Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/iB6BOtRxqmNSbPKP2m0u4BXkSHQ.roa
File:                     iB6BOtRxqmNSbPKP2m0u4BXkSHQ.roa (raw, json)
Hash identifier:          F5EFoHRK5hrjejLFZqxEoxwj2xHQOI2Ex8G+Q+QWnOM=
Subject key identifier:   88:1E:81:3A:D4:71:AA:63:52:6C:F2:8F:DA:6D:2E:E0:15:E4:48:74
Certificate issuer:       /CN=51618df006d548d1d87ed6419550662db6fc0606
Certificate serial:       018CC3B6DE8253EC6FE9E52E01717D512C04
Authority key identifier: 51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/iB6BOtRxqmNSbPKP2m0u4BXkSHQ.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211240
IP address blocks:        176.116.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:de:82:53:ec:6f:e9:e5:2e:01:71:7d:51:2c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51618df006d548d1d87ed6419550662db6fc0606
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=881e813ad471aa63526cf28fda6d2ee015e44874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:91:7c:3d:11:f3:99:62:46:90:2a:d6:4f:4d:
                    45:bc:0c:6a:f2:02:70:2e:89:71:ce:19:6a:2d:a5:
                    35:6b:0f:ab:45:b4:c4:22:2a:4b:b8:16:05:35:07:
                    0c:fc:c9:8e:91:6d:4e:06:1c:c1:54:94:d5:96:c8:
                    c0:0a:cd:bb:6c:2e:e1:b0:79:70:a0:ad:bc:1b:4c:
                    33:e4:30:1a:ab:66:6d:54:e0:b4:5d:99:87:be:b8:
                    b0:d7:36:96:9b:d7:46:9b:e8:63:69:25:b9:8d:f2:
                    d2:77:9f:b1:db:9f:67:c9:d0:3b:d8:e0:49:85:a0:
                    4c:86:b7:f0:6c:f4:8a:f3:a9:e1:94:db:99:51:04:
                    75:15:79:2e:98:12:4c:1e:5e:17:bb:03:e8:6e:84:
                    f4:b6:bc:67:63:67:ac:8b:6c:ba:c3:32:30:01:70:
                    a3:b6:01:0f:70:67:ee:f3:b8:9e:7a:19:94:a9:de:
                    4d:b2:0b:1f:f6:49:61:6a:14:01:62:a3:0a:08:07:
                    5e:c7:74:14:b5:ed:c6:e7:ab:a7:c1:7a:8b:92:36:
                    d2:d6:20:e0:82:dc:41:f8:95:76:c2:9d:63:f6:ad:
                    a2:aa:0b:5f:eb:12:22:24:fc:9e:07:23:4b:bb:f6:
                    28:eb:41:4c:06:82:b1:aa:d0:0f:f7:00:28:8d:f9:
                    2c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:1E:81:3A:D4:71:AA:63:52:6C:F2:8F:DA:6D:2E:E0:15:E4:48:74
            X509v3 Authority Key Identifier:
                keyid:51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/iB6BOtRxqmNSbPKP2m0u4BXkSHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f7:0d:79:06:fa:fb:eb:0e:11:ef:49:36:49:45:f3:99:bd:
         f6:9e:36:32:38:38:a7:90:9e:31:14:54:93:f7:c8:eb:aa:91:
         dd:28:97:18:c5:64:da:d0:b1:95:b4:89:ca:dc:89:92:69:f7:
         0c:69:92:e4:a6:37:72:63:30:21:6b:d3:2d:f8:b5:b2:b6:78:
         4a:40:4d:bd:1e:60:72:69:e9:da:4f:e3:d5:f9:d9:4e:73:76:
         97:e0:1c:dd:9d:a0:88:95:81:b0:2c:ba:69:9c:96:83:6c:68:
         32:9c:00:6e:6e:98:f1:62:30:57:9e:29:c0:c0:e9:be:88:b6:
         bf:22:75:32:62:8c:93:f7:ac:4d:bd:cd:a2:9a:01:eb:35:b4:
         0c:1b:de:23:ce:44:e7:3d:14:13:46:ca:73:4e:09:6c:56:87:
         34:ca:6d:13:6a:a4:b8:28:0b:20:43:d3:96:fb:ee:6e:01:1f:
         9a:e6:77:21:58:6b:24:e4:f7:f7:ea:11:cb:be:41:d5:f2:28:
         c7:69:fc:50:65:ae:8d:e5:81:31:8b:0c:c3:b2:b2:13:77:ec:
         75:81:f4:ad:44:ac:0d:8f:8b:b3:74:42:c6:ee:c1:0c:75:89:
         f8:c7:10:c7:b2:d3:4d:31:15:84:45:e7:06:e2:c5:52:4e:67:
         6c:23:10:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt6CU+xv6eUuAXF9USwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNjE4ZGYwMDZkNTQ4ZDFkODdlZDY0MTk1NTA2NjJkYjZm
YzA2MDYwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODFlODEzYWQ0NzFhYTYzNTI2Y2YyOGZkYTZkMmVlMDE1ZTQ0ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopF8PRHzmWJGkCrWT01FvAxq8gJw
LolxzhlqLaU1aw+rRbTEIipLuBYFNQcM/MmOkW1OBhzBVJTVlsjACs27bC7hsHlw
oK28G0wz5DAaq2ZtVOC0XZmHvriw1zaWm9dGm+hjaSW5jfLSd5+x259nydA72OBJ
haBMhrfwbPSK86nhlNuZUQR1FXkumBJMHl4XuwPoboT0trxnY2esi2y6wzIwAXCj
tgEPcGfu87ieehmUqd5Nsgsf9klhahQBYqMKCAdex3QUte3G56unwXqLkjbS1iDg
gtxB+JV2wp1j9q2iqgtf6xIiJPyeByNLu/Yo60FMBoKxqtAP9wAojfks8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgegTrUcapjUmzyj9ptLuAV5Eh0MB8GA1UdIwQY
MBaAFFFhjfAG1UjR2H7WQZVQZi22/AYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEt
MzE3YzJmYjBhMzViLzEvaUI2Qk90UnhxbU5TYlBLUDJtMHU0QlhrU0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEtMzE3YzJmYjBhMzVi
LzEvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHSwMA0G
CSqGSIb3DQEBCwUAA4IBAQBD9w15Bvr76w4R70k2SUXzmb32njYyODinkJ4xFFST
98jrqpHdKJcYxWTa0LGVtInK3ImSafcMaZLkpjdyYzAha9Mt+LWytnhKQE29HmBy
aenaT+PV+dlOc3aX4BzdnaCIlYGwLLppnJaDbGgynABubpjxYjBXninAwOm+iLa/
InUyYoyT96xNvc2imgHrNbQMG94jzkTnPRQTRspzTglsVoc0ym0TaqS4KAsgQ9OW
++5uAR+a5nchWGsk5Pf36hHLvkHV8ijHafxQZa6N5YExiwzDsrITd+x1gfStRKwN
j4uzdELG7sEMdYn4xxDHstNNMRWERecG4sVSTmdsIxCe
-----END CERTIFICATE-----