Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/9Wp5uJ5FUu9iEwoNbJBJ7ealmHc.roa
File:                     9Wp5uJ5FUu9iEwoNbJBJ7ealmHc.roa (raw, json)
Hash identifier:          HkDY53NBHCTKp0gGO25/bG3Caebh12DJk3xT8JHEaAA=
Subject key identifier:   F5:6A:79:B8:9E:45:52:EF:62:13:0A:0D:6C:90:49:ED:E6:A5:98:77
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018CC794A1B882D102C5F0F50EAB3CC7E07B
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/9Wp5uJ5FUu9iEwoNbJBJ7ealmHc.roa
Signing time:             Tue 02 Jan 2024 00:30:55 +0000
ROA not before:           Tue 02 Jan 2024 00:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198343
IP address blocks:        176.103.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a1:b8:82:d1:02:c5:f0:f5:0e:ab:3c:c7:e0:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 00:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f56a79b89e4552ef62130a0d6c9049ede6a59877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:70:5c:5c:62:f1:02:30:15:ca:78:f1:59:77:
                    e0:da:0b:46:8c:77:b4:69:77:64:9b:8e:59:1c:08:
                    5d:78:3d:99:97:59:bc:9a:81:c5:55:1b:1e:89:53:
                    9e:fa:f3:6e:a2:12:0b:db:0c:a6:ae:10:00:8d:19:
                    e7:6f:73:89:81:0c:52:c9:9b:06:ef:95:be:24:c5:
                    75:32:4a:9f:bb:be:e2:31:32:e9:56:81:8e:be:8d:
                    f5:5a:03:3d:37:92:38:b7:ed:59:72:f8:c5:60:1c:
                    db:e4:71:58:81:e0:9d:8d:65:8c:d8:63:a6:05:f1:
                    2f:f0:b7:16:5d:b9:da:ad:87:22:43:2d:24:52:d2:
                    c3:cd:89:6c:85:5e:84:36:d9:d5:e3:0e:74:ec:eb:
                    34:33:1c:10:92:27:c0:02:6e:6e:e2:b9:a5:51:50:
                    48:52:0b:f1:da:50:36:81:75:6e:c2:37:e6:c6:de:
                    1d:17:7b:26:14:68:3c:81:0c:91:2a:e0:ff:e3:73:
                    3f:7d:f3:ac:2e:78:87:d0:68:26:a7:9f:f0:c8:0e:
                    c0:4d:a3:73:b5:83:a0:b4:54:f0:e7:19:a9:34:02:
                    f5:ff:b3:06:8d:bc:34:a3:38:1d:1a:30:a3:1c:a0:
                    6e:68:bb:de:52:b1:e8:9e:81:e4:a7:d8:85:97:62:
                    d5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6A:79:B8:9E:45:52:EF:62:13:0A:0D:6C:90:49:ED:E6:A5:98:77
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/9Wp5uJ5FUu9iEwoNbJBJ7ealmHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:0b:59:73:e4:23:14:b2:c7:c7:20:be:1a:8b:cd:9b:fa:6e:
         5e:a0:2f:db:6f:0c:e1:0c:45:54:d9:ae:2e:90:ce:1b:24:09:
         08:2c:ea:c1:f2:17:24:f2:9d:f9:ec:e7:dc:d9:32:80:2f:e3:
         d6:6d:f6:f8:68:63:f4:41:1c:09:c7:bf:6b:26:6a:14:15:c2:
         36:c6:44:bd:6e:c8:b8:2d:01:ae:f5:3a:1d:33:3c:58:6b:a6:
         62:89:55:fd:3e:09:4d:d2:78:ba:6a:23:c7:7b:22:1d:8b:a1:
         34:b7:05:1f:14:27:05:9d:8f:28:6c:fe:4d:15:87:85:26:87:
         d5:9b:3c:a8:7e:9a:17:03:95:51:0e:d3:a0:b6:ac:d0:54:cf:
         e9:61:f5:d1:50:dc:af:b4:54:15:b9:58:13:ea:9f:10:c7:0a:
         11:a6:6b:b8:6a:cd:50:60:eb:ba:2b:f2:b6:66:94:a0:ef:87:
         b4:1a:a1:08:aa:c2:7b:44:42:93:04:5b:f7:12:87:b5:ca:bb:
         b6:44:ef:74:fe:d1:d4:dc:c6:42:82:ee:08:9a:b3:eb:e3:11:
         34:e1:a6:85:d7:58:11:41:9b:b4:e9:8b:c9:f0:0c:ab:bf:76:
         d3:95:a6:b0:a0:b6:13:f4:a9:d4:3d:37:98:db:98:b1:01:d8:
         bc:d5:38:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKG4gtECxfD1Dqs8x+B7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjQwMTAyMDAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZhNzliODllNDU1MmVmNjIxMzBhMGQ2YzkwNDllZGU2YTU5ODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnBcXGLxAjAVynjxWXfg2gtGjHe0
aXdkm45ZHAhdeD2Zl1m8moHFVRseiVOe+vNuohIL2wymrhAAjRnnb3OJgQxSyZsG
75W+JMV1Mkqfu77iMTLpVoGOvo31WgM9N5I4t+1ZcvjFYBzb5HFYgeCdjWWM2GOm
BfEv8LcWXbnarYciQy0kUtLDzYlshV6ENtnV4w507Os0MxwQkifAAm5u4rmlUVBI
Ugvx2lA2gXVuwjfmxt4dF3smFGg8gQyRKuD/43M/ffOsLniH0Ggmp5/wyA7ATaNz
tYOgtFTw5xmpNAL1/7MGjbw0ozgdGjCjHKBuaLveUrHonoHkp9iFl2LVEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVqebieRVLvYhMKDWyQSe3mpZh3MB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvOVdwNXVKNUZVdTlpRXdvTmJKQko3ZWFsbUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGe6MA0G
CSqGSIb3DQEBCwUAA4IBAQA3C1lz5CMUssfHIL4ai82b+m5eoC/bbwzhDEVU2a4u
kM4bJAkILOrB8hck8p357Ofc2TKAL+PWbfb4aGP0QRwJx79rJmoUFcI2xkS9bsi4
LQGu9TodMzxYa6ZiiVX9PglN0ni6aiPHeyIdi6E0twUfFCcFnY8obP5NFYeFJofV
mzyofpoXA5VRDtOgtqzQVM/pYfXRUNyvtFQVuVgT6p8QxwoRpmu4as1QYOu6K/K2
ZpSg74e0GqEIqsJ7REKTBFv3Eoe1yru2RO90/tHU3MZCgu4ImrPr4xE04aaF11gR
QZu06YvJ8Ayrv3bTlaawoLYT9KnUPTeY25ixAdi81TjS
-----END CERTIFICATE-----