Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/AEbW2VURLwusr004pqQLovy0PeI.roa
File:                     AEbW2VURLwusr004pqQLovy0PeI.roa (raw, json)
Hash identifier:          1ysBroD56iSFTK16pSeR8yenn1vv6asg9+ns5P/lEhs=
Subject key identifier:   00:46:D6:D9:55:11:2F:0B:AC:AF:4D:38:A6:A4:0B:A2:FC:B4:3D:E2
Certificate issuer:       /CN=a75f25ab3c66003b2d5af83d2b3651f88d151f2a
Certificate serial:       018CC86F0E3BCFA6DFC41A8D8988BA128946
Authority key identifier: A7:5F:25:AB:3C:66:00:3B:2D:5A:F8:3D:2B:36:51:F8:8D:15:1F:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p18lqzxmADstWvg9KzZR-I0VHyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/AEbW2VURLwusr004pqQLovy0PeI.roa
Signing time:             Tue 02 Jan 2024 04:29:30 +0000
ROA not before:           Tue 02 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197487
IP address blocks:        176.113.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/p18lqzxmADstWvg9KzZR-I0VHyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/p18lqzxmADstWvg9KzZR-I0VHyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p18lqzxmADstWvg9KzZR-I0VHyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0e:3b:cf:a6:df:c4:1a:8d:89:88:ba:12:89:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a75f25ab3c66003b2d5af83d2b3651f88d151f2a
        Validity
            Not Before: Jan  2 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0046d6d955112f0bacaf4d38a6a40ba2fcb43de2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:de:36:e5:04:53:0e:44:ba:08:7d:71:3f:bc:
                    e8:4a:a9:1a:81:59:45:92:e5:9d:04:dc:ed:a9:98:
                    d9:44:bf:d6:f8:89:2f:cb:8e:64:57:e5:77:2c:d6:
                    5a:08:ee:63:7c:c1:5c:71:fe:22:04:9e:8a:c2:f0:
                    f4:e1:4b:a6:5d:9d:9a:79:21:11:f7:f0:50:87:94:
                    cc:35:41:d5:88:2a:05:f0:51:09:39:ee:d0:d8:6d:
                    5d:9e:9b:a6:08:39:b6:2d:78:79:97:48:a7:f1:69:
                    eb:4a:00:2b:2f:5f:80:4b:45:22:81:10:ce:01:71:
                    23:b7:76:e9:8c:2d:80:4d:2b:c3:25:81:5a:44:bf:
                    9c:33:93:8f:75:b5:e9:ac:1e:a4:fb:17:9a:9f:1c:
                    7c:c6:7d:95:6f:de:61:b9:c1:39:7c:63:57:81:b0:
                    54:7c:a3:4d:df:fd:8e:3b:c9:4b:90:c3:cc:3c:4e:
                    91:c3:ae:f9:73:9a:4e:1b:ff:44:71:a7:c9:b7:77:
                    2b:b5:d3:bf:da:fa:21:7c:17:5f:c7:b1:fc:13:e5:
                    6f:1d:b9:97:b2:be:9b:fe:af:17:28:2e:a9:19:9a:
                    22:0c:f1:65:c1:71:5f:b6:39:bf:13:e4:79:56:aa:
                    72:50:22:03:ca:f1:b1:2c:5d:b4:ef:e6:bd:fa:ab:
                    ae:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:46:D6:D9:55:11:2F:0B:AC:AF:4D:38:A6:A4:0B:A2:FC:B4:3D:E2
            X509v3 Authority Key Identifier:
                keyid:A7:5F:25:AB:3C:66:00:3B:2D:5A:F8:3D:2B:36:51:F8:8D:15:1F:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p18lqzxmADstWvg9KzZR-I0VHyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/AEbW2VURLwusr004pqQLovy0PeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/d0ef31-991d-496d-9635-b6f4a4d6053b/1/p18lqzxmADstWvg9KzZR-I0VHyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:cd:0f:e2:00:a4:5e:95:24:94:a2:0f:08:2a:51:62:c1:d1:
         82:9e:15:72:57:6a:4d:14:11:ce:a3:9d:9e:30:da:ed:27:30:
         61:d5:8b:fc:2b:ef:a0:1e:dd:7c:8a:61:90:74:34:8a:ff:03:
         5d:db:2b:46:1c:04:81:d4:6d:5b:fa:ca:97:82:55:45:ee:4c:
         c5:29:fd:f5:ef:c8:4b:dc:28:21:d8:d1:1a:0e:9c:7f:17:b9:
         3c:34:9f:db:51:00:f8:14:7d:ae:fd:09:52:1d:83:d1:5b:2d:
         e2:3a:0c:11:71:59:51:6c:fc:fb:3b:17:0d:aa:6b:41:38:91:
         c7:0c:28:f0:ef:16:e6:c0:25:b9:19:f1:5b:08:f1:aa:56:55:
         96:ab:a7:64:67:f1:f2:22:2f:57:98:63:72:08:ee:0c:73:b0:
         57:51:a3:06:f4:48:76:47:6d:4c:a6:7d:1d:69:31:ae:8b:af:
         db:63:84:54:07:f4:6e:01:fe:54:12:a6:5b:60:14:4f:08:e3:
         86:36:08:26:2c:b7:1d:05:3a:c7:c0:f5:ac:67:a5:f1:3b:29:
         4a:bf:e5:fc:cf:dc:53:aa:1f:95:2d:3f:a4:71:80:7d:42:41:
         e4:a4:be:18:51:92:97:fa:d1:18:1a:0f:1c:78:f5:c1:a3:09:
         21:49:b2:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbw47z6bfxBqNiYi6EolGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NWYyNWFiM2M2NjAwM2IyZDVhZjgzZDJiMzY1MWY4OGQx
NTFmMmEwHhcNMjQwMTAyMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQ2ZDZkOTU1MTEyZjBiYWNhZjRkMzhhNmE0MGJhMmZjYjQzZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6t425QRTDkS6CH1xP7zoSqkagVlF
kuWdBNztqZjZRL/W+Ikvy45kV+V3LNZaCO5jfMFccf4iBJ6KwvD04UumXZ2aeSER
9/BQh5TMNUHViCoF8FEJOe7Q2G1dnpumCDm2LXh5l0in8WnrSgArL1+AS0UigRDO
AXEjt3bpjC2ATSvDJYFaRL+cM5OPdbXprB6k+xeanxx8xn2Vb95hucE5fGNXgbBU
fKNN3/2OO8lLkMPMPE6Rw675c5pOG/9EcafJt3crtdO/2vohfBdfx7H8E+VvHbmX
sr6b/q8XKC6pGZoiDPFlwXFftjm/E+R5VqpyUCIDyvGxLF207+a9+quuMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABG1tlVES8LrK9NOKakC6L8tD3iMB8GA1UdIwQY
MBaAFKdfJas8ZgA7LVr4PSs2UfiNFR8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDE4bHF6eG1BRHN0V3ZnOUt6WlItSTBWSHlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9kMGVmMzEtOTkxZC00OTZkLTk2MzUt
YjZmNGE0ZDYwNTNiLzEvQUViVzJWVVJMd3VzcjAwNHBxUUxvdnkwUGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9kMGVmMzEtOTkxZC00OTZkLTk2MzUtYjZmNGE0ZDYwNTNi
LzEvcDE4bHF6eG1BRHN0V3ZnOUt6WlItSTBWSHlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHFxMA0G
CSqGSIb3DQEBCwUAA4IBAQBHzQ/iAKRelSSUog8IKlFiwdGCnhVyV2pNFBHOo52e
MNrtJzBh1Yv8K++gHt18imGQdDSK/wNd2ytGHASB1G1b+sqXglVF7kzFKf3178hL
3Cgh2NEaDpx/F7k8NJ/bUQD4FH2u/QlSHYPRWy3iOgwRcVlRbPz7OxcNqmtBOJHH
DCjw7xbmwCW5GfFbCPGqVlWWq6dkZ/HyIi9XmGNyCO4Mc7BXUaMG9Eh2R21Mpn0d
aTGui6/bY4RUB/RuAf5UEqZbYBRPCOOGNggmLLcdBTrHwPWsZ6XxOylKv+X8z9xT
qh+VLT+kcYB9QkHkpL4YUZKX+tEYGg8cePXBowkhSbIC
-----END CERTIFICATE-----