Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/PHZIJDdbpE22dXHOEvu9J_4dzIs.roa
File:                     PHZIJDdbpE22dXHOEvu9J_4dzIs.roa (raw, json)
Hash identifier:          YmogY8dOnX4HsXKogh5Pl4FGeUeZYVDbaseokMr9Wf4=
Subject key identifier:   3C:76:48:24:37:5B:A4:4D:B6:75:71:CE:12:FB:BD:27:FE:1D:CC:8B
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A81811ADE2113ECFC759B21F4467
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/PHZIJDdbpE22dXHOEvu9J_4dzIs.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205361
IP address blocks:        176.57.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a8:18:11:ad:e2:11:3e:cf:c7:59:b2:1f:44:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c764824375ba44db67571ce12fbbd27fe1dcc8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:00:48:79:75:0f:0e:9c:c6:e1:01:b1:f6:21:
                    2d:8f:05:ae:f9:e7:a7:29:48:d1:3c:9e:fb:72:c8:
                    6e:51:44:2a:15:45:67:08:9c:4a:a1:d6:3a:8c:9e:
                    e0:7f:db:f3:fa:5b:e7:63:f4:d9:19:04:c9:c1:2f:
                    ad:bd:2a:fc:90:73:4b:c9:c0:fc:7e:ef:38:f5:e9:
                    ff:6a:79:c8:8a:59:f6:83:19:fd:f2:c2:3d:09:8d:
                    2c:87:79:20:1e:ff:5f:59:2c:58:4d:1d:cb:10:1c:
                    2a:f3:38:26:b3:f6:1d:ba:41:72:af:fa:f4:16:3d:
                    02:3d:af:e4:ed:77:d4:87:1c:e3:81:ea:ed:8d:b8:
                    8a:2f:2c:c3:47:3a:d2:d0:f2:29:48:12:80:2e:8c:
                    e8:11:1a:58:46:e1:67:06:58:9c:da:9f:38:07:ac:
                    b3:2a:2a:ef:6f:bd:63:ca:ae:d8:ed:e5:f3:09:3c:
                    6e:d9:9d:61:b0:8c:51:3a:ae:c9:32:ac:f1:50:2c:
                    51:c1:e7:d2:2d:b4:ea:48:92:21:89:34:7d:8f:8f:
                    6a:05:44:00:1d:d8:a5:5c:9c:17:35:8a:b4:e7:57:
                    5b:44:5a:67:eb:0d:54:3f:d0:95:3f:00:39:79:fe:
                    02:6a:87:4d:22:fb:75:94:97:df:d0:f2:6b:30:76:
                    ca:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:76:48:24:37:5B:A4:4D:B6:75:71:CE:12:FB:BD:27:FE:1D:CC:8B
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/PHZIJDdbpE22dXHOEvu9J_4dzIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:e5:38:07:e4:62:ef:7a:ab:a8:36:6f:6f:52:f8:97:47:84:
         01:43:8a:b6:a4:79:56:e2:e7:e4:b4:33:54:bb:ae:1d:0d:b1:
         08:5c:4f:77:f5:4f:99:8a:51:97:08:a4:6d:38:ef:74:db:f4:
         cd:89:73:01:e9:9d:81:67:97:7f:10:a5:7a:90:76:06:d1:57:
         f2:ab:14:29:85:31:e6:8d:2d:37:b5:bd:b0:e4:ae:37:72:56:
         4f:fc:a8:7f:06:89:5b:55:fa:03:27:16:9b:c1:b4:57:aa:85:
         3d:97:7d:c8:cf:1e:5a:da:33:ea:62:de:16:08:d3:d1:d1:1d:
         76:21:a5:45:4c:c5:92:26:52:05:a4:57:40:3e:bf:cd:e1:c3:
         b7:a1:9b:18:2a:ae:9b:ca:a3:f4:63:3f:6d:f8:83:8a:64:c4:
         2d:15:41:a0:f1:8d:33:68:18:e3:7c:2b:3d:8c:fb:f6:5b:c7:
         a6:f4:80:6a:11:43:26:bb:14:9e:88:95:4a:20:9f:94:41:25:
         d0:30:72:e6:7e:bf:68:4e:e6:d4:35:91:09:ec:54:55:14:99:
         ca:d4:ee:1d:63:11:e4:86:9d:df:62:bf:e9:27:f1:35:03:ae:
         c1:ec:ab:5c:c0:ac:31:17:be:41:04:c5:29:69:b8:0f:24:68:
         f3:13:f3:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6gYEa3iET7Px1myH0RnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzc2NDgyNDM3NWJhNDRkYjY3NTcxY2UxMmZiYmQyN2ZlMWRjYzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwBIeXUPDpzG4QGx9iEtjwWu+een
KUjRPJ77cshuUUQqFUVnCJxKodY6jJ7gf9vz+lvnY/TZGQTJwS+tvSr8kHNLycD8
fu849en/annIiln2gxn98sI9CY0sh3kgHv9fWSxYTR3LEBwq8zgms/YdukFyr/r0
Fj0CPa/k7XfUhxzjgertjbiKLyzDRzrS0PIpSBKALozoERpYRuFnBlic2p84B6yz
Kirvb71jyq7Y7eXzCTxu2Z1hsIxROq7JMqzxUCxRwefSLbTqSJIhiTR9j49qBUQA
HdilXJwXNYq051dbRFpn6w1UP9CVPwA5ef4CaodNIvt1lJff0PJrMHbKfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDx2SCQ3W6RNtnVxzhL7vSf+HcyLMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvUEhaSUpEZGJwRTIyZFhIT0V2dTlKXzRkeklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDkyMA0G
CSqGSIb3DQEBCwUAA4IBAQBf5TgH5GLvequoNm9vUviXR4QBQ4q2pHlW4ufktDNU
u64dDbEIXE939U+ZilGXCKRtOO902/TNiXMB6Z2BZ5d/EKV6kHYG0VfyqxQphTHm
jS03tb2w5K43clZP/Kh/BolbVfoDJxabwbRXqoU9l33Izx5a2jPqYt4WCNPR0R12
IaVFTMWSJlIFpFdAPr/N4cO3oZsYKq6byqP0Yz9t+IOKZMQtFUGg8Y0zaBjjfCs9
jPv2W8em9IBqEUMmuxSeiJVKIJ+UQSXQMHLmfr9oTubUNZEJ7FRVFJnK1O4dYxHk
hp3fYr/pJ/E1A67B7KtcwKwxF75BBMUpabgPJGjzE/P1
-----END CERTIFICATE-----