Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/kDLhfcy8YHG9d7r3ZyKyTCN67dU.roa
File:                     kDLhfcy8YHG9d7r3ZyKyTCN67dU.roa (raw, json)
Hash identifier:          FHssmQ805uZ/Wtb94rUn/bLQZUQ10hPffXrOYDXFnpE=
Subject key identifier:   90:32:E1:7D:CC:BC:60:71:BD:77:BA:F7:67:22:B2:4C:23:7A:ED:D5
Certificate issuer:       /CN=5349c2d00ba46be9244b76194baa10f33ce3462c
Certificate serial:       019423D6DC3DD7D2BD41AA5C12F66C894EB7
Authority key identifier: 53:49:C2:D0:0B:A4:6B:E9:24:4B:76:19:4B:AA:10:F3:3C:E3:46:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U0nC0Auka-kkS3YZS6oQ8zzjRiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/kDLhfcy8YHG9d7r3ZyKyTCN67dU.roa
Signing time:             Wed 01 Jan 2025 21:47:51 +0000
ROA not before:           Wed 01 Jan 2025 21:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        176.123.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/U0nC0Auka-kkS3YZS6oQ8zzjRiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/U0nC0Auka-kkS3YZS6oQ8zzjRiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U0nC0Auka-kkS3YZS6oQ8zzjRiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:dc:3d:d7:d2:bd:41:aa:5c:12:f6:6c:89:4e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5349c2d00ba46be9244b76194baa10f33ce3462c
        Validity
            Not Before: Jan  1 21:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9032e17dccbc6071bd77baf76722b24c237aedd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:32:11:d9:f2:5b:f4:1b:5a:0f:61:99:7d:36:
                    4a:75:76:9f:26:89:c6:13:da:7c:0e:00:ae:38:e0:
                    aa:cd:2d:91:ea:38:81:09:d4:13:ee:fc:a6:c6:49:
                    9b:2a:5a:57:eb:e9:12:93:0f:2b:28:a3:e0:fb:78:
                    7c:fe:23:51:d8:cf:f5:4f:28:a0:aa:af:8a:7e:bb:
                    25:84:8f:e2:76:34:e5:36:15:db:20:23:c2:0d:7b:
                    94:b6:3a:27:14:bd:95:3b:fd:1e:c7:ff:3c:c1:89:
                    90:2b:95:4f:6f:b0:b0:e3:e4:95:8a:b4:f6:f4:82:
                    0c:85:34:fc:04:8d:af:9e:c8:94:ab:5d:24:4d:ba:
                    fd:2c:55:e3:a3:03:8a:a0:ec:78:49:46:87:0e:65:
                    7a:78:56:91:ff:d9:f9:1b:e6:d3:ad:30:02:a9:e5:
                    6a:76:49:89:2a:28:19:8d:9c:01:b1:9a:b3:d2:e6:
                    c3:15:ed:b6:fd:69:59:75:bf:17:ac:76:5f:dc:40:
                    fc:cf:69:ad:63:ad:d9:8c:00:c1:6e:9a:d8:b5:2b:
                    80:59:3b:aa:92:77:73:2a:9a:75:50:6e:3b:8c:5f:
                    2e:27:99:c0:03:ad:2d:70:34:21:09:be:d0:d0:4a:
                    c9:a7:db:e9:df:43:f3:5a:3f:65:94:cd:8e:7e:77:
                    e1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:32:E1:7D:CC:BC:60:71:BD:77:BA:F7:67:22:B2:4C:23:7A:ED:D5
            X509v3 Authority Key Identifier:
                keyid:53:49:C2:D0:0B:A4:6B:E9:24:4B:76:19:4B:AA:10:F3:3C:E3:46:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U0nC0Auka-kkS3YZS6oQ8zzjRiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/kDLhfcy8YHG9d7r3ZyKyTCN67dU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f8ae47-0ed4-4681-9c12-fa1260850709/1/U0nC0Auka-kkS3YZS6oQ8zzjRiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:2e:94:c0:1a:1f:4f:f0:53:db:ee:31:1e:1d:17:25:2c:9e:
         41:ca:ff:81:06:19:b9:9b:b2:a9:ed:15:7a:0b:b0:4c:f9:43:
         3c:95:d8:59:14:c6:f9:67:26:ef:44:a6:b2:b8:94:16:0b:99:
         d4:4e:54:09:29:40:76:d5:37:bc:71:33:01:2a:f5:8f:ed:45:
         3d:81:86:52:e6:39:46:e4:b3:f8:7c:17:b6:d1:e7:12:99:fb:
         82:0e:56:62:0e:55:4a:38:d5:77:d1:80:e5:4f:9a:d1:0c:2c:
         6b:03:41:f9:dc:65:85:0f:b7:10:e0:74:99:76:97:93:a8:5a:
         4a:ad:f1:68:5b:8c:6e:a6:0e:87:c4:dc:e7:54:7e:97:89:c4:
         39:2b:e2:6f:c2:06:fc:79:a7:45:fe:d5:5e:f2:4a:07:b6:d0:
         6d:6e:70:ed:75:b1:79:50:dd:a8:0d:ce:4d:2f:17:8b:72:6c:
         f1:e8:2b:4e:5d:96:f8:e9:92:ef:0a:c9:1b:17:be:3c:3b:b1:
         96:64:6d:bc:66:95:ed:46:d2:10:ba:7b:b3:b1:60:e3:d0:d7:
         3e:64:1d:85:37:0b:d3:2f:02:51:70:56:e2:b1:1e:ba:0a:bb:
         0b:ff:d3:80:2e:53:b9:98:00:1d:2d:dd:52:79:73:e4:11:74:
         97:2d:11:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1tw919K9QapcEvZsiU63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNDljMmQwMGJhNDZiZTkyNDRiNzYxOTRiYWExMGYzM2Nl
MzQ2MmMwHhcNMjUwMTAxMjE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDMyZTE3ZGNjYmM2MDcxYmQ3N2JhZjc2NzIyYjI0YzIzN2FlZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjIR2fJb9BtaD2GZfTZKdXafJonG
E9p8DgCuOOCqzS2R6jiBCdQT7vymxkmbKlpX6+kSkw8rKKPg+3h8/iNR2M/1Tyig
qq+KfrslhI/idjTlNhXbICPCDXuUtjonFL2VO/0ex/88wYmQK5VPb7Cw4+SVirT2
9IIMhTT8BI2vnsiUq10kTbr9LFXjowOKoOx4SUaHDmV6eFaR/9n5G+bTrTACqeVq
dkmJKigZjZwBsZqz0ubDFe22/WlZdb8XrHZf3ED8z2mtY63ZjADBbprYtSuAWTuq
kndzKpp1UG47jF8uJ5nAA60tcDQhCb7Q0ErJp9vp30PzWj9llM2Ofnfh4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAy4X3MvGBxvXe692ciskwjeu3VMB8GA1UdIwQY
MBaAFFNJwtALpGvpJEt2GUuqEPM840YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTBuQzBBdWthLWtrUzNZWlM2b1E4enpqUml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mOGFlNDctMGVkNC00NjgxLTljMTIt
ZmExMjYwODUwNzA5LzEva0RMaGZjeThZSEc5ZDdyM1p5S3lUQ042N2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mOGFlNDctMGVkNC00NjgxLTljMTItZmExMjYwODUwNzA5
LzEvVTBuQzBBdWthLWtrUzNZWlM2b1E4enpqUml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHveMA0G
CSqGSIb3DQEBCwUAA4IBAQA4LpTAGh9P8FPb7jEeHRclLJ5Byv+BBhm5m7Kp7RV6
C7BM+UM8ldhZFMb5ZybvRKayuJQWC5nUTlQJKUB21Te8cTMBKvWP7UU9gYZS5jlG
5LP4fBe20ecSmfuCDlZiDlVKONV30YDlT5rRDCxrA0H53GWFD7cQ4HSZdpeTqFpK
rfFoW4xupg6HxNznVH6XicQ5K+Jvwgb8eadF/tVe8koHttBtbnDtdbF5UN2oDc5N
LxeLcmzx6CtOXZb46ZLvCskbF748O7GWZG28ZpXtRtIQunuzsWDj0Nc+ZB2FNwvT
LwJRcFbisR66CrsL/9OALlO5mAAdLd1SeXPkEXSXLRHI
-----END CERTIFICATE-----