Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/qBoWOQhY79uLzKD0s5WZDK0R_VY.roa
File:                     qBoWOQhY79uLzKD0s5WZDK0R_VY.roa (raw, json)
Hash identifier:          IK0ivmobAUCYRuGTZBeZDMe1B4jQFZ9fl0pfVJZgmdQ=
Subject key identifier:   A8:1A:16:39:08:58:EF:DB:8B:CC:A0:F4:B3:95:99:0C:AD:11:FD:56
Certificate issuer:       /CN=0d18532baa2fd86583a263bb1fbccbc80d40d990
Certificate serial:       018CC56E0715BFCF592D7BC6DDD5D46C1345
Authority key identifier: 0D:18:53:2B:AA:2F:D8:65:83:A2:63:BB:1F:BC:CB:C8:0D:40:D9:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DRhTK6ov2GWDomO7H7zLyA1A2ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/qBoWOQhY79uLzKD0s5WZDK0R_VY.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16338
IP address blocks:        176.119.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/DRhTK6ov2GWDomO7H7zLyA1A2ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/DRhTK6ov2GWDomO7H7zLyA1A2ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DRhTK6ov2GWDomO7H7zLyA1A2ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:07:15:bf:cf:59:2d:7b:c6:dd:d5:d4:6c:13:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d18532baa2fd86583a263bb1fbccbc80d40d990
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a81a16390858efdb8bcca0f4b395990cad11fd56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c8:38:aa:53:de:79:40:ed:12:8c:4c:7b:95:
                    aa:cc:b2:18:89:29:5f:27:26:f5:78:f4:89:d9:99:
                    07:f4:3c:6c:a0:a6:e1:58:d9:51:df:9b:d5:13:b8:
                    0b:8c:8a:58:4f:74:a7:59:3d:52:38:b2:8d:73:c2:
                    76:77:a8:e2:0c:72:23:ab:00:00:46:51:e1:10:d9:
                    de:50:24:14:32:96:3f:db:3c:e0:42:76:71:21:90:
                    d3:e0:1d:01:d7:73:43:46:a1:86:44:36:3c:6c:f6:
                    99:a8:a2:91:d1:eb:30:2c:79:3b:bd:8d:85:07:0b:
                    5c:a2:be:54:31:28:e6:95:14:87:8b:ce:3d:1f:0f:
                    69:e4:ff:5d:3a:13:a7:4a:71:4a:5d:49:24:62:bc:
                    f7:84:6c:db:f3:9c:b0:a7:aa:54:be:1d:7d:60:92:
                    cf:c8:c6:0c:16:fa:d8:b7:fd:8b:c6:42:96:66:8a:
                    c9:9f:4d:99:e3:77:06:fc:e9:64:3a:3f:c6:36:0b:
                    65:56:b1:c6:aa:82:a5:9e:58:19:06:c4:f7:56:f0:
                    3f:21:53:b4:13:5d:65:bf:31:2e:58:60:e2:fb:a1:
                    7b:f8:54:f2:6a:0b:0d:57:52:5f:51:91:48:18:2a:
                    59:d2:76:78:f4:6f:aa:61:65:54:d6:65:d0:be:ef:
                    72:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:1A:16:39:08:58:EF:DB:8B:CC:A0:F4:B3:95:99:0C:AD:11:FD:56
            X509v3 Authority Key Identifier:
                keyid:0D:18:53:2B:AA:2F:D8:65:83:A2:63:BB:1F:BC:CB:C8:0D:40:D9:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DRhTK6ov2GWDomO7H7zLyA1A2ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/qBoWOQhY79uLzKD0s5WZDK0R_VY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/b8b5bd-8adf-43ef-8abd-2b3a159ca2ef/1/DRhTK6ov2GWDomO7H7zLyA1A2ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:49:6a:60:d0:ca:ac:29:4e:42:64:f4:59:93:b0:af:26:25:
         46:f5:20:b7:ce:3b:d0:d3:35:5a:a0:c1:60:f5:b1:47:25:46:
         6f:08:fd:0c:73:d9:1e:85:1c:0b:36:65:b3:66:3a:d0:8a:97:
         f4:42:81:73:e3:fe:f6:15:f1:18:b0:27:07:cc:ea:3a:ba:c7:
         17:be:ad:50:67:ac:e2:8d:0f:4a:cc:2a:1c:83:d5:4d:20:e5:
         92:fd:cc:84:30:52:b5:e2:2b:0d:5f:af:e7:78:b3:5c:81:44:
         b6:2a:1f:0f:8a:51:8c:b2:54:8c:a5:9a:02:31:50:e8:34:4a:
         57:63:1d:6a:7a:3d:2f:25:19:63:75:a8:9d:cd:44:37:de:c9:
         85:5a:f1:d0:81:dd:2e:27:1e:a5:03:77:fe:be:fb:e0:18:d9:
         49:63:bf:7d:23:cb:46:d8:04:58:58:bf:4c:27:81:95:28:a7:
         51:88:96:bc:1d:01:01:84:c1:48:37:30:1b:46:1f:84:f9:80:
         2f:54:75:ed:02:d6:f9:92:f2:31:b1:8c:1c:d8:04:da:d3:1d:
         73:60:2c:89:5c:6e:55:23:df:36:44:85:31:82:a2:df:34:ee:
         ef:87:fe:d1:b8:1e:4e:9e:a6:0f:0b:ff:8b:93:71:b0:c6:50:
         85:61:44:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgcVv89ZLXvG3dXUbBNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMTg1MzJiYWEyZmQ4NjU4M2EyNjNiYjFmYmNjYmM4MGQ0
MGQ5OTAwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODFhMTYzOTA4NThlZmRiOGJjY2EwZjRiMzk1OTkwY2FkMTFmZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsg4qlPeeUDtEoxMe5WqzLIYiSlf
Jyb1ePSJ2ZkH9DxsoKbhWNlR35vVE7gLjIpYT3SnWT1SOLKNc8J2d6jiDHIjqwAA
RlHhENneUCQUMpY/2zzgQnZxIZDT4B0B13NDRqGGRDY8bPaZqKKR0eswLHk7vY2F
Bwtcor5UMSjmlRSHi849Hw9p5P9dOhOnSnFKXUkkYrz3hGzb85ywp6pUvh19YJLP
yMYMFvrYt/2LxkKWZorJn02Z43cG/OlkOj/GNgtlVrHGqoKlnlgZBsT3VvA/IVO0
E11lvzEuWGDi+6F7+FTyagsNV1JfUZFIGCpZ0nZ49G+qYWVU1mXQvu9ydwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKgaFjkIWO/bi8yg9LOVmQytEf1WMB8GA1UdIwQY
MBaAFA0YUyuqL9hlg6Jjux+8y8gNQNmQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFJoVEs2b3YyR1dEb21PN0g3ekx5QTFBMlpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9iOGI1YmQtOGFkZi00M2VmLThhYmQt
MmIzYTE1OWNhMmVmLzEvcUJvV09RaFk3OXVMektEMHM1V1pESzBSX1ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9iOGI1YmQtOGFkZi00M2VmLThhYmQtMmIzYTE1OWNhMmVm
LzEvRFJoVEs2b3YyR1dEb21PN0g3ekx5QTFBMlpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHfPMA0G
CSqGSIb3DQEBCwUAA4IBAQA4SWpg0MqsKU5CZPRZk7CvJiVG9SC3zjvQ0zVaoMFg
9bFHJUZvCP0Mc9kehRwLNmWzZjrQipf0QoFz4/72FfEYsCcHzOo6uscXvq1QZ6zi
jQ9KzCocg9VNIOWS/cyEMFK14isNX6/neLNcgUS2Kh8PilGMslSMpZoCMVDoNEpX
Yx1qej0vJRljdaidzUQ33smFWvHQgd0uJx6lA3f+vvvgGNlJY799I8tG2ARYWL9M
J4GVKKdRiJa8HQEBhMFINzAbRh+E+YAvVHXtAtb5kvIxsYwc2ATa0x1zYCyJXG5V
I982RIUxgqLfNO7vh/7RuB5OnqYPC/+Lk3GwxlCFYURi
-----END CERTIFICATE-----