Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1c2f90-26ea-4d59-91a9-4d775622bcb6/1/8qYa-Z-aNUrcKmau5jtgqbT6o4Q.roa
File:                     8qYa-Z-aNUrcKmau5jtgqbT6o4Q.roa (raw, json)
Hash identifier:          pUEOYuo4PxgrZIuCDsxzOiIzkOwBgBOTMPqvLoOuWFA=
Subject key identifier:   F2:A6:1A:F9:9F:9A:35:4A:DC:2A:66:AE:E6:3B:60:A9:B4:FA:A3:84
Certificate issuer:       /CN=253358358eba51b534d3fae9a6cb871de637e000
Certificate serial:       018CC9BC57A049AC0F061CA50D05CC2B345E
Authority key identifier: 25:33:58:35:8E:BA:51:B5:34:D3:FA:E9:A6:CB:87:1D:E6:37:E0:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTNYNY66UbU00_rppsuHHeY34AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/1c2f90-26ea-4d59-91a9-4d775622bcb6/1/8qYa-Z-aNUrcKmau5jtgqbT6o4Q.roa
Signing time:             Tue 02 Jan 2024 10:33:32 +0000
ROA not before:           Tue 02 Jan 2024 10:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209664
IP address blocks:        176.117.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/1c2f90-26ea-4d59-91a9-4d775622bcb6/1/JTNYNY66UbU00_rppsuHHeY34AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/1c2f90-26ea-4d59-91a9-4d775622bcb6/1/JTNYNY66UbU00_rppsuHHeY34AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTNYNY66UbU00_rppsuHHeY34AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:57:a0:49:ac:0f:06:1c:a5:0d:05:cc:2b:34:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253358358eba51b534d3fae9a6cb871de637e000
        Validity
            Not Before: Jan  2 10:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2a61af99f9a354adc2a66aee63b60a9b4faa384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:40:fd:cf:13:c1:ef:e7:f4:e6:ee:8b:d1:6c:
                    78:a6:04:99:ad:f4:12:15:7d:70:64:0f:40:af:d2:
                    33:4a:d6:48:44:3b:fe:32:61:d4:55:66:92:81:47:
                    32:12:ad:b8:16:23:54:1b:54:57:33:b6:bb:a7:de:
                    52:44:e3:a2:61:3d:54:b0:cc:cc:df:53:b5:81:81:
                    f0:72:32:48:4a:27:f1:40:e4:0b:35:09:9f:af:40:
                    bf:95:ea:45:c4:ed:04:fd:3a:bc:10:3f:c2:c1:85:
                    d0:b1:f4:d8:92:0b:79:8c:e5:76:86:ba:ba:a5:b6:
                    27:d9:42:9f:91:80:d1:64:35:69:d9:5b:9e:1f:c0:
                    a8:d2:9c:fd:30:40:54:52:f7:1e:fc:b8:f4:b7:e1:
                    4e:4a:3e:f9:28:2a:d2:5d:5d:c5:e0:ec:65:65:3f:
                    89:5a:90:59:f4:33:34:98:48:7b:af:0a:bf:6e:ac:
                    50:b7:fe:e8:83:15:9b:2a:0e:41:40:2b:7a:d7:0b:
                    cc:75:0f:73:05:d9:5d:a5:7b:4f:e0:12:72:74:20:
                    51:ac:03:17:fe:e2:c0:06:04:4b:e5:4a:dd:7e:0e:
                    f3:f5:37:70:5d:df:cd:41:e6:86:33:fe:d8:a4:3d:
                    60:9f:a5:61:9c:59:f8:95:58:dd:fa:26:88:e2:4c:
                    5a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A6:1A:F9:9F:9A:35:4A:DC:2A:66:AE:E6:3B:60:A9:B4:FA:A3:84
            X509v3 Authority Key Identifier:
                keyid:25:33:58:35:8E:BA:51:B5:34:D3:FA:E9:A6:CB:87:1D:E6:37:E0:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTNYNY66UbU00_rppsuHHeY34AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1c2f90-26ea-4d59-91a9-4d775622bcb6/1/8qYa-Z-aNUrcKmau5jtgqbT6o4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1c2f90-26ea-4d59-91a9-4d775622bcb6/1/JTNYNY66UbU00_rppsuHHeY34AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:1f:b7:69:1c:56:10:60:50:d2:2e:18:f8:98:a8:89:6f:95:
         17:ea:01:6b:da:e5:65:4e:dd:0b:a6:2d:7b:fa:9f:68:ee:87:
         1a:6c:9a:6b:42:55:2f:3a:0c:0d:85:ba:90:f6:78:78:ff:a5:
         ab:00:59:ec:f8:ee:2c:3c:47:85:ae:e0:62:72:9f:d7:c7:62:
         dc:8a:ec:95:0d:c2:d8:a8:8d:bf:8a:4f:f5:35:ce:38:cc:fc:
         77:f6:e8:9a:ec:ca:77:06:b1:87:92:a1:9a:e1:d5:25:e8:2a:
         ad:3c:af:54:ca:13:f3:28:37:b9:c1:45:63:40:d6:50:5d:a6:
         a2:db:c8:23:3c:a7:91:6a:a9:f6:fd:be:e2:54:15:03:c7:fb:
         4d:72:d7:3c:f0:e0:c3:21:71:c9:a3:22:33:63:63:bb:5e:fd:
         ac:3f:ca:0f:89:d1:a3:a0:b8:9d:0d:08:6c:31:94:f2:4c:9b:
         00:e8:07:6a:10:18:cf:3b:42:01:58:e8:df:69:dc:8a:fd:65:
         42:d6:90:b2:85:ea:f9:64:2e:3e:53:60:56:34:ca:a0:93:be:
         46:f0:dc:a9:c2:8f:90:ce:92:ed:2a:00:09:d7:88:43:9d:1d:
         fd:e4:35:85:f8:88:b5:dc:5c:04:24:99:18:9a:39:e1:84:0c:
         f6:2e:16:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFegSawPBhylDQXMKzReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MzM1ODM1OGViYTUxYjUzNGQzZmFlOWE2Y2I4NzFkZTYz
N2UwMDAwHhcNMjQwMTAyMTAzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmE2MWFmOTlmOWEzNTRhZGMyYTY2YWVlNjNiNjBhOWI0ZmFhMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkD9zxPB7+f05u6L0Wx4pgSZrfQS
FX1wZA9Ar9IzStZIRDv+MmHUVWaSgUcyEq24FiNUG1RXM7a7p95SROOiYT1UsMzM
31O1gYHwcjJISifxQOQLNQmfr0C/lepFxO0E/Tq8ED/CwYXQsfTYkgt5jOV2hrq6
pbYn2UKfkYDRZDVp2VueH8Co0pz9MEBUUvce/Lj0t+FOSj75KCrSXV3F4OxlZT+J
WpBZ9DM0mEh7rwq/bqxQt/7ogxWbKg5BQCt61wvMdQ9zBdldpXtP4BJydCBRrAMX
/uLABgRL5Urdfg7z9TdwXd/NQeaGM/7YpD1gn6VhnFn4lVjd+iaI4kxa9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKmGvmfmjVK3CpmruY7YKm0+qOEMB8GA1UdIwQY
MBaAFCUzWDWOulG1NNP66abLhx3mN+AAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlROWU5ZNjZVYlUwMF9ycHBzdUhIZVkzNEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYzJmOTAtMjZlYS00ZDU5LTkxYTkt
NGQ3NzU2MjJiY2I2LzEvOHFZYS1aLWFOVXJjS21hdTVqdGdxYlQ2bzRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYzJmOTAtMjZlYS00ZDU5LTkxYTktNGQ3NzU2MjJiY2I2
LzEvSlROWU5ZNjZVYlUwMF9ycHBzdUhIZVkzNEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHVGMA0G
CSqGSIb3DQEBCwUAA4IBAQDZH7dpHFYQYFDSLhj4mKiJb5UX6gFr2uVlTt0Lpi17
+p9o7ocabJprQlUvOgwNhbqQ9nh4/6WrAFns+O4sPEeFruBicp/Xx2LciuyVDcLY
qI2/ik/1Nc44zPx39uia7Mp3BrGHkqGa4dUl6CqtPK9UyhPzKDe5wUVjQNZQXaai
28gjPKeRaqn2/b7iVBUDx/tNctc88ODDIXHJoyIzY2O7Xv2sP8oPidGjoLidDQhs
MZTyTJsA6AdqEBjPO0IBWOjfadyK/WVC1pCyher5ZC4+U2BWNMqgk75G8Nypwo+Q
zpLtKgAJ14hDnR395DWF+Ii13FwEJJkYmjnhhAz2Lha0
-----END CERTIFICATE-----