Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/cBuIiffvPtz7Gd0rwgE-R5OTEzY.roa
File:                     cBuIiffvPtz7Gd0rwgE-R5OTEzY.roa (raw, json)
Hash identifier:          A8BRFLwZ/uVOOogBIiWPdGbQiBA9XxiSf2B0A9Jhf7M=
Subject key identifier:   70:1B:88:89:F7:EF:3E:DC:FB:19:DD:2B:C2:01:3E:47:93:93:13:36
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       018CC5DC8ECA814215F3C9CA0BD5DEF1B95B
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/cBuIiffvPtz7Gd0rwgE-R5OTEzY.roa
Signing time:             Mon 01 Jan 2024 16:30:15 +0000
ROA not before:           Mon 01 Jan 2024 16:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34012
IP address blocks:        162.248.199.0/24 maxlen: 24
                          162.251.33.0/24 maxlen: 24
                          2a01:40e0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 18:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:8e:ca:81:42:15:f3:c9:ca:0b:d5:de:f1:b9:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  1 16:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=701b8889f7ef3edcfb19dd2bc2013e4793931336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3e:1d:c2:2d:99:11:88:1f:3d:70:09:e6:2b:
                    90:b5:43:4a:f7:50:ae:21:73:cc:09:bd:66:f0:79:
                    db:53:d1:85:74:df:67:0b:a3:da:c7:1c:b8:a2:17:
                    77:8c:e6:49:3c:9b:4c:5b:d6:e1:36:cc:21:6b:3a:
                    30:14:7e:b6:1d:3b:d8:c3:fc:19:bd:c4:d4:d1:93:
                    6d:17:9b:fa:bd:38:1b:a4:70:b5:1c:ad:dc:72:b1:
                    cf:b7:2a:67:b7:3c:28:ef:2b:0a:70:20:90:14:11:
                    24:c4:b3:59:25:4d:00:a1:6a:c0:47:8c:76:35:91:
                    9b:b1:22:73:f2:47:2c:c8:9b:c3:0b:77:c4:87:a6:
                    03:7e:70:ff:ab:89:25:44:82:84:d2:f7:bd:0e:58:
                    74:38:c6:8f:9d:a0:b4:52:f1:ba:03:d6:26:64:aa:
                    00:7b:ff:c8:02:92:fd:e0:d4:90:4c:1e:c0:9b:27:
                    f7:53:ed:91:06:05:67:97:83:96:f5:da:43:82:fe:
                    5b:61:51:05:54:74:d8:94:5e:da:f6:ae:50:e4:82:
                    cb:ee:f6:d4:a8:be:8b:0b:12:22:6c:c2:b5:17:e7:
                    96:d7:20:59:27:88:6c:b2:8b:8b:70:42:9b:0c:f0:
                    93:35:2c:a8:df:5f:0e:16:e0:2e:40:79:54:ae:65:
                    c9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:1B:88:89:F7:EF:3E:DC:FB:19:DD:2B:C2:01:3E:47:93:93:13:36
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/cBuIiffvPtz7Gd0rwgE-R5OTEzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.248.199.0/24
                  162.251.33.0/24
                IPv6:
                  2a01:40e0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:7f:bf:82:cd:51:47:76:00:a4:37:52:74:65:d3:4e:45:fa:
         84:eb:84:27:36:3e:84:0f:f9:af:da:d4:a4:70:5b:07:40:9c:
         88:e3:4f:19:34:af:38:04:15:59:e2:35:ea:33:0b:55:ca:50:
         43:e6:bd:26:82:62:e6:3c:f5:23:76:98:f4:6f:f4:77:8e:00:
         6a:1b:8f:a9:9c:7e:ce:ac:24:a5:08:df:9b:c5:fa:b9:f5:be:
         f9:88:47:a8:54:5e:c0:de:09:95:38:28:f4:76:e9:3c:f6:b1:
         39:ae:8a:97:1c:7a:08:3a:53:8c:1b:c4:08:e8:05:62:bc:87:
         da:3d:e4:eb:8f:83:a0:47:16:b8:3b:90:bc:3a:4f:07:c2:17:
         5d:69:cb:de:46:82:e0:87:5d:c4:23:8f:fd:78:a4:eb:f7:6d:
         05:f9:f6:d9:c8:97:52:33:04:52:17:13:80:38:8d:76:e7:c9:
         9f:6b:80:f3:59:50:1e:d2:22:ae:f9:57:48:18:5f:1d:f3:06:
         97:cf:0b:78:f4:fd:dd:30:ec:e6:34:3d:5e:6b:49:69:ff:57:
         72:76:b9:a4:29:b6:7c:a9:84:87:7c:91:d3:77:73:ea:cc:c9:
         b6:e9:a9:9b:3f:ca:6e:52:e7:43:ba:2c:a5:20:35:9d:d3:3c:
         4c:ad:bd:b2
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzF3I7KgUIV88nKC9Xe8blbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjQwMTAxMTYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFiODg4OWY3ZWYzZWRjZmIxOWRkMmJjMjAxM2U0NzkzOTMxMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT4dwi2ZEYgfPXAJ5iuQtUNK91Cu
IXPMCb1m8HnbU9GFdN9nC6Paxxy4ohd3jOZJPJtMW9bhNswhazowFH62HTvYw/wZ
vcTU0ZNtF5v6vTgbpHC1HK3ccrHPtypntzwo7ysKcCCQFBEkxLNZJU0AoWrAR4x2
NZGbsSJz8kcsyJvDC3fEh6YDfnD/q4klRIKE0ve9Dlh0OMaPnaC0UvG6A9YmZKoA
e//IApL94NSQTB7Amyf3U+2RBgVnl4OW9dpDgv5bYVEFVHTYlF7a9q5Q5ILL7vbU
qL6LCxIibMK1F+eW1yBZJ4hssouLcEKbDPCTNSyo318OFuAuQHlUrmXJPwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHAbiIn37z7c+xndK8IBPkeTkxM2MB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvY0J1SWlmZnZQdHo3R2QwcndnRS1SNU9URXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAovjHAwQA
ovshMA8EAgACMAkDBwAqAUDgAAIwDQYJKoZIhvcNAQELBQADggEBAGp/v4LNUUd2
AKQ3UnRl005F+oTrhCc2PoQP+a/a1KRwWwdAnIjjTxk0rzgEFVniNeozC1XKUEPm
vSaCYuY89SN2mPRv9HeOAGobj6mcfs6sJKUI35vF+rn1vvmIR6hUXsDeCZU4KPR2
6Tz2sTmuipccegg6U4wbxAjoBWK8h9o95OuPg6BHFrg7kLw6TwfCF11py95GguCH
XcQjj/14pOv3bQX59tnIl1IzBFIXE4A4jXbnyZ9rgPNZUB7SIq75V0gYXx3zBpfP
C3j0/d0w7OY0PV5rSWn/V3J2uaQptnyphId8kdN3c+rMybbpqZs/ym5S50O6LKUg
NZ3TPEytvbI=
-----END CERTIFICATE-----