Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/ntZsR8K5iJhmEhfvctnlFdyJujw.roa
File:                     ntZsR8K5iJhmEhfvctnlFdyJujw.roa (raw, json)
Hash identifier:          XHe+WixqWgjH/3MtPGXHToaB7QBws/I7c6VRPhS2ojU=
Subject key identifier:   9E:D6:6C:47:C2:B9:88:98:66:12:17:EF:72:D9:E5:15:DC:89:BA:3C
Certificate issuer:       /CN=3deb104463e920b45542b6af1a27d5950e86e9a0
Certificate serial:       018CCA2A2FE1DF206E3642B9489866495520
Authority key identifier: 3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/ntZsR8K5iJhmEhfvctnlFdyJujw.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48506
IP address blocks:        178.76.64.0/21 maxlen: 24
                          178.76.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2f:e1:df:20:6e:36:42:b9:48:98:66:49:55:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb104463e920b45542b6af1a27d5950e86e9a0
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ed66c47c2b98898661217ef72d9e515dc89ba3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fd:1a:b9:3d:64:0d:23:7b:a2:ad:63:4d:aa:
                    90:95:bf:cf:ad:c3:f0:57:9e:de:47:f9:73:2e:47:
                    d0:ae:18:64:6e:3d:c5:bc:5b:02:e0:ee:8a:f7:8e:
                    0d:ce:23:62:17:f0:e9:be:3d:b8:13:3c:f2:17:89:
                    2e:65:de:5f:ab:38:6d:28:c1:95:15:b4:25:e6:a2:
                    aa:d1:df:e4:30:fe:f7:4c:99:a8:99:5d:05:65:7c:
                    b3:d2:13:c3:95:34:61:35:a1:0e:82:66:98:03:af:
                    ec:a7:b0:7b:39:b5:3b:09:b1:63:90:00:7d:39:53:
                    b1:aa:69:88:25:10:b0:4a:71:d7:7b:5a:78:9d:99:
                    67:64:31:8b:42:22:6d:12:e5:0e:23:8b:9c:fe:f4:
                    55:11:e3:da:38:80:d7:d4:f3:73:39:6d:20:2c:6c:
                    3e:fb:fb:f1:bd:33:a7:28:51:2e:a0:48:91:15:19:
                    df:e5:3b:6e:b4:82:41:2f:bb:b8:9d:da:ef:d3:a4:
                    68:d3:1e:5f:25:4b:e6:cb:10:49:85:f0:5f:fd:38:
                    79:c0:56:1a:87:d9:e2:05:fa:d1:12:d2:c7:24:67:
                    4e:37:79:05:50:4b:09:08:74:d3:e6:22:87:00:e3:
                    ac:ae:a8:71:48:af:c5:ef:a3:1e:aa:35:7d:56:57:
                    42:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D6:6C:47:C2:B9:88:98:66:12:17:EF:72:D9:E5:15:DC:89:BA:3C
            X509v3 Authority Key Identifier:
                keyid:3D:EB:10:44:63:E9:20:B4:55:42:B6:AF:1A:27:D5:95:0E:86:E9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PesQRGPpILRVQravGifVlQ6G6aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/ntZsR8K5iJhmEhfvctnlFdyJujw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/c686b3-e7a9-4f9c-842c-119d8bf717bb/1/PesQRGPpILRVQravGifVlQ6G6aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.76.64.0-178.76.75.255

    Signature Algorithm: sha256WithRSAEncryption
         5e:4f:3b:24:b8:fa:97:25:fa:52:2b:23:d7:e4:9c:11:1c:56:
         80:5e:8d:6b:7f:80:f4:a7:b5:1e:9a:ce:41:62:95:fd:2f:7e:
         8c:a1:0e:41:a1:4a:60:c0:0f:df:8a:e0:29:09:1c:99:d2:80:
         f0:3f:eb:2e:ef:93:3a:31:69:39:1c:6b:5b:1f:84:71:d8:7f:
         dc:36:5b:7d:03:e8:01:75:9d:aa:83:26:7a:95:90:f6:94:23:
         73:c9:44:dd:33:b2:70:e6:fd:2a:e1:bd:87:e7:a6:35:d0:d5:
         ae:9b:78:2d:6f:95:b7:65:9a:6e:22:dc:28:7b:eb:21:12:a3:
         8e:d6:98:6c:2a:98:3b:33:43:68:b5:8a:1b:85:2b:bf:81:00:
         85:5f:40:03:8e:8f:57:ba:31:65:0d:93:6e:17:3a:a9:14:54:
         46:f0:f7:5b:15:49:af:33:e4:9e:81:bc:fe:da:d7:fb:03:46:
         20:2a:16:bc:2e:68:85:0a:f6:13:08:13:21:19:5e:09:da:0d:
         02:97:b6:c4:d5:44:bc:aa:e7:8e:03:58:7e:85:fc:d6:d7:a2:
         7b:4b:4a:76:cb:ab:95:20:ca:a3:3c:43:9c:2f:41:9f:85:55:
         d6:ac:da:12:6a:bf:a7:24:bb:88:d6:c0:30:3c:c4:db:1c:d5:
         a6:3f:67:11
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKi/h3yBuNkK5SJhmSVUgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWIxMDQ0NjNlOTIwYjQ1NTQyYjZhZjFhMjdkNTk1MGU4
NmU5YTAwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQ2NmM0N2MyYjk4ODk4NjYxMjE3ZWY3MmQ5ZTUxNWRjODliYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjP0auT1kDSN7oq1jTaqQlb/PrcPw
V57eR/lzLkfQrhhkbj3FvFsC4O6K944NziNiF/Dpvj24EzzyF4kuZd5fqzhtKMGV
FbQl5qKq0d/kMP73TJmomV0FZXyz0hPDlTRhNaEOgmaYA6/sp7B7ObU7CbFjkAB9
OVOxqmmIJRCwSnHXe1p4nZlnZDGLQiJtEuUOI4uc/vRVEePaOIDX1PNzOW0gLGw+
+/vxvTOnKFEuoEiRFRnf5TtutIJBL7u4ndrv06Ro0x5fJUvmyxBJhfBf/Th5wFYa
h9niBfrREtLHJGdON3kFUEsJCHTT5iKHAOOsrqhxSK/F76MeqjV9VldC8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJ7WbEfCuYiYZhIX73LZ5RXcibo8MB8GA1UdIwQY
MBaAFD3rEERj6SC0VUK2rxon1ZUOhumgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMt
MTE5ZDhiZjcxN2JiLzEvbnRac1I4SzVpSmhtRWhmdmN0bmxGZHlKdWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9jNjg2YjMtZTdhOS00ZjljLTg0MmMtMTE5ZDhiZjcxN2Ji
LzEvUGVzUVJHUHBJTFJWUXJhdkdpZlZsUTZHNmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAayTEAD
BAKyTEgwDQYJKoZIhvcNAQELBQADggEBAF5POyS4+pcl+lIrI9fknBEcVoBejWt/
gPSntR6azkFilf0vfoyhDkGhSmDAD9+K4CkJHJnSgPA/6y7vkzoxaTkca1sfhHHY
f9w2W30D6AF1naqDJnqVkPaUI3PJRN0zsnDm/SrhvYfnpjXQ1a6beC1vlbdlmm4i
3Ch76yESo47WmGwqmDszQ2i1ihuFK7+BAIVfQAOOj1e6MWUNk24XOqkUVEbw91sV
Sa8z5J6BvP7a1/sDRiAqFrwuaIUK9hMIEyEZXgnaDQKXtsTVRLyq544DWH6F/NbX
ontLSnbLq5UgyqM8Q5wvQZ+FVdas2hJqv6cku4jWwDA8xNsc1aY/ZxE=
-----END CERTIFICATE-----