Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/aQEN-a6Q9Yl5xQv4ychBnB6KYBg.roa
File:                     aQEN-a6Q9Yl5xQv4ychBnB6KYBg.roa (raw, json)
Hash identifier:          lop/qw/P77astILj1kTfu/56rTtTkClnGAfvey44/VI=
Subject key identifier:   69:01:0D:F9:AE:90:F5:89:79:C5:0B:F8:C9:C8:41:9C:1E:8A:60:18
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF8DC1B912B9895A1D08880C75BF0
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/aQEN-a6Q9Yl5xQv4ychBnB6KYBg.roa
Signing time:             Tue 02 Jan 2024 04:30:30 +0000
ROA not before:           Tue 02 Jan 2024 04:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209490
IP address blocks:        176.235.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f8:dc:1b:91:2b:98:95:a1:d0:88:80:c7:5b:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69010df9ae90f58979c50bf8c9c8419c1e8a6018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e7:ba:28:20:1a:8f:a2:2d:cf:75:4d:b6:8a:
                    bc:1c:58:bb:51:69:ab:8f:bf:a4:10:90:5e:fb:2c:
                    1a:77:c8:c7:06:89:cd:8d:57:21:31:76:3c:67:fb:
                    3a:b3:73:b8:4e:98:e4:89:33:69:a8:14:63:36:c3:
                    2c:0e:99:5a:d7:5e:ba:fa:15:fe:4f:93:c1:cd:4e:
                    1e:5b:c9:bf:81:01:72:51:30:6a:4b:78:26:83:11:
                    b1:36:d4:46:09:ff:5f:9e:7c:19:17:b2:79:1c:f1:
                    e0:f7:7d:e1:e4:d2:1e:19:5d:21:b4:f5:52:72:19:
                    66:42:ad:c0:56:cf:df:04:c5:11:cf:37:9e:85:e8:
                    f2:cb:24:a4:53:1a:4c:62:34:65:14:18:02:7b:c0:
                    e0:87:57:a8:15:ba:a3:25:6e:94:92:76:59:ca:64:
                    fa:09:3e:c9:db:69:f2:f5:a2:c1:42:b3:a5:7f:43:
                    10:1b:5b:ab:c0:a9:f3:cc:ee:bd:ec:92:26:b5:de:
                    13:61:4e:7b:c5:d4:f2:87:fc:cd:25:f0:ff:9e:6b:
                    d3:0b:ae:5f:4a:70:4c:31:b6:8e:38:06:50:5d:7a:
                    92:2b:5c:f7:63:59:5b:71:98:8b:fe:3d:5b:1e:88:
                    e0:0d:9c:36:9d:14:8e:b2:aa:33:68:52:c8:82:8f:
                    fe:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:01:0D:F9:AE:90:F5:89:79:C5:0B:F8:C9:C8:41:9C:1E:8A:60:18
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/aQEN-a6Q9Yl5xQv4ychBnB6KYBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.235.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:bc:db:9b:29:3c:9e:41:fc:62:cc:f9:48:51:cf:3c:37:c4:
         be:40:fa:e3:7c:f0:6e:1f:01:73:29:4a:a0:b1:7d:e8:26:23:
         27:e9:39:ff:d2:45:1c:72:7e:f3:29:80:b8:e7:d8:d8:1c:d7:
         e6:bc:91:1c:d0:b2:a6:6a:9f:b9:3c:cd:0e:81:be:8a:c1:cc:
         45:02:42:db:ec:0d:0d:20:15:be:ea:94:04:e8:af:fb:a4:ee:
         50:ca:ef:a9:85:75:19:9a:1a:b5:c4:ac:56:97:b6:50:9c:f6:
         91:b0:86:70:2a:49:e5:d7:bd:eb:f9:8d:20:46:c9:ff:4b:d4:
         b5:50:6a:29:01:79:9b:1a:0d:2f:a4:35:a2:65:ac:f8:85:49:
         90:93:a3:0a:76:a3:ca:d2:2d:23:1f:fc:cc:fe:09:b0:4d:43:
         5b:8b:f7:56:ef:21:5d:c1:24:92:ab:3b:de:31:d9:ef:9f:d7:
         fd:50:dd:51:d3:78:5e:39:56:96:cd:4a:9c:f6:33:d5:07:53:
         ce:da:bf:ac:70:f3:55:fc:9c:78:ec:21:af:8f:df:08:46:d3:
         1d:f9:11:db:0a:d0:00:61:0c:d9:04:d3:9b:83:d5:85:05:df:
         62:d9:fc:ea:d4:19:5f:65:3f:a1:1b:1c:67:93:59:7e:43:a9:
         4d:dd:c4:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/jcG5ErmJWh0IiAx1vwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAxMGRmOWFlOTBmNTg5NzljNTBiZjhjOWM4NDE5YzFlOGE2MDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjee6KCAaj6Itz3VNtoq8HFi7UWmr
j7+kEJBe+ywad8jHBonNjVchMXY8Z/s6s3O4TpjkiTNpqBRjNsMsDpla1166+hX+
T5PBzU4eW8m/gQFyUTBqS3gmgxGxNtRGCf9fnnwZF7J5HPHg933h5NIeGV0htPVS
chlmQq3AVs/fBMURzzeehejyyySkUxpMYjRlFBgCe8Dgh1eoFbqjJW6UknZZymT6
CT7J22ny9aLBQrOlf0MQG1urwKnzzO697JImtd4TYU57xdTyh/zNJfD/nmvTC65f
SnBMMbaOOAZQXXqSK1z3Y1lbcZiL/j1bHojgDZw2nRSOsqozaFLIgo/+sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkBDfmukPWJecUL+MnIQZweimAYMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvYVFFTi1hNlE5WWw1eFF2NHljaEJuQjZLWUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOt3MA0G
CSqGSIb3DQEBCwUAA4IBAQBuvNubKTyeQfxizPlIUc88N8S+QPrjfPBuHwFzKUqg
sX3oJiMn6Tn/0kUccn7zKYC459jYHNfmvJEc0LKmap+5PM0Ogb6KwcxFAkLb7A0N
IBW+6pQE6K/7pO5Qyu+phXUZmhq1xKxWl7ZQnPaRsIZwKknl173r+Y0gRsn/S9S1
UGopAXmbGg0vpDWiZaz4hUmQk6MKdqPK0i0jH/zM/gmwTUNbi/dW7yFdwSSSqzve
Mdnvn9f9UN1R03heOVaWzUqc9jPVB1PO2r+scPNV/Jx47CGvj98IRtMd+RHbCtAA
YQzZBNObg9WFBd9i2fzq1BlfZT+hGxxnk1l+Q6lN3cQC
-----END CERTIFICATE-----