Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/i0c4Pwt4he4mE4BRvbWW0ErjLL4.roa
File:                     i0c4Pwt4he4mE4BRvbWW0ErjLL4.roa (raw, json)
Hash identifier:          4+h79yAzdgHoNgMdyjMqpw/6faJtWrlF4MMK733cYBo=
Subject key identifier:   8B:47:38:3F:0B:78:85:EE:26:13:80:51:BD:B5:96:D0:4A:E3:2C:BE
Certificate issuer:       /CN=951664521d503959212f55b2a59aec6d207b0a28
Certificate serial:       018CC56ED6E3FBBE0CA28108B907D11C1121
Authority key identifier: 95:16:64:52:1D:50:39:59:21:2F:55:B2:A5:9A:EC:6D:20:7B:0A:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/i0c4Pwt4he4mE4BRvbWW0ErjLL4.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6883
IP address blocks:        161.110.0.0/16 maxlen: 16
                          2a0a:f500::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d6:e3:fb:be:0c:a2:81:08:b9:07:d1:1c:11:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=951664521d503959212f55b2a59aec6d207b0a28
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b47383f0b7885ee26138051bdb596d04ae32cbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:13:2e:30:ff:7f:aa:ce:ba:cd:ce:e3:52:36:
                    b9:90:17:42:78:46:b4:74:a3:84:f0:c3:33:ec:4d:
                    cb:59:2b:fd:d2:95:b3:7b:95:b0:a0:27:b3:1f:08:
                    d5:18:c9:45:66:fe:b6:74:f5:28:c0:af:be:d4:cc:
                    aa:9f:49:41:97:6c:bf:ad:d7:a6:eb:b1:e6:f5:31:
                    46:ab:3b:94:d3:d9:3c:04:18:82:62:bb:ef:1e:d5:
                    7d:e3:4e:80:e3:f5:f2:6b:f2:5e:4b:41:b6:77:cd:
                    7e:32:8e:d5:6e:16:bb:a9:39:8c:b5:76:8d:1d:f2:
                    4b:32:5a:9a:6e:0b:78:44:50:3e:40:f8:ec:14:fe:
                    c7:a6:c3:ee:38:73:c6:de:ab:ee:20:e1:ef:02:e3:
                    fa:73:46:ce:57:0b:b4:56:db:3a:70:6f:c3:b0:8d:
                    96:e3:ea:f6:68:53:20:41:b1:d6:4a:2f:2c:b8:75:
                    f3:ed:1b:83:0d:4d:a5:34:95:15:d8:67:59:93:3e:
                    9a:58:78:0a:28:22:2e:2e:e3:76:72:6f:1c:df:9c:
                    fb:ce:ff:f6:a7:b6:e9:8f:c7:93:4a:69:c4:0c:5a:
                    76:7f:cb:92:ff:30:d2:b4:c2:b8:9f:bd:0f:b9:11:
                    9f:18:90:e4:6d:9b:68:79:2c:bc:d0:e7:be:2b:a2:
                    50:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:47:38:3F:0B:78:85:EE:26:13:80:51:BD:B5:96:D0:4A:E3:2C:BE
            X509v3 Authority Key Identifier:
                keyid:95:16:64:52:1D:50:39:59:21:2F:55:B2:A5:9A:EC:6D:20:7B:0A:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lRZkUh1QOVkhL1WypZrsbSB7Cig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/i0c4Pwt4he4mE4BRvbWW0ErjLL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/2c3619-2c59-46d2-aaae-ef7453ad099f/1/lRZkUh1QOVkhL1WypZrsbSB7Cig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.110.0.0/16
                IPv6:
                  2a0a:f500::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:55:e4:a1:3a:33:a4:d2:37:0a:f7:3f:38:ab:7d:f5:dd:62:
         b2:62:8f:0b:0e:cb:3c:e7:5f:bd:92:3f:16:7f:f3:46:52:77:
         b1:8f:10:ca:0b:43:32:54:21:32:f4:ec:f0:76:80:69:dd:a9:
         67:9b:0c:e8:72:4e:c0:ec:48:96:d8:54:8b:b2:ad:c9:73:68:
         7b:86:9a:fa:f9:74:bb:41:c8:ae:86:97:d5:54:66:a0:30:03:
         89:4a:c5:ce:84:1f:b9:a4:05:fb:e5:1f:f0:13:20:97:b0:be:
         65:1e:f7:5e:84:75:e7:30:3c:c1:52:97:2b:89:e5:32:93:88:
         2f:94:c9:dd:de:a0:53:ad:c4:74:02:7f:07:c9:3e:85:ef:a6:
         63:7a:42:57:92:bf:bc:63:85:ac:85:30:8c:43:29:b1:fc:f0:
         3d:3a:c2:7d:6c:13:83:28:38:9c:86:84:ce:8d:ab:d0:fa:a3:
         c5:e1:b2:07:62:b1:e2:92:4a:4c:5a:0f:4a:4f:e8:26:ba:a4:
         01:25:e9:be:09:a8:b4:ad:a9:8a:78:3b:18:98:9b:70:a6:c9:
         ae:34:76:66:ec:e5:b1:f7:36:8a:e0:ac:5f:7a:6b:22:87:40:
         85:55:8f:f4:5b:d7:28:bc:34:43:b1:bf:be:c4:6b:2a:5e:95:
         92:51:1b:d9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzFbtbj+74MooEIuQfRHBEhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MTY2NDUyMWQ1MDM5NTkyMTJmNTViMmE1OWFlYzZkMjA3
YjBhMjgwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjQ3MzgzZjBiNzg4NWVlMjYxMzgwNTFiZGI1OTZkMDRhZTMyY2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxMuMP9/qs66zc7jUja5kBdCeEa0
dKOE8MMz7E3LWSv90pWze5WwoCezHwjVGMlFZv62dPUowK++1Myqn0lBl2y/rdem
67Hm9TFGqzuU09k8BBiCYrvvHtV9406A4/Xya/JeS0G2d81+Mo7Vbha7qTmMtXaN
HfJLMlqabgt4RFA+QPjsFP7HpsPuOHPG3qvuIOHvAuP6c0bOVwu0Vts6cG/DsI2W
4+r2aFMgQbHWSi8suHXz7RuDDU2lNJUV2GdZkz6aWHgKKCIuLuN2cm8c35z7zv/2
p7bpj8eTSmnEDFp2f8uS/zDStMK4n70PuRGfGJDkbZtoeSy80Oe+K6JQ9QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFItHOD8LeIXuJhOAUb21ltBK4yy+MB8GA1UdIwQY
MBaAFJUWZFIdUDlZIS9VsqWa7G0gewooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFJaa1VoMVFPVmtoTDFXeXBacnNiU0I3Q2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8yYzM2MTktMmM1OS00NmQyLWFhYWUt
ZWY3NDUzYWQwOTlmLzEvaTBjNFB3dDRoZTRtRTRCUnZiV1cwRXJqTEw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8yYzM2MTktMmM1OS00NmQyLWFhYWUtZWY3NDUzYWQwOTlm
LzEvbFJaa1VoMVFPVmtoTDFXeXBacnNiU0I3Q2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAoW4wDQQC
AAIwBwMFACoK9QAwDQYJKoZIhvcNAQELBQADggEBALpV5KE6M6TSNwr3PzirffXd
YrJijwsOyzznX72SPxZ/80ZSd7GPEMoLQzJUITL07PB2gGndqWebDOhyTsDsSJbY
VIuyrclzaHuGmvr5dLtByK6Gl9VUZqAwA4lKxc6EH7mkBfvlH/ATIJewvmUe916E
decwPMFSlyuJ5TKTiC+Uyd3eoFOtxHQCfwfJPoXvpmN6QleSv7xjhayFMIxDKbH8
8D06wn1sE4MoOJyGhM6Nq9D6o8XhsgdiseKSSkxaD0pP6Ca6pAEl6b4JqLStqYp4
OxiYm3Cmya40dmbs5bH3NorgrF96ayKHQIVVj/Rb1yi8NEOxv77EaypelZJRG9k=
-----END CERTIFICATE-----