Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/7719c9-5d08-4b0e-afdf-1d0e6e981178/1/Trb2zbs4kgll1C5SPRAjq6G6ZN4.roa
File:                     Trb2zbs4kgll1C5SPRAjq6G6ZN4.roa (raw, json)
Hash identifier:          RljWczmUSrPfeWAx/9o+E9eKXWhxXM6wf7w1yAJZ+hE=
Subject key identifier:   4E:B6:F6:CD:BB:38:92:09:65:D4:2E:52:3D:10:23:AB:A1:BA:64:DE
Certificate issuer:       /CN=1582eec4b34738df718da9e0143a9d0e9241a85c
Certificate serial:       018CC4251B8F530BC941FA4EB1B1EE154196
Authority key identifier: 15:82:EE:C4:B3:47:38:DF:71:8D:A9:E0:14:3A:9D:0E:92:41:A8:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FYLuxLNHON9xjangFDqdDpJBqFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/7719c9-5d08-4b0e-afdf-1d0e6e981178/1/Trb2zbs4kgll1C5SPRAjq6G6ZN4.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209578
IP address blocks:        160.20.96.0/22 maxlen: 22
                          2a07:cf40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/7719c9-5d08-4b0e-afdf-1d0e6e981178/1/FYLuxLNHON9xjangFDqdDpJBqFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/7719c9-5d08-4b0e-afdf-1d0e6e981178/1/FYLuxLNHON9xjangFDqdDpJBqFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FYLuxLNHON9xjangFDqdDpJBqFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1b:8f:53:0b:c9:41:fa:4e:b1:b1:ee:15:41:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1582eec4b34738df718da9e0143a9d0e9241a85c
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4eb6f6cdbb38920965d42e523d1023aba1ba64de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7f:59:5c:f0:1c:65:1d:01:c5:a9:db:01:ad:
                    24:dd:b4:8c:82:d0:aa:53:a6:61:32:14:f7:b6:18:
                    03:f4:54:d7:ed:fa:fb:77:1a:8b:03:be:e8:cd:0b:
                    34:37:3f:59:33:c8:95:6b:d2:a5:3c:6c:d2:cc:3f:
                    3e:09:00:e9:e5:a6:41:22:7a:67:df:b3:25:6c:5d:
                    f8:60:6f:81:9f:e5:47:fc:c1:8c:83:30:c9:55:17:
                    fa:54:dc:49:20:90:2b:72:6c:92:4b:55:a1:59:1c:
                    12:00:36:f2:c4:47:b0:0f:aa:ac:12:b4:10:0e:3b:
                    af:3b:5c:3f:13:18:5d:93:50:33:1b:bb:0a:4c:5b:
                    81:5e:6d:de:7a:f3:0f:80:69:22:42:89:63:0f:7f:
                    68:a5:4a:b7:f6:97:e3:44:cd:08:d7:20:53:25:55:
                    4a:8a:a8:b6:29:92:96:ac:b3:c4:44:17:b8:19:73:
                    ba:18:5b:57:35:87:f8:92:8f:34:68:88:05:9e:a9:
                    63:9b:10:e3:35:44:04:63:f2:c1:35:09:3c:e6:b6:
                    10:b7:71:23:99:9b:cb:c9:ac:ff:c7:af:ba:e5:d7:
                    ae:27:d9:a8:b7:37:99:76:3e:96:3c:2f:30:d2:fc:
                    b9:34:95:4e:a0:a8:3b:c9:6f:d7:b1:2a:c4:ee:89:
                    1e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B6:F6:CD:BB:38:92:09:65:D4:2E:52:3D:10:23:AB:A1:BA:64:DE
            X509v3 Authority Key Identifier:
                keyid:15:82:EE:C4:B3:47:38:DF:71:8D:A9:E0:14:3A:9D:0E:92:41:A8:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FYLuxLNHON9xjangFDqdDpJBqFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7719c9-5d08-4b0e-afdf-1d0e6e981178/1/Trb2zbs4kgll1C5SPRAjq6G6ZN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/7719c9-5d08-4b0e-afdf-1d0e6e981178/1/FYLuxLNHON9xjangFDqdDpJBqFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.96.0/22
                IPv6:
                  2a07:cf40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:11:b5:f2:82:f2:ff:c7:4d:b3:35:e2:e0:bb:0b:b4:9c:72:
         5c:83:51:ef:c2:ba:4b:df:c0:d3:00:88:b6:a7:a4:f3:c9:2a:
         be:be:a9:f8:33:04:d0:72:98:44:29:f5:77:88:99:05:ac:bf:
         24:59:52:da:43:36:53:b2:08:c4:a5:b1:b7:1f:ca:09:f3:0a:
         bc:01:1e:e4:8f:d1:b7:03:63:ee:42:07:a1:ff:92:9a:d9:fb:
         17:80:7a:cf:3f:80:79:d7:a4:b2:19:60:13:d5:31:35:75:7a:
         40:53:76:e4:9c:46:fe:5b:e2:1e:d1:09:a4:d3:de:55:85:a5:
         69:20:f6:cb:eb:c8:03:10:2c:67:83:7f:32:b3:f8:20:bf:1c:
         91:5e:23:6e:81:92:b0:cc:6d:fc:e4:42:e3:ea:8b:cd:36:b7:
         69:c8:8f:44:b5:09:b3:b6:a2:cf:04:31:fa:d4:2a:68:fc:c5:
         7d:47:37:e4:e5:1b:44:50:a7:48:72:88:76:8c:69:de:f7:e0:
         07:13:7c:c0:e7:c0:2d:a6:31:0b:fb:b3:18:ac:ff:ee:2c:b0:
         2c:99:f2:d5:00:48:ce:39:fb:a8:01:3e:b4:0f:89:3e:04:ea:
         09:55:e0:c7:11:56:68:75:15:66:d1:2a:50:94:77:c5:9a:e3:
         dc:2f:12:59
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJRuPUwvJQfpOsbHuFUGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ODJlZWM0YjM0NzM4ZGY3MThkYTllMDE0M2E5ZDBlOTI0
MWE4NWMwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWI2ZjZjZGJiMzg5MjA5NjVkNDJlNTIzZDEwMjNhYmExYmE2NGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgX9ZXPAcZR0BxanbAa0k3bSMgtCq
U6ZhMhT3thgD9FTX7fr7dxqLA77ozQs0Nz9ZM8iVa9KlPGzSzD8+CQDp5aZBInpn
37MlbF34YG+Bn+VH/MGMgzDJVRf6VNxJIJArcmySS1WhWRwSADbyxEewD6qsErQQ
DjuvO1w/Exhdk1AzG7sKTFuBXm3eevMPgGkiQoljD39opUq39pfjRM0I1yBTJVVK
iqi2KZKWrLPERBe4GXO6GFtXNYf4ko80aIgFnqljmxDjNUQEY/LBNQk85rYQt3Ej
mZvLyaz/x6+65deuJ9motzeZdj6WPC8w0vy5NJVOoKg7yW/XsSrE7okekwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE629s27OJIJZdQuUj0QI6uhumTeMB8GA1UdIwQY
MBaAFBWC7sSzRzjfcY2p4BQ6nQ6SQahcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRllMdXhMTkhPTjl4amFuZ0ZEcWREcEpCcUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS83NzE5YzktNWQwOC00YjBlLWFmZGYt
MWQwZTZlOTgxMTc4LzEvVHJiMnpiczRrZ2xsMUM1U1BSQWpxNkc2Wk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS83NzE5YzktNWQwOC00YjBlLWFmZGYtMWQwZTZlOTgxMTc4
LzEvRllMdXhMTkhPTjl4amFuZ0ZEcWREcEpCcUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCoBRgMA0E
AgACMAcDBQAqB89AMA0GCSqGSIb3DQEBCwUAA4IBAQChEbXygvL/x02zNeLguwu0
nHJcg1HvwrpL38DTAIi2p6TzySq+vqn4MwTQcphEKfV3iJkFrL8kWVLaQzZTsgjE
pbG3H8oJ8wq8AR7kj9G3A2PuQgeh/5Ka2fsXgHrPP4B516SyGWAT1TE1dXpAU3bk
nEb+W+Ie0Qmk095VhaVpIPbL68gDECxng38ys/ggvxyRXiNugZKwzG385ELj6ovN
NrdpyI9EtQmztqLPBDH61Cpo/MV9Rzfk5RtEUKdIcoh2jGne9+AHE3zA58AtpjEL
+7MYrP/uLLAsmfLVAEjOOfuoAT60D4k+BOoJVeDHEVZodRVm0SpQlHfFmuPcLxJZ
-----END CERTIFICATE-----