Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/S_XTm76i-edwygVjwZLtseeiATs.roa
File:                     S_XTm76i-edwygVjwZLtseeiATs.roa (raw, json)
Hash identifier:          4yg3fBGKqcU4Qqwo4F7eCIkBIB7uzIWpWRU7UEjkG6M=
Subject key identifier:   4B:F5:D3:9B:BE:A2:F9:E7:70:CA:05:63:C1:92:ED:B1:E7:A2:01:3B
Certificate issuer:       /CN=0b5f8c9447d614b86182763d9333250e2d9412e2
Certificate serial:       01924216E2E859ACC9B923D37516B94A6657
Authority key identifier: 0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/S_XTm76i-edwygVjwZLtseeiATs.roa
Signing time:             Mon 30 Sep 2024 08:40:48 +0000
ROA not before:           Mon 30 Sep 2024 08:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        185.162.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:42:16:e2:e8:59:ac:c9:b9:23:d3:75:16:b9:4a:66:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5f8c9447d614b86182763d9333250e2d9412e2
        Validity
            Not Before: Sep 30 08:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bf5d39bbea2f9e770ca0563c192edb1e7a2013b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:77:a1:b8:4c:74:77:40:ad:da:20:34:a7:96:
                    c1:77:61:1e:5d:48:dd:59:73:7d:c2:41:83:a6:8a:
                    67:a0:57:81:bc:47:9f:90:24:b9:da:c6:a0:cd:ae:
                    b3:45:af:fc:b2:ac:ff:a2:e2:42:f8:f7:33:f7:41:
                    3f:55:28:79:fe:97:86:1f:61:2e:dd:73:91:b6:65:
                    b6:21:e5:98:85:2d:8b:44:47:bf:6a:09:89:1f:db:
                    5e:b9:26:0d:33:38:11:93:bc:49:9a:86:68:47:82:
                    09:05:ca:43:a3:37:f6:d8:96:ca:73:3f:06:c2:d8:
                    3b:b2:04:65:6b:52:06:53:90:e9:1b:68:87:13:d9:
                    b4:1b:0e:96:82:09:7c:3b:6c:54:38:69:ac:2b:f4:
                    58:20:e8:37:f3:01:41:5c:2d:7f:c0:fa:2f:dc:6a:
                    3f:e2:a3:20:7d:00:cd:b7:d0:4a:4e:81:82:38:28:
                    d6:a0:b2:ea:c3:11:a1:c3:e1:0f:ab:e8:31:6b:31:
                    b2:25:a2:1a:c5:a9:6d:f2:1f:91:1f:a3:4f:ec:66:
                    45:ee:c0:21:fe:8d:7a:99:50:46:a9:98:90:d4:44:
                    ee:e3:9f:bd:bb:2e:d4:b5:57:f8:eb:cf:7d:0e:b3:
                    bd:34:99:30:34:ba:e6:fc:0f:d8:91:46:d8:3d:3f:
                    82:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:F5:D3:9B:BE:A2:F9:E7:70:CA:05:63:C1:92:ED:B1:E7:A2:01:3B
            X509v3 Authority Key Identifier:
                keyid:0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/S_XTm76i-edwygVjwZLtseeiATs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:37:48:02:6e:e6:e6:a1:72:cb:bf:c7:7d:99:cd:27:27:69:
         f7:9a:ae:34:de:19:a9:61:67:de:99:9b:2f:24:4f:51:e4:97:
         8a:de:3d:6c:34:10:c3:21:4d:3d:12:33:0e:0f:0e:3d:36:ab:
         8d:17:8d:fb:5a:e0:91:e6:a5:59:cf:d4:ad:22:ed:1c:01:c2:
         96:77:86:5f:af:bd:81:86:3e:86:79:38:00:02:77:2c:8a:e5:
         fa:fa:7b:92:6b:1a:be:a7:fc:27:ee:12:cb:1a:a7:54:8b:a0:
         e9:22:53:2d:10:7e:96:de:54:fc:a7:cb:40:f6:9f:cc:14:81:
         16:f4:27:38:8c:c3:9b:c1:ca:e7:49:fd:7c:28:eb:8f:3b:2a:
         78:e7:63:dc:7e:71:db:0c:62:b6:d3:1e:e2:93:01:08:4d:e7:
         2c:5e:56:d5:f3:b2:e4:71:5d:49:82:a0:01:b1:17:57:9e:a1:
         13:9d:41:29:e3:74:ae:5f:e3:be:3e:f2:eb:10:66:46:87:2b:
         71:78:51:23:fd:51:99:c5:c2:80:f6:70:c4:2f:5b:13:61:25:
         6d:e5:ac:d4:89:28:07:1c:02:87:75:e1:12:cd:ed:77:19:ec:
         1e:db:dd:16:e5:67:42:b4:b3:3e:ef:ac:87:f8:0f:fa:46:dd:
         4d:38:c9:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJCFuLoWazJuSPTdRa5SmZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWY4Yzk0NDdkNjE0Yjg2MTgyNzYzZDkzMzMyNTBlMmQ5
NDEyZTIwHhcNMjQwOTMwMDg0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmY1ZDM5YmJlYTJmOWU3NzBjYTA1NjNjMTkyZWRiMWU3YTIwMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHehuEx0d0Ct2iA0p5bBd2EeXUjd
WXN9wkGDpopnoFeBvEefkCS52sagza6zRa/8sqz/ouJC+Pcz90E/VSh5/peGH2Eu
3XORtmW2IeWYhS2LREe/agmJH9teuSYNMzgRk7xJmoZoR4IJBcpDozf22JbKcz8G
wtg7sgRla1IGU5DpG2iHE9m0Gw6Wggl8O2xUOGmsK/RYIOg38wFBXC1/wPov3Go/
4qMgfQDNt9BKToGCOCjWoLLqwxGhw+EPq+gxazGyJaIaxalt8h+RH6NP7GZF7sAh
/o16mVBGqZiQ1ETu45+9uy7UtVf46899DrO9NJkwNLrm/A/YkUbYPT+CbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEv105u+ovnncMoFY8GS7bHnogE7MB8GA1UdIwQY
MBaAFAtfjJRH1hS4YYJ2PZMzJQ4tlBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYt
OGE5NWU2Mzc3MzMyLzEvU19YVG03NmktZWR3eWdWandaTHRzZWVpQVRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYtOGE5NWU2Mzc3MzMy
LzEvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaKyMA0G
CSqGSIb3DQEBCwUAA4IBAQBKN0gCbubmoXLLv8d9mc0nJ2n3mq403hmpYWfemZsv
JE9R5JeK3j1sNBDDIU09EjMODw49NquNF437WuCR5qVZz9StIu0cAcKWd4Zfr72B
hj6GeTgAAncsiuX6+nuSaxq+p/wn7hLLGqdUi6DpIlMtEH6W3lT8p8tA9p/MFIEW
9Cc4jMObwcrnSf18KOuPOyp452PcfnHbDGK20x7ikwEITecsXlbV87LkcV1JgqAB
sRdXnqETnUEp43SuX+O+PvLrEGZGhytxeFEj/VGZxcKA9nDEL1sTYSVt5azUiSgH
HAKHdeESze13Gewe290W5WdCtLM+76yH+A/6Rt1NOMnx
-----END CERTIFICATE-----