Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xx93XCVjdf6KmYD8MIhraPm2Vts.roa
File:                     xx93XCVjdf6KmYD8MIhraPm2Vts.roa (raw, json)
Hash identifier:          a0B0SLbw/86bcpPvlW/G1eW8OjBEOZGYsz1ODlHkWaY=
Subject key identifier:   C7:1F:77:5C:25:63:75:FE:8A:99:80:FC:30:88:6B:68:F9:B6:56:DB
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018DC148FA9A18C3110619BABA69A785E2B8
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xx93XCVjdf6KmYD8MIhraPm2Vts.roa
Signing time:             Mon 19 Feb 2024 12:13:21 +0000
ROA not before:           Mon 19 Feb 2024 12:13:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31732
IP address blocks:        188.209.155.0/24 maxlen: 24
                          2001:16c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:48:fa:9a:18:c3:11:06:19:ba:ba:69:a7:85:e2:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Feb 19 12:13:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c71f775c256375fe8a9980fc30886b68f9b656db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:40:0b:ab:b1:9d:58:91:75:9c:8b:a1:a3:09:
                    11:94:02:47:a6:58:3c:ac:a3:e7:c9:5c:f5:0f:d1:
                    7e:ed:97:bd:ea:11:f0:f9:27:bb:fc:3b:9a:da:f3:
                    3e:fb:a0:ee:6c:f5:b2:c6:80:83:93:3f:04:74:77:
                    65:c4:8b:4e:f2:3c:5b:b7:31:cc:26:8e:80:62:8f:
                    83:7a:2a:36:ea:4f:36:f6:d9:ef:ef:05:fd:f8:81:
                    8e:51:ad:56:a4:39:fe:be:6a:f6:2b:c4:16:46:89:
                    38:30:2e:42:3a:49:a7:8e:01:ca:92:ef:e3:70:0f:
                    43:29:f3:f9:26:51:c5:d5:d6:86:dd:ed:b7:29:f0:
                    ed:cd:8f:0c:7e:b0:55:76:72:bc:e8:9e:6b:82:4c:
                    7d:cd:aa:e9:0e:07:bf:3c:6e:83:d2:75:7d:df:38:
                    f6:9d:2f:ef:3a:e7:5a:5a:25:a8:6e:cd:f5:4d:c2:
                    9d:8c:5f:91:ff:b5:c5:ee:d8:ad:70:72:00:a3:64:
                    f9:82:20:0b:19:07:3b:6b:6d:2f:08:0f:2f:c1:37:
                    7d:5b:ae:e6:7a:20:d5:b4:9c:dc:d0:8c:e4:e1:6a:
                    a0:e4:e9:bf:95:13:75:06:34:ec:34:ba:58:1d:2f:
                    ee:52:cc:4f:d0:50:7f:3a:44:80:89:4b:9c:d3:a0:
                    5e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:1F:77:5C:25:63:75:FE:8A:99:80:FC:30:88:6B:68:F9:B6:56:DB
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xx93XCVjdf6KmYD8MIhraPm2Vts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.155.0/24
                IPv6:
                  2001:16c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:0b:1e:b8:64:2d:d2:0a:f7:7e:73:73:1b:cf:b0:3d:e9:ba:
         e1:4d:cd:83:06:cc:43:99:b7:0e:18:5e:9a:5d:50:0f:0d:91:
         e3:0e:a3:77:28:1e:cb:56:db:85:a4:51:b0:91:00:ec:41:81:
         3c:81:0e:45:65:b4:32:43:3a:c7:92:0b:64:8a:bb:83:ef:71:
         d0:b7:3f:94:4c:7f:cc:93:aa:98:a6:ba:d8:40:62:21:07:09:
         23:77:e9:48:5a:f6:f4:7e:30:87:8e:ff:c4:5f:d3:53:10:1c:
         c9:e6:7b:07:98:46:55:0e:27:86:43:91:46:ed:1a:f1:b9:95:
         bc:30:46:3f:13:19:b6:2d:b2:07:85:57:72:e4:7b:6b:20:b5:
         d8:5d:e3:97:4b:3c:88:3b:47:c8:35:69:92:6f:c2:77:72:62:
         3f:2b:84:b4:09:16:70:df:8d:4a:f8:f6:c5:54:cc:99:86:52:
         1f:67:b0:ee:a5:7f:bc:9e:66:55:18:d6:67:14:4d:23:32:64:
         57:9f:26:66:67:a7:e3:ff:81:5c:71:85:4b:e2:4b:b8:dc:c1:
         13:34:e5:92:09:fe:ee:7f:aa:e9:bb:c8:11:20:1e:20:c3:b1:
         c3:88:51:e5:7e:75:29:36:32:13:8c:b8:7f:48:23:9e:77:63:
         8f:6d:fc:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3BSPqaGMMRBhm6ummnheK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMjE5MTIxMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzFmNzc1YzI1NjM3NWZlOGE5OTgwZmMzMDg4NmI2OGY5YjY1NmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEALq7GdWJF1nIuhowkRlAJHplg8
rKPnyVz1D9F+7Ze96hHw+Se7/Dua2vM++6DubPWyxoCDkz8EdHdlxItO8jxbtzHM
Jo6AYo+Deio26k829tnv7wX9+IGOUa1WpDn+vmr2K8QWRok4MC5COkmnjgHKku/j
cA9DKfP5JlHF1daG3e23KfDtzY8MfrBVdnK86J5rgkx9zarpDge/PG6D0nV93zj2
nS/vOudaWiWobs31TcKdjF+R/7XF7titcHIAo2T5giALGQc7a20vCA8vwTd9W67m
eiDVtJzc0Izk4Wqg5Om/lRN1BjTsNLpYHS/uUsxP0FB/OkSAiUuc06BecwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMcfd1wlY3X+ipmA/DCIa2j5tlbbMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEveHg5M1hDVmpkZjZLbVlEOE1JaHJhUG0yVnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvNGbMA0E
AgACMAcDBQMgARbAMA0GCSqGSIb3DQEBCwUAA4IBAQCWCx64ZC3SCvd+c3Mbz7A9
6brhTc2DBsxDmbcOGF6aXVAPDZHjDqN3KB7LVtuFpFGwkQDsQYE8gQ5FZbQyQzrH
kgtkiruD73HQtz+UTH/Mk6qYprrYQGIhBwkjd+lIWvb0fjCHjv/EX9NTEBzJ5nsH
mEZVDieGQ5FG7RrxuZW8MEY/Exm2LbIHhVdy5HtrILXYXeOXSzyIO0fINWmSb8J3
cmI/K4S0CRZw341K+PbFVMyZhlIfZ7DupX+8nmZVGNZnFE0jMmRXnyZmZ6fj/4Fc
cYVL4ku43METNOWSCf7uf6rpu8gRIB4gw7HDiFHlfnUpNjITjLh/SCOed2OPbfy8
-----END CERTIFICATE-----