Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/tWCaBWq3ZgV3-7XX1cWsxbC1zrE.roa
File:                     tWCaBWq3ZgV3-7XX1cWsxbC1zrE.roa (raw, json)
Hash identifier:          1GYVtpcVNjgzgm/oYqnREnTQrGZnX2ki31par69caoA=
Subject key identifier:   B5:60:9A:05:6A:B7:66:05:77:FB:B5:D7:D5:C5:AC:C5:B0:B5:CE:B1
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       01942369FC0B1BC11DA92805C53D1BC89BDA
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/tWCaBWq3ZgV3-7XX1cWsxbC1zrE.roa
Signing time:             Wed 01 Jan 2025 19:48:55 +0000
ROA not before:           Wed 01 Jan 2025 19:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199264
IP address blocks:        176.98.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fc:0b:1b:c1:1d:a9:28:05:c5:3d:1b:c8:9b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jan  1 19:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5609a056ab7660577fbb5d7d5c5acc5b0b5ceb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:39:87:2b:6e:24:7b:e8:f2:42:0c:e9:2a:96:
                    ad:0e:f0:f4:62:df:e1:20:0f:b4:7f:b2:f6:1f:52:
                    00:f3:b3:c9:5b:64:46:e9:ef:03:0c:0c:fb:7d:19:
                    54:bc:08:72:72:6a:fe:4d:8b:8b:4f:32:0a:94:c1:
                    5d:56:18:3d:f3:13:1e:9b:34:d3:30:ce:c1:cf:02:
                    dc:bc:a7:42:21:56:95:90:94:87:30:fe:4e:09:bd:
                    e2:e9:46:76:99:77:6d:20:4f:88:10:ac:7a:f8:5c:
                    12:db:31:ae:c6:c6:68:e1:aa:13:3c:30:3e:42:a4:
                    20:f9:d2:8b:57:54:7d:d7:0d:54:e1:d7:5c:13:5a:
                    ed:2b:b7:dc:0e:25:f0:07:95:f5:0d:9a:50:32:92:
                    df:81:c3:73:d6:bd:f9:67:22:a0:d6:98:5f:13:e2:
                    61:78:56:e3:e7:54:08:49:2f:20:1a:84:34:03:e6:
                    37:a0:ab:c1:7d:a7:d5:fd:f5:34:0e:bc:9a:48:54:
                    c2:65:c9:ad:10:9a:ff:71:99:fd:76:1f:d1:ab:c0:
                    ce:52:8b:12:b3:ec:9e:92:33:47:e2:47:e3:62:74:
                    30:b3:cb:12:19:eb:e2:d0:77:a2:1a:04:ff:40:7a:
                    09:fe:5e:ec:21:37:5e:dc:ad:81:9a:1e:aa:36:da:
                    49:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:60:9A:05:6A:B7:66:05:77:FB:B5:D7:D5:C5:AC:C5:B0:B5:CE:B1
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/tWCaBWq3ZgV3-7XX1cWsxbC1zrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:68:74:da:a2:f7:3d:03:0e:ea:65:9f:98:8d:dd:8d:98:ef:
         42:3d:db:42:e7:02:0b:0b:2f:27:79:4d:5f:87:de:b9:57:e3:
         13:ed:72:c6:8f:35:4a:77:b7:54:aa:da:61:47:a1:3c:55:15:
         72:c1:6e:d9:36:3b:18:55:52:69:2e:03:54:3e:4e:09:38:f3:
         a7:71:80:68:6a:f2:66:69:9b:91:ca:de:01:b6:5e:9e:27:96:
         b3:4b:7a:90:94:a4:91:07:fd:44:bf:46:b1:02:07:33:f4:17:
         37:54:96:b0:b4:9c:f9:93:70:ac:14:6e:3c:59:d8:d5:b2:f5:
         4a:cb:3d:39:92:30:4c:29:48:08:67:0a:2b:54:81:a4:c9:b4:
         f7:7d:ea:58:5a:90:c7:93:a7:52:d3:8a:c6:78:7c:12:1b:a3:
         30:17:5c:29:01:3f:bd:76:ee:ee:ec:3d:87:ac:e0:f8:34:5b:
         9d:5f:4f:f4:a3:cc:8b:b9:79:49:2a:84:d0:a8:45:ab:75:89:
         0c:8c:3c:95:6d:75:14:73:f9:28:fb:b9:70:68:c4:6f:46:08:
         9f:86:85:2f:26:81:a5:9d:97:a8:7c:dd:99:ea:ef:c9:da:7d:
         10:cb:02:72:2b:da:a4:aa:79:a8:37:c2:67:76:e6:c5:b3:7e:
         99:73:a4:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafwLG8EdqSgFxT0byJvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwMTAxMTk0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTYwOWEwNTZhYjc2NjA1NzdmYmI1ZDdkNWM1YWNjNWIwYjVjZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zmHK24ke+jyQgzpKpatDvD0Yt/h
IA+0f7L2H1IA87PJW2RG6e8DDAz7fRlUvAhycmr+TYuLTzIKlMFdVhg98xMemzTT
MM7BzwLcvKdCIVaVkJSHMP5OCb3i6UZ2mXdtIE+IEKx6+FwS2zGuxsZo4aoTPDA+
QqQg+dKLV1R91w1U4ddcE1rtK7fcDiXwB5X1DZpQMpLfgcNz1r35ZyKg1phfE+Jh
eFbj51QISS8gGoQ0A+Y3oKvBfafV/fU0DryaSFTCZcmtEJr/cZn9dh/Rq8DOUosS
s+yekjNH4kfjYnQws8sSGevi0HeiGgT/QHoJ/l7sITde3K2Bmh6qNtpJUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLVgmgVqt2YFd/u119XFrMWwtc6xMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvdFdDYUJXcTNaZ1YzLTdYWDFjV3N4YkMxenJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGK0MA0G
CSqGSIb3DQEBCwUAA4IBAQAZaHTaovc9Aw7qZZ+Yjd2NmO9CPdtC5wILCy8neU1f
h965V+MT7XLGjzVKd7dUqtphR6E8VRVywW7ZNjsYVVJpLgNUPk4JOPOncYBoavJm
aZuRyt4Btl6eJ5azS3qQlKSRB/1Ev0axAgcz9Bc3VJawtJz5k3CsFG48WdjVsvVK
yz05kjBMKUgIZworVIGkybT3fepYWpDHk6dS04rGeHwSG6MwF1wpAT+9du7u7D2H
rOD4NFudX0/0o8yLuXlJKoTQqEWrdYkMjDyVbXUUc/ko+7lwaMRvRgifhoUvJoGl
nZeofN2Z6u/J2n0QywJyK9qkqnmoN8JndubFs36Zc6RR
-----END CERTIFICATE-----