Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/c8C48vfkOvgvyxSs7qY7T5EVtnE.roa
File:                     c8C48vfkOvgvyxSs7qY7T5EVtnE.roa (raw, json)
Hash identifier:          8wJbFJ9/sI53w1m6Sl7XpsfuWhKQ1Vo0Ez9aysm7PNQ=
Subject key identifier:   73:C0:B8:F2:F7:E4:3A:F8:2F:CB:14:AC:EE:A6:3B:4F:91:15:B6:71
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A6C2B0DCC8F6157B069A8A238BF43
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/c8C48vfkOvgvyxSs7qY7T5EVtnE.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48024
IP address blocks:        178.173.224.0/19 maxlen: 24
                          91.132.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6c:2b:0d:cc:8f:61:57:b0:69:a8:a2:38:bf:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73c0b8f2f7e43af82fcb14aceea63b4f9115b671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f5:eb:4f:14:2c:a9:ac:7e:55:4d:1b:1c:4c:
                    24:0c:3f:1a:4f:35:52:7b:11:a9:2c:75:57:2a:ef:
                    7e:7e:36:87:ee:b9:41:97:fa:32:65:14:b4:d3:8a:
                    22:c8:29:56:f4:bd:39:54:d1:a2:5d:d4:b1:03:00:
                    7d:e4:2c:81:9c:62:81:93:e0:49:1d:5d:99:85:e0:
                    d6:7a:92:f3:67:a0:71:bb:5c:a2:4c:86:5a:2a:14:
                    fc:74:61:f8:c7:da:6f:8f:ec:a7:59:50:07:95:cb:
                    96:a8:4a:54:1f:d4:cd:e5:13:41:24:39:fa:ce:42:
                    a1:02:ff:51:c0:2d:9e:99:ec:24:e2:38:d1:fb:79:
                    02:5d:dc:97:e5:ae:12:a5:7f:34:0a:1d:43:51:2c:
                    64:cf:82:3a:99:ae:8f:74:b0:21:e8:21:8d:53:f8:
                    91:88:02:de:61:ad:49:e1:70:83:da:66:8a:c6:66:
                    af:db:15:72:71:8d:34:55:a4:09:21:9b:7f:92:96:
                    ed:de:a1:3b:a3:31:bb:9f:8d:5a:63:f2:64:57:d0:
                    f0:f4:b1:ac:de:3d:4c:ea:8d:3d:b9:7a:6f:87:1c:
                    fb:9b:1d:87:6e:ca:7d:46:e0:7a:2b:f1:bf:c5:04:
                    65:a0:58:92:8a:66:97:bd:61:dd:02:9f:ec:a7:d7:
                    62:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C0:B8:F2:F7:E4:3A:F8:2F:CB:14:AC:EE:A6:3B:4F:91:15:B6:71
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/c8C48vfkOvgvyxSs7qY7T5EVtnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.57.0/24
                  178.173.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b2:fb:d4:bc:70:83:25:d9:0e:3d:60:bb:6d:1b:bb:90:fb:02:
         b3:d8:27:e2:8c:3d:50:dd:f8:61:72:d5:10:9c:db:90:4d:25:
         40:5c:7f:29:87:2a:a6:4d:34:64:73:f8:54:58:3e:cd:b8:ad:
         2b:4a:a5:a7:fa:32:f8:85:0a:00:4f:6b:bc:a3:0f:10:a7:e3:
         2d:3d:97:b2:d4:b6:25:18:f7:9a:28:4c:b0:24:41:ca:e8:4c:
         d5:34:e4:29:7c:45:68:c9:b3:3d:2b:b5:f9:81:88:38:5d:0e:
         8f:59:93:c2:0e:6f:73:27:7c:c1:aa:37:d6:0e:bc:4a:a4:ce:
         25:65:f0:22:c7:7e:03:2a:6b:ca:98:39:1c:b2:34:0e:e5:36:
         87:84:fa:24:9e:16:b7:5e:b1:5f:ce:ec:52:02:d9:5b:24:69:
         ee:b9:5b:a9:28:9f:5f:7b:86:3b:4a:17:95:81:a3:5f:3c:d3:
         06:d2:dd:60:63:9f:a4:21:c0:95:5e:2b:3e:00:63:b7:10:98:
         f8:bb:e7:6c:4e:07:8b:45:0c:ff:ec:59:9c:68:d3:2d:8a:e3:
         bf:02:ad:3a:fb:3d:01:b9:df:a3:ff:75:58:fc:73:b3:b3:43:
         54:ed:f6:5d:6a:a8:5a:ef:d7:70:40:9f:6c:11:d8:d9:9d:06:
         3a:06:ff:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKmwrDcyPYVewaaiiOL9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2MwYjhmMmY3ZTQzYWY4MmZjYjE0YWNlZWE2M2I0ZjkxMTViNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvXrTxQsqax+VU0bHEwkDD8aTzVS
exGpLHVXKu9+fjaH7rlBl/oyZRS004oiyClW9L05VNGiXdSxAwB95CyBnGKBk+BJ
HV2ZheDWepLzZ6Bxu1yiTIZaKhT8dGH4x9pvj+ynWVAHlcuWqEpUH9TN5RNBJDn6
zkKhAv9RwC2emewk4jjR+3kCXdyX5a4SpX80Ch1DUSxkz4I6ma6PdLAh6CGNU/iR
iALeYa1J4XCD2maKxmav2xVycY00VaQJIZt/kpbt3qE7ozG7n41aY/JkV9Dw9LGs
3j1M6o09uXpvhxz7mx2Hbsp9RuB6K/G/xQRloFiSimaXvWHdAp/sp9diawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHPAuPL35Dr4L8sUrO6mO0+RFbZxMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvYzhDNDh2ZmtPdmd2eXhTczdxWTdUNUVWdG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW4Q5AwQF
sq3gMA0GCSqGSIb3DQEBCwUAA4IBAQCy+9S8cIMl2Q49YLttG7uQ+wKz2CfijD1Q
3fhhctUQnNuQTSVAXH8phyqmTTRkc/hUWD7NuK0rSqWn+jL4hQoAT2u8ow8Qp+Mt
PZey1LYlGPeaKEywJEHK6EzVNOQpfEVoybM9K7X5gYg4XQ6PWZPCDm9zJ3zBqjfW
DrxKpM4lZfAix34DKmvKmDkcsjQO5TaHhPoknha3XrFfzuxSAtlbJGnuuVupKJ9f
e4Y7SheVgaNfPNMG0t1gY5+kIcCVXis+AGO3EJj4u+dsTgeLRQz/7FmcaNMtiuO/
Aq06+z0Bud+j/3VY/HOzs0NU7fZdaqha79dwQJ9sEdjZnQY6Bv+o
-----END CERTIFICATE-----