Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/KosHt1zS3quyrLprUVWCAEK66Uk.roa
File:                     KosHt1zS3quyrLprUVWCAEK66Uk.roa (raw, json)
Hash identifier:          RO/2XBJf+/aM0G0qqVIIpiyAnHfu2oJMz5inS+iD+t0=
Subject key identifier:   2A:8B:07:B7:5C:D2:DE:AB:B2:AC:BA:6B:51:55:82:00:42:BA:E9:49
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B99CE2FEE9A4C174FAA3BFD030384
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/KosHt1zS3quyrLprUVWCAEK66Uk.roa
Signing time:             Mon 01 Jan 2024 18:31:32 +0000
ROA not before:           Mon 01 Jan 2024 18:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209168
IP address blocks:        178.16.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:99:ce:2f:ee:9a:4c:17:4f:aa:3b:fd:03:03:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a8b07b75cd2deabb2acba6b5155820042bae949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e9:60:14:9b:09:31:61:31:71:f1:a0:94:a1:
                    9a:cc:54:4f:30:5a:6c:ca:d2:7e:5c:a8:9d:11:98:
                    03:13:ac:ed:13:12:0f:b4:cc:c0:00:fb:56:e6:73:
                    d7:8d:ab:31:50:91:fb:66:11:c1:a2:df:2f:ad:7b:
                    2b:d7:f9:4a:3f:be:ed:ea:35:94:72:02:c3:f6:be:
                    bd:70:d4:4c:d9:a2:3b:0a:1c:ff:ee:46:79:19:0d:
                    ab:54:0c:af:58:fa:8c:4a:e2:4b:ee:12:5f:35:c2:
                    02:1a:cb:bc:0b:5e:10:13:f1:00:f2:69:ea:ca:d5:
                    b7:92:ab:c6:bd:71:bf:ac:ae:fe:d3:c0:5d:e2:49:
                    8a:82:57:89:f8:d6:54:7b:f6:83:cc:93:90:27:f0:
                    5e:b9:8b:98:ed:91:23:8d:68:43:94:5e:0e:c7:b2:
                    61:78:4a:0c:89:b2:04:e5:98:0d:3b:88:7b:75:29:
                    c4:b6:93:e0:4b:f5:96:24:ba:95:3a:52:94:2a:38:
                    91:8b:7b:74:61:fb:e2:11:47:5b:e2:44:31:ff:b7:
                    26:c1:b3:c9:68:d3:af:40:0b:9a:7c:08:dd:ca:35:
                    9a:bb:f5:18:62:a2:31:2d:98:1d:2f:76:d5:cf:13:
                    ce:4c:c7:9e:cd:75:19:9c:b0:d5:e1:53:f7:7c:73:
                    15:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:8B:07:B7:5C:D2:DE:AB:B2:AC:BA:6B:51:55:82:00:42:BA:E9:49
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/KosHt1zS3quyrLprUVWCAEK66Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:d5:b2:c1:2b:7c:92:09:1a:8e:5d:5f:d3:8a:fd:48:ad:51:
         d6:93:8d:46:08:92:9e:8b:37:e8:ac:73:28:1d:e4:2b:cc:7e:
         da:ae:eb:9c:e3:6a:55:a1:ad:a1:79:b7:02:52:95:57:b8:63:
         79:37:d2:50:9d:4f:9d:92:12:e1:79:43:29:b5:b1:5a:30:3d:
         61:79:8e:02:86:10:70:2e:a3:2a:7e:50:84:d2:01:39:aa:8d:
         8b:0e:f4:9a:ed:8d:2c:ca:45:12:3f:8d:46:91:ef:98:b2:16:
         26:bd:58:3b:72:ff:df:f3:91:e9:a1:37:5f:ce:6d:c5:0c:87:
         01:2a:3a:5b:f8:47:fc:d3:ce:ee:96:70:de:7d:1b:b8:16:9a:
         fe:60:80:89:00:74:69:b4:ac:72:15:f2:3b:66:8a:53:a8:18:
         d0:4b:d6:0a:c8:23:ad:f8:33:c3:aa:fa:ce:69:91:88:dd:71:
         84:d6:35:a0:db:0d:77:a7:30:db:6f:d8:0f:60:a6:1f:79:f9:
         95:ff:26:67:18:1c:83:43:e0:cf:b0:8e:38:aa:9d:1a:81:6f:
         3d:bc:cb:e0:98:2e:16:f3:69:cc:bc:3b:e2:37:e1:69:d5:2b:
         e2:d9:11:90:ef:62:69:47:58:af:32:d1:3b:4a:9a:98:e4:59:
         c1:80:95:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5nOL+6aTBdPqjv9AwOEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYThiMDdiNzVjZDJkZWFiYjJhY2JhNmI1MTU1ODIwMDQyYmFlOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsulgFJsJMWExcfGglKGazFRPMFps
ytJ+XKidEZgDE6ztExIPtMzAAPtW5nPXjasxUJH7ZhHBot8vrXsr1/lKP77t6jWU
cgLD9r69cNRM2aI7Chz/7kZ5GQ2rVAyvWPqMSuJL7hJfNcICGsu8C14QE/EA8mnq
ytW3kqvGvXG/rK7+08Bd4kmKgleJ+NZUe/aDzJOQJ/BeuYuY7ZEjjWhDlF4Ox7Jh
eEoMibIE5ZgNO4h7dSnEtpPgS/WWJLqVOlKUKjiRi3t0YfviEUdb4kQx/7cmwbPJ
aNOvQAuafAjdyjWau/UYYqIxLZgdL3bVzxPOTMeezXUZnLDV4VP3fHMVbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqLB7dc0t6rsqy6a1FVggBCuulJMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvS29zSHQxelMzcXV5ckxwclVWV0NBRUs2NlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshB7MA0G
CSqGSIb3DQEBCwUAA4IBAQBs1bLBK3ySCRqOXV/Tiv1IrVHWk41GCJKeizforHMo
HeQrzH7aruuc42pVoa2hebcCUpVXuGN5N9JQnU+dkhLheUMptbFaMD1heY4ChhBw
LqMqflCE0gE5qo2LDvSa7Y0sykUSP41Gke+YshYmvVg7cv/f85HpoTdfzm3FDIcB
Kjpb+Ef8087ulnDefRu4Fpr+YICJAHRptKxyFfI7ZopTqBjQS9YKyCOt+DPDqvrO
aZGI3XGE1jWg2w13pzDbb9gPYKYfefmV/yZnGByDQ+DPsI44qp0agW89vMvgmC4W
82nMvDviN+Fp1Svi2RGQ72JpR1ivMtE7SpqY5FnBgJUi
-----END CERTIFICATE-----