Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/c84976-d5ea-4e7f-8ed3-a89f81776406/1/qZgq5PEruZKDXlqWF1xLZ6Y5UKs.roa
File:                     qZgq5PEruZKDXlqWF1xLZ6Y5UKs.roa (raw, json)
Hash identifier:          8A4ep0EEhUT4nPG2srtH0UdmXwR5nnzVhFIc5NbOWEs=
Subject key identifier:   A9:98:2A:E4:F1:2B:B9:92:83:5E:5A:96:17:5C:4B:67:A6:39:50:AB
Certificate issuer:       /CN=f8857ecf441e5ea1d7181fec7e97e6dbc1220fc2
Certificate serial:       018CC94E5780DEF30373CDC39A5C4D52B76E
Authority key identifier: F8:85:7E:CF:44:1E:5E:A1:D7:18:1F:EC:7E:97:E6:DB:C1:22:0F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-IV-z0QeXqHXGB_sfpfm28EiD8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/c84976-d5ea-4e7f-8ed3-a89f81776406/1/qZgq5PEruZKDXlqWF1xLZ6Y5UKs.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40021
IP address blocks:        176.57.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/c84976-d5ea-4e7f-8ed3-a89f81776406/1/1-IV-z0QeXqHXGB_sfpfm28EiD8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/c84976-d5ea-4e7f-8ed3-a89f81776406/1/1-IV-z0QeXqHXGB_sfpfm28EiD8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-IV-z0QeXqHXGB_sfpfm28EiD8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:57:80:de:f3:03:73:cd:c3:9a:5c:4d:52:b7:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8857ecf441e5ea1d7181fec7e97e6dbc1220fc2
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9982ae4f12bb992835e5a96175c4b67a63950ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:54:62:35:3c:4c:25:0e:dc:54:5e:7e:cc:c8:
                    23:34:ee:ca:82:84:68:a5:fa:4a:a5:5a:79:3d:10:
                    1a:00:8c:aa:b2:41:7c:5b:b9:0c:a3:36:b7:f5:77:
                    00:88:3a:79:1c:fa:a8:cf:34:9a:3c:75:bc:ab:22:
                    67:44:97:4c:f8:e4:4c:ac:90:57:b1:85:8e:4b:0f:
                    b7:3f:f3:e7:42:bd:82:ee:93:e1:76:be:d0:df:a9:
                    d2:67:e1:fa:83:6d:f5:2c:e0:9e:86:ea:41:80:b7:
                    dd:3f:f0:8b:e5:6c:01:ba:d6:46:b6:9c:de:c2:6d:
                    14:0c:a3:06:47:fa:ed:ab:bf:a9:8f:cb:70:bf:68:
                    c2:42:d7:a8:2b:4f:9e:ce:4a:6e:98:6b:c4:a7:0d:
                    14:e0:68:ab:08:1e:ce:24:e8:04:21:ec:87:03:47:
                    89:c6:aa:6a:75:27:01:8e:25:78:1c:8f:ce:76:d7:
                    03:b8:65:cd:0f:f0:e1:b2:95:2d:2d:47:96:d2:40:
                    98:3f:6f:4b:da:6a:7d:ba:db:e2:b3:db:99:e1:cd:
                    cc:d5:c3:77:9a:3c:3a:44:7f:3a:29:4d:94:1c:20:
                    df:60:35:3a:12:04:e1:bd:5f:2b:81:5f:79:41:9b:
                    0c:9b:0e:33:d7:4b:9b:3f:4c:e9:e3:c7:79:ae:84:
                    8a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:98:2A:E4:F1:2B:B9:92:83:5E:5A:96:17:5C:4B:67:A6:39:50:AB
            X509v3 Authority Key Identifier:
                keyid:F8:85:7E:CF:44:1E:5E:A1:D7:18:1F:EC:7E:97:E6:DB:C1:22:0F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-IV-z0QeXqHXGB_sfpfm28EiD8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c84976-d5ea-4e7f-8ed3-a89f81776406/1/qZgq5PEruZKDXlqWF1xLZ6Y5UKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/c84976-d5ea-4e7f-8ed3-a89f81776406/1/1-IV-z0QeXqHXGB_sfpfm28EiD8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:4a:3c:df:f8:83:88:ca:7b:fe:9b:08:71:1e:e8:5b:7c:ed:
         5c:0f:0a:dc:45:ef:fc:28:b5:fe:e3:7b:de:12:22:93:b4:2a:
         20:86:f8:63:60:f5:3d:b1:df:a5:a4:f9:5d:f5:dd:90:3a:62:
         bc:34:5c:90:b6:29:b8:6f:f0:8e:ac:a4:da:ab:27:a6:f4:68:
         11:9d:38:b7:36:dd:b7:fb:84:e6:12:3d:28:e5:b6:45:0a:20:
         38:10:76:30:0e:b1:18:6b:8e:1a:9d:0e:e3:14:4b:f4:48:7f:
         c8:4e:04:06:31:ef:06:f9:26:fc:7d:4d:e7:f2:56:4b:d2:33:
         1b:f2:b5:e8:0c:60:b5:ed:9b:66:ab:2a:3e:07:09:31:f6:a2:
         f1:20:17:8a:dd:63:02:4e:31:43:2e:82:93:40:20:9b:3b:a7:
         ac:d4:cb:38:58:d2:ae:94:9b:dc:15:fa:3c:61:0c:7c:1d:e3:
         ab:26:17:06:f3:8f:bf:64:c2:cd:98:f6:d9:54:74:ac:55:a8:
         b7:d6:12:32:af:78:07:06:05:c7:82:28:3b:c2:46:4d:45:47:
         9d:34:f6:9d:5f:01:16:92:ff:bc:24:31:53:0e:06:f2:fa:46:
         3d:11:6c:bd:46:6c:7d:d4:97:86:6e:fe:72:66:3c:43:9f:56:
         e1:d1:34:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTleA3vMDc83DmlxNUrduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ODU3ZWNmNDQxZTVlYTFkNzE4MWZlYzdlOTdlNmRiYzEy
MjBmYzIwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTk4MmFlNGYxMmJiOTkyODM1ZTVhOTYxNzVjNGI2N2E2Mzk1MGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilRiNTxMJQ7cVF5+zMgjNO7KgoRo
pfpKpVp5PRAaAIyqskF8W7kMoza39XcAiDp5HPqozzSaPHW8qyJnRJdM+ORMrJBX
sYWOSw+3P/PnQr2C7pPhdr7Q36nSZ+H6g231LOCehupBgLfdP/CL5WwButZGtpze
wm0UDKMGR/rtq7+pj8twv2jCQteoK0+ezkpumGvEpw0U4GirCB7OJOgEIeyHA0eJ
xqpqdScBjiV4HI/OdtcDuGXND/DhspUtLUeW0kCYP29L2mp9utvis9uZ4c3M1cN3
mjw6RH86KU2UHCDfYDU6EgThvV8rgV95QZsMmw4z10ubP0zp48d5roSKRwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKmYKuTxK7mSg15alhdcS2emOVCrMB8GA1UdIwQY
MBaAFPiFfs9EHl6h1xgf7H6X5tvBIg/CMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1JVi16MFFlWHFIWEdCX3NmcGZtMjhFaUQ4SS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvYzg0OTc2LWQ1ZWEtNGU3Zi04ZWQz
LWE4OWY4MTc3NjQwNi8xL3FaZ3E1UEVydVpLRFhscVdGMXhMWjZZNVVLcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvYzg0OTc2LWQ1ZWEtNGU3Zi04ZWQzLWE4OWY4MTc3NjQw
Ni8xLzEtSVYtejBRZVhxSFhHQl9zZnBmbTI4RWlEOEkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACwOaUw
DQYJKoZIhvcNAQELBQADggEBAE5KPN/4g4jKe/6bCHEe6Ft87VwPCtxF7/wotf7j
e94SIpO0KiCG+GNg9T2x36Wk+V313ZA6Yrw0XJC2Kbhv8I6spNqrJ6b0aBGdOLc2
3bf7hOYSPSjltkUKIDgQdjAOsRhrjhqdDuMUS/RIf8hOBAYx7wb5Jvx9TefyVkvS
MxvytegMYLXtm2arKj4HCTH2ovEgF4rdYwJOMUMugpNAIJs7p6zUyzhY0q6Um9wV
+jxhDHwd46smFwbzj79kws2Y9tlUdKxVqLfWEjKveAcGBceCKDvCRk1FR5009p1f
ARaS/7wkMVMOBvL6Rj0RbL1GbH3Ul4Zu/nJmPEOfVuHRNDU=
-----END CERTIFICATE-----