Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/__aIy9ZzV2fNlUpi3s_6Vi-FohY.roa
File:                     __aIy9ZzV2fNlUpi3s_6Vi-FohY.roa (raw, json)
Hash identifier:          bfjFf6F8IOP5N3vg42KoPPSZtq+6T6zWS6Vm2lF2f0Y=
Subject key identifier:   FF:F6:88:CB:D6:73:57:67:CD:95:4A:62:DE:CF:FA:56:2F:85:A2:16
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DAD6391A50A1AA456D4624DC7D31B
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/__aIy9ZzV2fNlUpi3s_6Vi-FohY.roa
Signing time:             Tue 02 Jan 2024 08:32:40 +0000
ROA not before:           Tue 02 Jan 2024 08:32:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50564
IP address blocks:        176.227.156.0/24 maxlen: 24
                          178.156.77.0/24 maxlen: 24
                          86.104.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ad:63:91:a5:0a:1a:a4:56:d4:62:4d:c7:d3:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fff688cbd6735767cd954a62decffa562f85a216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:95:3a:d6:af:41:39:a7:1c:b8:18:fa:d5:ab:
                    c6:a3:84:02:cd:b3:0d:8b:14:b5:fe:74:a3:ca:d5:
                    dd:1e:79:66:f9:9f:41:45:33:90:f5:21:e5:ae:65:
                    68:9a:1a:63:6f:20:e4:18:e1:21:34:96:28:ad:cf:
                    d5:d0:2c:ac:2f:ea:c7:35:a3:76:51:e7:2d:df:1d:
                    57:27:4f:9f:41:e4:e6:e4:a8:34:44:be:68:45:35:
                    59:c6:59:6a:7e:e6:a4:e3:0e:7c:7f:8e:65:96:78:
                    56:a6:bb:93:45:dc:19:6e:2a:ed:8b:ee:f6:9e:c5:
                    8b:67:25:ff:17:dc:92:b0:1b:b5:96:ca:92:02:f6:
                    40:b3:77:d5:7f:72:e4:86:40:6b:d5:58:92:3b:03:
                    a5:96:3f:6d:f4:a7:63:e2:c2:9d:a4:98:b2:f6:f8:
                    6f:c5:b6:0a:7f:28:71:a9:cb:24:bd:9c:cd:0a:bf:
                    bc:cb:84:4b:8d:a7:24:2b:7e:da:c1:a3:2e:65:50:
                    d2:65:ab:5c:7c:7f:82:fd:97:2f:d6:38:7c:18:b8:
                    25:40:9e:b3:3d:46:15:92:16:12:cd:cd:12:50:dd:
                    5e:53:87:e0:87:ad:c6:23:14:99:19:ed:bc:09:50:
                    f0:53:58:7a:7c:11:f2:23:72:f6:e4:29:25:34:81:
                    86:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F6:88:CB:D6:73:57:67:CD:95:4A:62:DE:CF:FA:56:2F:85:A2:16
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/__aIy9ZzV2fNlUpi3s_6Vi-FohY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.25.0/24
                  176.227.156.0/24
                  178.156.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:79:ba:a5:a6:4e:50:2a:e7:51:b5:ef:fc:ed:f2:f7:b7:66:
         3b:5b:37:52:9e:6d:8f:e8:c4:30:bb:83:a6:98:86:4f:9b:7d:
         a8:ad:2f:ee:bc:3d:b9:dd:16:73:07:47:a0:9b:41:68:d1:ee:
         65:66:2a:1f:d2:09:fb:8f:e9:8a:a8:f8:8e:39:8f:1a:a6:0a:
         82:9f:58:36:b7:e1:57:ed:1a:7c:0a:40:db:0b:72:43:1a:43:
         0b:4b:20:80:a1:af:e7:4b:16:10:5c:a7:f3:68:bd:a8:e0:0b:
         4a:3b:e2:cc:f2:02:d6:f6:e3:8f:c9:be:ff:b2:25:55:09:a4:
         ff:71:68:57:79:6f:d8:e8:ec:ef:9e:0e:a5:6c:ab:21:cd:1f:
         49:4b:16:58:06:6e:f1:d4:9f:8d:bb:27:48:bd:5e:e3:7b:86:
         35:60:5f:d3:39:c6:32:11:10:45:a2:4e:a2:a1:55:10:f9:10:
         43:29:78:c4:b3:a1:ef:87:20:78:bf:ea:c6:1f:f5:fe:ce:ad:
         83:33:17:72:6c:8c:a2:2c:b8:ad:f7:56:9f:fa:74:d3:82:6a:
         39:49:03:10:6f:26:5b:f4:e3:98:af:e6:4c:83:4f:87:9d:f2:
         b3:36:9d:14:43:e8:74:f1:63:9b:8b:00:50:c5:4c:c6:5b:c2:
         46:36:e7:39
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTa1jkaUKGqRW1GJNx9MbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmY2ODhjYmQ2NzM1NzY3Y2Q5NTRhNjJkZWNmZmE1NjJmODVhMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJU61q9BOaccuBj61avGo4QCzbMN
ixS1/nSjytXdHnlm+Z9BRTOQ9SHlrmVomhpjbyDkGOEhNJYorc/V0CysL+rHNaN2
Uect3x1XJ0+fQeTm5Kg0RL5oRTVZxllqfuak4w58f45llnhWpruTRdwZbirti+72
nsWLZyX/F9ySsBu1lsqSAvZAs3fVf3LkhkBr1ViSOwOllj9t9Kdj4sKdpJiy9vhv
xbYKfyhxqcskvZzNCr+8y4RLjackK37awaMuZVDSZatcfH+C/Zcv1jh8GLglQJ6z
PUYVkhYSzc0SUN1eU4fgh63GIxSZGe28CVDwU1h6fBHyI3L25CklNIGGNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP/2iMvWc1dnzZVKYt7P+lYvhaIWMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvX19hSXk5WnpWMmZObFVwaTNzXzZWaS1Gb2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVmgZAwQA
sOOcAwQAspxNMA0GCSqGSIb3DQEBCwUAA4IBAQDBebqlpk5QKudRte/87fL3t2Y7
WzdSnm2P6MQwu4OmmIZPm32orS/uvD253RZzB0egm0Fo0e5lZiof0gn7j+mKqPiO
OY8apgqCn1g2t+FX7Rp8CkDbC3JDGkMLSyCAoa/nSxYQXKfzaL2o4AtKO+LM8gLW
9uOPyb7/siVVCaT/cWhXeW/Y6Ozvng6lbKshzR9JSxZYBm7x1J+NuydIvV7je4Y1
YF/TOcYyERBFok6ioVUQ+RBDKXjEs6HvhyB4v+rGH/X+zq2DMxdybIyiLLit91af
+nTTgmo5SQMQbyZb9OOYr+ZMg0+HnfKzNp0UQ+h08WObiwBQxUzGW8JGNuc5
-----END CERTIFICATE-----