Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/qOT3WcLW8zs84BE_wmhPqMvPl58.roa
File:                     qOT3WcLW8zs84BE_wmhPqMvPl58.roa (raw, json)
Hash identifier:          QF2R4QZDi+PjUZCyFZZweb1DIurVlbM+fIHzud9bke8=
Subject key identifier:   A8:E4:F7:59:C2:D6:F3:3B:3C:E0:11:3F:C2:68:4F:A8:CB:CF:97:9F
Certificate issuer:       /CN=8a7bdf2f5b961232e58db289b48a9fe245fa9d6c
Certificate serial:       0191C5D911263CEEC09A78ED748B51ABE0DB
Authority key identifier: 8A:7B:DF:2F:5B:96:12:32:E5:8D:B2:89:B4:8A:9F:E2:45:FA:9D:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/invfL1uWEjLljbKJtIqf4kX6nWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/qOT3WcLW8zs84BE_wmhPqMvPl58.roa
Signing time:             Fri 06 Sep 2024 05:40:22 +0000
ROA not before:           Fri 06 Sep 2024 05:40:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        176.120.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/invfL1uWEjLljbKJtIqf4kX6nWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/invfL1uWEjLljbKJtIqf4kX6nWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/invfL1uWEjLljbKJtIqf4kX6nWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c5:d9:11:26:3c:ee:c0:9a:78:ed:74:8b:51:ab:e0:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a7bdf2f5b961232e58db289b48a9fe245fa9d6c
        Validity
            Not Before: Sep  6 05:40:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a8e4f759c2d6f33b3ce0113fc2684fa8cbcf979f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e2:39:54:90:a7:be:05:e7:8d:ac:dd:b1:d9:
                    53:fe:b7:8e:b3:f3:d5:8b:2a:6c:d2:22:06:ec:af:
                    79:b5:41:28:a1:94:8c:fa:73:d1:0c:28:ae:a3:ac:
                    4e:be:7c:b8:43:1d:ba:60:38:bc:ac:8b:40:ed:98:
                    71:e7:97:64:9b:a2:18:c3:2f:e2:73:df:18:53:0d:
                    ea:e2:53:f7:8a:c3:32:3b:08:70:44:fa:15:a4:f5:
                    c2:4c:60:90:99:d9:95:67:a7:29:17:b4:6f:13:d9:
                    ed:1f:8d:54:df:6f:65:2e:f2:56:29:c6:3c:09:b9:
                    e3:34:33:59:fd:7d:a2:d5:25:4a:18:04:0c:6f:c8:
                    56:7f:e8:45:3c:98:cc:20:d1:c2:79:36:87:e0:6d:
                    f2:55:f8:19:77:17:a9:e8:33:18:df:f6:54:1f:24:
                    29:1b:f9:27:9c:a0:4a:01:26:19:df:65:6b:54:59:
                    89:5b:ac:31:98:5a:29:1c:84:58:bf:ca:2e:89:6c:
                    3a:52:fe:ff:7f:62:2c:bf:ac:f9:ba:30:ec:0b:69:
                    e2:1e:cb:0b:a1:d4:74:51:ad:7c:0b:e9:0d:5d:75:
                    1f:f9:8e:da:6f:e2:8c:b7:8e:0d:7f:1f:e2:0d:9b:
                    bf:55:78:13:ba:04:47:39:a3:e9:19:42:d5:6e:40:
                    54:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E4:F7:59:C2:D6:F3:3B:3C:E0:11:3F:C2:68:4F:A8:CB:CF:97:9F
            X509v3 Authority Key Identifier:
                keyid:8A:7B:DF:2F:5B:96:12:32:E5:8D:B2:89:B4:8A:9F:E2:45:FA:9D:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/invfL1uWEjLljbKJtIqf4kX6nWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/qOT3WcLW8zs84BE_wmhPqMvPl58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/acd746-71eb-4cde-ae20-67685b4dc8b9/1/invfL1uWEjLljbKJtIqf4kX6nWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:12:15:ad:38:30:c0:5f:10:4f:5a:ad:77:71:27:9e:f6:28:
         a8:08:92:d5:85:66:1f:d5:e6:f0:7f:7f:c3:24:78:4d:fd:d2:
         45:15:32:b9:d3:9c:d6:7a:82:6e:7b:c7:50:5c:e0:31:dc:55:
         04:97:34:30:df:68:51:53:a8:79:02:db:5c:89:e4:70:84:1c:
         fa:81:e6:67:49:e9:45:10:69:4c:6a:ac:24:49:d4:a5:47:48:
         18:07:59:66:0c:d5:6c:e3:de:46:8a:28:bc:7d:c4:a5:73:06:
         28:08:2c:f4:4c:cc:9c:ae:10:5a:f2:41:70:77:2e:21:89:a9:
         a5:15:3b:18:8c:2b:16:0e:e2:24:7c:24:7b:ca:5d:5b:6c:a0:
         66:a3:79:47:fe:1b:cb:de:82:72:86:87:14:9c:77:41:26:9f:
         8c:2d:94:a3:cf:78:56:64:43:2a:9c:85:2d:b3:10:90:bb:98:
         ca:24:19:d4:3c:c6:e2:e6:7c:a5:69:75:2e:98:09:80:c9:a8:
         1a:25:3b:42:f9:ab:9a:af:83:8a:27:d6:6a:69:27:1d:33:73:
         f2:86:ab:dd:1d:26:2c:02:44:81:7c:3e:ba:9a:83:d6:f8:72:
         de:40:af:54:dd:f0:9c:b8:c7:b8:57:78:9f:fa:0e:57:f9:bc:
         0d:a5:47:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHF2REmPO7AmnjtdItRq+DbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhN2JkZjJmNWI5NjEyMzJlNThkYjI4OWI0OGE5ZmUyNDVm
YTlkNmMwHhcNMjQwOTA2MDU0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGU0Zjc1OWMyZDZmMzNiM2NlMDExM2ZjMjY4NGZhOGNiY2Y5NzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueI5VJCnvgXnjazdsdlT/reOs/PV
iyps0iIG7K95tUEooZSM+nPRDCiuo6xOvny4Qx26YDi8rItA7Zhx55dkm6IYwy/i
c98YUw3q4lP3isMyOwhwRPoVpPXCTGCQmdmVZ6cpF7RvE9ntH41U329lLvJWKcY8
CbnjNDNZ/X2i1SVKGAQMb8hWf+hFPJjMINHCeTaH4G3yVfgZdxep6DMY3/ZUHyQp
G/knnKBKASYZ32VrVFmJW6wxmFopHIRYv8ouiWw6Uv7/f2Isv6z5ujDsC2niHssL
odR0Ua18C+kNXXUf+Y7ab+KMt44Nfx/iDZu/VXgTugRHOaPpGULVbkBUzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjk91nC1vM7POARP8JoT6jLz5efMB8GA1UdIwQY
MBaAFIp73y9blhIy5Y2yibSKn+JF+p1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW52ZkwxdVdFakxsamJLSnRJcWY0a1g2bld3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9hY2Q3NDYtNzFlYi00Y2RlLWFlMjAt
Njc2ODViNGRjOGI5LzEvcU9UM1djTFc4enM4NEJFX3dtaFBxTXZQbDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9hY2Q3NDYtNzFlYi00Y2RlLWFlMjAtNjc2ODViNGRjOGI5
LzEvaW52ZkwxdVdFakxsamJLSnRJcWY0a1g2bld3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHgQMA0G
CSqGSIb3DQEBCwUAA4IBAQAWEhWtODDAXxBPWq13cSee9iioCJLVhWYf1ebwf3/D
JHhN/dJFFTK505zWeoJue8dQXOAx3FUElzQw32hRU6h5AttcieRwhBz6geZnSelF
EGlMaqwkSdSlR0gYB1lmDNVs495Giii8fcSlcwYoCCz0TMycrhBa8kFwdy4hiaml
FTsYjCsWDuIkfCR7yl1bbKBmo3lH/hvL3oJyhocUnHdBJp+MLZSjz3hWZEMqnIUt
sxCQu5jKJBnUPMbi5nylaXUumAmAyagaJTtC+auar4OKJ9ZqaScdM3PyhqvdHSYs
AkSBfD66moPW+HLeQK9U3fCcuMe4V3if+g5X+bwNpUfr
-----END CERTIFICATE-----