Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/9c6Gi6QsrUVkz1rVyMuaASs4rXI.roa
File:                     9c6Gi6QsrUVkz1rVyMuaASs4rXI.roa (raw, json)
Hash identifier:          Dki1jmifaN5DmLWMB26+98lBaF0fXKF7J2srGOSS/Ug=
Subject key identifier:   F5:CE:86:8B:A4:2C:AD:45:64:CF:5A:D5:C8:CB:9A:01:2B:38:AD:72
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC8012510DE45E159D06FDC31BBCCC032
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/9c6Gi6QsrUVkz1rVyMuaASs4rXI.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21016
IP address blocks:        185.176.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 09:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:25:10:de:45:e1:59:d0:6f:dc:31:bb:cc:c0:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5ce868ba42cad4564cf5ad5c8cb9a012b38ad72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bb:5f:c3:7f:be:13:22:4f:64:2b:94:0d:d3:
                    cb:09:ff:99:2a:4d:85:59:44:04:87:58:fc:f5:70:
                    c2:17:cf:57:50:b0:92:8e:b5:a8:ee:7f:de:18:f4:
                    40:05:de:95:ca:2e:41:b3:ac:78:ab:c6:0d:ec:46:
                    f6:0c:e8:8f:93:5f:0b:1e:2b:60:eb:e8:61:d7:68:
                    9c:25:a5:90:38:43:fd:4c:60:e9:67:72:37:24:1c:
                    7b:c2:cb:f0:2b:a8:c1:54:03:6c:61:de:72:df:dc:
                    e5:ec:59:91:10:94:0a:45:47:c0:38:b1:58:65:16:
                    32:06:fd:d2:7b:ac:c8:3e:74:ad:8f:70:a0:27:1b:
                    9a:71:1b:7b:cd:59:1a:d0:cc:b4:3e:6e:dd:29:5d:
                    fc:71:24:6a:0a:01:be:85:9b:20:15:9c:bb:9b:49:
                    21:44:d1:67:4a:2d:24:17:1e:f6:c9:73:6c:62:65:
                    38:75:a9:2f:93:39:5a:51:1e:e9:fe:7c:9c:df:51:
                    d7:2c:bf:20:56:31:5d:1f:26:5b:eb:7d:01:a8:19:
                    be:cc:1c:7c:3e:24:ca:d3:e5:02:7c:de:c9:60:81:
                    87:04:42:f2:aa:bb:09:c3:db:ad:1b:e4:bb:b0:82:
                    87:fa:ec:dd:a7:9a:5a:3d:56:06:d0:19:1b:c7:76:
                    56:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:CE:86:8B:A4:2C:AD:45:64:CF:5A:D5:C8:CB:9A:01:2B:38:AD:72
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/9c6Gi6QsrUVkz1rVyMuaASs4rXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:9f:02:22:19:4c:08:5c:ec:5f:bc:08:fb:18:fd:7d:eb:84:
         aa:7d:c9:92:fe:10:50:7c:fa:3b:b7:80:da:6e:2d:a7:e9:69:
         42:5b:98:4c:02:68:51:39:2c:1b:7c:ac:2d:ef:d0:b0:b9:ff:
         02:a4:08:93:ed:00:e0:3a:76:34:85:3e:77:8c:1a:97:e9:53:
         6a:fd:91:dc:b7:9c:56:49:fe:b5:6c:cd:ac:cd:3b:49:3b:e0:
         6a:94:3a:ab:23:35:75:65:8e:79:a7:ad:ba:8e:60:15:9c:92:
         1a:6a:38:a4:60:35:9d:b5:35:18:cb:ab:8c:b8:a6:81:ce:c6:
         fc:fd:88:7e:05:fd:c2:46:74:0a:91:03:c8:3d:0b:99:ad:fa:
         25:89:d3:72:b2:59:08:fa:ae:58:81:e5:f9:f6:c4:20:d3:43:
         72:b3:5e:c3:1a:37:0a:8a:f6:79:29:cb:5b:91:4e:d7:64:11:
         92:23:20:0c:19:12:bf:5b:74:7e:20:f7:be:2a:f9:a7:19:aa:
         3d:44:34:2d:16:fe:5f:ee:13:bb:14:44:b5:fd:bc:7c:b0:4d:
         87:05:62:ba:77:97:dc:c9:4d:e7:23:fd:2d:df:59:47:44:9f:
         a3:d1:b5:9e:40:d4:db:66:f1:ab:3e:fe:a6:c0:8e:91:a1:d4:
         84:8d:ae:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASUQ3kXhWdBv3DG7zMAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWNlODY4YmE0MmNhZDQ1NjRjZjVhZDVjOGNiOWEwMTJiMzhhZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtfw3++EyJPZCuUDdPLCf+ZKk2F
WUQEh1j89XDCF89XULCSjrWo7n/eGPRABd6Vyi5Bs6x4q8YN7Eb2DOiPk18LHitg
6+hh12icJaWQOEP9TGDpZ3I3JBx7wsvwK6jBVANsYd5y39zl7FmREJQKRUfAOLFY
ZRYyBv3Se6zIPnStj3CgJxuacRt7zVka0My0Pm7dKV38cSRqCgG+hZsgFZy7m0kh
RNFnSi0kFx72yXNsYmU4dakvkzlaUR7p/nyc31HXLL8gVjFdHyZb630BqBm+zBx8
PiTK0+UCfN7JYIGHBELyqrsJw9utG+S7sIKH+uzdp5paPVYG0Bkbx3ZWnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPXOhoukLK1FZM9a1cjLmgErOK1yMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvOWM2R2k2UXNyVVZrejFyVnlNdWFBU3M0clhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubB2MA0G
CSqGSIb3DQEBCwUAA4IBAQBcnwIiGUwIXOxfvAj7GP1964SqfcmS/hBQfPo7t4Da
bi2n6WlCW5hMAmhROSwbfKwt79Cwuf8CpAiT7QDgOnY0hT53jBqX6VNq/ZHct5xW
Sf61bM2szTtJO+BqlDqrIzV1ZY55p626jmAVnJIaajikYDWdtTUYy6uMuKaBzsb8
/Yh+Bf3CRnQKkQPIPQuZrfolidNyslkI+q5YgeX59sQg00Nys17DGjcKivZ5Kctb
kU7XZBGSIyAMGRK/W3R+IPe+KvmnGao9RDQtFv5f7hO7FES1/bx8sE2HBWK6d5fc
yU3nI/0t31lHRJ+j0bWeQNTbZvGrPv6mwI6RodSEja65
-----END CERTIFICATE-----