Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/jZEeN2dD7zXNwcTRESJFU4B37E8.roa
File:                     jZEeN2dD7zXNwcTRESJFU4B37E8.roa (raw, json)
Hash identifier:          M+vv7jI0tG+bw2xMDomp0pBPfDPRqBlcu8CdqZPNxhc=
Subject key identifier:   8D:91:1E:37:67:43:EF:35:CD:C1:C4:D1:11:22:45:53:80:77:EC:4F
Certificate issuer:       /CN=550d4c571d8bfbfdd8fa3a170f99fb3afab411d1
Certificate serial:       018CC3B6FE80337671D2E76E9D7725FA1B0E
Authority key identifier: 55:0D:4C:57:1D:8B:FB:FD:D8:FA:3A:17:0F:99:FB:3A:FA:B4:11:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/jZEeN2dD7zXNwcTRESJFU4B37E8.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209271
IP address blocks:        176.119.220.0/24 maxlen: 24
                          2a0a:ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fe:80:33:76:71:d2:e7:6e:9d:77:25:fa:1b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=550d4c571d8bfbfdd8fa3a170f99fb3afab411d1
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d911e376743ef35cdc1c4d1112245538077ec4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:16:7f:d7:df:ea:0f:10:fe:8e:e1:c1:c9:12:
                    2c:4d:5e:f5:59:d6:6b:84:df:a9:d3:d4:9a:6c:dd:
                    a9:fc:25:35:f7:54:3d:dc:f0:a2:cb:e9:8f:54:5f:
                    d2:66:b5:44:d7:33:1e:e8:48:4d:f2:f8:16:5b:86:
                    61:e1:f0:d0:34:81:a1:14:93:21:d8:51:48:4b:56:
                    b6:92:2a:9f:e1:68:02:28:55:5d:2c:07:94:1a:d2:
                    aa:8b:c0:6e:6b:5f:ff:da:0c:8e:c7:e1:76:76:f8:
                    2b:b7:67:e6:e2:83:f1:05:7c:a1:b4:66:73:7b:f3:
                    fe:7a:20:78:c2:ad:05:ff:d8:b2:09:76:99:e7:f6:
                    1c:ed:b0:3e:03:7e:a2:9a:09:bf:86:d0:bf:3d:d5:
                    df:a3:be:f4:43:2b:7e:47:7e:de:40:53:e2:ce:c2:
                    43:d4:9d:21:84:ea:34:d8:a3:2e:82:f2:24:b5:c4:
                    3e:3e:5d:34:4d:fd:46:29:2c:df:32:49:d0:a2:c8:
                    45:c3:96:39:a4:2b:74:c8:59:c5:4b:c8:81:69:e8:
                    2a:f3:7f:99:23:92:46:35:8d:2a:92:cd:32:e3:e5:
                    c9:55:bb:f2:db:1e:53:20:ef:a7:8b:60:18:c9:88:
                    0c:8d:ad:d2:99:50:11:7d:d6:7a:d3:d8:a0:f6:68:
                    4c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:91:1E:37:67:43:EF:35:CD:C1:C4:D1:11:22:45:53:80:77:EC:4F
            X509v3 Authority Key Identifier:
                keyid:55:0D:4C:57:1D:8B:FB:FD:D8:FA:3A:17:0F:99:FB:3A:FA:B4:11:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/jZEeN2dD7zXNwcTRESJFU4B37E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.220.0/24
                IPv6:
                  2a0a:ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:1f:c6:d6:87:9f:71:fc:7a:14:8b:23:f9:89:d5:d0:72:70:
         76:5c:1a:15:5d:e0:b5:44:ad:b6:35:47:52:78:85:ae:3d:bc:
         dd:4c:b9:ec:d6:09:96:84:78:00:1a:b5:3a:32:af:54:94:cd:
         83:1e:bb:36:cb:cf:58:7f:4d:6a:a5:9b:bb:97:12:f3:3a:6b:
         b4:58:f3:77:0c:a2:99:7c:cf:55:60:0f:13:73:2d:38:78:74:
         3a:7b:b9:20:46:21:01:72:60:ea:22:77:fd:54:2d:47:73:52:
         c7:79:71:92:8d:c7:23:8f:94:19:68:57:9c:59:b0:a8:81:40:
         c0:e7:43:dd:83:c1:38:b3:c1:d4:84:1c:b8:15:b2:8d:c9:d7:
         b7:c9:61:d0:c5:83:6a:17:7a:8e:b9:78:9c:41:56:e7:a7:12:
         c9:a1:e3:2b:e9:45:84:5d:20:d1:53:24:24:17:dd:e5:1a:15:
         9f:38:86:e0:42:e3:f2:f2:e2:71:9b:05:7b:4f:cc:79:c8:f5:
         ec:39:55:b5:64:ad:79:51:c2:7e:a5:da:40:50:54:f4:00:0e:
         76:0a:9d:c9:7c:0d:48:71:14:3e:aa:50:fc:82:1b:dd:13:c0:
         7f:d9:3f:d2:37:73:4d:d4:94:36:35:0d:12:4c:15:14:54:fd:
         3b:4c:52:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtv6AM3Zx0udunXcl+hsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MGQ0YzU3MWQ4YmZiZmRkOGZhM2ExNzBmOTlmYjNhZmFi
NDExZDEwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDkxMWUzNzY3NDNlZjM1Y2RjMWM0ZDExMTIyNDU1MzgwNzdlYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBZ/19/qDxD+juHByRIsTV71WdZr
hN+p09SabN2p/CU191Q93PCiy+mPVF/SZrVE1zMe6EhN8vgWW4Zh4fDQNIGhFJMh
2FFIS1a2kiqf4WgCKFVdLAeUGtKqi8Bua1//2gyOx+F2dvgrt2fm4oPxBXyhtGZz
e/P+eiB4wq0F/9iyCXaZ5/Yc7bA+A36imgm/htC/PdXfo770Qyt+R37eQFPizsJD
1J0hhOo02KMugvIktcQ+Pl00Tf1GKSzfMknQoshFw5Y5pCt0yFnFS8iBaegq83+Z
I5JGNY0qks0y4+XJVbvy2x5TIO+ni2AYyYgMja3SmVARfdZ609ig9mhMWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI2RHjdnQ+81zcHE0REiRVOAd+xPMB8GA1UdIwQY
MBaAFFUNTFcdi/v92Po6Fw+Z+zr6tBHRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlExTVZ4MkwtXzNZLWpvWEQ1bjdPdnEwRWRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81N2NkNTYtN2JlYy00MGYxLWJmNzIt
M2Q0NmNhZjU1NzM4LzEvalpFZU4yZEQ3elhOd2NUUkVTSkZVNEIzN0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81N2NkNTYtN2JlYy00MGYxLWJmNzItM2Q0NmNhZjU1NzM4
LzEvVlExTVZ4MkwtXzNZLWpvWEQ1bjdPdnEwRWRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAsHfcMA0E
AgACMAcDBQMqCgrAMA0GCSqGSIb3DQEBCwUAA4IBAQCOH8bWh59x/HoUiyP5idXQ
cnB2XBoVXeC1RK22NUdSeIWuPbzdTLns1gmWhHgAGrU6Mq9UlM2DHrs2y89Yf01q
pZu7lxLzOmu0WPN3DKKZfM9VYA8Tcy04eHQ6e7kgRiEBcmDqInf9VC1Hc1LHeXGS
jccjj5QZaFecWbCogUDA50Pdg8E4s8HUhBy4FbKNyde3yWHQxYNqF3qOuXicQVbn
pxLJoeMr6UWEXSDRUyQkF93lGhWfOIbgQuPy8uJxmwV7T8x5yPXsOVW1ZK15UcJ+
pdpAUFT0AA52Cp3JfA1IcRQ+qlD8ghvdE8B/2T/SN3NN1JQ2NQ0STBUUVP07TFKb
-----END CERTIFICATE-----