Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/ah0f0m-kSEYTUPVJYljuuUURKSY.roa
File:                     ah0f0m-kSEYTUPVJYljuuUURKSY.roa (raw, json)
Hash identifier:          HsA0Sr/R5dawlKyUnh/WYDg8xlljyvkdnuMAjyeLXrk=
Subject key identifier:   6A:1D:1F:D2:6F:A4:48:46:13:50:F5:49:62:58:EE:B9:45:11:29:26
Certificate issuer:       /CN=10953e607670ff738eee6a6b577d8c8b2804e1e1
Certificate serial:       018CC7955ACDA343EEDBB7052B2689399212
Authority key identifier: 10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/ah0f0m-kSEYTUPVJYljuuUURKSY.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199639
IP address blocks:        176.124.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5a:cd:a3:43:ee:db:b7:05:2b:26:89:39:92:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10953e607670ff738eee6a6b577d8c8b2804e1e1
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a1d1fd26fa448461350f5496258eeb945112926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5a:39:7e:83:ff:1d:f3:31:ac:d2:48:48:a1:
                    23:1e:8c:c4:5d:c9:59:4e:12:0f:f9:2b:46:ea:08:
                    49:f7:0a:77:bf:c2:1d:fd:29:97:2d:4b:62:1b:1f:
                    95:ac:68:19:56:e3:1e:16:58:bb:ce:b9:98:92:c4:
                    bc:bd:fc:ac:f0:1d:76:d2:ba:f9:f2:06:b8:a7:bf:
                    3a:14:e2:5b:07:0f:52:29:7e:ed:4b:74:d5:69:c2:
                    5a:bc:e6:4d:45:81:da:b9:11:30:2f:de:80:4a:ec:
                    7e:6c:98:f4:22:4a:f4:8e:69:33:63:36:9f:f7:8c:
                    0b:43:fb:56:60:b8:0a:b5:82:ad:21:c7:83:81:b7:
                    06:59:49:66:b3:cc:5d:d9:e1:f3:52:a9:54:6f:1b:
                    22:4c:bf:48:02:a4:d6:ba:6b:e6:91:b9:1f:8c:ff:
                    08:2f:49:5f:79:f0:ba:21:bc:48:9e:67:1a:71:ea:
                    63:d6:5c:80:e8:7b:52:19:c9:2d:12:73:3d:1d:c8:
                    4c:b1:13:1a:1a:5b:e5:6d:10:85:46:cc:7c:0d:d8:
                    83:89:90:e4:94:4b:f4:94:d8:4b:66:fc:ab:75:a0:
                    43:eb:21:37:95:0d:2f:29:5b:5c:41:6b:77:20:56:
                    a1:57:37:c4:a1:35:a6:94:e9:91:79:9e:30:35:7f:
                    10:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:1D:1F:D2:6F:A4:48:46:13:50:F5:49:62:58:EE:B9:45:11:29:26
            X509v3 Authority Key Identifier:
                keyid:10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/ah0f0m-kSEYTUPVJYljuuUURKSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:de:d9:58:1e:8f:ec:6c:22:21:9b:a2:a1:e6:b7:6d:bd:79:
         9c:2a:dc:4f:16:32:e3:4b:4b:59:d3:0a:6e:71:e0:b2:81:b7:
         de:09:da:dd:11:c4:88:2b:4a:de:7e:81:5d:82:c8:94:8c:1f:
         7f:3c:01:7c:53:04:13:83:14:b5:de:ea:25:a3:9e:41:3f:62:
         69:9f:ae:fb:50:d8:0f:ce:2a:22:6e:b2:fc:95:37:d7:0b:f5:
         62:f5:60:7d:52:4d:8c:8e:90:83:7c:dc:37:8a:d0:b8:fa:1b:
         52:91:af:c0:1f:26:fa:b8:0c:39:da:b9:59:0e:21:44:23:d2:
         f7:f2:37:4e:8c:5c:b4:bc:9f:79:f3:8b:e7:a3:c1:87:8a:c6:
         5d:d3:fd:34:bc:3a:da:10:33:0a:67:bb:51:84:f9:f7:26:42:
         ca:84:63:fb:10:57:00:61:1a:30:40:34:82:44:e8:5d:99:f7:
         96:c0:95:87:fd:2e:f0:f3:9b:a0:27:5e:a7:51:ef:28:95:d9:
         eb:35:b2:63:39:87:21:4a:c6:a9:82:91:e3:b6:04:38:83:10:
         12:73:f4:3e:d8:68:df:78:03:0c:76:66:4b:92:bf:c9:ea:6b:
         0d:16:65:8d:bf:f8:3e:7f:9e:ef:45:ab:d5:97:7b:c7:5e:bf:
         9c:a3:cc:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVrNo0Pu27cFKyaJOZISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwOTUzZTYwNzY3MGZmNzM4ZWVlNmE2YjU3N2Q4YzhiMjgw
NGUxZTEwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTFkMWZkMjZmYTQ0ODQ2MTM1MGY1NDk2MjU4ZWViOTQ1MTEyOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFo5foP/HfMxrNJISKEjHozEXclZ
ThIP+StG6ghJ9wp3v8Id/SmXLUtiGx+VrGgZVuMeFli7zrmYksS8vfys8B120rr5
8ga4p786FOJbBw9SKX7tS3TVacJavOZNRYHauREwL96ASux+bJj0Ikr0jmkzYzaf
94wLQ/tWYLgKtYKtIceDgbcGWUlms8xd2eHzUqlUbxsiTL9IAqTWumvmkbkfjP8I
L0lfefC6IbxInmcacepj1lyA6HtSGcktEnM9HchMsRMaGlvlbRCFRsx8DdiDiZDk
lEv0lNhLZvyrdaBD6yE3lQ0vKVtcQWt3IFahVzfEoTWmlOmReZ4wNX8QpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGodH9JvpEhGE1D1SWJY7rlFESkmMB8GA1UdIwQY
MBaAFBCVPmB2cP9zju5qa1d9jIsoBOHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUpVLVlIWndfM09PN21wclYzMk1peWdFNGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9hOTkzNTUtMmQwMS00ZGE1LThlNzMt
MWJjNTUyYzAwZGQ3LzEvYWgwZjBtLWtTRVlUVVBWSllsanV1VVVSS1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9hOTkzNTUtMmQwMS00ZGE1LThlNzMtMWJjNTUyYzAwZGQ3
LzEvRUpVLVlIWndfM09PN21wclYzMk1peWdFNGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHzgMA0G
CSqGSIb3DQEBCwUAA4IBAQBN3tlYHo/sbCIhm6Kh5rdtvXmcKtxPFjLjS0tZ0wpu
ceCygbfeCdrdEcSIK0refoFdgsiUjB9/PAF8UwQTgxS13uolo55BP2Jpn677UNgP
zioibrL8lTfXC/Vi9WB9Uk2MjpCDfNw3itC4+htSka/AHyb6uAw52rlZDiFEI9L3
8jdOjFy0vJ9584vno8GHisZd0/00vDraEDMKZ7tRhPn3JkLKhGP7EFcAYRowQDSC
ROhdmfeWwJWH/S7w85ugJ16nUe8oldnrNbJjOYchSsapgpHjtgQ4gxASc/Q+2Gjf
eAMMdmZLkr/J6msNFmWNv/g+f57vRavVl3vHXr+co8yn
-----END CERTIFICATE-----