Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/eWxnD5qzBbjG2P42PxA9wQsayYQ.roa
File:                     eWxnD5qzBbjG2P42PxA9wQsayYQ.roa (raw, json)
Hash identifier:          XSfLy69YJYvSGQ5eedL8LbU9eKwwhXu3BM+WsP6UM+8=
Subject key identifier:   79:6C:67:0F:9A:B3:05:B8:C6:D8:FE:36:3F:10:3D:C1:0B:1A:C9:84
Certificate issuer:       /CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
Certificate serial:       018CC26D629F788857E0729F0FD459162357
Authority key identifier: A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/eWxnD5qzBbjG2P42PxA9wQsayYQ.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35297
IP address blocks:        176.105.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:62:9f:78:88:57:e0:72:9f:0f:d4:59:16:23:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a016588bd1ccb2dd221c6f87838567475d7ef29b
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=796c670f9ab305b8c6d8fe363f103dc10b1ac984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ad:e7:db:5b:f9:0d:44:dc:da:67:d7:5d:8b:
                    e4:07:5a:70:ac:19:73:a8:98:a7:a7:87:4d:59:a3:
                    9f:a3:3e:b4:bd:69:57:a8:96:74:4e:fa:f8:1c:48:
                    31:fc:cb:dd:65:3c:f5:ab:c6:47:22:d4:a9:6f:a9:
                    a0:e0:d5:d0:9d:d8:f5:85:03:68:7a:22:60:20:35:
                    ae:f7:0f:ba:d2:67:52:d5:33:ca:de:43:6c:a6:63:
                    2a:c5:01:7c:bd:50:a9:11:f2:fc:19:4a:2f:cc:57:
                    5a:6b:48:52:64:a1:5d:74:28:32:55:99:c9:4a:d6:
                    c9:78:30:7c:37:9a:21:c4:9f:2f:80:bb:da:af:12:
                    a5:fe:99:21:10:61:4c:44:a0:5d:a0:f5:0c:10:49:
                    eb:d5:17:0b:51:8f:da:b0:57:10:66:60:24:ee:75:
                    27:e2:06:0d:29:7d:2a:c5:8d:fd:ed:91:0a:83:3b:
                    d2:9a:01:d5:e3:30:ac:1d:8a:97:5c:7e:01:4f:ad:
                    a3:c0:4d:d0:74:ef:19:7a:bc:5d:db:e7:37:73:1c:
                    6f:f9:3e:82:2b:4e:dc:b9:06:09:7d:b5:27:36:27:
                    da:18:63:f4:1f:8a:80:90:8e:a2:8f:36:74:f1:e5:
                    42:4b:13:15:b6:bf:c2:bb:0f:ca:7e:d5:28:c1:a6:
                    79:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:6C:67:0F:9A:B3:05:B8:C6:D8:FE:36:3F:10:3D:C1:0B:1A:C9:84
            X509v3 Authority Key Identifier:
                keyid:A0:16:58:8B:D1:CC:B2:DD:22:1C:6F:87:83:85:67:47:5D:7E:F2:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBZYi9HMst0iHG-Hg4VnR11-8ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/eWxnD5qzBbjG2P42PxA9wQsayYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4ec569-8caf-4198-bae1-773120ff7c0f/1/oBZYi9HMst0iHG-Hg4VnR11-8ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:ff:3b:4e:63:c7:c1:47:3b:da:cf:90:dc:f8:c0:a0:c3:a6:
         dc:b2:f5:f6:ab:e5:15:3c:d6:85:a5:9b:de:dc:b3:a9:33:ad:
         e5:12:f7:56:d2:4b:5d:eb:43:e7:58:99:75:c4:27:7e:ea:32:
         e4:82:d7:c1:ee:48:e7:dd:fc:77:b3:18:bf:93:72:68:a1:3f:
         15:f9:18:23:4d:22:a3:3a:c1:15:17:ef:60:5c:14:8d:79:ed:
         ee:9f:0d:c0:6a:22:d3:3b:7e:6a:b5:9a:95:fe:3a:a0:5d:82:
         bd:8a:d1:60:85:73:c1:95:02:bf:28:12:92:37:b7:70:e5:68:
         27:4d:ad:9b:86:ee:22:aa:e5:28:d7:37:45:35:bb:da:25:53:
         aa:4e:6c:5b:be:36:79:10:84:97:dc:24:f4:68:44:58:dc:d5:
         d9:66:85:69:ad:38:8e:47:01:e9:9b:1d:b4:6d:4b:e3:0d:31:
         71:13:83:69:56:47:03:ef:df:e5:3c:45:f8:84:fe:fb:12:19:
         ef:95:3e:04:9e:51:35:27:61:0f:5d:af:5e:36:93:c2:78:f0:
         7e:8f:08:7c:86:72:ad:65:9d:67:28:b6:be:ed:8c:d4:8f:ce:
         e4:21:58:93:ef:e3:ae:5b:01:cb:43:fa:6c:49:9a:99:2c:98:
         8e:7c:b1:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWKfeIhX4HKfD9RZFiNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMTY1ODhiZDFjY2IyZGQyMjFjNmY4NzgzODU2NzQ3NWQ3
ZWYyOWIwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTZjNjcwZjlhYjMwNWI4YzZkOGZlMzYzZjEwM2RjMTBiMWFjOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmq3n21v5DUTc2mfXXYvkB1pwrBlz
qJinp4dNWaOfoz60vWlXqJZ0Tvr4HEgx/MvdZTz1q8ZHItSpb6mg4NXQndj1hQNo
eiJgIDWu9w+60mdS1TPK3kNspmMqxQF8vVCpEfL8GUovzFdaa0hSZKFddCgyVZnJ
StbJeDB8N5ohxJ8vgLvarxKl/pkhEGFMRKBdoPUMEEnr1RcLUY/asFcQZmAk7nUn
4gYNKX0qxY397ZEKgzvSmgHV4zCsHYqXXH4BT62jwE3QdO8Zerxd2+c3cxxv+T6C
K07cuQYJfbUnNifaGGP0H4qAkI6ijzZ08eVCSxMVtr/Cuw/KftUowaZ5zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlsZw+aswW4xtj+Nj8QPcELGsmEMB8GA1UdIwQY
MBaAFKAWWIvRzLLdIhxvh4OFZ0ddfvKbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEt
NzczMTIwZmY3YzBmLzEvZVd4bkQ1cXpCYmpHMlA0MlB4QTl3UXNheVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZWM1NjktOGNhZi00MTk4LWJhZTEtNzczMTIwZmY3YzBm
LzEvb0JaWWk5SE1zdDBpSEctSGc0Vm5SMTEtOHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGmlMA0G
CSqGSIb3DQEBCwUAA4IBAQBD/ztOY8fBRzvaz5Dc+MCgw6bcsvX2q+UVPNaFpZve
3LOpM63lEvdW0ktd60PnWJl1xCd+6jLkgtfB7kjn3fx3sxi/k3JooT8V+RgjTSKj
OsEVF+9gXBSNee3unw3AaiLTO35qtZqV/jqgXYK9itFghXPBlQK/KBKSN7dw5Wgn
Ta2bhu4iquUo1zdFNbvaJVOqTmxbvjZ5EISX3CT0aERY3NXZZoVprTiORwHpmx20
bUvjDTFxE4NpVkcD79/lPEX4hP77EhnvlT4EnlE1J2EPXa9eNpPCePB+jwh8hnKt
ZZ1nKLa+7YzUj87kIViT7+OuWwHLQ/psSZqZLJiOfLFj
-----END CERTIFICATE-----