b0:bb:
         87:07:95:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSjoFY+eLtidcOza551tWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjliMjRmMmMwODQ3ZDA0MWMxZTY2YTEyZjAxZWFiYTQ3
OGI0ZmMwHhcNMjQwMTAxMTgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzgyOTc5Njg2ODIzMGZkOTQwZDk4ODMwYWE5MTQyYWY0ZDYwNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS+IWxTIszrFjvLaGr0KU7n3r/N3
D3+/BeJDEybUdcwJdVwIXxOUZwP+GbEpe4YhRpzUQmnSpMbjs/acl0aZVgtNxGPK
AGVFkB82OnPJecAEunHViTLgbyGovlwLllAniBJczHKh5s3D8auJjU4AWJwd0ebR
Mgp+a8cfVfG3Fk7P6ILjLNjRvCeWyhtXnHoZ9pVGtQ9581GKq1lNBPr8EBMS5row
AsPvZxkZt7IyZdGjo78OmOWiLWUYppNL/C8LfUu0FHioO4l0se0LNl4TfkAU2p0b
x0ia/aks6hyPqDP9ge6UUpuwiOs3eYhZBv3FLFG0+vziufCNG80SX1zCYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCeCl5aGgjD9lA2YgwqpFCr01gW6MB8GA1UdIwQY
MBaAFGz5sk8sCEfQQcHmahLwHqukeLT8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBteVR5d0lSOUJCd2VacUV2QWVxNlI0dFB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9iNDU3NjUtMmMzMy00YTQ5LTkxZWIt
OTQ2ODkyZjg4YmViLzEvSjRLWGxvYUNNUDJVRFppRENxa1VLdlRXQmJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9iNDU3NjUtMmMzMy00YTQ5LTkxZWItOTQ2ODkyZjg4YmVi
LzEvYlBteVR5d0lSOUJCd2VacUV2QWVxNlI0dFB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwTpwMA0E
AgACMAcDBQMqDeZAMA0GCSqGSIb3DQEBCwUAA4IBAQCCDkN8Z3Usx/I7jBINQ4+9
IFE4bE+ZGOemlOoMvEeYtpJTvLua6PcIGGJJ4gIWUhQykNRPzgEjrNtbHFBzparp
wbA4NZfZB6Nlju74zH6NxV7UYdWhFhV3L5IYirSuo2T+a8nm7AXe5/HZ6KYEQPmG
hmfh4ZSJ1aMvpPfNmI21PFjxNGhC6/M/WJ+HszdqEIF3d513bhgvKgA3kjzdluwB
Hivm3Pz2AFkp04ayz5TxNvYaE2mCj8H6UBQkN8SZutHmuI20/+A0qa0ng0HImIqM
0rVaQXVP9eXfAZ6VxFhwQTj1lyN8f4XmshX2LMLx0+43amvahfC0KHZdsLuHB5Wy
-----END CERTIFICATE-----