Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/R_aZWyIS5GrZYpwGHQRfc9SngWw.roa
File:                     R_aZWyIS5GrZYpwGHQRfc9SngWw.roa (raw, json)
Hash identifier:          Eb1zjC5E5Xl1DgNqWxwRgiQd1JGZDyKMECqaxnIxSOc=
Subject key identifier:   47:F6:99:5B:22:12:E4:6A:D9:62:9C:06:1D:04:5F:73:D4:A7:81:6C
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAE55D474177C490325230FB7B2E9
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/R_aZWyIS5GrZYpwGHQRfc9SngWw.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209592
IP address blocks:        176.118.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ae:55:d4:74:17:7c:49:03:25:23:0f:b7:b2:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47f6995b2212e46ad9629c061d045f73d4a7816c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cf:a7:84:03:4f:d6:5d:81:19:9a:11:b3:46:
                    02:46:e0:cb:48:36:5a:20:ec:a1:b5:cb:b5:d9:96:
                    00:2a:63:f5:61:9e:9a:7d:9b:36:af:92:49:5d:0c:
                    87:6c:d6:7f:df:be:13:e3:47:3f:3d:e0:15:e7:af:
                    38:98:42:ee:63:ef:79:0c:12:e0:5b:c7:be:85:a6:
                    ca:35:40:db:d1:52:d6:4c:65:2b:b6:3a:40:25:47:
                    bb:a9:9a:31:89:27:f5:d9:5f:35:34:8c:af:fe:5b:
                    d3:5d:74:d4:de:86:d6:3a:55:59:16:aa:d0:04:a8:
                    e9:b6:3e:b4:74:ff:2d:99:43:85:cf:a8:9e:4b:c3:
                    7b:5d:47:6d:c9:4e:df:8d:71:56:13:d1:1f:e3:8c:
                    4c:e1:77:ba:3d:fe:01:20:02:13:1b:98:40:2f:bd:
                    4e:66:ae:ae:df:7c:88:50:f6:89:44:8f:c9:58:fe:
                    9a:db:31:ec:2a:b1:cb:dd:b2:03:85:b4:3a:a2:fc:
                    2f:e0:1f:ac:93:9f:91:05:7f:9f:05:5d:f6:b4:82:
                    d6:0c:ff:d8:f5:58:29:9d:02:42:76:13:b0:16:46:
                    bc:77:54:75:26:ca:97:a1:3a:b9:8c:29:5b:c1:48:
                    53:14:dd:8a:97:fa:62:0f:b6:6c:27:39:da:05:a8:
                    69:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:F6:99:5B:22:12:E4:6A:D9:62:9C:06:1D:04:5F:73:D4:A7:81:6C
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/R_aZWyIS5GrZYpwGHQRfc9SngWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:af:84:80:1f:9c:cb:7f:ba:8c:ba:57:88:df:0f:a2:0e:3c:
         05:d4:62:64:3e:66:72:c1:87:f4:07:ef:e9:86:ab:15:0d:eb:
         53:c2:ab:f7:b6:50:2e:b5:2c:2b:de:8e:09:9e:72:79:58:12:
         05:f2:51:4a:e0:fc:f9:48:23:30:f8:4e:e9:4c:be:37:02:93:
         d0:72:2b:50:de:ef:1e:5d:2c:02:60:d5:b6:d9:6c:cc:c7:e3:
         32:73:05:3f:82:83:86:27:f1:11:2e:0d:58:8d:f3:c2:36:af:
         8d:e8:03:89:d1:53:dd:1d:f2:e2:d6:2b:9f:0c:39:ca:49:d2:
         7c:cc:5c:61:13:ef:78:a1:c2:cc:2e:af:fa:8b:73:c4:d3:7e:
         e1:94:a2:46:a4:b6:3d:a7:9a:0b:53:66:45:cc:26:24:b4:f8:
         f5:c9:c6:65:fb:86:92:15:fe:37:d6:c1:0f:03:18:d3:20:b8:
         03:8e:db:16:b5:7b:a6:d9:87:8f:0c:f2:1b:85:67:7c:76:bb:
         f3:53:93:c9:85:66:12:5f:df:7b:9c:32:40:06:cf:cd:55:8a:
         b3:18:ba:27:ac:1c:12:08:6e:8b:f7:e2:be:a4:be:8d:b0:dd:
         e9:d1:98:11:f2:f2:6a:55:a2:1d:a8:36:57:f1:5d:f2:72:d6:
         6f:ca:59:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI365V1HQXfEkDJSMPt7LpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Y2OTk1YjIyMTJlNDZhZDk2MjljMDYxZDA0NWY3M2Q0YTc4MTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuM+nhANP1l2BGZoRs0YCRuDLSDZa
IOyhtcu12ZYAKmP1YZ6afZs2r5JJXQyHbNZ/374T40c/PeAV5684mELuY+95DBLg
W8e+habKNUDb0VLWTGUrtjpAJUe7qZoxiSf12V81NIyv/lvTXXTU3obWOlVZFqrQ
BKjptj60dP8tmUOFz6ieS8N7XUdtyU7fjXFWE9Ef44xM4Xe6Pf4BIAITG5hAL71O
Zq6u33yIUPaJRI/JWP6a2zHsKrHL3bIDhbQ6ovwv4B+sk5+RBX+fBV32tILWDP/Y
9VgpnQJCdhOwFka8d1R1JsqXoTq5jClbwUhTFN2Kl/piD7ZsJznaBahpywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEf2mVsiEuRq2WKcBh0EX3PUp4FsMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvUl9hWld5SVM1R3JaWXB3R0hRUmZjOVNuZ1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHbFMA0G
CSqGSIb3DQEBCwUAA4IBAQBXr4SAH5zLf7qMuleI3w+iDjwF1GJkPmZywYf0B+/p
hqsVDetTwqv3tlAutSwr3o4JnnJ5WBIF8lFK4Pz5SCMw+E7pTL43ApPQcitQ3u8e
XSwCYNW22WzMx+MycwU/goOGJ/ERLg1YjfPCNq+N6AOJ0VPdHfLi1iufDDnKSdJ8
zFxhE+94ocLMLq/6i3PE037hlKJGpLY9p5oLU2ZFzCYktPj1ycZl+4aSFf431sEP
AxjTILgDjtsWtXum2YePDPIbhWd8drvzU5PJhWYSX997nDJABs/NVYqzGLonrBwS
CG6L9+K+pL6NsN3p0ZgR8vJqVaIdqDZX8V3yctZvylmn
-----END CERTIFICATE-----