Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ksdQ0xmh9f9sANxFZ3Hu5mOoK4E.roa
File:                     ksdQ0xmh9f9sANxFZ3Hu5mOoK4E.roa (raw, json)
Hash identifier:          OM3nOcvyeUhcMqNkNwL5VU9iPqjqm2+pWMtH7manvUE=
Subject key identifier:   92:C7:50:D3:19:A1:F5:FF:6C:00:DC:45:67:71:EE:E6:63:A8:2B:81
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       01942445149048A0FFD4F657B9034B0564B4
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ksdQ0xmh9f9sANxFZ3Hu5mOoK4E.roa
Signing time:             Wed 01 Jan 2025 23:48:14 +0000
ROA not before:           Wed 01 Jan 2025 23:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41957
IP address blocks:        176.56.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:14:90:48:a0:ff:d4:f6:57:b9:03:4b:05:64:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92c750d319a1f5ff6c00dc456771eee663a82b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:37:53:b3:4e:7e:d3:f1:0e:61:98:c5:88:56:
                    85:e5:3f:07:a6:df:be:17:d8:12:eb:e5:73:53:fb:
                    af:b0:1c:b6:fe:da:c3:08:68:25:2c:59:52:cc:26:
                    0f:d0:5c:78:f6:81:4e:83:2d:0b:b1:b2:f6:c4:58:
                    94:b9:16:c2:e1:71:d5:0f:8c:a5:d6:87:9a:f5:d4:
                    fa:bc:04:9a:ce:45:03:90:72:67:df:99:6c:ed:97:
                    b5:95:9f:80:05:c0:28:ae:54:04:ce:35:57:8e:f9:
                    ba:c8:ed:5c:47:43:df:03:4c:e5:d3:5c:6b:fe:43:
                    17:a6:cc:b7:54:b8:9f:c7:e0:47:0c:af:e2:36:dd:
                    d3:6b:f9:58:9b:5d:bd:8c:1a:90:09:60:ba:cb:ba:
                    a5:22:f1:0d:ec:4c:37:9d:82:06:26:48:58:53:f1:
                    6b:ee:e0:e1:35:03:89:35:f3:f6:3c:e5:56:39:15:
                    4e:a5:1f:73:1e:a0:41:6d:4f:ae:5b:9f:11:cb:44:
                    07:53:7f:4b:79:64:b1:5c:68:75:e5:67:58:c7:02:
                    c9:f2:46:8d:3d:0b:23:eb:40:a8:30:23:34:51:e8:
                    e5:2d:a2:6a:00:d7:49:df:d2:c7:41:18:dd:31:13:
                    45:2a:ad:cc:95:24:e3:f7:2e:18:d8:06:f3:66:df:
                    0a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C7:50:D3:19:A1:F5:FF:6C:00:DC:45:67:71:EE:E6:63:A8:2B:81
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/ksdQ0xmh9f9sANxFZ3Hu5mOoK4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.56.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ee:14:04:c3:19:c0:c3:78:48:bf:58:2e:a5:d0:1c:54:bd:
         5d:a0:86:97:0d:d0:ec:85:41:45:c9:73:f8:ec:92:c7:6c:4e:
         dc:d9:5d:0b:a9:b5:2a:5a:0a:1e:4a:3e:96:b5:40:c7:56:f0:
         39:e0:69:f2:1d:76:13:d3:d1:8b:c8:cf:09:c7:59:ed:0e:bb:
         51:29:26:cb:a0:d2:79:5f:f6:cb:de:a2:be:53:20:a7:82:a8:
         20:f5:cb:3e:06:75:62:df:a7:30:dd:a0:a4:4d:14:f3:a6:27:
         7d:bd:77:c2:a0:bc:ff:57:3c:51:04:a6:ce:f9:a5:6d:4a:9c:
         09:2b:de:22:87:97:21:26:c7:0c:a9:89:3b:96:5b:73:82:fc:
         84:01:55:7a:a8:a3:09:5e:a0:d5:9f:f8:17:2c:06:0c:e1:50:
         6b:5a:bf:18:c9:73:9b:91:e7:2c:06:9d:c4:ff:ef:03:16:fb:
         3d:e2:0b:1d:43:55:41:19:b8:d0:8c:2a:5d:b3:49:33:bb:97:
         c8:60:b6:1e:16:5c:70:1f:37:da:18:06:f0:29:ab:e6:0f:c8:
         3f:9b:79:c3:b9:d4:ea:94:73:1d:e0:ad:7b:d1:12:2a:27:25:
         3a:8d:ba:27:ea:d0:2f:ed:44:35:ee:0d:26:c0:c9:84:01:4c:
         e2:00:67:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRSQSKD/1PZXuQNLBWS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmM3NTBkMzE5YTFmNWZmNmMwMGRjNDU2NzcxZWVlNjYzYTgyYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zdTs05+0/EOYZjFiFaF5T8Hpt++
F9gS6+VzU/uvsBy2/trDCGglLFlSzCYP0Fx49oFOgy0LsbL2xFiUuRbC4XHVD4yl
1oea9dT6vASazkUDkHJn35ls7Ze1lZ+ABcAorlQEzjVXjvm6yO1cR0PfA0zl01xr
/kMXpsy3VLifx+BHDK/iNt3Ta/lYm129jBqQCWC6y7qlIvEN7Ew3nYIGJkhYU/Fr
7uDhNQOJNfP2POVWORVOpR9zHqBBbU+uW58Ry0QHU39LeWSxXGh15WdYxwLJ8kaN
PQsj60CoMCM0UejlLaJqANdJ39LHQRjdMRNFKq3MlSTj9y4Y2AbzZt8KnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLHUNMZofX/bADcRWdx7uZjqCuBMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEva3NkUTB4bWg5ZjlzQU54RlozSHU1bU9vSzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDgiMA0G
CSqGSIb3DQEBCwUAA4IBAQBx7hQEwxnAw3hIv1gupdAcVL1doIaXDdDshUFFyXP4
7JLHbE7c2V0LqbUqWgoeSj6WtUDHVvA54GnyHXYT09GLyM8Jx1ntDrtRKSbLoNJ5
X/bL3qK+UyCngqgg9cs+BnVi36cw3aCkTRTzpid9vXfCoLz/VzxRBKbO+aVtSpwJ
K94ih5chJscMqYk7lltzgvyEAVV6qKMJXqDVn/gXLAYM4VBrWr8YyXObkecsBp3E
/+8DFvs94gsdQ1VBGbjQjCpds0kzu5fIYLYeFlxwHzfaGAbwKavmD8g/m3nDudTq
lHMd4K170RIqJyU6jbon6tAv7UQ17g0mwMmEAUziAGel
-----END CERTIFICATE-----