Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/urHjBmM5Yy2hHrpmYv2-u6xq51Q.roa
File:                     urHjBmM5Yy2hHrpmYv2-u6xq51Q.roa (raw, json)
Hash identifier:          bRUCyaJXoFM9/bv6n9BHxbF0mrBEy9VmCYdXKj0LjBs=
Subject key identifier:   BA:B1:E3:06:63:39:63:2D:A1:1E:BA:66:62:FD:BE:BB:AC:6A:E7:54
Certificate issuer:       /CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
Certificate serial:       018CC493698B4C07FC4B7C8AD1BA8B85BB22
Authority key identifier: E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/urHjBmM5Yy2hHrpmYv2-u6xq51Q.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212496
IP address blocks:        141.98.184.0/22 maxlen: 22
                          2a13:6c40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:69:8b:4c:07:fc:4b:7c:8a:d1:ba:8b:85:bb:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6c2e0d3fdc215a389c7043ca5a1a06be2c558ef
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bab1e3066339632da11eba6662fdbebbac6ae754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:14:b4:c0:6c:d3:a8:64:d8:d7:73:de:49:e1:
                    58:8a:a0:d5:17:f2:5a:9e:d8:e9:85:45:e0:da:3a:
                    e5:3a:5b:b4:59:1c:a0:f0:30:c8:5f:37:d9:05:8a:
                    09:9c:cb:1b:bc:37:59:c5:f4:ef:b6:9c:ce:0f:28:
                    e2:84:ba:ad:fe:5c:5f:9e:25:01:fd:55:ef:bc:ac:
                    ba:95:70:9c:ea:d0:02:9c:ed:3c:03:e9:1a:b0:4f:
                    f0:6c:c5:a2:11:b9:7f:70:b7:af:1b:b2:64:61:69:
                    62:4d:19:9c:f3:79:61:e5:2a:86:c5:59:79:cb:5c:
                    47:e9:b1:5c:35:a6:ba:3f:7c:5d:d2:c3:15:60:da:
                    76:80:96:79:ef:8a:30:d5:77:0f:20:45:c3:0a:0c:
                    f8:0c:38:da:15:a3:63:15:2f:3a:4f:cb:8e:59:98:
                    e7:61:25:1d:c2:93:9d:60:5c:e4:9e:c2:38:d0:9a:
                    9b:11:de:c7:2d:6d:79:5c:67:67:d6:29:ee:d1:10:
                    dc:3a:41:35:dc:3e:20:65:1c:67:4b:ed:95:1c:bb:
                    f8:d6:99:6d:6f:5b:ad:c3:66:fb:c8:e2:c3:2c:96:
                    c4:e0:a5:45:76:6b:5d:ba:c5:21:cd:06:f0:9b:91:
                    2f:80:55:29:ac:b1:78:94:b3:94:0f:b9:09:5c:0c:
                    d9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B1:E3:06:63:39:63:2D:A1:1E:BA:66:62:FD:BE:BB:AC:6A:E7:54
            X509v3 Authority Key Identifier:
                keyid:E6:C2:E0:D3:FD:C2:15:A3:89:C7:04:3C:A5:A1:A0:6B:E2:C5:58:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5sLg0_3CFaOJxwQ8paGga-LFWO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/urHjBmM5Yy2hHrpmYv2-u6xq51Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/29176b-1038-4417-bdad-f3e052bab144/1/5sLg0_3CFaOJxwQ8paGga-LFWO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.184.0/22
                IPv6:
                  2a13:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:a2:4d:d6:93:b3:69:98:85:fa:aa:ad:8f:7e:89:65:10:79:
         8c:f2:ab:b7:7e:e0:a7:49:46:16:2e:8b:2a:65:76:53:10:19:
         c0:31:80:11:a3:6d:2f:35:8b:3c:03:89:05:fd:34:8f:59:6c:
         a4:0d:ac:96:ff:3a:d7:48:82:81:62:f4:92:3e:a5:dc:be:c9:
         00:d1:98:1d:e5:8f:5d:6d:3b:ec:c0:75:ab:99:70:a9:a8:12:
         c6:78:d5:04:eb:94:a6:2e:59:56:1e:ae:03:77:35:74:61:20:
         89:85:d7:3c:7f:26:0d:08:a3:3e:6f:af:5a:5f:66:c8:8c:39:
         b1:96:be:9d:78:d6:d6:b8:24:e3:1c:31:82:b8:b0:d2:c3:60:
         38:c6:c6:f5:89:49:b7:5a:8b:ed:f1:a2:9d:aa:20:f0:e6:f3:
         cc:c9:48:a7:5a:f8:5c:47:fa:0d:27:ff:b6:25:a6:8b:fc:13:
         bf:b6:14:ae:9f:50:aa:bf:c6:5b:f0:d7:fe:c0:4a:f1:2a:83:
         ba:c9:9e:e9:5a:98:27:81:c1:99:85:b7:25:a8:e5:f3:c8:ff:
         0f:da:1e:e2:e8:d4:f9:9e:22:42:1c:06:fa:98:53:c8:21:2b:
         2c:06:84:77:27:31:3d:92:4f:d9:49:fc:1b:66:3d:e7:40:8f:
         f3:92:a8:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk2mLTAf8S3yK0bqLhbsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YzJlMGQzZmRjMjE1YTM4OWM3MDQzY2E1YTFhMDZiZTJj
NTU4ZWYwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWIxZTMwNjYzMzk2MzJkYTExZWJhNjY2MmZkYmViYmFjNmFlNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBS0wGzTqGTY13PeSeFYiqDVF/Ja
ntjphUXg2jrlOlu0WRyg8DDIXzfZBYoJnMsbvDdZxfTvtpzODyjihLqt/lxfniUB
/VXvvKy6lXCc6tACnO08A+kasE/wbMWiEbl/cLevG7JkYWliTRmc83lh5SqGxVl5
y1xH6bFcNaa6P3xd0sMVYNp2gJZ574ow1XcPIEXDCgz4DDjaFaNjFS86T8uOWZjn
YSUdwpOdYFzknsI40JqbEd7HLW15XGdn1inu0RDcOkE13D4gZRxnS+2VHLv41plt
b1utw2b7yOLDLJbE4KVFdmtdusUhzQbwm5EvgFUprLF4lLOUD7kJXAzZsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLqx4wZjOWMtoR66ZmL9vrusaudUMB8GA1UdIwQY
MBaAFObC4NP9whWjiccEPKWhoGvixVjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQt
ZjNlMDUyYmFiMTQ0LzEvdXJIakJtTTVZeTJoSHJwbVl2Mi11NnhxNTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTE3NmItMTAzOC00NDE3LWJkYWQtZjNlMDUyYmFiMTQ0
LzEvNXNMZzBfM0NGYU9KeHdROHBhR2dhLUxGV084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCjWK4MA0E
AgACMAcDBQMqE2xAMA0GCSqGSIb3DQEBCwUAA4IBAQBuok3Wk7NpmIX6qq2Pfoll
EHmM8qu3fuCnSUYWLosqZXZTEBnAMYARo20vNYs8A4kF/TSPWWykDayW/zrXSIKB
YvSSPqXcvskA0Zgd5Y9dbTvswHWrmXCpqBLGeNUE65SmLllWHq4DdzV0YSCJhdc8
fyYNCKM+b69aX2bIjDmxlr6deNbWuCTjHDGCuLDSw2A4xsb1iUm3Wovt8aKdqiDw
5vPMyUinWvhcR/oNJ/+2JaaL/BO/thSun1Cqv8Zb8Nf+wErxKoO6yZ7pWpgngcGZ
hbclqOXzyP8P2h7i6NT5niJCHAb6mFPIISssBoR3JzE9kk/ZSfwbZj3nQI/zkqgb
-----END CERTIFICATE-----