Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/0808b2-1633-4c0d-bcbc-f6fcf73cee70/1/qGmUTGYJ18rygAENbfEbDARXfyI.roa
File:                     qGmUTGYJ18rygAENbfEbDARXfyI.roa (raw, json)
Hash identifier:          bdTMLd8EtxYw/Zl8CMtCXGkDL3CtNGBRAfn2fmwi5x4=
Subject key identifier:   A8:69:94:4C:66:09:D7:CA:F2:80:01:0D:6D:F1:1B:0C:04:57:7F:22
Certificate issuer:       /CN=168f0e2ba2d093433a4b61295727b99bb145f77b
Certificate serial:       018DD4C7EBEEA123B73E08BF1A46691563A0
Authority key identifier: 16:8F:0E:2B:A2:D0:93:43:3A:4B:61:29:57:27:B9:9B:B1:45:F7:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fo8OK6LQk0M6S2EpVye5m7FF93s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/0808b2-1633-4c0d-bcbc-f6fcf73cee70/1/qGmUTGYJ18rygAENbfEbDARXfyI.roa
Signing time:             Fri 23 Feb 2024 07:04:48 +0000
ROA not before:           Fri 23 Feb 2024 07:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198095
IP address blocks:        64.187.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/0808b2-1633-4c0d-bcbc-f6fcf73cee70/1/Fo8OK6LQk0M6S2EpVye5m7FF93s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/0808b2-1633-4c0d-bcbc-f6fcf73cee70/1/Fo8OK6LQk0M6S2EpVye5m7FF93s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fo8OK6LQk0M6S2EpVye5m7FF93s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d4:c7:eb:ee:a1:23:b7:3e:08:bf:1a:46:69:15:63:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=168f0e2ba2d093433a4b61295727b99bb145f77b
        Validity
            Not Before: Feb 23 07:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a869944c6609d7caf280010d6df11b0c04577f22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0a:a4:44:43:90:e0:2f:d9:44:57:24:fa:0d:
                    48:f1:4a:0c:1a:af:2f:ce:8b:55:bf:ba:3e:f2:54:
                    d4:9e:1e:87:d8:00:6e:40:06:bf:65:76:4d:c8:48:
                    5d:1d:ed:c9:87:21:24:50:a2:6f:99:d7:8f:6d:66:
                    a1:29:a4:47:ad:ec:16:1a:d2:77:42:c3:44:a1:2c:
                    1b:a7:81:97:fc:95:75:ec:98:de:f2:e0:79:6f:82:
                    94:8c:16:d7:dd:c6:b0:aa:1a:7a:c5:89:50:36:5a:
                    ce:ae:90:89:f3:f6:e8:90:bc:06:8f:97:f3:b2:91:
                    7e:ef:6d:7c:ec:cb:72:83:ab:8e:72:48:b5:38:fa:
                    cf:85:bb:2a:7a:5d:37:30:09:7d:9c:9d:10:04:c9:
                    13:a5:34:a6:f5:1b:8d:e6:39:a2:70:b4:91:ef:f4:
                    13:39:24:9c:1f:d9:f8:45:a4:d7:f9:e8:40:b9:d7:
                    56:1b:7e:51:50:b5:7d:ee:ea:37:bd:1b:f8:4f:02:
                    2d:19:8c:52:7b:9c:55:db:e7:b5:70:76:40:d4:78:
                    f2:0f:b1:eb:25:f3:f4:b4:7a:1e:25:6a:a0:47:02:
                    a2:b6:60:ff:aa:57:7d:01:0b:de:04:c8:18:08:90:
                    e2:b5:d9:13:db:db:98:f4:44:70:71:e2:f7:72:5a:
                    67:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:69:94:4C:66:09:D7:CA:F2:80:01:0D:6D:F1:1B:0C:04:57:7F:22
            X509v3 Authority Key Identifier:
                keyid:16:8F:0E:2B:A2:D0:93:43:3A:4B:61:29:57:27:B9:9B:B1:45:F7:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fo8OK6LQk0M6S2EpVye5m7FF93s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0808b2-1633-4c0d-bcbc-f6fcf73cee70/1/qGmUTGYJ18rygAENbfEbDARXfyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/0808b2-1633-4c0d-bcbc-f6fcf73cee70/1/Fo8OK6LQk0M6S2EpVye5m7FF93s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.187.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:d9:d9:35:31:af:1a:3f:61:18:be:c8:69:c6:01:af:2b:d6:
         da:18:9e:7f:87:c4:8f:2b:62:e0:05:78:f4:00:8e:87:27:7e:
         44:10:59:e5:6e:e1:80:a2:27:73:5b:e4:11:31:f6:69:cd:8e:
         5f:fa:3b:da:77:60:38:b5:fd:c1:a0:d6:29:7e:72:a3:dd:ee:
         b6:e7:5f:c5:6c:6c:60:44:55:fd:0b:7d:11:fc:87:75:bf:03:
         43:b1:2d:78:3a:f9:ed:9e:0c:42:c1:54:1c:0c:d0:df:8a:ad:
         97:92:42:27:fb:0e:04:f1:40:08:7d:b2:b3:19:42:e5:65:23:
         b5:3e:4b:64:79:58:e7:a8:ff:c5:15:57:04:b9:b7:63:0a:1c:
         f1:d9:c6:33:74:ae:88:74:2d:b1:47:8a:bb:fc:0b:6d:1a:19:
         2d:11:53:d5:94:89:61:4f:61:f5:67:ae:43:b1:4d:82:02:8b:
         b8:c9:b1:4b:dd:07:81:d0:19:52:08:6b:6b:48:6b:06:cf:a1:
         31:1f:84:b4:da:4e:0a:f1:83:bd:79:be:3a:15:c6:bf:0b:c4:
         ea:42:79:a6:08:ee:68:e0:ad:bf:59:5f:05:46:bc:9f:bc:1a:
         0c:85:92:96:78:6b:41:66:48:38:08:14:8b:cc:57:36:02:66:
         5a:b2:57:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Ux+vuoSO3Pgi/GkZpFWOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OGYwZTJiYTJkMDkzNDMzYTRiNjEyOTU3MjdiOTliYjE0
NWY3N2IwHhcNMjQwMjIzMDcwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODY5OTQ0YzY2MDlkN2NhZjI4MDAxMGQ2ZGYxMWIwYzA0NTc3ZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgqkREOQ4C/ZRFck+g1I8UoMGq8v
zotVv7o+8lTUnh6H2ABuQAa/ZXZNyEhdHe3JhyEkUKJvmdePbWahKaRHrewWGtJ3
QsNEoSwbp4GX/JV17Jje8uB5b4KUjBbX3cawqhp6xYlQNlrOrpCJ8/bokLwGj5fz
spF+72187Mtyg6uOcki1OPrPhbsqel03MAl9nJ0QBMkTpTSm9RuN5jmicLSR7/QT
OSScH9n4RaTX+ehAuddWG35RULV97uo3vRv4TwItGYxSe5xV2+e1cHZA1HjyD7Hr
JfP0tHoeJWqgRwKitmD/qld9AQveBMgYCJDitdkT29uY9ERwceL3clpnFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhplExmCdfK8oABDW3xGwwEV38iMB8GA1UdIwQY
MBaAFBaPDiui0JNDOkthKVcnuZuxRfd7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm84T0s2TFFrME02UzJFcFZ5ZTVtN0ZGOTNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8wODA4YjItMTYzMy00YzBkLWJjYmMt
ZjZmY2Y3M2NlZTcwLzEvcUdtVVRHWUoxOHJ5Z0FFTmJmRWJEQVJYZnlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8wODA4YjItMTYzMy00YzBkLWJjYmMtZjZmY2Y3M2NlZTcw
LzEvRm84T0s2TFFrME02UzJFcFZ5ZTVtN0ZGOTNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQLtsMA0G
CSqGSIb3DQEBCwUAA4IBAQBR2dk1Ma8aP2EYvshpxgGvK9baGJ5/h8SPK2LgBXj0
AI6HJ35EEFnlbuGAoidzW+QRMfZpzY5f+jvad2A4tf3BoNYpfnKj3e6251/FbGxg
RFX9C30R/Id1vwNDsS14OvntngxCwVQcDNDfiq2XkkIn+w4E8UAIfbKzGULlZSO1
PktkeVjnqP/FFVcEubdjChzx2cYzdK6IdC2xR4q7/AttGhktEVPVlIlhT2H1Z65D
sU2CAou4ybFL3QeB0BlSCGtrSGsGz6ExH4S02k4K8YO9eb46Fca/C8TqQnmmCO5o
4K2/WV8FRryfvBoMhZKWeGtBZkg4CBSLzFc2AmZaslez
-----END CERTIFICATE-----