Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/iW9kW8UbpTV7BsB9C1Di98TNmgg.roa
File:                     iW9kW8UbpTV7BsB9C1Di98TNmgg.roa (raw, json)
Hash identifier:          /EaLoE9i4EHXR/xLAclo+pMD7kw11f86gOPIzWXYQWg=
Subject key identifier:   89:6F:64:5B:C5:1B:A5:35:7B:06:C0:7D:0B:50:E2:F7:C4:CD:9A:08
Certificate issuer:       /CN=64dfe26d403141be9059ab2144325b402d4cab7d
Certificate serial:       018D37EA8099DB20A1D8F08FC6A1099110DC
Authority key identifier: 64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/iW9kW8UbpTV7BsB9C1Di98TNmgg.roa
Signing time:             Tue 23 Jan 2024 20:02:11 +0000
ROA not before:           Tue 23 Jan 2024 20:02:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57000
IP address blocks:        176.241.84.0/24 maxlen: 24
                          176.241.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:37:ea:80:99:db:20:a1:d8:f0:8f:c6:a1:09:91:10:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64dfe26d403141be9059ab2144325b402d4cab7d
        Validity
            Not Before: Jan 23 20:02:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=896f645bc51ba5357b06c07d0b50e2f7c4cd9a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:27:89:5b:30:b6:04:c4:a6:ac:d3:0e:59:be:
                    f6:7f:cf:0c:73:47:47:5e:a3:f7:1a:fb:e7:1b:df:
                    89:31:e8:3b:8c:3b:da:c9:20:c4:85:86:4b:8b:ed:
                    eb:1d:26:41:14:8e:2a:dd:7e:49:a9:5d:e9:de:4f:
                    98:29:22:9c:cf:ca:ae:1d:e6:9d:35:fa:6b:95:49:
                    b0:a0:33:4b:13:92:ae:88:34:f2:ae:3b:19:05:49:
                    38:ec:24:03:ad:92:72:49:76:db:d7:8a:ed:50:0e:
                    d2:55:ab:0b:9f:3c:24:5b:7c:b3:b0:97:9e:d7:57:
                    6d:35:dc:78:af:f8:58:30:48:3e:5a:a3:7d:90:af:
                    99:20:14:48:e4:4a:50:ab:f0:3a:15:83:bf:f2:2a:
                    2b:06:65:39:14:a7:83:18:d7:be:d3:66:93:17:8b:
                    26:17:f1:cd:8e:e6:9c:f1:c2:09:5a:54:af:05:c6:
                    03:42:86:1e:33:83:d9:a8:c8:64:88:22:9a:e2:6d:
                    71:48:f5:89:34:52:9f:88:93:52:22:c3:5a:e0:23:
                    ff:62:ad:43:89:88:e6:54:48:17:ab:2e:54:b6:f5:
                    01:ed:ec:8d:de:75:07:b9:85:c6:a0:2d:0a:4a:78:
                    e9:c3:d7:61:fd:0a:79:90:63:7c:0e:0a:e3:fd:ed:
                    af:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:6F:64:5B:C5:1B:A5:35:7B:06:C0:7D:0B:50:E2:F7:C4:CD:9A:08
            X509v3 Authority Key Identifier:
                keyid:64:DF:E2:6D:40:31:41:BE:90:59:AB:21:44:32:5B:40:2D:4C:AB:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZN_ibUAxQb6QWashRDJbQC1Mq30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/iW9kW8UbpTV7BsB9C1Di98TNmgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/5d6255-65c9-4bfa-b9d7-f657519d0233/1/ZN_ibUAxQb6QWashRDJbQC1Mq30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.241.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:28:80:07:e0:1b:34:03:c0:cb:ed:8a:de:f3:93:50:8a:fd:
         06:27:9f:b9:d6:4a:06:e7:31:30:26:dc:c8:7d:90:30:07:7e:
         0e:52:3f:8a:20:3d:cc:b5:cc:9f:7c:bf:4b:0d:26:d6:7b:c2:
         71:36:e2:da:c5:bd:20:1c:0a:95:ca:c5:26:44:5f:25:dc:90:
         c4:4a:d8:e1:da:ff:98:11:e5:ed:73:d9:14:33:08:f9:27:10:
         6b:bd:c9:c0:3a:aa:0c:20:d9:5c:36:1e:0d:d8:00:bb:e8:54:
         2d:06:10:05:5c:7b:d9:d6:79:8d:49:5f:e1:7f:f3:75:67:20:
         03:42:4a:2a:c1:b4:60:27:26:4e:2e:bc:3e:1a:d2:5e:36:a9:
         ec:2e:50:45:ed:42:8d:ad:4a:f2:97:9b:39:76:7c:1e:79:49:
         e9:d0:1a:43:dc:32:ff:1c:25:ab:e7:c1:d2:46:36:c0:ce:86:
         fc:b8:73:5c:28:47:ce:7e:98:3a:8b:b2:76:e4:4a:fa:b6:86:
         97:6b:f0:aa:a6:4b:67:e6:26:a6:38:f6:2d:66:3d:b4:3b:73:
         98:5b:04:30:cd:1a:5d:d9:ea:b6:86:b7:df:8a:b4:b4:6e:cf:
         90:62:de:43:d6:b9:9b:83:d0:2e:40:2b:79:90:59:ba:16:e2:
         43:02:21:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY036oCZ2yCh2PCPxqEJkRDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZGZlMjZkNDAzMTQxYmU5MDU5YWIyMTQ0MzI1YjQwMmQ0
Y2FiN2QwHhcNMjQwMTIzMjAwMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTZmNjQ1YmM1MWJhNTM1N2IwNmMwN2QwYjUwZTJmN2M0Y2Q5YTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ieJWzC2BMSmrNMOWb72f88Mc0dH
XqP3GvvnG9+JMeg7jDvaySDEhYZLi+3rHSZBFI4q3X5JqV3p3k+YKSKcz8quHead
NfprlUmwoDNLE5KuiDTyrjsZBUk47CQDrZJySXbb14rtUA7SVasLnzwkW3yzsJee
11dtNdx4r/hYMEg+WqN9kK+ZIBRI5EpQq/A6FYO/8iorBmU5FKeDGNe+02aTF4sm
F/HNjuac8cIJWlSvBcYDQoYeM4PZqMhkiCKa4m1xSPWJNFKfiJNSIsNa4CP/Yq1D
iYjmVEgXqy5UtvUB7eyN3nUHuYXGoC0KSnjpw9dh/Qp5kGN8Dgrj/e2vhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlvZFvFG6U1ewbAfQtQ4vfEzZoIMB8GA1UdIwQY
MBaAFGTf4m1AMUG+kFmrIUQyW0AtTKt9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDct
ZjY1NzUxOWQwMjMzLzEvaVc5a1c4VWJwVFY3QnNCOUMxRGk5OFRObWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81ZDYyNTUtNjVjOS00YmZhLWI5ZDctZjY1NzUxOWQwMjMz
LzEvWk5faWJVQXhRYjZRV2FzaFJESmJRQzFNcTMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsPFUMA0G
CSqGSIb3DQEBCwUAA4IBAQCpKIAH4Bs0A8DL7Yre85NQiv0GJ5+51koG5zEwJtzI
fZAwB34OUj+KID3MtcyffL9LDSbWe8JxNuLaxb0gHAqVysUmRF8l3JDEStjh2v+Y
EeXtc9kUMwj5JxBrvcnAOqoMINlcNh4N2AC76FQtBhAFXHvZ1nmNSV/hf/N1ZyAD
QkoqwbRgJyZOLrw+GtJeNqnsLlBF7UKNrUryl5s5dnweeUnp0BpD3DL/HCWr58HS
RjbAzob8uHNcKEfOfpg6i7J25Er6toaXa/Cqpktn5iamOPYtZj20O3OYWwQwzRpd
2eq2hrffirS0bs+QYt5D1rmbg9AuQCt5kFm6FuJDAiEg
-----END CERTIFICATE-----