Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/pVoin0dqnSsIXH71C3RgEbSsteI.roa
File:                     pVoin0dqnSsIXH71C3RgEbSsteI.roa (raw, json)
Hash identifier:          oAM/KHOm7I9YXFA3GIvyYxk+DZNOqTkdR9yp+94edoc=
Subject key identifier:   A5:5A:22:9F:47:6A:9D:2B:08:5C:7E:F5:0B:74:60:11:B4:AC:B5:E2
Certificate issuer:       /CN=a6b789b32e16e9dd2f70513119dc77ea61ff1e09
Certificate serial:       018CC6B7BDC60E4A4D29878D4F53CAC57C04
Authority key identifier: A6:B7:89:B3:2E:16:E9:DD:2F:70:51:31:19:DC:77:EA:61:FF:1E:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/pVoin0dqnSsIXH71C3RgEbSsteI.roa
Signing time:             Mon 01 Jan 2024 20:29:39 +0000
ROA not before:           Mon 01 Jan 2024 20:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25236
IP address blocks:        176.111.50.0/24 maxlen: 24
                          147.78.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:bd:c6:0e:4a:4d:29:87:8d:4f:53:ca:c5:7c:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6b789b32e16e9dd2f70513119dc77ea61ff1e09
        Validity
            Not Before: Jan  1 20:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a55a229f476a9d2b085c7ef50b746011b4acb5e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e4:85:c8:ca:98:40:57:b7:69:f6:7b:6b:c5:
                    fc:b5:73:7d:c0:bd:71:f0:22:b0:82:14:73:fe:24:
                    4d:e6:65:b6:96:9d:b6:06:7b:15:7d:7a:29:32:64:
                    db:3d:e3:72:ed:77:a1:6f:ec:0c:bb:a6:30:8a:8e:
                    66:3b:dc:2a:ba:af:41:88:7f:92:70:df:45:e9:b9:
                    57:7d:53:3e:14:32:1b:57:dd:a4:73:49:0a:5f:f5:
                    04:17:1a:42:2f:82:11:d8:8c:8d:ee:72:36:ec:69:
                    a5:9e:49:3f:42:f5:9e:9c:d9:cb:11:a6:37:e7:c2:
                    57:86:44:d0:c9:2a:8b:78:bc:a3:6e:df:83:0a:79:
                    72:23:01:eb:ae:d3:5d:aa:ed:a2:8f:91:1f:d2:d4:
                    5d:8d:9b:5a:fc:48:d9:72:96:e3:8c:0f:34:24:a8:
                    c0:e6:79:e6:d2:c6:bb:5f:57:f5:b0:0d:83:1d:f4:
                    10:46:14:16:fa:ca:d2:c1:c0:b5:91:69:f9:c5:81:
                    7d:3b:18:ed:fb:18:83:71:49:4e:c2:bd:49:88:84:
                    48:5c:8f:1e:b8:4a:55:d0:fe:49:1e:89:bf:7b:b1:
                    ca:6d:1e:81:d9:30:5a:b9:f9:1c:18:23:40:c9:16:
                    fd:f8:fc:c8:ff:e7:ed:34:94:a6:d8:5e:db:93:ba:
                    91:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:5A:22:9F:47:6A:9D:2B:08:5C:7E:F5:0B:74:60:11:B4:AC:B5:E2
            X509v3 Authority Key Identifier:
                keyid:A6:B7:89:B3:2E:16:E9:DD:2F:70:51:31:19:DC:77:EA:61:FF:1E:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/preJsy4W6d0vcFExGdx36mH_Hgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/pVoin0dqnSsIXH71C3RgEbSsteI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e768bd-f512-4b8a-936a-06c9296f08a2/1/preJsy4W6d0vcFExGdx36mH_Hgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.117.0/24
                  176.111.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:74:d5:5c:f5:c5:96:5e:fd:4c:1c:bc:90:3b:f8:3f:23:50:
         59:a1:3c:77:69:86:34:1d:61:f2:b4:40:d4:a9:36:86:9e:9a:
         7e:4e:38:c7:94:1c:e4:31:a7:92:5d:8f:67:e3:e7:70:70:54:
         f6:aa:24:40:33:0e:1f:3d:bd:16:1a:bc:6f:06:16:e3:de:a3:
         f2:eb:24:72:fa:28:d4:dc:2d:30:fb:b8:27:70:4e:6e:c2:9b:
         73:74:ae:d3:66:30:91:bf:ac:8c:c2:d7:1b:39:e9:f3:25:1b:
         db:8a:ac:99:e6:cd:16:ec:4d:4c:59:2b:cb:a9:91:ad:50:9f:
         3c:82:e8:15:38:fd:2c:f6:16:97:0a:58:1d:a3:4f:29:9e:f9:
         25:0e:90:44:9b:bd:81:37:ef:99:3d:a2:fc:ec:f0:02:57:99:
         13:a1:d0:b2:ce:bb:d1:b9:dc:fe:7d:b5:a5:7d:cb:7e:21:b9:
         93:5a:a8:a3:4e:de:1e:fe:76:9b:b8:b8:d7:69:ee:b1:f0:12:
         25:ed:87:7e:1f:ab:a2:f2:6b:ef:a1:a3:bd:85:f5:1c:df:4e:
         02:9f:31:81:88:9a:06:c3:75:7a:5c:14:62:46:90:ef:45:f9:
         d0:15:7b:f9:2d:8f:2d:16:44:63:cb:c2:59:52:61:01:c5:aa:
         d5:db:58:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt73GDkpNKYeNT1PKxXwEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Yjc4OWIzMmUxNmU5ZGQyZjcwNTEzMTE5ZGM3N2VhNjFm
ZjFlMDkwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTVhMjI5ZjQ3NmE5ZDJiMDg1YzdlZjUwYjc0NjAxMWI0YWNiNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuSFyMqYQFe3afZ7a8X8tXN9wL1x
8CKwghRz/iRN5mW2lp22BnsVfXopMmTbPeNy7Xehb+wMu6Ywio5mO9wquq9BiH+S
cN9F6blXfVM+FDIbV92kc0kKX/UEFxpCL4IR2IyN7nI27Gmlnkk/QvWenNnLEaY3
58JXhkTQySqLeLyjbt+DCnlyIwHrrtNdqu2ij5Ef0tRdjZta/EjZcpbjjA80JKjA
5nnm0sa7X1f1sA2DHfQQRhQW+srSwcC1kWn5xYF9Oxjt+xiDcUlOwr1JiIRIXI8e
uEpV0P5JHom/e7HKbR6B2TBaufkcGCNAyRb9+PzI/+ftNJSm2F7bk7qR+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKVaIp9Hap0rCFx+9Qt0YBG0rLXiMB8GA1UdIwQY
MBaAFKa3ibMuFundL3BRMRncd+ph/x4JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHJlSnN5NFc2ZDB2Y0ZFeEdkeDM2bUhfSGdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNzY4YmQtZjUxMi00YjhhLTkzNmEt
MDZjOTI5NmYwOGEyLzEvcFZvaW4wZHFuU3NJWEg3MUMzUmdFYlNzdGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNzY4YmQtZjUxMi00YjhhLTkzNmEtMDZjOTI5NmYwOGEy
LzEvcHJlSnN5NFc2ZDB2Y0ZFeEdkeDM2bUhfSGdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk051AwQA
sG8yMA0GCSqGSIb3DQEBCwUAA4IBAQBtdNVc9cWWXv1MHLyQO/g/I1BZoTx3aYY0
HWHytEDUqTaGnpp+TjjHlBzkMaeSXY9n4+dwcFT2qiRAMw4fPb0WGrxvBhbj3qPy
6yRy+ijU3C0w+7gncE5uwptzdK7TZjCRv6yMwtcbOenzJRvbiqyZ5s0W7E1MWSvL
qZGtUJ88gugVOP0s9haXClgdo08pnvklDpBEm72BN++ZPaL87PACV5kTodCyzrvR
udz+fbWlfct+IbmTWqijTt4e/nabuLjXae6x8BIl7Yd+H6ui8mvvoaO9hfUc304C
nzGBiJoGw3V6XBRiRpDvRfnQFXv5LY8tFkRjy8JZUmEBxarV21jj
-----END CERTIFICATE-----