Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7AcNt2n4Mpm-Ui2I1wutrc3wxq0.roa
File:                     7AcNt2n4Mpm-Ui2I1wutrc3wxq0.roa (raw, json)
Hash identifier:          /4UYCP+3htwXErgd13lA0T8hFEOMzoJRIAGnRSc5dCk=
Subject key identifier:   EC:07:0D:B7:69:F8:32:99:BE:52:2D:88:D7:0B:AD:AD:CD:F0:C6:AD
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A6EB172C8E3ACA5062348AFC5095
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7AcNt2n4Mpm-Ui2I1wutrc3wxq0.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200131
IP address blocks:        176.57.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a6:eb:17:2c:8e:3a:ca:50:62:34:8a:fc:50:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec070db769f83299be522d88d70badadcdf0c6ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:13:be:2d:71:64:f3:05:bc:80:a4:91:80:e1:
                    e7:a2:b7:a6:a3:53:f9:80:39:1c:ea:bb:9a:14:7f:
                    8f:7f:46:61:58:41:71:80:bd:36:08:a1:32:79:c5:
                    c4:00:f6:93:e6:7a:77:7c:f7:0d:37:fa:69:e7:32:
                    5c:f9:d9:05:44:76:ec:02:ad:fa:6b:e3:c6:58:7a:
                    44:d6:f7:e8:31:3a:62:69:a6:01:5f:2c:1a:23:4f:
                    5a:19:dc:72:55:83:5b:d3:c7:e5:b8:6d:28:c8:cc:
                    e8:e4:87:5e:ae:72:48:72:12:e7:aa:ac:50:3c:08:
                    26:02:ca:05:6d:57:de:6a:d4:7a:af:ad:0c:65:0d:
                    1b:b9:01:37:fe:e2:eb:c7:79:f9:14:29:7f:2f:38:
                    27:b7:da:9c:84:16:7e:33:6d:db:a0:30:bc:46:b9:
                    9f:40:2d:c7:07:20:bc:83:f3:02:79:6b:f9:be:81:
                    67:a8:b5:9c:be:43:bd:39:f6:5b:f3:45:fc:8c:9e:
                    e3:6c:cc:30:59:17:ca:17:ab:3b:f2:46:86:52:fd:
                    13:cf:0d:35:f0:d4:32:73:a6:5e:91:36:bd:36:23:
                    7a:1b:6d:43:40:ae:b8:40:79:56:6c:22:86:58:7d:
                    d1:02:c2:60:b6:c1:48:47:db:6d:f3:2d:c8:d8:24:
                    d2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:07:0D:B7:69:F8:32:99:BE:52:2D:88:D7:0B:AD:AD:CD:F0:C6:AD
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/7AcNt2n4Mpm-Ui2I1wutrc3wxq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:ed:2f:2e:ea:21:21:24:fb:d4:24:42:01:1d:02:bf:0f:4d:
         58:fd:cb:eb:f0:4e:c5:27:69:53:ed:14:8f:c8:27:2b:26:ee:
         3b:f7:48:52:9d:82:dd:2a:92:d0:15:7f:f5:62:ca:40:c4:31:
         1d:38:5e:79:99:f9:69:a2:90:c0:97:27:38:d0:b3:24:0c:7e:
         eb:dc:23:65:cc:90:3b:db:90:02:b9:24:a4:51:d8:89:6d:ee:
         2f:d8:01:ca:6c:88:7d:ef:87:5a:ec:8a:3f:89:b2:ec:c2:5d:
         6d:ec:4f:63:d8:15:62:b8:d0:45:1a:f1:c2:cb:95:49:3e:0e:
         ff:34:d9:02:2f:0a:64:2f:ed:21:32:02:bc:f0:06:0b:42:a8:
         dd:f0:22:26:5f:a7:91:b7:f8:b0:ba:60:a2:4e:a1:3b:ec:17:
         b5:bf:04:5d:8f:f4:43:13:78:03:e4:17:a6:0a:43:76:65:d8:
         74:0d:73:a2:c0:e0:c4:a2:e2:da:90:f3:2f:a5:31:28:ac:34:
         e6:f3:46:18:d1:04:c5:78:94:db:56:6f:5e:cc:bd:51:08:e8:
         e0:07:e2:47:d6:9c:a6:c2:1a:b2:2b:95:6f:6e:62:02:8d:66:
         36:a2:df:4b:32:14:b9:7a:ba:8a:74:8f:c7:05:e8:12:e7:34:
         72:c2:37:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6brFyyOOspQYjSK/FCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA3MGRiNzY5ZjgzMjk5YmU1MjJkODhkNzBiYWRhZGNkZjBjNmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBO+LXFk8wW8gKSRgOHnoremo1P5
gDkc6ruaFH+Pf0ZhWEFxgL02CKEyecXEAPaT5np3fPcNN/pp5zJc+dkFRHbsAq36
a+PGWHpE1vfoMTpiaaYBXywaI09aGdxyVYNb08fluG0oyMzo5IdernJIchLnqqxQ
PAgmAsoFbVfeatR6r60MZQ0buQE3/uLrx3n5FCl/Lzgnt9qchBZ+M23boDC8Rrmf
QC3HByC8g/MCeWv5voFnqLWcvkO9OfZb80X8jJ7jbMwwWRfKF6s78kaGUv0Tzw01
8NQyc6ZekTa9NiN6G21DQK64QHlWbCKGWH3RAsJgtsFIR9tt8y3I2CTSOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwHDbdp+DKZvlItiNcLra3N8MatMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvN0FjTnQybjRNcG0tVWkySTF3dXRyYzN3eHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDkyMA0G
CSqGSIb3DQEBCwUAA4IBAQBo7S8u6iEhJPvUJEIBHQK/D01Y/cvr8E7FJ2lT7RSP
yCcrJu4790hSnYLdKpLQFX/1YspAxDEdOF55mflpopDAlyc40LMkDH7r3CNlzJA7
25ACuSSkUdiJbe4v2AHKbIh974da7Io/ibLswl1t7E9j2BViuNBFGvHCy5VJPg7/
NNkCLwpkL+0hMgK88AYLQqjd8CImX6eRt/iwumCiTqE77Be1vwRdj/RDE3gD5Bem
CkN2Zdh0DXOiwODEouLakPMvpTEorDTm80YY0QTFeJTbVm9ezL1RCOjgB+JH1pym
whqyK5VvbmICjWY2ot9LMhS5erqKdI/HBegS5zRywjdV
-----END CERTIFICATE-----