Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/CKYxHGe_r5qermXLJrW3PthgQIU.roa
File:                     CKYxHGe_r5qermXLJrW3PthgQIU.roa (raw, json)
Hash identifier:          GuGNkGiCWUw/H93B23xCWyZe23gkcac/lftUsf3VH1s=
Subject key identifier:   08:A6:31:1C:67:BF:AF:9A:9E:AE:65:CB:26:B5:B7:3E:D8:60:40:85
Certificate issuer:       /CN=b0a4fc2af38af5b4f5861e27fd007e624b5f9b02
Certificate serial:       018FD8BBC176F3A152E61A52C2D7F6387F0A
Authority key identifier: B0:A4:FC:2A:F3:8A:F5:B4:F5:86:1E:27:FD:00:7E:62:4B:5F:9B:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sKT8KvOK9bT1hh4n_QB-YktfmwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/CKYxHGe_r5qermXLJrW3PthgQIU.roa
Signing time:             Sun 02 Jun 2024 11:35:34 +0000
ROA not before:           Sun 02 Jun 2024 11:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48492
IP address blocks:        176.222.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/sKT8KvOK9bT1hh4n_QB-YktfmwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/sKT8KvOK9bT1hh4n_QB-YktfmwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sKT8KvOK9bT1hh4n_QB-YktfmwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 05:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d8:bb:c1:76:f3:a1:52:e6:1a:52:c2:d7:f6:38:7f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0a4fc2af38af5b4f5861e27fd007e624b5f9b02
        Validity
            Not Before: Jun  2 11:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08a6311c67bfaf9a9eae65cb26b5b73ed8604085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:71:6b:13:d6:1b:66:98:91:b5:59:ea:d5:f3:
                    61:31:83:08:80:07:9e:33:05:bd:a5:43:1f:5c:d4:
                    df:0b:77:64:86:7e:ab:a1:2d:39:79:17:f8:3f:cd:
                    76:b0:73:b8:93:75:ac:b6:ad:42:2d:d8:f7:03:60:
                    ce:22:f4:80:08:06:cf:69:9a:27:ce:93:87:1b:17:
                    a3:90:01:dc:e2:23:90:e2:0f:7a:31:49:19:ac:6e:
                    04:76:b5:a6:ce:99:46:bb:ac:89:b5:8a:33:e4:01:
                    94:e6:bd:09:b9:5b:c9:04:08:3b:a1:9e:f8:fd:7d:
                    df:10:80:1f:8a:82:31:aa:6a:de:78:c2:ec:7f:e1:
                    29:4c:f6:01:cb:3b:ad:7b:c7:79:a4:6c:82:92:d3:
                    ca:a8:17:ad:f6:54:00:2f:8c:e0:19:90:2e:55:6d:
                    c5:db:e0:02:09:e3:ab:2d:43:42:f9:6a:ba:5b:43:
                    19:39:fd:f3:bc:e9:11:12:cf:a7:3c:40:2c:e0:08:
                    a8:93:2f:dd:13:8f:3a:28:60:07:b0:fe:63:b3:bb:
                    e7:72:6a:1b:53:93:a7:01:ba:cb:3a:b3:9f:ef:36:
                    d6:fc:04:b4:04:77:f8:10:02:90:c0:c2:ca:14:7e:
                    51:e3:3f:d4:dd:06:d3:65:ac:6b:f9:7a:ee:29:0b:
                    7c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A6:31:1C:67:BF:AF:9A:9E:AE:65:CB:26:B5:B7:3E:D8:60:40:85
            X509v3 Authority Key Identifier:
                keyid:B0:A4:FC:2A:F3:8A:F5:B4:F5:86:1E:27:FD:00:7E:62:4B:5F:9B:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sKT8KvOK9bT1hh4n_QB-YktfmwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/CKYxHGe_r5qermXLJrW3PthgQIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/a80dbf-5cb4-4e26-adaf-68fe08622614/1/sKT8KvOK9bT1hh4n_QB-YktfmwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.222.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:7f:da:25:f1:89:f8:78:32:7a:25:18:42:fd:9a:1b:0f:c1:
         e0:2a:87:b1:65:fc:e6:e4:e3:a0:ea:2f:1e:4f:93:4b:73:cb:
         ef:43:b4:34:6a:d5:93:8d:08:0f:f7:6c:23:cf:0a:f7:56:2a:
         56:b6:b7:53:bc:75:c5:63:38:bb:ee:31:68:2e:bc:ab:cf:5c:
         80:c0:d3:60:bd:b2:15:fb:89:ce:ae:90:91:34:7b:af:a3:7b:
         9c:d1:4f:eb:b8:91:a5:a4:12:50:fb:bc:3e:a7:d3:0e:2a:32:
         8a:f2:96:42:78:cf:82:3b:42:db:0c:7c:a8:b5:63:f5:98:e4:
         40:09:97:28:6f:43:cf:d4:37:6d:89:06:10:89:8d:5b:e5:1a:
         57:9a:51:5b:e6:36:17:e1:e8:54:fb:e0:a9:26:b9:a5:ad:c1:
         93:4b:e8:8d:19:9f:8a:55:67:bb:5b:a6:e2:96:86:8b:6f:9d:
         44:6d:3f:05:d3:dd:37:b7:39:78:c9:cf:da:ee:88:82:13:bd:
         00:80:c9:d4:ed:0e:73:8c:fd:61:2f:41:ed:90:f7:98:b6:ea:
         60:06:21:27:ea:88:99:a3:f2:f1:ed:c3:87:d8:2e:d7:4a:1d:
         08:27:d2:3d:fc:f2:8e:06:a3:15:61:31:e9:8a:48:ab:0a:e5:
         30:66:28:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/Yu8F286FS5hpSwtf2OH8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYTRmYzJhZjM4YWY1YjRmNTg2MWUyN2ZkMDA3ZTYyNGI1
ZjliMDIwHhcNMjQwNjAyMTEzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE2MzExYzY3YmZhZjlhOWVhZTY1Y2IyNmI1YjczZWQ4NjA0MDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XFrE9YbZpiRtVnq1fNhMYMIgAee
MwW9pUMfXNTfC3dkhn6roS05eRf4P812sHO4k3Wstq1CLdj3A2DOIvSACAbPaZon
zpOHGxejkAHc4iOQ4g96MUkZrG4EdrWmzplGu6yJtYoz5AGU5r0JuVvJBAg7oZ74
/X3fEIAfioIxqmreeMLsf+EpTPYByzute8d5pGyCktPKqBet9lQAL4zgGZAuVW3F
2+ACCeOrLUNC+Wq6W0MZOf3zvOkREs+nPEAs4Aioky/dE486KGAHsP5js7vncmob
U5OnAbrLOrOf7zbW/AS0BHf4EAKQwMLKFH5R4z/U3QbTZaxr+XruKQt8nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAimMRxnv6+anq5lyya1tz7YYECFMB8GA1UdIwQY
MBaAFLCk/CrzivW09YYeJ/0AfmJLX5sCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0tUOEt2T0s5YlQxaGg0bl9RQi1Za3RmbXdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9hODBkYmYtNWNiNC00ZTI2LWFkYWYt
NjhmZTA4NjIyNjE0LzEvQ0tZeEhHZV9yNXFlcm1YTEpyVzNQdGhnUUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9hODBkYmYtNWNiNC00ZTI2LWFkYWYtNjhmZTA4NjIyNjE0
LzEvc0tUOEt2T0s5YlQxaGg0bl9RQi1Za3RmbXdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsN48MA0G
CSqGSIb3DQEBCwUAA4IBAQAjf9ol8Yn4eDJ6JRhC/ZobD8HgKoexZfzm5OOg6i8e
T5NLc8vvQ7Q0atWTjQgP92wjzwr3VipWtrdTvHXFYzi77jFoLryrz1yAwNNgvbIV
+4nOrpCRNHuvo3uc0U/ruJGlpBJQ+7w+p9MOKjKK8pZCeM+CO0LbDHyotWP1mORA
CZcob0PP1DdtiQYQiY1b5RpXmlFb5jYX4ehU++CpJrmlrcGTS+iNGZ+KVWe7W6bi
loaLb51EbT8F0903tzl4yc/a7oiCE70AgMnU7Q5zjP1hL0HtkPeYtupgBiEn6oiZ
o/Lx7cOH2C7XSh0IJ9I9/PKOBqMVYTHpikirCuUwZiic
-----END CERTIFICATE-----