Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/xAc1AxGnuB7PXzC1l7ffFUaqXRA.roa
File:                     xAc1AxGnuB7PXzC1l7ffFUaqXRA.roa (raw, json)
Hash identifier:          53JEovt2kBniRU5i1kXcyCtVDQgxij/sIltbkUVWsMU=
Subject key identifier:   C4:07:35:03:11:A7:B8:1E:CF:5F:30:B5:97:B7:DF:15:46:AA:5D:10
Certificate issuer:       /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial:       018F28F8274489B1FE8211E12A62DA1E19E2
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/xAc1AxGnuB7PXzC1l7ffFUaqXRA.roa
Signing time:             Mon 29 Apr 2024 08:28:22 +0000
ROA not before:           Mon 29 Apr 2024 08:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59956
IP address blocks:        176.117.92.0/24 maxlen: 24
                          176.117.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:f8:27:44:89:b1:fe:82:11:e1:2a:62:da:1e:19:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
        Validity
            Not Before: Apr 29 08:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c407350311a7b81ecf5f30b597b7df1546aa5d10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:35:cf:f1:46:f8:03:70:6d:38:c7:ba:fc:35:
                    ba:08:54:ca:0b:de:85:cd:4e:f0:bb:31:6a:bf:f5:
                    38:a2:a8:31:5b:c5:37:d5:c8:b6:bf:b7:ed:60:34:
                    b9:22:0e:7e:2e:23:17:50:19:72:da:93:ee:64:3e:
                    a2:fc:f7:02:10:cd:be:61:cb:aa:ee:16:72:69:65:
                    b4:2d:f3:2d:4a:8c:9a:81:cf:f0:38:88:c6:43:a4:
                    09:e5:21:d7:77:12:cc:fa:05:f7:da:53:d7:a2:99:
                    a3:e9:ef:cc:02:d0:88:68:c1:5b:43:36:e6:28:4d:
                    f2:88:54:15:b7:c0:04:e8:06:96:0c:76:95:5f:88:
                    c3:a2:b9:97:88:ab:45:44:8c:b2:96:ce:7a:65:71:
                    23:6d:ca:41:41:89:ec:2e:44:d3:04:7c:12:59:7a:
                    ae:4c:ef:53:c4:c7:6a:a6:4f:40:77:43:70:5d:4d:
                    a3:c8:72:f9:11:3e:a2:73:d4:b9:39:e7:d0:bd:c7:
                    ac:dd:b9:0c:ff:a4:c0:4b:5d:29:f7:2d:91:df:06:
                    3e:7c:ad:de:85:7e:63:be:6b:f6:06:84:21:71:10:
                    70:f6:ee:ff:fc:6c:70:9a:0b:69:c2:77:67:ce:0f:
                    d8:cc:b0:0f:8b:bf:2c:9e:7d:1a:c1:67:12:8b:bf:
                    a2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:07:35:03:11:A7:B8:1E:CF:5F:30:B5:97:B7:DF:15:46:AA:5D:10
            X509v3 Authority Key Identifier:
                keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/xAc1AxGnuB7PXzC1l7ffFUaqXRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.92.0/24
                  176.117.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:3d:2e:1d:d0:1a:0f:0b:2e:a9:8a:02:1c:2f:3e:c0:a7:ba:
         e6:5d:dd:fd:f2:da:fe:57:6e:60:3d:a3:e3:28:fd:c6:b4:53:
         f7:11:67:19:be:e1:ff:b7:69:d9:39:9d:f6:0d:6c:05:21:bb:
         bf:cc:07:61:43:7f:18:47:ed:18:6f:59:d9:82:cd:58:79:ed:
         e0:bf:42:30:71:b8:42:0e:0f:9f:c6:9c:58:3f:8e:ec:20:d1:
         97:0d:25:d0:33:aa:8d:fc:4b:ff:a8:50:cd:2f:04:e0:4a:c7:
         b5:ee:e8:a5:8a:ad:e3:fa:71:f0:2a:3b:11:cf:0c:10:68:c9:
         b1:33:c3:46:86:74:ee:bd:ed:ef:e4:49:b5:1e:b8:43:a2:03:
         05:10:b7:f7:e0:dd:09:fc:09:e9:c1:55:a5:8f:1c:c1:32:44:
         50:04:0a:d0:ac:36:fc:d1:a9:89:af:2b:b2:be:b1:b3:83:fe:
         20:15:a9:13:61:e9:d5:db:fd:ce:1b:d7:3b:d1:1e:d1:98:29:
         4e:72:dd:65:87:2b:1d:3e:8f:e6:ad:ad:f0:c7:9a:8b:15:65:
         ca:aa:17:36:d5:4f:1c:ab:ea:44:17:d9:cf:78:c8:73:2e:46:
         3b:99:5e:b4:84:e0:9f:e3:9e:13:f3:bb:06:9f:56:6e:6f:07:
         7c:34:e6:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8o+CdEibH+ghHhKmLaHhniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjQwNDI5MDgyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDA3MzUwMzExYTdiODFlY2Y1ZjMwYjU5N2I3ZGYxNTQ2YWE1ZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jXP8Ub4A3BtOMe6/DW6CFTKC96F
zU7wuzFqv/U4oqgxW8U31ci2v7ftYDS5Ig5+LiMXUBly2pPuZD6i/PcCEM2+Ycuq
7hZyaWW0LfMtSoyagc/wOIjGQ6QJ5SHXdxLM+gX32lPXopmj6e/MAtCIaMFbQzbm
KE3yiFQVt8AE6AaWDHaVX4jDormXiKtFRIyyls56ZXEjbcpBQYnsLkTTBHwSWXqu
TO9TxMdqpk9Ad0NwXU2jyHL5ET6ic9S5OefQvces3bkM/6TAS10p9y2R3wY+fK3e
hX5jvmv2BoQhcRBw9u7//Gxwmgtpwndnzg/YzLAPi78snn0awWcSi7+i1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMQHNQMRp7gez18wtZe33xVGql0QMB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEveEFjMUF4R251QjdQWHpDMWw3ZmZGVWFxWFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHVcAwQA
sHVeMA0GCSqGSIb3DQEBCwUAA4IBAQAJPS4d0BoPCy6pigIcLz7Ap7rmXd398tr+
V25gPaPjKP3GtFP3EWcZvuH/t2nZOZ32DWwFIbu/zAdhQ38YR+0Yb1nZgs1Yee3g
v0IwcbhCDg+fxpxYP47sINGXDSXQM6qN/Ev/qFDNLwTgSse17uiliq3j+nHwKjsR
zwwQaMmxM8NGhnTuve3v5Em1HrhDogMFELf34N0J/AnpwVWljxzBMkRQBArQrDb8
0amJryuyvrGzg/4gFakTYenV2/3OG9c70R7RmClOct1lhysdPo/mra3wx5qLFWXK
qhc21U8cq+pEF9nPeMhzLkY7mV60hOCf454T87sGn1Zubwd8NOYQ
-----END CERTIFICATE-----