Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/6a1c6e-039a-4b7d-9253-0a5e6a36801f/1/AEDua-hWkVricQ7HIMlZBtgg2dc.roa
File:                     AEDua-hWkVricQ7HIMlZBtgg2dc.roa (raw, json)
Hash identifier:          T8JT1ffkYqsHZM48g9lCf2oRnoLGLnSW81jsWhBOwkE=
Subject key identifier:   00:40:EE:6B:E8:56:91:5A:E2:71:0E:C7:20:C9:59:06:D8:20:D9:D7
Certificate issuer:       /CN=b2b57c07679f10870ec53b39efa7d08b0857a911
Certificate serial:       018CC5DC223DB2A751600590B35AF7178872
Authority key identifier: B2:B5:7C:07:67:9F:10:87:0E:C5:3B:39:EF:A7:D0:8B:08:57:A9:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/srV8B2efEIcOxTs576fQiwhXqRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/6a1c6e-039a-4b7d-9253-0a5e6a36801f/1/AEDua-hWkVricQ7HIMlZBtgg2dc.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31173
IP address blocks:        193.25.177.0/24 maxlen: 24
                          193.25.176.0/23 maxlen: 23
                          193.25.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/6a1c6e-039a-4b7d-9253-0a5e6a36801f/1/srV8B2efEIcOxTs576fQiwhXqRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/6a1c6e-039a-4b7d-9253-0a5e6a36801f/1/srV8B2efEIcOxTs576fQiwhXqRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/srV8B2efEIcOxTs576fQiwhXqRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:22:3d:b2:a7:51:60:05:90:b3:5a:f7:17:88:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2b57c07679f10870ec53b39efa7d08b0857a911
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0040ee6be856915ae2710ec720c95906d820d9d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c9:b7:29:aa:f1:fc:8f:96:58:f0:6a:e4:17:
                    39:56:22:95:69:b3:ac:a2:bc:f2:1a:93:cc:cd:95:
                    97:f2:5f:72:0e:74:67:ed:e5:d8:3b:6d:b9:f2:68:
                    78:9d:5a:19:25:60:82:7a:fe:53:bb:18:9e:d6:69:
                    9f:8a:55:0e:0a:76:40:66:93:2a:b4:49:b5:70:92:
                    eb:3e:98:32:58:94:2b:86:74:4d:62:99:44:f1:85:
                    19:92:ab:8b:19:53:6d:a5:5f:80:2a:32:60:b5:13:
                    da:ef:8d:54:37:bf:21:b7:1e:25:88:1f:ec:50:2e:
                    6f:0d:20:76:10:ad:0a:7b:45:83:c1:37:01:8b:03:
                    a6:bd:d7:87:a2:52:cc:20:e8:95:d9:8d:7b:54:7f:
                    2d:14:07:92:8d:12:ed:d3:0e:a5:21:1a:73:56:43:
                    5d:10:3a:77:c4:76:6d:7d:5c:06:45:a9:7a:7f:6d:
                    71:b1:ad:24:5e:7e:95:fb:1b:e6:64:9e:32:95:87:
                    5d:fb:90:56:73:bb:fa:1f:f4:f7:c1:29:51:f7:78:
                    14:79:bb:5f:d8:23:57:86:52:38:18:99:0a:44:40:
                    d3:9f:5e:bb:bf:29:e9:b6:9c:14:01:ce:c8:a1:b5:
                    81:7d:1f:db:c0:49:b4:07:be:19:01:7b:b6:3c:f1:
                    02:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:40:EE:6B:E8:56:91:5A:E2:71:0E:C7:20:C9:59:06:D8:20:D9:D7
            X509v3 Authority Key Identifier:
                keyid:B2:B5:7C:07:67:9F:10:87:0E:C5:3B:39:EF:A7:D0:8B:08:57:A9:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/srV8B2efEIcOxTs576fQiwhXqRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6a1c6e-039a-4b7d-9253-0a5e6a36801f/1/AEDua-hWkVricQ7HIMlZBtgg2dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/6a1c6e-039a-4b7d-9253-0a5e6a36801f/1/srV8B2efEIcOxTs576fQiwhXqRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:90:fa:ae:b1:16:58:c1:70:d5:22:ef:19:1a:67:49:3e:fe:
         d9:89:11:43:ee:f9:64:bd:1e:8c:e1:09:ec:a1:bf:07:9a:a3:
         dd:05:dc:61:32:3e:43:26:37:e3:3b:73:ba:dc:d3:d5:ac:db:
         20:38:b3:b6:2a:37:b7:18:7d:48:4b:aa:bf:18:26:3a:d3:55:
         4d:ff:e8:38:be:8c:bf:b1:5b:10:c9:b7:7a:fe:2f:f6:80:17:
         1c:20:ae:5a:22:7c:ef:88:8a:fa:23:ad:f1:be:f9:68:f7:dc:
         cd:fe:eb:26:99:63:c4:c8:8c:a6:18:d2:1c:09:6e:f7:f9:6d:
         80:9a:ab:7a:7d:a0:37:96:34:a5:73:8c:e3:66:44:5d:7a:fc:
         04:e1:10:22:b0:12:51:09:eb:45:d1:9e:d0:b3:db:3e:29:66:
         9a:23:ed:50:e7:28:25:08:1b:23:49:49:94:62:53:18:7c:2d:
         f3:b8:90:24:e5:5d:de:64:5b:5c:f4:19:ea:3e:02:05:11:8a:
         1b:bd:90:14:16:f6:ad:dd:b9:32:01:32:25:64:ae:91:59:a8:
         07:1e:7d:43:a9:4d:22:fd:4b:00:d4:f7:41:91:30:9a:6a:c2:
         7f:4f:0b:0d:15:85:0a:7a:38:9a:3f:ed:98:d5:74:3d:23:65:
         52:4f:cd:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CI9sqdRYAWQs1r3F4hyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYjU3YzA3Njc5ZjEwODcwZWM1M2IzOWVmYTdkMDhiMDg1
N2E5MTEwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQwZWU2YmU4NTY5MTVhZTI3MTBlYzcyMGM5NTkwNmQ4MjBkOWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8m3Karx/I+WWPBq5Bc5ViKVabOs
orzyGpPMzZWX8l9yDnRn7eXYO2258mh4nVoZJWCCev5Tuxie1mmfilUOCnZAZpMq
tEm1cJLrPpgyWJQrhnRNYplE8YUZkquLGVNtpV+AKjJgtRPa741UN78htx4liB/s
UC5vDSB2EK0Ke0WDwTcBiwOmvdeHolLMIOiV2Y17VH8tFAeSjRLt0w6lIRpzVkNd
EDp3xHZtfVwGRal6f21xsa0kXn6V+xvmZJ4ylYdd+5BWc7v6H/T3wSlR93gUebtf
2CNXhlI4GJkKREDTn167vynptpwUAc7IobWBfR/bwEm0B74ZAXu2PPECCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABA7mvoVpFa4nEOxyDJWQbYINnXMB8GA1UdIwQY
MBaAFLK1fAdnnxCHDsU7Oe+n0IsIV6kRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3JWOEIyZWZFSWNPeFRzNTc2ZlFpd2hYcVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82YTFjNmUtMDM5YS00YjdkLTkyNTMt
MGE1ZTZhMzY4MDFmLzEvQUVEdWEtaFdrVnJpY1E3SElNbFpCdGdnMmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82YTFjNmUtMDM5YS00YjdkLTkyNTMtMGE1ZTZhMzY4MDFm
LzEvc3JWOEIyZWZFSWNPeFRzNTc2ZlFpd2hYcVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRmwMA0G
CSqGSIb3DQEBCwUAA4IBAQCkkPqusRZYwXDVIu8ZGmdJPv7ZiRFD7vlkvR6M4Qns
ob8HmqPdBdxhMj5DJjfjO3O63NPVrNsgOLO2Kje3GH1IS6q/GCY601VN/+g4voy/
sVsQybd6/i/2gBccIK5aInzviIr6I63xvvlo99zN/usmmWPEyIymGNIcCW73+W2A
mqt6faA3ljSlc4zjZkRdevwE4RAisBJRCetF0Z7Qs9s+KWaaI+1Q5yglCBsjSUmU
YlMYfC3zuJAk5V3eZFtc9BnqPgIFEYobvZAUFvat3bkyATIlZK6RWagHHn1DqU0i
/UsA1PdBkTCaasJ/TwsNFYUKejiaP+2Y1XQ9I2VST80S
-----END CERTIFICATE-----