Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/KFeL3GLd8y3mKGak4vIA7t0Q4pM.roa
File:                     KFeL3GLd8y3mKGak4vIA7t0Q4pM.roa (raw, json)
Hash identifier:          jNbkqD4HiPki1U7euFnV6zA8ieEk1gq4QF2MX5Uq0w0=
Subject key identifier:   28:57:8B:DC:62:DD:F3:2D:E6:28:66:A4:E2:F2:00:EE:DD:10:E2:93
Certificate issuer:       /CN=115604ba895e8fb3b49a2c78088e9ff2ff970a08
Certificate serial:       018CC349577BDF55C917E13EE43C8AC60690
Authority key identifier: 11:56:04:BA:89:5E:8F:B3:B4:9A:2C:78:08:8E:9F:F2:FF:97:0A:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EVYEuolej7O0mix4CI6f8v-XCgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/KFeL3GLd8y3mKGak4vIA7t0Q4pM.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        161.3.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/EVYEuolej7O0mix4CI6f8v-XCgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/EVYEuolej7O0mix4CI6f8v-XCgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EVYEuolej7O0mix4CI6f8v-XCgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:57:7b:df:55:c9:17:e1:3e:e4:3c:8a:c6:06:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115604ba895e8fb3b49a2c78088e9ff2ff970a08
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28578bdc62ddf32de62866a4e2f200eedd10e293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:a3:69:55:51:2a:92:64:be:79:36:46:60:c1:
                    60:b7:c7:44:25:f3:6f:e2:b6:0f:05:59:f9:dd:1c:
                    2d:f9:dd:28:60:c4:a8:e0:bf:0c:47:2b:b6:30:e8:
                    85:f1:ca:9d:76:bd:da:6f:71:bf:90:19:a2:6b:96:
                    50:af:aa:04:5f:ff:22:e6:40:e8:72:fe:c3:2a:9d:
                    a1:fd:eb:db:42:48:e2:a7:26:eb:94:34:87:53:94:
                    f4:50:bc:d7:e1:07:3d:3a:3e:51:fb:76:44:3c:21:
                    fe:a9:e5:25:d1:6a:ac:95:fd:81:18:3f:ac:5e:67:
                    c0:27:b4:6c:5d:a9:f0:e7:2e:cd:9e:d1:b5:96:d5:
                    55:f3:39:e8:dc:13:b8:c5:8c:20:c6:cf:6b:cb:44:
                    1e:26:30:e2:4f:4e:2f:7d:64:9b:83:20:dd:4b:c5:
                    62:2c:66:0d:09:33:89:21:7d:6e:82:6e:1c:7c:1c:
                    8e:fe:f1:8e:07:82:86:c7:55:1d:3c:77:2b:3c:1c:
                    b3:c5:61:d7:8f:bb:4f:f4:ce:86:96:1a:8c:cb:77:
                    6a:e7:fc:f9:7a:15:29:ae:70:f3:57:7b:6e:e0:12:
                    27:1a:97:97:b2:61:fd:ca:48:ed:1d:20:78:ea:dc:
                    f6:1c:3f:b9:c1:eb:be:fc:df:5d:6d:57:e2:3b:12:
                    80:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:57:8B:DC:62:DD:F3:2D:E6:28:66:A4:E2:F2:00:EE:DD:10:E2:93
            X509v3 Authority Key Identifier:
                keyid:11:56:04:BA:89:5E:8F:B3:B4:9A:2C:78:08:8E:9F:F2:FF:97:0A:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EVYEuolej7O0mix4CI6f8v-XCgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/KFeL3GLd8y3mKGak4vIA7t0Q4pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/c42b37-d448-4cf3-bfec-1692fc8bba15/1/EVYEuolej7O0mix4CI6f8v-XCgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.3.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         69:85:b9:09:4e:65:63:06:f5:59:14:c0:41:f3:bf:28:12:f2:
         15:cb:42:bd:53:75:9d:09:70:71:1c:5a:60:9d:ce:57:95:12:
         df:61:0e:fa:7c:d6:94:b1:d2:a2:ae:7f:81:69:23:df:c6:df:
         00:53:ee:b8:74:66:0a:3a:b2:e5:f7:3f:e4:72:07:7b:3a:38:
         c4:e4:7c:6f:55:c8:51:15:97:fe:a3:ed:67:d7:9f:31:6a:0e:
         62:9c:8e:47:03:8e:a2:4b:8a:1a:6a:5f:ec:60:62:40:71:cc:
         39:97:0e:6f:cf:e8:8f:94:45:47:0b:3d:a0:d4:1b:ce:5d:8f:
         ad:74:21:9c:05:75:03:38:bb:0d:b4:02:c7:e1:f6:3c:0c:b7:
         6a:e4:26:45:31:14:c1:c6:d5:8f:b5:88:34:62:4b:4c:0b:66:
         aa:bf:20:f6:f7:66:9c:4a:f9:4f:99:e6:3a:fd:43:b6:6d:87:
         35:76:c8:e5:eb:62:43:56:ab:36:ef:4e:b4:c5:a9:11:e3:48:
         89:84:e0:dc:d2:bb:6e:fb:51:1e:66:cc:65:8d:e2:59:d7:95:
         27:11:90:9f:95:e2:bb:bb:4a:27:2e:0f:37:6c:7a:52:fb:f3:
         ac:c4:b6:e4:c9:69:37:16:53:73:40:5c:e0:ed:60:4d:11:78:
         ec:77:0d:90
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSVd731XJF+E+5DyKxgaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNTYwNGJhODk1ZThmYjNiNDlhMmM3ODA4OGU5ZmYyZmY5
NzBhMDgwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODU3OGJkYzYyZGRmMzJkZTYyODY2YTRlMmYyMDBlZWRkMTBlMjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7aNpVVEqkmS+eTZGYMFgt8dEJfNv
4rYPBVn53Rwt+d0oYMSo4L8MRyu2MOiF8cqddr3ab3G/kBmia5ZQr6oEX/8i5kDo
cv7DKp2h/evbQkjipybrlDSHU5T0ULzX4Qc9Oj5R+3ZEPCH+qeUl0Wqslf2BGD+s
XmfAJ7RsXanw5y7NntG1ltVV8zno3BO4xYwgxs9ry0QeJjDiT04vfWSbgyDdS8Vi
LGYNCTOJIX1ugm4cfByO/vGOB4KGx1UdPHcrPByzxWHXj7tP9M6GlhqMy3dq5/z5
ehUprnDzV3tu4BInGpeXsmH9ykjtHSB46tz2HD+5weu+/N9dbVfiOxKAzQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFChXi9xi3fMt5ihmpOLyAO7dEOKTMB8GA1UdIwQY
MBaAFBFWBLqJXo+ztJoseAiOn/L/lwoIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVZZRXVvbGVqN08wbWl4NENJNmY4di1YQ2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9jNDJiMzctZDQ0OC00Y2YzLWJmZWMt
MTY5MmZjOGJiYTE1LzEvS0ZlTDNHTGQ4eTNtS0dhazR2SUE3dDBRNHBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9jNDJiMzctZDQ0OC00Y2YzLWJmZWMtMTY5MmZjOGJiYTE1
LzEvRVZZRXVvbGVqN08wbWl4NENJNmY4di1YQ2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoQMwDQYJ
KoZIhvcNAQELBQADggEBAGmFuQlOZWMG9VkUwEHzvygS8hXLQr1TdZ0JcHEcWmCd
zleVEt9hDvp81pSx0qKuf4FpI9/G3wBT7rh0Zgo6suX3P+RyB3s6OMTkfG9VyFEV
l/6j7WfXnzFqDmKcjkcDjqJLihpqX+xgYkBxzDmXDm/P6I+URUcLPaDUG85dj610
IZwFdQM4uw20Asfh9jwMt2rkJkUxFMHG1Y+1iDRiS0wLZqq/IPb3ZpxK+U+Z5jr9
Q7ZthzV2yOXrYkNWqzbvTrTFqRHjSImE4NzSu277UR5mzGWN4lnXlScRkJ+V4ru7
SicuDzdselL786zEtuTJaTcWU3NAXODtYE0ReOx3DZA=
-----END CERTIFICATE-----