Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/9rLktAQmcWNWiGw3sfFB0dWsORI.roa
File:                     9rLktAQmcWNWiGw3sfFB0dWsORI.roa (raw, json)
Hash identifier:          Vuo4kknPh/yo+Uhet19EQBiEhCqWrMyyqlqlr76Qvg0=
Subject key identifier:   F6:B2:E4:B4:04:26:71:63:56:88:6C:37:B1:F1:41:D1:D5:AC:39:12
Certificate issuer:       /CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
Certificate serial:       018CC348CEF04B9A2AE52CD01163D516B7EA
Authority key identifier: 0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/9rLktAQmcWNWiGw3sfFB0dWsORI.roa
Signing time:             Mon 01 Jan 2024 04:29:37 +0000
ROA not before:           Mon 01 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20879
IP address blocks:        176.223.0.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 23:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ce:f0:4b:9a:2a:e5:2c:d0:11:63:d5:16:b7:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b556acb5f3b961b5cc24a2995f34ee91f79dc16
        Validity
            Not Before: Jan  1 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6b2e4b40426716356886c37b1f141d1d5ac3912
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1a:ee:6f:a4:3a:14:23:ec:fe:b2:1d:cf:df:
                    63:e4:e6:5a:6f:d5:34:2b:73:14:ff:78:3e:eb:fc:
                    ae:6a:89:ab:fd:61:34:8b:d3:c2:30:11:3c:28:4e:
                    6a:12:e2:bc:cc:f3:be:46:de:7c:84:a4:63:8f:a4:
                    e4:da:08:47:8d:71:89:c1:3b:26:68:d2:10:18:81:
                    79:e3:e2:88:70:37:d5:9a:8c:8d:70:ea:44:3e:db:
                    56:5d:b1:8b:b6:79:8c:c6:48:25:0a:e8:ab:9c:39:
                    20:52:61:75:00:f2:e5:fc:96:d5:76:25:a6:b2:4a:
                    e2:3f:cb:d5:ac:d5:35:5b:b8:41:0c:9e:9a:60:05:
                    e8:70:ee:c0:84:7a:83:64:86:ce:b2:83:ef:5b:78:
                    31:ee:86:71:66:8d:ce:b0:19:05:29:0e:8b:e0:ca:
                    6e:ab:12:69:c1:6f:bf:69:d4:7e:8d:74:80:40:40:
                    10:a8:5a:8e:39:e2:04:ca:8f:75:c3:fb:06:cc:51:
                    03:b6:27:34:7b:db:28:e5:71:04:3a:69:23:b8:8c:
                    36:bb:3f:3e:a2:16:ce:d4:b7:30:93:f2:c1:81:f6:
                    02:46:71:f1:03:53:6c:6a:78:24:01:c6:e2:ae:e8:
                    68:9d:42:0e:c9:05:22:8e:bc:ca:31:88:ee:26:be:
                    7c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B2:E4:B4:04:26:71:63:56:88:6C:37:B1:F1:41:D1:D5:AC:39:12
            X509v3 Authority Key Identifier:
                keyid:0B:55:6A:CB:5F:3B:96:1B:5C:C2:4A:29:95:F3:4E:E9:1F:79:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1Vqy187lhtcwkoplfNO6R953BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/9rLktAQmcWNWiGw3sfFB0dWsORI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/829fdf-ba63-4c23-91d1-d2bbf37dabb4/1/C1Vqy187lhtcwkoplfNO6R953BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.223.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5e:b1:45:2a:21:6c:06:9a:f0:27:75:c2:c1:b6:9b:9f:cf:5b:
         69:f1:c7:41:f9:4e:23:aa:f5:33:14:0a:a5:cb:52:4c:26:42:
         fa:87:a0:db:db:c8:35:21:e3:9c:92:ee:8d:1b:36:5a:6e:df:
         4e:2c:11:aa:90:04:d5:46:f8:de:a7:43:a1:1d:55:fb:74:f5:
         b3:56:b0:98:2c:96:26:08:1d:02:f9:6b:01:81:e5:db:5e:80:
         90:12:fd:d2:72:6a:fd:6c:21:36:e5:37:75:30:fc:a5:96:d2:
         ab:d5:5e:55:3f:fa:c3:52:aa:3f:4e:16:63:c5:f9:2e:06:8c:
         b5:5d:fc:2e:02:b5:7f:c1:54:29:68:97:6e:03:0d:97:90:eb:
         f6:de:2e:58:df:b8:13:76:4e:70:f5:ed:38:f0:3c:3c:60:f1:
         c7:f5:4e:bc:17:19:03:1c:a0:01:9c:d8:35:a8:a0:26:6a:00:
         1e:fa:d8:8d:24:8d:74:ab:41:81:ec:6d:10:cc:49:d9:89:04:
         f1:20:e1:cc:44:65:ac:f6:79:95:eb:d0:9e:2b:81:1c:93:c4:
         f2:ff:1e:bd:5f:f3:5f:af:88:56:bd:98:fb:74:21:00:f3:b1:
         4f:a2:42:1f:d7:9a:c9:80:59:60:e4:9a:80:61:49:50:d6:fe:
         99:e5:19:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSM7wS5oq5SzQEWPVFrfqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNTU2YWNiNWYzYjk2MWI1Y2MyNGEyOTk1ZjM0ZWU5MWY3
OWRjMTYwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmIyZTRiNDA0MjY3MTYzNTY4ODZjMzdiMWYxNDFkMWQ1YWMzOTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBrub6Q6FCPs/rIdz99j5OZab9U0
K3MU/3g+6/yuaomr/WE0i9PCMBE8KE5qEuK8zPO+Rt58hKRjj6Tk2ghHjXGJwTsm
aNIQGIF54+KIcDfVmoyNcOpEPttWXbGLtnmMxkglCuirnDkgUmF1APLl/JbVdiWm
skriP8vVrNU1W7hBDJ6aYAXocO7AhHqDZIbOsoPvW3gx7oZxZo3OsBkFKQ6L4Mpu
qxJpwW+/adR+jXSAQEAQqFqOOeIEyo91w/sGzFEDtic0e9so5XEEOmkjuIw2uz8+
ohbO1Lcwk/LBgfYCRnHxA1NsangkAcbiruhonUIOyQUijrzKMYjuJr58CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPay5LQEJnFjVohsN7HxQdHVrDkSMB8GA1UdIwQY
MBaAFAtVastfO5YbXMJKKZXzTukfedwWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEt
ZDJiYmYzN2RhYmI0LzEvOXJMa3RBUW1jV05XaUd3M3NmRkIwZFdzT1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS84MjlmZGYtYmE2My00YzIzLTkxZDEtZDJiYmYzN2RhYmI0
LzEvQzFWcXkxODdsaHRjd2tvcGxmTk82Ujk1M0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGsN8AMA0G
CSqGSIb3DQEBCwUAA4IBAQBesUUqIWwGmvAndcLBtpufz1tp8cdB+U4jqvUzFAql
y1JMJkL6h6Db28g1IeOcku6NGzZabt9OLBGqkATVRvjep0OhHVX7dPWzVrCYLJYm
CB0C+WsBgeXbXoCQEv3Scmr9bCE25Td1MPylltKr1V5VP/rDUqo/ThZjxfkuBoy1
XfwuArV/wVQpaJduAw2XkOv23i5Y37gTdk5w9e048Dw8YPHH9U68FxkDHKABnNg1
qKAmagAe+tiNJI10q0GB7G0QzEnZiQTxIOHMRGWs9nmV69CeK4Eck8Ty/x69X/Nf
r4hWvZj7dCEA87FPokIf15rJgFlg5JqAYUlQ1v6Z5Rm4
-----END CERTIFICATE-----