Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/K8N0yqu1VFWB7yBXtQ2RQoX6dMs.roa
File:                     K8N0yqu1VFWB7yBXtQ2RQoX6dMs.roa (raw, json)
Hash identifier:          69CYY95Yxi4cSSpcMZQk1EAQYBon/yI+Af+d2/WmPE8=
Subject key identifier:   2B:C3:74:CA:AB:B5:54:55:81:EF:20:57:B5:0D:91:42:85:FA:74:CB
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018E30C07D3487E33B44336897579AB0A008
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/K8N0yqu1VFWB7yBXtQ2RQoX6dMs.roa
Signing time:             Tue 12 Mar 2024 03:41:45 +0000
ROA not before:           Tue 12 Mar 2024 03:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        128.65.168.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 01:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:30:c0:7d:34:87:e3:3b:44:33:68:97:57:9a:b0:a0:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Mar 12 03:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bc374caabb5545581ef2057b50d914285fa74cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a6:e3:17:11:a5:db:6b:da:25:b9:b7:b2:ec:
                    69:17:ec:98:6d:5b:03:42:b2:47:67:ac:4e:82:42:
                    46:a1:fe:37:62:6f:ec:4f:99:6c:8f:1f:26:38:fd:
                    62:8d:c3:f9:ab:86:1e:1c:fa:d9:21:91:cb:e1:49:
                    a6:fb:1f:1d:76:4a:ec:5f:c0:64:0c:d9:f4:9d:38:
                    ca:4a:e3:21:aa:2a:52:65:2e:36:ed:ca:c3:1d:64:
                    96:d5:11:f1:76:3f:a9:d7:48:1a:96:1e:51:e0:ca:
                    d0:7a:ac:b9:a6:91:88:e5:b6:fe:0a:be:e2:cd:d4:
                    ba:8e:35:6b:ae:91:2b:a7:5c:09:bc:20:b0:1a:e3:
                    50:66:5b:cf:f8:6e:30:5a:b6:c1:80:00:6a:47:5b:
                    0e:d3:26:3c:a3:d8:45:7a:bc:97:87:1c:22:27:13:
                    ad:70:ae:63:43:38:6c:32:a1:a9:71:3a:bb:2e:b7:
                    ee:7e:08:6b:85:bb:40:35:c5:04:24:21:b1:ec:79:
                    66:3b:44:3d:05:a1:3b:de:5a:bb:d1:84:de:02:70:
                    9a:03:48:16:c3:74:fe:47:d0:09:c9:d6:d3:a8:4f:
                    23:db:b9:8a:e5:17:3d:fd:69:3b:87:64:88:15:8f:
                    1f:f4:6e:93:23:3b:74:14:e2:3a:65:f8:9b:cd:f8:
                    69:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C3:74:CA:AB:B5:54:55:81:EF:20:57:B5:0D:91:42:85:FA:74:CB
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/K8N0yqu1VFWB7yBXtQ2RQoX6dMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:c5:d0:26:84:6e:e4:39:3d:c1:0f:68:f9:de:51:30:2b:8e:
         29:32:2b:f6:62:c8:b3:f2:bf:98:43:de:ed:41:10:f5:db:52:
         d3:be:f2:d3:71:d4:14:df:61:bb:13:65:6c:19:28:7d:db:de:
         9a:26:65:3c:f3:2f:c6:33:a9:6f:d3:20:2a:c7:49:cd:82:1b:
         e4:8d:b8:c0:61:7c:0d:62:4d:27:1f:08:c9:9f:f2:7b:49:48:
         82:27:9f:c2:25:1f:6e:e2:61:ec:e1:c1:fd:11:86:0a:c4:bd:
         8c:41:42:f2:96:43:6c:db:c4:96:a5:cd:ca:72:80:4a:fd:80:
         7c:be:f2:60:68:17:4d:13:23:83:dd:5a:02:07:e1:fd:1b:81:
         b9:18:69:4e:e5:03:2c:34:4f:77:be:ac:d1:47:83:29:76:67:
         07:51:64:d2:c1:83:98:63:08:51:04:cd:a7:d1:05:25:48:fe:
         b5:01:de:2b:18:e6:2b:cf:b6:26:f0:bb:64:85:d2:d5:b9:c2:
         c4:ce:84:51:2b:ad:a2:63:27:73:de:2c:ac:3b:06:ca:64:73:
         d4:ac:05:ef:ca:17:f0:c3:72:79:c4:2a:c4:2b:ca:48:4e:6e:
         f8:48:dd:cf:1d:d2:8c:14:2d:44:e1:86:04:ae:2f:52:d0:21:
         fb:84:6c:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4wwH00h+M7RDNol1easKAIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwMzEyMDM0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmMzNzRjYWFiYjU1NDU1ODFlZjIwNTdiNTBkOTE0Mjg1ZmE3NGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2abjFxGl22vaJbm3suxpF+yYbVsD
QrJHZ6xOgkJGof43Ym/sT5lsjx8mOP1ijcP5q4YeHPrZIZHL4Umm+x8ddkrsX8Bk
DNn0nTjKSuMhqipSZS427crDHWSW1RHxdj+p10galh5R4MrQeqy5ppGI5bb+Cr7i
zdS6jjVrrpErp1wJvCCwGuNQZlvP+G4wWrbBgABqR1sO0yY8o9hFeryXhxwiJxOt
cK5jQzhsMqGpcTq7LrfufghrhbtANcUEJCGx7HlmO0Q9BaE73lq70YTeAnCaA0gW
w3T+R9AJydbTqE8j27mK5Rc9/Wk7h2SIFY8f9G6TIzt0FOI6ZfibzfhpCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvDdMqrtVRVge8gV7UNkUKF+nTLMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvSzhOMHlxdTFWRldCN3lCWHRRMlJRb1g2ZE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgEGoMA0G
CSqGSIb3DQEBCwUAA4IBAQBxxdAmhG7kOT3BD2j53lEwK44pMiv2Ysiz8r+YQ97t
QRD121LTvvLTcdQU32G7E2VsGSh9296aJmU88y/GM6lv0yAqx0nNghvkjbjAYXwN
Yk0nHwjJn/J7SUiCJ5/CJR9u4mHs4cH9EYYKxL2MQULylkNs28SWpc3KcoBK/YB8
vvJgaBdNEyOD3VoCB+H9G4G5GGlO5QMsNE93vqzRR4MpdmcHUWTSwYOYYwhRBM2n
0QUlSP61Ad4rGOYrz7Ym8LtkhdLVucLEzoRRK62iYydz3iysOwbKZHPUrAXvyhfw
w3J5xCrEK8pITm74SN3PHdKMFC1E4YYEri9S0CH7hGy7
-----END CERTIFICATE-----