Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/X_A9b8HVr5qklYFFZwRU8EPn5Eg.roa
File:                     X_A9b8HVr5qklYFFZwRU8EPn5Eg.roa (raw, json)
Hash identifier:          nwCPhW8ceKdiTWMzZTjsI9FEgQdel0ZgGx4BpyzSfSA=
Subject key identifier:   5F:F0:3D:6F:C1:D5:AF:9A:A4:95:81:45:67:04:54:F0:43:E7:E4:48
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018CC7275965558CE4BFD05903F6A8E3793D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/X_A9b8HVr5qklYFFZwRU8EPn5Eg.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        176.118.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:59:65:55:8c:e4:bf:d0:59:03:f6:a8:e3:79:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ff03d6fc1d5af9aa4958145670454f043e7e448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:82:e7:4f:03:5c:ff:9d:4a:30:17:1c:5c:0f:
                    fd:2e:45:5a:b7:d4:c6:a9:e9:b9:7e:46:b2:06:18:
                    07:29:56:55:c9:ca:31:a9:d8:a2:ea:6d:ca:b6:36:
                    1d:17:e9:69:d1:58:a4:44:c1:ba:b0:18:0a:c9:51:
                    c9:ed:ad:d2:5e:f1:a0:94:7b:ba:20:78:94:5a:0b:
                    84:b4:1f:66:30:ad:be:96:ef:15:75:cb:13:e2:a7:
                    72:5a:fb:73:c0:78:d5:23:91:33:1e:74:6b:8e:0e:
                    ba:d9:e2:6a:bd:f8:6c:89:71:00:06:4d:fa:4b:f5:
                    d0:a7:ab:39:77:6a:90:76:b1:67:3b:db:b2:8d:ec:
                    b7:4b:8e:80:2d:8a:86:50:84:3e:95:68:5d:9c:74:
                    a1:75:73:77:ef:c4:17:9b:3c:9f:2d:d3:96:1e:cc:
                    c8:e6:df:5e:74:7d:0a:cd:19:ff:48:58:1b:71:e7:
                    e2:15:0e:c0:01:09:f9:6b:6e:ea:cd:e8:67:9a:26:
                    14:4b:7e:0d:94:de:5e:e4:f6:4b:ee:7d:ff:48:8a:
                    ee:31:9b:a2:4a:be:85:6b:1f:09:35:86:c1:15:54:
                    90:5e:32:f8:09:55:1c:b5:fc:d9:19:44:5b:6d:ef:
                    d4:a6:0a:23:99:93:73:c8:97:8f:7a:aa:3c:73:33:
                    27:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F0:3D:6F:C1:D5:AF:9A:A4:95:81:45:67:04:54:F0:43:E7:E4:48
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/X_A9b8HVr5qklYFFZwRU8EPn5Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:1d:d1:db:16:f0:b9:a4:bc:7b:db:49:c5:dc:da:af:8c:01:
         f3:f5:07:b2:ed:33:6a:89:6f:a3:06:6f:9f:30:6f:98:64:6f:
         76:14:94:92:b0:01:4a:12:96:6b:04:4a:cb:e9:59:ed:11:91:
         85:49:f8:4e:ca:51:57:de:6e:7d:9d:11:39:d4:ba:d7:25:8d:
         6d:ea:93:05:82:ec:2c:2e:7a:12:e0:14:d4:8a:74:20:12:e7:
         55:14:cc:69:4c:de:ec:23:0f:29:17:ec:f8:13:10:7e:c3:c9:
         a5:ff:26:62:32:a4:a6:fe:ee:86:00:6b:cd:50:ad:9d:3d:38:
         59:c6:e3:5d:d7:c0:64:3f:08:d7:97:82:39:ea:cb:d9:50:c7:
         60:ef:19:e0:da:2e:ff:d1:74:a4:2c:93:aa:a4:0c:02:41:94:
         16:2b:25:b2:1f:33:fe:ad:b7:4d:66:b8:0c:1c:91:cf:45:27:
         84:2f:f5:32:ff:c5:25:e5:4c:93:e0:03:d4:82:76:c4:cb:e8:
         ad:be:6a:f5:ae:c1:c3:3e:05:72:50:fb:ae:3b:c6:38:85:29:
         dd:7d:aa:44:7f:2d:4f:b9:17:a8:79:3f:3a:c1:44:50:38:c6:
         7b:d7:9e:75:e7:49:46:e9:72:01:b6:e9:02:f5:7f:92:33:4d:
         cd:cd:c1:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1llVYzkv9BZA/ao43k9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmYwM2Q2ZmMxZDVhZjlhYTQ5NTgxNDU2NzA0NTRmMDQzZTdlNDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkILnTwNc/51KMBccXA/9LkVat9TG
qem5fkayBhgHKVZVycoxqdii6m3KtjYdF+lp0VikRMG6sBgKyVHJ7a3SXvGglHu6
IHiUWguEtB9mMK2+lu8VdcsT4qdyWvtzwHjVI5EzHnRrjg662eJqvfhsiXEABk36
S/XQp6s5d2qQdrFnO9uyjey3S46ALYqGUIQ+lWhdnHShdXN378QXmzyfLdOWHszI
5t9edH0KzRn/SFgbcefiFQ7AAQn5a27qzehnmiYUS34NlN5e5PZL7n3/SIruMZui
Sr6Fax8JNYbBFVSQXjL4CVUctfzZGURbbe/UpgojmZNzyJePeqo8czMnCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/wPW/B1a+apJWBRWcEVPBD5+RIMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvWF9BOWI4SFZyNXFrbFlGRlp3UlU4RVBuNUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAyHdHbFvC5pLx720nF3NqvjAHz9Qey7TNqiW+jBm+f
MG+YZG92FJSSsAFKEpZrBErL6VntEZGFSfhOylFX3m59nRE51LrXJY1t6pMFguws
LnoS4BTUinQgEudVFMxpTN7sIw8pF+z4ExB+w8ml/yZiMqSm/u6GAGvNUK2dPThZ
xuNd18BkPwjXl4I56svZUMdg7xng2i7/0XSkLJOqpAwCQZQWKyWyHzP+rbdNZrgM
HJHPRSeEL/Uy/8Ul5UyT4APUgnbEy+itvmr1rsHDPgVyUPuuO8Y4hSndfapEfy1P
uReoeT86wURQOMZ7155150lG6XIBtukC9X+SM03NzcEq
-----END CERTIFICATE-----