Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/xH_iTld1upEYvYsGqS4DlgQh03o.roa
File:                     xH_iTld1upEYvYsGqS4DlgQh03o.roa (raw, json)
Hash identifier:          kPM0Ch4DG/plZRviG44vrlRQZvXTPtXen9R5pH4aL2U=
Subject key identifier:   C4:7F:E2:4E:57:75:BA:91:18:BD:8B:06:A9:2E:03:96:04:21:D3:7A
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019128ED47B7741A7284EC98944D976B615C
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/xH_iTld1upEYvYsGqS4DlgQh03o.roa
Signing time:             Tue 06 Aug 2024 18:22:04 +0000
ROA not before:           Tue 06 Aug 2024 18:22:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60148
IP address blocks:        213.176.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:28:ed:47:b7:74:1a:72:84:ec:98:94:4d:97:6b:61:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Aug  6 18:22:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c47fe24e5775ba9118bd8b06a92e03960421d37a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:29:02:42:d7:4d:8c:38:dc:e4:86:69:6d:a7:
                    d5:3a:4b:b5:bc:b9:e4:9d:c4:f8:c6:7b:66:87:39:
                    7b:52:87:b4:a8:71:98:04:bd:11:00:64:de:11:ca:
                    3b:cc:60:67:19:67:4e:73:22:18:53:9c:c1:ee:5e:
                    34:84:18:22:7b:94:d6:60:e6:97:31:7f:20:d3:2c:
                    59:92:6c:51:33:2a:a1:45:62:47:dc:ad:0e:3b:f4:
                    53:c1:71:ea:d3:02:61:f6:16:49:2c:23:2a:3c:d6:
                    3a:a6:2b:6d:0e:88:e6:cd:2e:5e:42:98:42:3d:c9:
                    a1:3c:76:45:9d:b2:a1:79:9c:6e:c3:3c:06:37:78:
                    c6:8b:be:1c:0f:2b:47:5b:a9:2c:57:69:55:bf:55:
                    a5:ff:87:f0:0f:ef:6b:17:3a:58:3b:1b:b0:2b:a4:
                    2e:fa:f8:b0:7d:18:d8:4e:bb:08:a8:78:38:1a:ce:
                    0f:11:5b:6b:9d:6f:22:22:dd:5e:1a:a3:b0:16:ca:
                    ed:c3:94:0e:f1:7b:4e:b3:0d:27:ee:af:2c:46:8d:
                    a1:b7:f4:a5:3d:8b:12:08:30:c0:0c:ab:1a:4a:b9:
                    49:3a:a7:92:bd:d5:73:ae:fa:5d:13:e1:f1:f0:90:
                    20:ff:24:4c:3e:e6:39:6a:55:8c:ac:7f:6d:68:82:
                    8c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:7F:E2:4E:57:75:BA:91:18:BD:8B:06:A9:2E:03:96:04:21:D3:7A
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/xH_iTld1upEYvYsGqS4DlgQh03o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:41:24:3c:60:ca:97:61:15:d3:38:16:87:7b:a5:e7:1c:91:
         d6:49:08:cf:cc:65:73:a2:e0:51:0d:df:2e:02:5e:64:f7:0c:
         ba:e7:b6:f9:61:0c:36:97:ae:16:c7:1e:03:1c:89:98:cd:ea:
         0b:9d:6f:e4:db:7e:4f:41:58:7a:eb:2a:15:57:81:d7:80:78:
         d2:3f:be:2f:f3:b8:87:66:12:90:2c:1e:26:39:fa:cd:60:ff:
         58:f7:1e:de:b4:20:59:c7:2e:f7:d0:63:79:7e:88:60:34:5f:
         e9:b1:fe:24:5b:01:15:f6:e0:a3:24:2d:37:4e:ac:0b:64:34:
         b8:4f:81:f0:45:bc:00:f6:d6:41:a1:a0:73:68:6b:c4:31:ee:
         4a:08:57:03:59:fd:7a:d7:d8:23:d7:0b:69:92:99:87:b4:1c:
         a8:50:fc:4c:6d:bd:40:19:9d:de:f3:4f:f0:cf:ce:4e:17:46:
         54:68:fa:a8:2e:c7:be:b6:13:a5:bc:5d:46:fa:59:77:06:94:
         78:b8:50:4f:d9:1d:fc:06:f7:5d:fd:70:82:ae:31:9d:af:75:
         ac:68:7c:28:ef:95:f5:c3:e1:a0:60:f6:ad:16:5b:d8:f5:e1:
         bc:5a:27:d6:79:dd:62:22:d6:b3:6a:4c:84:19:68:2c:a6:ae:
         22:2a:42:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEo7Ue3dBpyhOyYlE2Xa2FcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjQwODA2MTgyMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDdmZTI0ZTU3NzViYTkxMThiZDhiMDZhOTJlMDM5NjA0MjFkMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwykCQtdNjDjc5IZpbafVOku1vLnk
ncT4xntmhzl7Uoe0qHGYBL0RAGTeEco7zGBnGWdOcyIYU5zB7l40hBgie5TWYOaX
MX8g0yxZkmxRMyqhRWJH3K0OO/RTwXHq0wJh9hZJLCMqPNY6pittDojmzS5eQphC
PcmhPHZFnbKheZxuwzwGN3jGi74cDytHW6ksV2lVv1Wl/4fwD+9rFzpYOxuwK6Qu
+viwfRjYTrsIqHg4Gs4PEVtrnW8iIt1eGqOwFsrtw5QO8XtOsw0n7q8sRo2ht/Sl
PYsSCDDADKsaSrlJOqeSvdVzrvpdE+Hx8JAg/yRMPuY5alWMrH9taIKMDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMR/4k5XdbqRGL2LBqkuA5YEIdN6MB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEveEhfaVRsZDF1cEVZdllzR3FTNERsZ1FoMDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bAFMA0G
CSqGSIb3DQEBCwUAA4IBAQAXQSQ8YMqXYRXTOBaHe6XnHJHWSQjPzGVzouBRDd8u
Al5k9wy657b5YQw2l64Wxx4DHImYzeoLnW/k235PQVh66yoVV4HXgHjSP74v87iH
ZhKQLB4mOfrNYP9Y9x7etCBZxy730GN5fohgNF/psf4kWwEV9uCjJC03TqwLZDS4
T4HwRbwA9tZBoaBzaGvEMe5KCFcDWf1619gj1wtpkpmHtByoUPxMbb1AGZ3e80/w
z85OF0ZUaPqoLse+thOlvF1G+ll3BpR4uFBP2R38Bvdd/XCCrjGdr3WsaHwo75X1
w+GgYPatFlvY9eG8WifWed1iItazakyEGWgspq4iKkL1
-----END CERTIFICATE-----