Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/5b7ef8-e71f-429e-aadf-6cb78e95ab44/1/_mfQrwWXYdamqJBdPR15ZXqtwE4.roa
File:                     _mfQrwWXYdamqJBdPR15ZXqtwE4.roa (raw, json)
Hash identifier:          Uc6V/Tvm8DDMvhF2i884nFNASZJ4x27sW/PoZKmNP9I=
Subject key identifier:   FE:67:D0:AF:05:97:61:D6:A6:A8:90:5D:3D:1D:79:65:7A:AD:C0:4E
Certificate issuer:       /CN=08d381ce24231061815f32043c652266adbbd865
Certificate serial:       018CC86FD7E8E6C317FA810F6FA0A5C07830
Authority key identifier: 08:D3:81:CE:24:23:10:61:81:5F:32:04:3C:65:22:66:AD:BB:D8:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNOBziQjEGGBXzIEPGUiZq272GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/5b7ef8-e71f-429e-aadf-6cb78e95ab44/1/_mfQrwWXYdamqJBdPR15ZXqtwE4.roa
Signing time:             Tue 02 Jan 2024 04:30:22 +0000
ROA not before:           Tue 02 Jan 2024 04:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48173
IP address blocks:        176.117.104.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/5b7ef8-e71f-429e-aadf-6cb78e95ab44/1/CNOBziQjEGGBXzIEPGUiZq272GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/5b7ef8-e71f-429e-aadf-6cb78e95ab44/1/CNOBziQjEGGBXzIEPGUiZq272GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNOBziQjEGGBXzIEPGUiZq272GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:d7:e8:e6:c3:17:fa:81:0f:6f:a0:a5:c0:78:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d381ce24231061815f32043c652266adbbd865
        Validity
            Not Before: Jan  2 04:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe67d0af059761d6a6a8905d3d1d79657aadc04e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ad:0a:13:e7:56:98:6d:22:9a:a0:59:72:d0:
                    5a:47:f9:6f:65:2b:b5:33:90:79:5a:17:38:ab:2d:
                    ef:6b:49:21:1a:52:5a:b7:28:63:a3:3b:0b:b0:78:
                    05:7a:01:18:53:47:dc:b3:25:07:4a:ce:0a:60:12:
                    89:6b:14:78:93:be:d9:d2:dc:b6:66:82:67:c1:e7:
                    b8:75:5b:c2:3d:15:50:d8:3e:cc:ce:19:0e:10:2d:
                    28:12:ff:9f:19:d1:b6:21:be:32:0b:5a:11:91:fd:
                    ce:8d:d9:db:b2:68:65:64:75:2f:27:0c:ea:fe:f6:
                    66:11:f0:a3:a0:12:03:ee:36:27:63:11:87:49:ec:
                    39:f6:d4:12:b4:cd:44:26:9b:b9:96:2b:78:cd:3e:
                    1f:d0:2e:e1:9f:46:c4:8b:b3:5b:66:d2:a6:51:6d:
                    9a:0b:c1:53:47:31:94:85:c6:9d:af:8b:34:57:4c:
                    69:4b:7b:17:1e:00:b8:aa:e8:06:cc:f9:d8:61:ac:
                    e7:06:d3:a0:3e:5a:ac:e7:f1:b6:10:61:c4:0c:71:
                    f8:ff:41:4a:38:ca:a3:98:b3:c8:29:f6:f1:3c:2d:
                    09:1f:25:69:fb:76:a2:79:68:d1:45:52:90:50:27:
                    f4:06:ca:41:7c:33:4d:48:e2:00:67:60:be:4b:49:
                    38:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:67:D0:AF:05:97:61:D6:A6:A8:90:5D:3D:1D:79:65:7A:AD:C0:4E
            X509v3 Authority Key Identifier:
                keyid:08:D3:81:CE:24:23:10:61:81:5F:32:04:3C:65:22:66:AD:BB:D8:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNOBziQjEGGBXzIEPGUiZq272GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5b7ef8-e71f-429e-aadf-6cb78e95ab44/1/_mfQrwWXYdamqJBdPR15ZXqtwE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5b7ef8-e71f-429e-aadf-6cb78e95ab44/1/CNOBziQjEGGBXzIEPGUiZq272GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:82:c0:c1:35:f4:b1:63:c4:2a:4a:5d:95:8c:8c:09:52:c8:
         86:da:e7:46:25:7c:ab:ad:f7:df:ce:66:15:f1:1b:84:ac:7b:
         dd:18:21:19:55:31:87:db:f7:84:d5:f0:2c:10:98:5e:71:33:
         01:78:5a:32:56:c2:09:a9:ec:2c:8e:74:d0:37:71:81:45:96:
         1f:5b:41:3b:03:15:2d:ef:74:8a:c7:f2:be:9f:20:72:1b:bb:
         7d:04:ea:60:c7:40:12:9b:8b:16:50:4b:47:ae:d1:f0:58:49:
         4b:3e:df:a6:37:1f:f9:38:53:a1:7b:e6:47:3e:e1:67:03:3d:
         38:5b:af:5e:11:62:65:55:e5:4f:d9:9b:43:5b:90:88:40:92:
         14:65:1f:35:65:f6:29:e8:f2:7e:2d:fb:f8:cb:72:be:fe:54:
         fd:ab:53:90:1a:80:54:55:00:5e:d3:96:7a:cf:ea:37:ec:4c:
         39:cf:dc:09:08:1c:93:8f:7d:65:94:a2:b8:a7:28:09:a8:1d:
         29:3e:9f:49:bf:9e:cf:03:97:a9:fb:b1:f2:0c:6e:31:b8:d1:
         18:45:dc:0b:9a:9c:9f:ed:00:46:a2:4d:29:ad:0f:0c:cf:56:
         55:40:d5:bd:35:14:c8:61:67:42:e0:67:9c:d1:ff:17:ed:89:
         5f:f5:4f:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb9fo5sMX+oEPb6ClwHgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDM4MWNlMjQyMzEwNjE4MTVmMzIwNDNjNjUyMjY2YWRi
YmQ4NjUwHhcNMjQwMTAyMDQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTY3ZDBhZjA1OTc2MWQ2YTZhODkwNWQzZDFkNzk2NTdhYWRjMDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn60KE+dWmG0imqBZctBaR/lvZSu1
M5B5Whc4qy3va0khGlJatyhjozsLsHgFegEYU0fcsyUHSs4KYBKJaxR4k77Z0ty2
ZoJnwee4dVvCPRVQ2D7MzhkOEC0oEv+fGdG2Ib4yC1oRkf3OjdnbsmhlZHUvJwzq
/vZmEfCjoBID7jYnYxGHSew59tQStM1EJpu5lit4zT4f0C7hn0bEi7NbZtKmUW2a
C8FTRzGUhcadr4s0V0xpS3sXHgC4qugGzPnYYaznBtOgPlqs5/G2EGHEDHH4/0FK
OMqjmLPIKfbxPC0JHyVp+3aieWjRRVKQUCf0BspBfDNNSOIAZ2C+S0k4OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5n0K8Fl2HWpqiQXT0deWV6rcBOMB8GA1UdIwQY
MBaAFAjTgc4kIxBhgV8yBDxlImatu9hlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05PQnppUWpFR0dCWHpJRVBHVWlacTI3MkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS81YjdlZjgtZTcxZi00MjllLWFhZGYt
NmNiNzhlOTVhYjQ0LzEvX21mUXJ3V1hZZGFtcUpCZFBSMTVaWHF0d0U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS81YjdlZjgtZTcxZi00MjllLWFhZGYtNmNiNzhlOTVhYjQ0
LzEvQ05PQnppUWpFR0dCWHpJRVBHVWlacTI3MkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsHVoMA0G
CSqGSIb3DQEBCwUAA4IBAQBngsDBNfSxY8QqSl2VjIwJUsiG2udGJXyrrfffzmYV
8RuErHvdGCEZVTGH2/eE1fAsEJhecTMBeFoyVsIJqewsjnTQN3GBRZYfW0E7AxUt
73SKx/K+nyByG7t9BOpgx0ASm4sWUEtHrtHwWElLPt+mNx/5OFOhe+ZHPuFnAz04
W69eEWJlVeVP2ZtDW5CIQJIUZR81ZfYp6PJ+Lfv4y3K+/lT9q1OQGoBUVQBe05Z6
z+o37Ew5z9wJCByTj31llKK4pygJqB0pPp9Jv57PA5ep+7HyDG4xuNEYRdwLmpyf
7QBGok0prQ8Mz1ZVQNW9NRTIYWdC4Gec0f8X7Ylf9U/7
-----END CERTIFICATE-----