Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/pW7KIsBt7f2hEqOzfFiEgWKE5o4.roa
File:                     pW7KIsBt7f2hEqOzfFiEgWKE5o4.roa (raw, json)
Hash identifier:          59Eb3QpvZQ9ZgzAavZpX85dCTyqfsHFsFyV3MyL78tQ=
Subject key identifier:   A5:6E:CA:22:C0:6D:ED:FD:A1:12:A3:B3:7C:58:84:81:62:84:E6:8E
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       018CC801C1DB05BF6B74E0C1F30A60218A3C
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/pW7KIsBt7f2hEqOzfFiEgWKE5o4.roa
Signing time:             Tue 02 Jan 2024 02:30:07 +0000
ROA not before:           Tue 02 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        176.46.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c1:db:05:bf:6b:74:e0:c1:f3:0a:60:21:8a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jan  2 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a56eca22c06dedfda112a3b37c5884816284e68e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:94:f8:5a:04:ab:fb:71:6c:f7:31:26:3a:2b:
                    84:8b:dd:35:ec:d1:e3:1a:8e:4a:95:a7:45:19:f2:
                    8a:23:25:0d:d6:ac:a7:bc:20:f2:35:a6:c2:9c:0e:
                    b0:d3:90:3f:14:38:50:63:a9:d2:d9:4b:dc:4d:fb:
                    d4:85:fe:ba:e0:35:96:9b:17:9a:5d:c0:d6:69:dc:
                    30:67:a1:f5:01:5c:28:2f:55:f5:c7:2f:e3:fd:3e:
                    26:1b:e5:2c:4b:79:1b:41:01:2d:99:07:40:ba:b1:
                    86:7a:21:45:09:c8:21:47:19:a5:8e:c7:cc:cd:79:
                    8f:e6:5a:e2:fe:07:96:a7:3d:48:dc:9c:0f:5e:40:
                    b3:c6:1e:a6:83:48:2d:84:56:89:dc:9f:00:3d:2a:
                    aa:4c:7b:06:22:9a:8b:f9:ee:cd:a9:1a:04:33:1c:
                    9d:03:e1:b2:67:32:2a:10:81:72:ca:9c:c3:1c:8a:
                    c4:6f:c9:d4:3c:e3:61:a7:e6:a9:81:5c:a9:2e:a5:
                    23:bd:36:9a:56:cc:72:e4:07:43:79:23:17:8c:57:
                    1b:3a:dd:66:43:8f:83:53:d8:b1:52:79:79:f5:b7:
                    4b:58:04:ca:ff:99:c4:ab:b3:0e:54:7c:f9:d4:31:
                    97:3a:d3:bd:18:59:06:15:2b:cc:da:67:ae:bc:38:
                    ec:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:6E:CA:22:C0:6D:ED:FD:A1:12:A3:B3:7C:58:84:81:62:84:E6:8E
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/pW7KIsBt7f2hEqOzfFiEgWKE5o4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.46.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:4e:a9:bf:a8:7a:94:a4:17:e6:95:d3:fb:c8:79:b3:f4:96:
         5d:da:d7:d9:dd:a5:80:df:3d:ca:99:93:76:66:c8:c9:5e:62:
         b4:d6:9e:42:2d:9f:1e:32:77:7d:50:1d:7a:0c:2a:b0:f5:af:
         62:68:19:bb:3d:a3:00:aa:d1:9a:56:3c:0b:c2:93:47:f0:1a:
         ee:ef:93:d4:06:ab:01:dc:c9:e5:8f:5c:67:4c:8d:e1:27:fd:
         76:b9:9a:99:fe:03:49:88:de:88:ef:b2:3c:43:f1:45:29:fe:
         c8:5b:ef:f4:15:b7:41:2b:11:11:32:35:dc:da:4f:9c:0d:df:
         19:36:34:90:f2:44:a9:1b:1d:ea:8b:51:fc:19:44:57:f4:18:
         ac:32:ae:67:73:71:30:96:45:d7:14:6d:33:8d:e1:5e:8f:c3:
         8b:57:34:09:19:5d:23:5a:f0:02:f1:67:22:7d:21:df:b7:37:
         d5:95:56:20:a0:43:66:40:36:e4:13:fa:78:a9:85:f6:bc:0c:
         9a:f3:c6:ef:38:b2:e1:b7:ef:f1:5e:4c:39:11:fb:eb:41:d2:
         1f:20:f4:70:34:23:dc:cc:e0:a2:b9:84:80:d0:16:91:10:99:
         73:c6:5e:54:57:98:c0:08:8a:32:41:ad:d8:1c:93:03:29:54:
         f7:de:f0:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcHbBb9rdODB8wpgIYo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjQwMTAyMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTZlY2EyMmMwNmRlZGZkYTExMmEzYjM3YzU4ODQ4MTYyODRlNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZT4WgSr+3Fs9zEmOiuEi9017NHj
Go5KladFGfKKIyUN1qynvCDyNabCnA6w05A/FDhQY6nS2UvcTfvUhf664DWWmxea
XcDWadwwZ6H1AVwoL1X1xy/j/T4mG+UsS3kbQQEtmQdAurGGeiFFCcghRxmljsfM
zXmP5lri/geWpz1I3JwPXkCzxh6mg0gthFaJ3J8APSqqTHsGIpqL+e7NqRoEMxyd
A+GyZzIqEIFyypzDHIrEb8nUPONhp+apgVypLqUjvTaaVsxy5AdDeSMXjFcbOt1m
Q4+DU9ixUnl59bdLWATK/5nEq7MOVHz51DGXOtO9GFkGFSvM2meuvDjsRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVuyiLAbe39oRKjs3xYhIFihOaOMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvcFc3S0lzQnQ3ZjJoRXFPemZGaUVnV0tFNW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsC6JMA0G
CSqGSIb3DQEBCwUAA4IBAQCKTqm/qHqUpBfmldP7yHmz9JZd2tfZ3aWA3z3KmZN2
ZsjJXmK01p5CLZ8eMnd9UB16DCqw9a9iaBm7PaMAqtGaVjwLwpNH8Bru75PUBqsB
3Mnlj1xnTI3hJ/12uZqZ/gNJiN6I77I8Q/FFKf7IW+/0FbdBKxERMjXc2k+cDd8Z
NjSQ8kSpGx3qi1H8GURX9BisMq5nc3EwlkXXFG0zjeFej8OLVzQJGV0jWvAC8Wci
fSHftzfVlVYgoENmQDbkE/p4qYX2vAya88bvOLLht+/xXkw5EfvrQdIfIPRwNCPc
zOCiuYSA0BaREJlzxl5UV5jACIoyQa3YHJMDKVT33vA2
-----END CERTIFICATE-----