Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/813010-a96f-4510-9dbc-21f7751ca76c/1/bCKFiU5msrRwnLJjfedGdtT3E-U.roa
File:                     bCKFiU5msrRwnLJjfedGdtT3E-U.roa (raw, json)
Hash identifier:          TEu/r205SBSw5/jdNeZrXZsPyVmD1DdjvOIXoPfIPO8=
Subject key identifier:   6C:22:85:89:4E:66:B2:B4:70:9C:B2:63:7D:E7:46:76:D4:F7:13:E5
Certificate issuer:       /CN=98845584ac8094c1806b73a6f53e46b9a28e812b
Certificate serial:       018CC9BB9551C96C6AF700936FC2C9ACD447
Authority key identifier: 98:84:55:84:AC:80:94:C1:80:6B:73:A6:F5:3E:46:B9:A2:8E:81:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mIRVhKyAlMGAa3Om9T5GuaKOgSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/813010-a96f-4510-9dbc-21f7751ca76c/1/bCKFiU5msrRwnLJjfedGdtT3E-U.roa
Signing time:             Tue 02 Jan 2024 10:32:42 +0000
ROA not before:           Tue 02 Jan 2024 10:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59497
IP address blocks:        176.110.103.0/24 maxlen: 24
                          176.110.102.0/23 maxlen: 23
                          176.110.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/813010-a96f-4510-9dbc-21f7751ca76c/1/mIRVhKyAlMGAa3Om9T5GuaKOgSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/813010-a96f-4510-9dbc-21f7751ca76c/1/mIRVhKyAlMGAa3Om9T5GuaKOgSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mIRVhKyAlMGAa3Om9T5GuaKOgSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:95:51:c9:6c:6a:f7:00:93:6f:c2:c9:ac:d4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98845584ac8094c1806b73a6f53e46b9a28e812b
        Validity
            Not Before: Jan  2 10:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c2285894e66b2b4709cb2637de74676d4f713e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:5c:a3:19:e2:c8:07:85:f0:8a:df:42:7d:77:
                    c4:32:d7:29:92:63:84:63:83:29:45:4c:a6:b5:64:
                    77:79:d0:cb:fe:9e:6f:50:41:d7:5a:f9:c7:ae:96:
                    94:7b:ca:2d:de:5f:67:a5:2c:e2:5a:ae:a3:d6:3b:
                    08:35:cf:e2:b2:f3:5f:77:02:18:0d:02:5f:4c:28:
                    33:4e:7d:ad:f1:6c:69:2d:60:f1:dd:ac:bb:06:b8:
                    b7:b7:b6:24:57:7f:ab:b2:2c:24:77:90:f2:82:ce:
                    e1:64:c2:b7:fd:d3:02:87:7a:a5:b8:b6:d7:93:b3:
                    6e:e3:89:43:3e:f1:da:ed:0c:17:6f:e6:71:5d:a9:
                    19:f0:2c:eb:b4:2d:60:21:bb:01:cb:ba:32:3d:4b:
                    8f:a3:f0:25:f1:6e:e3:e5:ed:fb:46:e6:26:d2:61:
                    ae:b6:40:fd:0b:38:3d:3e:8f:db:d2:89:b5:c9:d9:
                    fd:36:cc:48:9b:51:08:be:4e:e8:03:05:b3:26:2e:
                    dd:d3:7b:19:15:94:90:13:4a:e2:b7:fc:73:99:55:
                    a4:34:f2:1d:68:05:19:96:3f:75:3d:33:4f:aa:1c:
                    0a:14:37:2f:3f:8c:7c:37:ba:0e:1d:32:99:82:b0:
                    06:0a:47:a5:5b:22:a7:10:1b:7a:69:4a:a3:12:06:
                    af:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:22:85:89:4E:66:B2:B4:70:9C:B2:63:7D:E7:46:76:D4:F7:13:E5
            X509v3 Authority Key Identifier:
                keyid:98:84:55:84:AC:80:94:C1:80:6B:73:A6:F5:3E:46:B9:A2:8E:81:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mIRVhKyAlMGAa3Om9T5GuaKOgSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/813010-a96f-4510-9dbc-21f7751ca76c/1/bCKFiU5msrRwnLJjfedGdtT3E-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/813010-a96f-4510-9dbc-21f7751ca76c/1/mIRVhKyAlMGAa3Om9T5GuaKOgSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:31:bc:ec:ca:98:f3:80:a1:f0:3c:cd:e0:aa:b2:48:33:6d:
         53:92:4d:80:8a:d2:29:96:01:43:a1:6c:ee:92:6e:03:2e:3d:
         62:53:f1:c2:c1:29:ec:9a:1d:2f:46:d8:b4:5a:ac:34:c9:fb:
         30:1a:6a:dc:6f:e2:48:8d:87:87:09:bf:1d:05:89:f0:c5:5b:
         cb:57:9e:3b:c7:70:4c:d0:a7:ad:86:1d:79:d3:83:15:cd:12:
         6a:ee:6e:e3:bf:c6:5e:df:d8:0a:46:2d:b2:d7:22:ae:10:ce:
         01:fa:ff:0f:f5:26:78:1a:27:e9:43:69:d9:a3:7f:15:28:0d:
         be:72:05:6c:92:0e:32:09:e1:ce:66:16:02:7b:c8:61:4e:9a:
         8b:cf:a7:15:07:27:c8:e8:d2:83:18:d6:56:f9:89:87:e3:bb:
         af:87:57:2f:c8:3a:28:cf:8a:43:26:40:ea:da:0e:8d:96:a9:
         dd:5a:b4:54:fa:a9:00:1f:42:4a:48:b7:f4:12:6b:74:46:46:
         b5:ce:d9:aa:7c:64:c7:6d:23:af:2e:07:e4:44:cd:98:c3:00:
         9b:8c:23:cf:8d:f2:69:e3:e5:88:95:c7:e6:3b:88:37:84:df:
         87:c1:a6:ff:ea:6e:a5:26:a6:7d:ba:16:e8:99:5a:0e:d7:8e:
         e5:d4:9e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu5VRyWxq9wCTb8LJrNRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ODQ1NTg0YWM4MDk0YzE4MDZiNzNhNmY1M2U0NmI5YTI4
ZTgxMmIwHhcNMjQwMTAyMTAzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzIyODU4OTRlNjZiMmI0NzA5Y2IyNjM3ZGU3NDY3NmQ0ZjcxM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31yjGeLIB4Xwit9CfXfEMtcpkmOE
Y4MpRUymtWR3edDL/p5vUEHXWvnHrpaUe8ot3l9npSziWq6j1jsINc/isvNfdwIY
DQJfTCgzTn2t8WxpLWDx3ay7Bri3t7YkV3+rsiwkd5Dygs7hZMK3/dMCh3qluLbX
k7Nu44lDPvHa7QwXb+ZxXakZ8CzrtC1gIbsBy7oyPUuPo/Al8W7j5e37RuYm0mGu
tkD9Czg9Po/b0om1ydn9NsxIm1EIvk7oAwWzJi7d03sZFZSQE0rit/xzmVWkNPId
aAUZlj91PTNPqhwKFDcvP4x8N7oOHTKZgrAGCkelWyKnEBt6aUqjEgaviQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwihYlOZrK0cJyyY33nRnbU9xPlMB8GA1UdIwQY
MBaAFJiEVYSsgJTBgGtzpvU+RrmijoErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUlSVmhLeUFsTUdBYTNPbTlUNUd1YUtPZ1NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84MTMwMTAtYTk2Zi00NTEwLTlkYmMt
MjFmNzc1MWNhNzZjLzEvYkNLRmlVNW1zclJ3bkxKamZlZEdkdFQzRS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84MTMwMTAtYTk2Zi00NTEwLTlkYmMtMjFmNzc1MWNhNzZj
LzEvbUlSVmhLeUFsTUdBYTNPbTlUNUd1YUtPZ1NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsG5mMA0G
CSqGSIb3DQEBCwUAA4IBAQCEMbzsypjzgKHwPM3gqrJIM21Tkk2AitIplgFDoWzu
km4DLj1iU/HCwSnsmh0vRti0Wqw0yfswGmrcb+JIjYeHCb8dBYnwxVvLV547x3BM
0Kethh1504MVzRJq7m7jv8Ze39gKRi2y1yKuEM4B+v8P9SZ4GifpQ2nZo38VKA2+
cgVskg4yCeHOZhYCe8hhTpqLz6cVByfI6NKDGNZW+YmH47uvh1cvyDooz4pDJkDq
2g6NlqndWrRU+qkAH0JKSLf0Emt0Rka1ztmqfGTHbSOvLgfkRM2YwwCbjCPPjfJp
4+WIlcfmO4g3hN+Hwab/6m6lJqZ9uhbomVoO147l1J6L
-----END CERTIFICATE-----