Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/i43sZMdMaysQR7HV23YykPFJZFQ.roa
File:                     i43sZMdMaysQR7HV23YykPFJZFQ.roa (raw, json)
Hash identifier:          laeb7UjPYx6hAiWqRS1hr4JTUhH+11cbXfbZyz9mTig=
Subject key identifier:   8B:8D:EC:64:C7:4C:6B:2B:10:47:B1:D5:DB:76:32:90:F1:49:64:54
Certificate issuer:       /CN=2b46c9ccf7ff7bdccf837762a0e157bdc13570e0
Certificate serial:       018CC4246DF2685F2DB24CF1AE75674E9221
Authority key identifier: 2B:46:C9:CC:F7:FF:7B:DC:CF:83:77:62:A0:E1:57:BD:C1:35:70:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/i43sZMdMaysQR7HV23YykPFJZFQ.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57333
IP address blocks:        176.97.160.0/19 maxlen: 19
                          176.97.160.0/21 maxlen: 21
                          176.97.168.0/21 maxlen: 21
                          176.97.176.0/21 maxlen: 21
                          176.97.184.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/K0bJzPf_e9zPg3dioOFXvcE1cOA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/K0bJzPf_e9zPg3dioOFXvcE1cOA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6d:f2:68:5f:2d:b2:4c:f1:ae:75:67:4e:92:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b46c9ccf7ff7bdccf837762a0e157bdc13570e0
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b8dec64c74c6b2b1047b1d5db763290f1496454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e2:e9:05:0c:74:62:c8:df:ed:aa:e4:e8:7c:
                    53:2a:5b:49:cf:90:8d:b4:6b:30:3b:8f:c1:73:0f:
                    28:6a:20:72:c5:9f:2b:83:b4:c5:ab:a9:68:2a:2b:
                    aa:be:fe:d9:76:76:1a:a8:3c:c7:86:7e:04:ff:0a:
                    d3:73:2c:22:2c:bb:27:04:c4:ec:78:cf:a4:e3:cd:
                    01:35:5b:cc:98:d7:94:81:c3:08:8b:54:ea:51:7c:
                    7c:08:1a:cd:24:d1:20:13:fb:64:c0:81:12:ac:c8:
                    33:14:6a:2a:55:ba:7d:6e:2e:8e:fe:62:6d:c0:14:
                    b0:27:85:0b:1b:dc:3e:63:d0:42:b9:a1:e4:82:e6:
                    4d:f3:f0:d1:44:78:24:22:a6:79:17:38:84:30:ac:
                    79:4d:ba:ca:35:4e:fb:af:26:e5:f6:4d:b3:aa:a1:
                    84:53:0e:da:0d:07:91:97:2a:2a:e0:68:6e:b3:6f:
                    78:81:f2:3b:45:62:29:e1:1f:18:9b:af:88:dc:0a:
                    f2:73:45:98:85:69:05:a0:27:ab:b0:d6:22:71:24:
                    e1:e6:8f:3d:32:48:82:26:5f:7a:e0:8a:4b:00:d9:
                    c2:fb:f6:41:c2:fb:f1:92:81:3d:14:f5:46:fa:f2:
                    05:b7:59:dd:0f:6f:0b:5d:95:8a:f3:e1:0e:3d:9b:
                    0d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:8D:EC:64:C7:4C:6B:2B:10:47:B1:D5:DB:76:32:90:F1:49:64:54
            X509v3 Authority Key Identifier:
                keyid:2B:46:C9:CC:F7:FF:7B:DC:CF:83:77:62:A0:E1:57:BD:C1:35:70:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/i43sZMdMaysQR7HV23YykPFJZFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/K0bJzPf_e9zPg3dioOFXvcE1cOA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         00:0f:eb:5d:fb:6a:1b:ad:3c:ae:4c:50:ee:97:aa:b5:76:b6:
         fb:f9:8a:b1:27:9a:84:5d:85:04:68:8d:0a:32:22:c8:7b:7d:
         6a:5f:86:e4:d5:1c:ff:0c:b9:81:eb:da:62:a1:11:5a:f8:3a:
         d6:21:c9:97:3f:00:2c:b3:83:84:9c:87:1d:80:78:b6:7a:36:
         a0:61:95:f6:5f:cb:c0:cc:05:5b:c2:b2:ef:40:cd:c8:49:31:
         84:62:8f:4d:b7:d5:f7:4e:12:85:a3:b9:c5:78:1a:f1:4d:90:
         1f:1e:2d:a3:da:1a:02:d6:6c:b1:27:f8:c9:f7:33:80:dc:b4:
         43:49:9f:03:44:e1:a4:d0:e7:00:fb:5c:4a:a0:2c:37:4e:b5:
         73:1f:ea:f3:cc:a5:bc:d5:e0:ec:35:e7:6d:9f:a4:b4:fe:7a:
         cd:57:a8:7d:7a:ea:30:1a:c1:ec:e6:c7:b7:c1:5f:ac:b4:8f:
         50:72:95:8b:0a:60:58:a2:2c:68:4f:d0:a4:3e:5b:dd:31:5a:
         bb:0c:8d:d6:30:f7:ef:ad:bb:30:5c:82:ae:35:ee:b6:21:eb:
         d3:9c:ec:8a:34:c5:70:2d:c6:9a:4e:eb:9d:23:c8:63:a5:a4:
         81:65:ef:7e:33:ce:71:68:6f:57:34:ea:54:9d:71:82:fd:d1:
         f6:97:8d:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJG3yaF8tskzxrnVnTpIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNDZjOWNjZjdmZjdiZGNjZjgzNzc2MmEwZTE1N2JkYzEz
NTcwZTAwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjhkZWM2NGM3NGM2YjJiMTA0N2IxZDVkYjc2MzI5MGYxNDk2NDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eLpBQx0Ysjf7ark6HxTKltJz5CN
tGswO4/Bcw8oaiByxZ8rg7TFq6loKiuqvv7ZdnYaqDzHhn4E/wrTcywiLLsnBMTs
eM+k480BNVvMmNeUgcMIi1TqUXx8CBrNJNEgE/tkwIESrMgzFGoqVbp9bi6O/mJt
wBSwJ4ULG9w+Y9BCuaHkguZN8/DRRHgkIqZ5FziEMKx5TbrKNU77rybl9k2zqqGE
Uw7aDQeRlyoq4Ghus294gfI7RWIp4R8Ym6+I3Aryc0WYhWkFoCersNYicSTh5o89
MkiCJl964IpLANnC+/ZBwvvxkoE9FPVG+vIFt1ndD28LXZWK8+EOPZsNDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuN7GTHTGsrEEex1dt2MpDxSWRUMB8GA1UdIwQY
MBaAFCtGycz3/3vcz4N3YqDhV73BNXDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzBiSnpQZl9lOXpQZzNkaW9PRlh2Y0UxY09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zNGNjZmUtODBlNi00ZDk2LWI5Njgt
YzdhMmQ1ZjlmZDYwLzEvaTQzc1pNZE1heXNRUjdIVjIzWXlrUEZKWkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zNGNjZmUtODBlNi00ZDk2LWI5NjgtYzdhMmQ1ZjlmZDYw
LzEvSzBiSnpQZl9lOXpQZzNkaW9PRlh2Y0UxY09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsGGgMA0G
CSqGSIb3DQEBCwUAA4IBAQAAD+td+2obrTyuTFDul6q1drb7+YqxJ5qEXYUEaI0K
MiLIe31qX4bk1Rz/DLmB69pioRFa+DrWIcmXPwAss4OEnIcdgHi2ejagYZX2X8vA
zAVbwrLvQM3ISTGEYo9Nt9X3ThKFo7nFeBrxTZAfHi2j2hoC1myxJ/jJ9zOA3LRD
SZ8DROGk0OcA+1xKoCw3TrVzH+rzzKW81eDsNedtn6S0/nrNV6h9euowGsHs5se3
wV+stI9QcpWLCmBYoixoT9CkPlvdMVq7DI3WMPfvrbswXIKuNe62IevTnOyKNMVw
LcaaTuudI8hjpaSBZe9+M85xaG9XNOpUnXGC/dH2l42w
-----END CERTIFICATE-----