Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/bQ4swqybr6R6P4Q8l3iGBrVsEiE.roa
File:                     bQ4swqybr6R6P4Q8l3iGBrVsEiE.roa (raw, json)
Hash identifier:          Bhvsmo45+wmWMW15nbDfvt2nKI2Qc6lzlstDtngPRqo=
Subject key identifier:   6D:0E:2C:C2:AC:9B:AF:A4:7A:3F:84:3C:97:78:86:06:B5:6C:12:21
Certificate issuer:       /CN=8fb6133d5c2109d8a6f9bbcaa496dbeae347975c
Certificate serial:       018CC86F01DDB4D0DEF0D645976FA9342459
Authority key identifier: 8F:B6:13:3D:5C:21:09:D8:A6:F9:BB:CA:A4:96:DB:EA:E3:47:97:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j7YTPVwhCdim-bvKpJbb6uNHl1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/bQ4swqybr6R6P4Q8l3iGBrVsEiE.roa
Signing time:             Tue 02 Jan 2024 04:29:27 +0000
ROA not before:           Tue 02 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        160.97.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/j7YTPVwhCdim-bvKpJbb6uNHl1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/j7YTPVwhCdim-bvKpJbb6uNHl1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j7YTPVwhCdim-bvKpJbb6uNHl1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:01:dd:b4:d0:de:f0:d6:45:97:6f:a9:34:24:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fb6133d5c2109d8a6f9bbcaa496dbeae347975c
        Validity
            Not Before: Jan  2 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d0e2cc2ac9bafa47a3f843c97788606b56c1221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:11:f6:ed:05:cd:d8:0a:b3:c5:a3:de:07:2e:
                    6c:d9:ff:86:2b:3a:ab:09:e2:8c:b5:77:e3:cd:a0:
                    22:cf:fa:12:4c:9e:df:75:0d:76:4d:f8:b5:ff:af:
                    05:ea:f4:98:bd:aa:f4:07:38:f3:2f:8c:15:f2:59:
                    e5:0c:12:60:0e:92:48:b3:ef:b5:b7:e3:4a:0f:ee:
                    0f:de:eb:17:3b:78:97:9d:6b:45:ad:bb:8e:33:f4:
                    8e:fd:bf:86:e2:b2:ce:6c:a8:89:19:b6:5a:00:e2:
                    fb:47:a3:3e:89:9c:d6:f2:61:be:ce:51:d1:e5:e0:
                    ef:c6:bd:cf:81:24:e4:03:4d:a4:da:33:9f:c2:a5:
                    e2:5a:a5:6b:d5:1a:17:29:bf:6a:a3:30:63:41:33:
                    23:b8:17:ea:b9:d8:ef:ca:9e:db:d5:66:07:28:75:
                    ac:c9:48:bd:f0:12:df:25:8e:8c:da:cb:0b:0f:b1:
                    d1:91:fe:ad:23:18:bb:bc:a7:c5:ee:c7:87:3b:ba:
                    bd:10:7d:9f:a8:31:a0:57:a4:24:ee:c3:48:09:d9:
                    2c:7b:8e:de:d4:0b:83:81:43:59:3d:6d:e5:bf:67:
                    bd:55:db:62:75:1b:75:54:4b:73:27:01:a0:3e:e2:
                    b2:7c:d6:0a:49:f9:0d:af:19:e3:59:3a:ca:4d:3e:
                    5d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0E:2C:C2:AC:9B:AF:A4:7A:3F:84:3C:97:78:86:06:B5:6C:12:21
            X509v3 Authority Key Identifier:
                keyid:8F:B6:13:3D:5C:21:09:D8:A6:F9:BB:CA:A4:96:DB:EA:E3:47:97:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j7YTPVwhCdim-bvKpJbb6uNHl1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/bQ4swqybr6R6P4Q8l3iGBrVsEiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ade410-4e8c-412e-9754-451a9ae4ce51/1/j7YTPVwhCdim-bvKpJbb6uNHl1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:5a:56:33:d1:e8:bf:d9:77:35:2c:bb:35:0a:d2:71:db:e7:
         0f:0c:48:48:97:2e:0b:b5:99:6f:3d:a8:54:20:62:63:14:00:
         69:b9:c9:7f:18:c7:13:a4:23:d6:54:94:df:4f:b6:2d:3b:e7:
         2b:99:ea:30:e7:e1:42:cc:58:41:1b:a0:0b:e5:0a:2f:d2:9e:
         db:8b:b3:c6:36:f3:77:96:c0:bc:e2:3b:5b:9d:df:48:bd:07:
         db:c9:5c:5c:6e:1f:43:47:3d:e5:ff:9c:7c:27:80:23:48:5e:
         81:ea:10:b1:1c:c6:dc:bd:48:49:9b:e2:f6:ad:be:88:87:06:
         15:66:5a:b9:b6:ff:c1:43:75:37:87:e4:f7:99:d8:21:ce:01:
         5e:f2:d1:e3:5d:dc:b5:d6:88:2f:fb:e7:ec:23:3e:5e:24:a4:
         8c:d7:42:5c:96:05:c3:26:73:29:c7:f4:71:a7:42:0e:ab:39:
         3c:e7:96:6a:d9:2c:a4:04:af:f3:94:fe:26:76:4b:60:b1:79:
         08:61:78:89:29:8a:0f:d2:ec:73:67:2e:e2:e1:da:97:ff:3c:
         58:c7:61:28:69:96:59:1d:db:e3:af:b6:2b:94:ab:26:1e:b2:
         85:52:45:f2:4e:88:e7:ef:9f:a9:03:2c:6e:b6:b2:59:3a:b3:
         1e:22:29:6f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIbwHdtNDe8NZFl2+pNCRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYjYxMzNkNWMyMTA5ZDhhNmY5YmJjYWE0OTZkYmVhZTM0
Nzk3NWMwHhcNMjQwMTAyMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBlMmNjMmFjOWJhZmE0N2EzZjg0M2M5Nzc4ODYwNmI1NmMxMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBH27QXN2AqzxaPeBy5s2f+GKzqr
CeKMtXfjzaAiz/oSTJ7fdQ12Tfi1/68F6vSYvar0BzjzL4wV8lnlDBJgDpJIs++1
t+NKD+4P3usXO3iXnWtFrbuOM/SO/b+G4rLObKiJGbZaAOL7R6M+iZzW8mG+zlHR
5eDvxr3PgSTkA02k2jOfwqXiWqVr1RoXKb9qozBjQTMjuBfqudjvyp7b1WYHKHWs
yUi98BLfJY6M2ssLD7HRkf6tIxi7vKfF7seHO7q9EH2fqDGgV6Qk7sNICdkse47e
1AuDgUNZPW3lv2e9VdtidRt1VEtzJwGgPuKyfNYKSfkNrxnjWTrKTT5dmwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFG0OLMKsm6+kej+EPJd4hga1bBIhMB8GA1UdIwQY
MBaAFI+2Ez1cIQnYpvm7yqSW2+rjR5dcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajdZVFBWd2hDZGltLWJ2S3BKYmI2dU5IbDF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hZGU0MTAtNGU4Yy00MTJlLTk3NTQt
NDUxYTlhZTRjZTUxLzEvYlE0c3dxeWJyNlI2UDRROGwzaUdCclZzRWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hZGU0MTAtNGU4Yy00MTJlLTk3NTQtNDUxYTlhZTRjZTUx
LzEvajdZVFBWd2hDZGltLWJ2S3BKYmI2dU5IbDF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoGEwDQYJ
KoZIhvcNAQELBQADggEBAJhaVjPR6L/ZdzUsuzUK0nHb5w8MSEiXLgu1mW89qFQg
YmMUAGm5yX8YxxOkI9ZUlN9Pti075yuZ6jDn4ULMWEEboAvlCi/SntuLs8Y283eW
wLziO1ud30i9B9vJXFxuH0NHPeX/nHwngCNIXoHqELEcxty9SEmb4vatvoiHBhVm
Wrm2/8FDdTeH5PeZ2CHOAV7y0eNd3LXWiC/75+wjPl4kpIzXQlyWBcMmcynH9HGn
Qg6rOTznlmrZLKQEr/OU/iZ2S2CxeQhheIkpig/S7HNnLuLh2pf/PFjHYShpllkd
2+OvtiuUqyYesoVSRfJOiOfvn6kDLG62slk6sx4iKW8=
-----END CERTIFICATE-----