Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/AiYDAuHWWTbYGdA9r5q3PIbIRL4.roa
File:                     AiYDAuHWWTbYGdA9r5q3PIbIRL4.roa (raw, json)
Hash identifier:          7S953/WdZ9j9UM9PASqBEgriBcpm4uT5STbABwaS3+c=
Subject key identifier:   02:26:03:02:E1:D6:59:36:D8:19:D0:3D:AF:9A:B7:3C:86:C8:44:BE
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE342DBD1FAA64BED285953838B867
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/AiYDAuHWWTbYGdA9r5q3PIbIRL4.roa
Signing time:             Tue 02 Jan 2024 06:30:54 +0000
ROA not before:           Tue 02 Jan 2024 06:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59606
IP address blocks:        176.119.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:34:2d:bd:1f:aa:64:be:d2:85:95:38:38:b8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02260302e1d65936d819d03daf9ab73c86c844be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:11:d7:6b:e8:0f:99:34:c9:a2:91:b5:8d:81:
                    7f:b8:db:3d:e7:b9:24:d9:f0:ad:85:22:1c:de:41:
                    3e:06:a2:00:31:88:c8:04:2b:17:07:81:77:1a:6d:
                    59:f5:d2:43:1f:9c:c6:dd:3d:8d:59:24:25:ec:ec:
                    8d:f1:a5:28:c1:83:6c:db:74:a0:e5:3a:fd:5a:a6:
                    b4:4d:4f:e1:6c:6a:cd:05:dc:cd:df:18:cf:42:61:
                    f9:79:e7:7c:34:2c:e7:7e:63:96:ac:cf:03:7c:86:
                    e9:38:8b:cb:72:55:51:df:cc:7b:d2:b5:56:cc:0c:
                    0c:6f:6f:43:1e:9d:7f:2e:eb:9e:51:41:f1:cd:3a:
                    96:ff:f9:0a:0a:f0:9d:ba:df:e6:78:87:8f:65:f5:
                    87:a2:85:cb:ee:28:88:a5:16:60:67:d7:1a:4f:52:
                    d7:28:d0:6b:76:51:bd:ec:6d:93:17:13:48:c3:76:
                    43:b0:8c:f8:f7:9c:ba:66:97:af:0c:65:7d:04:b6:
                    d6:ef:80:62:0c:44:83:94:8c:62:c0:66:1f:73:8d:
                    00:35:dd:f4:27:2d:07:ed:99:5c:cf:ce:8d:04:1b:
                    5b:cd:bb:ae:71:e9:f6:84:54:a8:3d:80:93:a8:0e:
                    96:92:1b:b5:6d:02:5b:6b:7a:c1:4e:52:03:fe:32:
                    18:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:26:03:02:E1:D6:59:36:D8:19:D0:3D:AF:9A:B7:3C:86:C8:44:BE
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/AiYDAuHWWTbYGdA9r5q3PIbIRL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f7:2b:30:ce:6a:53:41:6c:72:df:49:89:10:b1:be:76:14:
         6f:ad:19:46:a5:ff:d0:3d:dc:c8:bb:65:69:1e:c8:bc:93:ce:
         56:d9:c5:51:c2:05:d8:5e:a9:94:6e:b0:93:66:6d:19:11:c2:
         58:3e:e5:d4:bf:a8:cc:35:0f:ee:20:74:59:b3:1e:fc:f1:61:
         08:8b:55:72:b8:44:d2:e3:2e:d4:5f:8a:a4:b6:35:a3:48:54:
         33:7c:20:d9:fd:01:28:13:d1:82:12:81:0f:76:2b:79:05:38:
         ed:05:1d:53:f2:d5:30:0e:56:d0:ab:ac:c1:3c:30:81:c0:d3:
         f7:a1:be:6c:03:3f:e8:ea:53:70:0e:91:e0:3c:e6:cf:da:0e:
         a8:07:7c:a3:c2:c4:c2:c5:5f:dd:2f:27:2a:f4:af:05:27:41:
         73:b5:d8:af:29:8d:df:5e:f0:97:ea:b0:4d:43:c8:22:91:f4:
         d9:47:6e:e7:02:7a:aa:45:88:8e:b1:b4:1d:ec:e9:13:73:31:
         b4:49:9b:b1:91:be:2c:73:38:91:0e:c8:77:3e:fb:43:f8:c5:
         3f:7d:88:ca:90:ec:46:2c:e7:0a:7c:45:89:14:8f:bd:29:92:
         3b:79:b1:c2:7a:39:0a:db:84:62:63:5d:4a:47:71:b1:ac:ae:
         a1:14:9f:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3jQtvR+qZL7ShZU4OLhnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjI2MDMwMmUxZDY1OTM2ZDgxOWQwM2RhZjlhYjczYzg2Yzg0NGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBHXa+gPmTTJopG1jYF/uNs957kk
2fCthSIc3kE+BqIAMYjIBCsXB4F3Gm1Z9dJDH5zG3T2NWSQl7OyN8aUowYNs23Sg
5Tr9Wqa0TU/hbGrNBdzN3xjPQmH5eed8NCznfmOWrM8DfIbpOIvLclVR38x70rVW
zAwMb29DHp1/LuueUUHxzTqW//kKCvCdut/meIePZfWHooXL7iiIpRZgZ9caT1LX
KNBrdlG97G2TFxNIw3ZDsIz495y6ZpevDGV9BLbW74BiDESDlIxiwGYfc40ANd30
Jy0H7Zlcz86NBBtbzbuucen2hFSoPYCTqA6Wkhu1bQJba3rBTlID/jIYvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAImAwLh1lk22BnQPa+atzyGyES+MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvQWlZREF1SFdXVGJZR2RBOXI1cTNQSWJJUkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHeOMA0G
CSqGSIb3DQEBCwUAA4IBAQBq9yswzmpTQWxy30mJELG+dhRvrRlGpf/QPdzIu2Vp
Hsi8k85W2cVRwgXYXqmUbrCTZm0ZEcJYPuXUv6jMNQ/uIHRZsx788WEIi1VyuETS
4y7UX4qktjWjSFQzfCDZ/QEoE9GCEoEPdit5BTjtBR1T8tUwDlbQq6zBPDCBwNP3
ob5sAz/o6lNwDpHgPObP2g6oB3yjwsTCxV/dLycq9K8FJ0FztdivKY3fXvCX6rBN
Q8gikfTZR27nAnqqRYiOsbQd7OkTczG0SZuxkb4scziRDsh3PvtD+MU/fYjKkOxG
LOcKfEWJFI+9KZI7ebHCejkK24RiY11KR3GxrK6hFJ/I
-----END CERTIFICATE-----