Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/rxhBfSZ_58SfrfJTxYq9uOkD3nY.roa
File:                     rxhBfSZ_58SfrfJTxYq9uOkD3nY.roa (raw, json)
Hash identifier:          LSYnFSuySg66jncPl+qm+My5xmh0U9sNrU8HOGxOpl8=
Subject key identifier:   AF:18:41:7D:26:7F:E7:C4:9F:AD:F2:53:C5:8A:BD:B8:E9:03:DE:76
Certificate issuer:       /CN=08a297f8cfa1ce6d3fe2c526911c468a9a6318d0
Certificate serial:       018CC3B729DF47BD8170CE1C7B882668A99B
Authority key identifier: 08:A2:97:F8:CF:A1:CE:6D:3F:E2:C5:26:91:1C:46:8A:9A:63:18:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CKKX-M-hzm0_4sUmkRxGippjGNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/rxhBfSZ_58SfrfJTxYq9uOkD3nY.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        178.213.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/CKKX-M-hzm0_4sUmkRxGippjGNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/CKKX-M-hzm0_4sUmkRxGippjGNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CKKX-M-hzm0_4sUmkRxGippjGNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:29:df:47:bd:81:70:ce:1c:7b:88:26:68:a9:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08a297f8cfa1ce6d3fe2c526911c468a9a6318d0
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af18417d267fe7c49fadf253c58abdb8e903de76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e8:bf:b4:ab:24:df:99:89:b3:e9:57:c3:6f:
                    6d:3d:7b:f3:cf:b7:60:3a:5f:b5:60:55:14:69:8d:
                    43:e6:3a:5f:de:ee:9c:60:24:c5:38:fd:e1:90:d5:
                    15:1c:bd:63:f4:b2:c3:15:9e:db:0e:51:17:b8:19:
                    9e:56:8d:56:6c:a1:90:84:43:f6:48:1d:d3:73:45:
                    e2:e6:f9:d0:c3:c6:d9:d6:47:2a:8a:38:c6:b7:c9:
                    98:77:d2:aa:01:1d:70:19:c8:bd:9c:3c:e6:35:c0:
                    ed:1d:d0:15:df:7e:82:bb:96:d8:34:8a:c3:97:25:
                    9a:17:6c:90:a1:4c:29:e8:84:1b:9c:c0:73:d2:8c:
                    66:47:88:c1:0f:88:78:7b:3c:9c:e5:3f:47:f1:85:
                    22:9a:c4:29:7b:a7:48:ae:dd:cb:f3:48:47:cc:5f:
                    3f:56:8b:6c:d5:96:28:b0:6e:71:55:c3:3c:9e:95:
                    1b:8e:e6:a2:fe:88:0e:4d:0e:8f:03:46:c0:b5:42:
                    03:f8:e9:3d:22:02:34:2a:91:fc:9d:2a:41:ef:df:
                    ca:56:f8:0f:e4:15:4f:78:c9:75:d3:3d:4e:70:53:
                    20:0c:3b:72:f7:f2:73:81:21:07:ba:b7:9c:ec:66:
                    b2:d2:f5:2d:84:a7:38:7b:a9:4d:ac:66:2c:28:de:
                    de:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:18:41:7D:26:7F:E7:C4:9F:AD:F2:53:C5:8A:BD:B8:E9:03:DE:76
            X509v3 Authority Key Identifier:
                keyid:08:A2:97:F8:CF:A1:CE:6D:3F:E2:C5:26:91:1C:46:8A:9A:63:18:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CKKX-M-hzm0_4sUmkRxGippjGNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/rxhBfSZ_58SfrfJTxYq9uOkD3nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/CKKX-M-hzm0_4sUmkRxGippjGNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:ff:a1:60:5b:6b:8c:26:01:d1:49:82:bd:07:a2:29:34:e3:
         1e:d5:8e:a1:92:ec:ee:01:3a:dd:61:22:a8:ec:8f:9e:ee:c4:
         b7:91:93:00:5c:fe:9f:3e:35:06:5f:94:c0:ea:85:2d:3e:de:
         e6:bb:d4:84:33:cb:f0:d1:3c:a4:52:08:a7:19:e7:65:ca:3f:
         fd:89:76:32:f5:53:9f:de:3f:23:50:0f:8c:c8:e4:fd:6e:76:
         1d:11:b4:52:a3:2a:d0:75:4a:aa:90:f9:02:11:eb:d9:22:fe:
         81:9e:7c:ae:fc:90:84:64:9f:e0:36:c2:92:18:c7:e9:f1:e5:
         dd:01:a4:db:da:71:a0:2b:57:60:ed:a1:b4:6c:35:46:57:ea:
         84:39:89:f5:2e:2f:be:3e:87:5c:83:67:72:f4:ab:2c:eb:ae:
         1c:d0:0a:6a:6b:fd:bb:63:c3:fa:ed:23:aa:f1:b7:29:d4:7c:
         f2:04:1c:c0:3d:f3:d2:70:59:ef:da:57:25:96:6f:5c:a0:24:
         9a:89:df:90:00:2e:6f:a9:10:30:a3:9d:5e:e0:08:7a:bc:33:
         0d:e1:a7:aa:5c:3c:82:0a:1d:67:cc:dc:81:26:19:3a:2e:ff:
         cd:d5:c1:30:8f:59:6e:b7:ea:3e:04:18:69:ed:00:a8:bc:dc:
         23:4e:29:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtynfR72BcM4ce4gmaKmbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YTI5N2Y4Y2ZhMWNlNmQzZmUyYzUyNjkxMWM0NjhhOWE2
MzE4ZDAwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE4NDE3ZDI2N2ZlN2M0OWZhZGYyNTNjNThhYmRiOGU5MDNkZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+i/tKsk35mJs+lXw29tPXvzz7dg
Ol+1YFUUaY1D5jpf3u6cYCTFOP3hkNUVHL1j9LLDFZ7bDlEXuBmeVo1WbKGQhEP2
SB3Tc0Xi5vnQw8bZ1kcqijjGt8mYd9KqAR1wGci9nDzmNcDtHdAV336Cu5bYNIrD
lyWaF2yQoUwp6IQbnMBz0oxmR4jBD4h4ezyc5T9H8YUimsQpe6dIrt3L80hHzF8/
Vots1ZYosG5xVcM8npUbjuai/ogOTQ6PA0bAtUID+Ok9IgI0KpH8nSpB79/KVvgP
5BVPeMl10z1OcFMgDDty9/JzgSEHurec7Gay0vUthKc4e6lNrGYsKN7eZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8YQX0mf+fEn63yU8WKvbjpA952MB8GA1UdIwQY
MBaAFAiil/jPoc5tP+LFJpEcRoqaYxjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0tLWC1NLWh6bTBfNHNVbWtSeEdpcHBqR05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81ZjE1M2QtNzFkOS00NzBhLWJhMjct
OTcxMTM5NTE0YmIxLzEvcnhoQmZTWl81OFNmcmZKVHhZcTl1T2tEM25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81ZjE1M2QtNzFkOS00NzBhLWJhMjctOTcxMTM5NTE0YmIx
LzEvQ0tLWC1NLWh6bTBfNHNVbWtSeEdpcHBqR05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstVLMA0G
CSqGSIb3DQEBCwUAA4IBAQB5/6FgW2uMJgHRSYK9B6IpNOMe1Y6hkuzuATrdYSKo
7I+e7sS3kZMAXP6fPjUGX5TA6oUtPt7mu9SEM8vw0TykUginGedlyj/9iXYy9VOf
3j8jUA+MyOT9bnYdEbRSoyrQdUqqkPkCEevZIv6Bnnyu/JCEZJ/gNsKSGMfp8eXd
AaTb2nGgK1dg7aG0bDVGV+qEOYn1Li++Podcg2dy9Kss664c0Apqa/27Y8P67SOq
8bcp1HzyBBzAPfPScFnv2lcllm9coCSaid+QAC5vqRAwo51e4Ah6vDMN4aeqXDyC
Ch1nzNyBJhk6Lv/N1cEwj1lut+o+BBhp7QCovNwjTik0
-----END CERTIFICATE-----