Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/7b2f20-49ad-4712-9c3e-b1d4f8a86d09/1/6rvEeL6iOs0Fn_ktbh3CyWg5DvQ.roa
File:                     6rvEeL6iOs0Fn_ktbh3CyWg5DvQ.roa (raw, json)
Hash identifier:          7fLeyCEkqqPlJ7QNr1XpoZ+U71R2uAxJKfNGouHBPiY=
Subject key identifier:   EA:BB:C4:78:BE:A2:3A:CD:05:9F:F9:2D:6E:1D:C2:C9:68:39:0E:F4
Certificate issuer:       /CN=bdfc8ddfb841879f0e530dce3b7f85827f0c193f
Certificate serial:       018DAC597BA09D7216793AA04078F9FF0DE1
Authority key identifier: BD:FC:8D:DF:B8:41:87:9F:0E:53:0D:CE:3B:7F:85:82:7F:0C:19:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfyN37hBh58OUw3OO3-Fgn8MGT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/7b2f20-49ad-4712-9c3e-b1d4f8a86d09/1/6rvEeL6iOs0Fn_ktbh3CyWg5DvQ.roa
Signing time:             Thu 15 Feb 2024 10:39:21 +0000
ROA not before:           Thu 15 Feb 2024 10:39:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29410
IP address blocks:        192.118.0.0/24 maxlen: 24
                          192.118.1.0/24 maxlen: 24
                          192.118.2.0/24 maxlen: 24
                          192.118.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/7b2f20-49ad-4712-9c3e-b1d4f8a86d09/1/vfyN37hBh58OUw3OO3-Fgn8MGT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/7b2f20-49ad-4712-9c3e-b1d4f8a86d09/1/vfyN37hBh58OUw3OO3-Fgn8MGT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfyN37hBh58OUw3OO3-Fgn8MGT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:59:7b:a0:9d:72:16:79:3a:a0:40:78:f9:ff:0d:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfc8ddfb841879f0e530dce3b7f85827f0c193f
        Validity
            Not Before: Feb 15 10:39:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eabbc478bea23acd059ff92d6e1dc2c968390ef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e4:99:b5:98:23:2b:cf:03:73:0d:28:92:91:
                    8e:7f:8f:b5:48:f1:1a:b1:4d:9c:0b:7c:df:17:34:
                    99:1c:13:e5:06:54:29:ff:aa:63:be:b8:f5:ea:f8:
                    17:56:c7:cc:af:b5:08:b9:f2:3f:f9:6e:1f:49:dc:
                    b4:6c:cd:f5:f8:13:46:06:1b:16:1d:9f:43:88:45:
                    b4:46:35:a4:02:da:2e:3b:d2:17:73:e6:05:18:65:
                    5e:64:f0:14:23:6d:52:da:40:00:e1:aa:f7:a7:62:
                    0f:c7:10:5d:8d:b8:d1:99:28:9e:fb:75:2c:50:85:
                    aa:f6:a9:b1:25:15:67:36:3c:52:16:e3:19:ea:01:
                    31:20:1c:4c:97:f4:a1:85:31:fc:23:2c:ee:68:ab:
                    d9:16:67:19:ac:39:e3:a8:a6:d9:40:a5:ba:3a:3e:
                    40:ab:b1:69:77:64:92:dd:83:c1:c8:75:ee:90:80:
                    58:92:99:74:f1:06:b7:af:fe:be:5b:f9:24:5a:91:
                    a3:87:69:13:58:21:09:6e:43:67:cd:fa:1f:66:8f:
                    7d:d8:70:c2:57:7a:d5:ee:1d:64:6e:c1:b5:30:b1:
                    35:a7:ff:a7:b7:af:c6:ae:21:ea:06:d2:6b:86:50:
                    a5:55:68:42:6f:7a:1c:61:f0:6c:a3:da:74:86:fd:
                    b5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:BB:C4:78:BE:A2:3A:CD:05:9F:F9:2D:6E:1D:C2:C9:68:39:0E:F4
            X509v3 Authority Key Identifier:
                keyid:BD:FC:8D:DF:B8:41:87:9F:0E:53:0D:CE:3B:7F:85:82:7F:0C:19:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfyN37hBh58OUw3OO3-Fgn8MGT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/7b2f20-49ad-4712-9c3e-b1d4f8a86d09/1/6rvEeL6iOs0Fn_ktbh3CyWg5DvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/7b2f20-49ad-4712-9c3e-b1d4f8a86d09/1/vfyN37hBh58OUw3OO3-Fgn8MGT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.118.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b3:f1:fe:09:25:f3:30:76:da:70:70:0c:e5:ff:a9:1e:5e:36:
         7c:43:0b:e6:8e:c3:db:48:75:72:49:a1:32:a3:8b:b4:97:bf:
         a8:9b:31:bf:d0:49:5f:11:e6:28:1e:ac:59:7f:31:cb:64:05:
         32:00:77:a3:8e:30:11:08:0f:8e:99:6e:85:24:43:59:98:08:
         bd:93:f0:ca:2a:fe:1c:4a:54:95:85:bd:0d:d7:eb:0f:30:92:
         fa:c8:75:8f:d6:eb:13:52:d0:3e:b1:47:a5:cb:3a:fe:b5:66:
         f4:b5:12:ea:b8:0e:16:10:4f:1b:c5:05:be:4c:77:0e:20:a4:
         73:7c:89:e4:29:4b:c2:cb:8f:b0:93:35:4c:35:3d:a9:0e:74:
         ea:93:24:34:70:c6:fa:a1:04:87:d6:e9:f8:e4:27:34:9e:53:
         b7:fa:0c:c2:2d:43:60:f4:25:90:cd:75:5c:36:4b:7e:17:ce:
         94:d7:ef:51:7f:42:22:e6:13:c9:bb:41:2e:f6:1f:d4:11:fa:
         ce:7b:f3:31:37:c1:00:e8:74:58:93:b8:80:e2:ac:a2:b9:25:
         33:0f:b4:03:76:ad:0a:da:da:bb:88:bc:bf:a6:9b:e4:05:81:
         2d:4d:59:57:92:8d:e9:fe:78:e3:2a:74:45:fd:f0:bb:63:b5:
         64:4a:19:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sWXugnXIWeTqgQHj5/w3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmM4ZGRmYjg0MTg3OWYwZTUzMGRjZTNiN2Y4NTgyN2Yw
YzE5M2YwHhcNMjQwMjE1MTAzOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWJiYzQ3OGJlYTIzYWNkMDU5ZmY5MmQ2ZTFkYzJjOTY4MzkwZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOSZtZgjK88Dcw0okpGOf4+1SPEa
sU2cC3zfFzSZHBPlBlQp/6pjvrj16vgXVsfMr7UIufI/+W4fSdy0bM31+BNGBhsW
HZ9DiEW0RjWkAtouO9IXc+YFGGVeZPAUI21S2kAA4ar3p2IPxxBdjbjRmSie+3Us
UIWq9qmxJRVnNjxSFuMZ6gExIBxMl/ShhTH8IyzuaKvZFmcZrDnjqKbZQKW6Oj5A
q7Fpd2SS3YPByHXukIBYkpl08Qa3r/6+W/kkWpGjh2kTWCEJbkNnzfofZo992HDC
V3rV7h1kbsG1MLE1p/+nt6/GriHqBtJrhlClVWhCb3ocYfBso9p0hv21GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOq7xHi+ojrNBZ/5LW4dwsloOQ70MB8GA1UdIwQY
MBaAFL38jd+4QYefDlMNzjt/hYJ/DBk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZ5TjM3aEJoNThPVXczT08zLUZnbjhNR1Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83YjJmMjAtNDlhZC00NzEyLTljM2Ut
YjFkNGY4YTg2ZDA5LzEvNnJ2RWVMNmlPczBGbl9rdGJoM0N5V2c1RHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83YjJmMjAtNDlhZC00NzEyLTljM2UtYjFkNGY4YTg2ZDA5
LzEvdmZ5TjM3aEJoNThPVXczT08zLUZnbjhNR1Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwHYAMA0G
CSqGSIb3DQEBCwUAA4IBAQCz8f4JJfMwdtpwcAzl/6keXjZ8QwvmjsPbSHVySaEy
o4u0l7+omzG/0ElfEeYoHqxZfzHLZAUyAHejjjARCA+OmW6FJENZmAi9k/DKKv4c
SlSVhb0N1+sPMJL6yHWP1usTUtA+sUelyzr+tWb0tRLquA4WEE8bxQW+THcOIKRz
fInkKUvCy4+wkzVMNT2pDnTqkyQ0cMb6oQSH1un45Cc0nlO3+gzCLUNg9CWQzXVc
Nkt+F86U1+9Rf0Ii5hPJu0Eu9h/UEfrOe/MxN8EA6HRYk7iA4qyiuSUzD7QDdq0K
2tq7iLy/ppvkBYEtTVlXko3p/njjKnRF/fC7Y7VkShlN
-----END CERTIFICATE-----