Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/7bWN83AiOiXrbYrHmmKgJ46Z7JY.roa
File:                     7bWN83AiOiXrbYrHmmKgJ46Z7JY.roa (raw, json)
Hash identifier:          lLGdGfI3FNEwOOO8w8i/DJaTXwBtLPCFfwHacgkHPCk=
Subject key identifier:   ED:B5:8D:F3:70:22:3A:25:EB:6D:8A:C7:9A:62:A0:27:8E:99:EC:96
Certificate issuer:       /CN=d31af2872c3f5503073866dffef488b71783dab6
Certificate serial:       018CC64B216B29602044A7142FCA1BFB59E4
Authority key identifier: D3:1A:F2:87:2C:3F:55:03:07:38:66:DF:FE:F4:88:B7:17:83:DA:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0xryhyw_VQMHOGbf_vSItxeD2rY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/7bWN83AiOiXrbYrHmmKgJ46Z7JY.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198076
IP address blocks:        176.123.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/0xryhyw_VQMHOGbf_vSItxeD2rY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/0xryhyw_VQMHOGbf_vSItxeD2rY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0xryhyw_VQMHOGbf_vSItxeD2rY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:21:6b:29:60:20:44:a7:14:2f:ca:1b:fb:59:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31af2872c3f5503073866dffef488b71783dab6
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edb58df370223a25eb6d8ac79a62a0278e99ec96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a7:33:cd:61:33:d9:00:46:cb:fe:09:56:98:
                    df:c8:b2:22:5c:2b:c4:03:f4:da:eb:72:46:44:d4:
                    f5:2c:9d:71:86:83:6e:5c:36:82:26:ff:8d:3f:19:
                    60:ad:51:18:6b:3c:6a:06:17:07:50:1a:50:9e:fd:
                    78:fb:31:d7:05:c1:de:78:13:ed:16:06:dd:02:92:
                    00:62:94:eb:d3:75:f1:63:ab:ef:1d:7f:a1:91:5b:
                    f0:be:41:f2:4d:2f:b5:71:2c:47:54:f1:70:af:50:
                    66:3a:62:f2:55:0d:2d:ac:76:6e:3b:77:34:3d:97:
                    74:0f:13:d6:17:d0:93:e2:71:ed:cd:57:e5:11:cf:
                    7e:0c:22:ce:84:92:25:f0:10:28:d8:cc:67:ed:48:
                    5b:ff:9a:31:ec:52:87:19:d8:09:a3:d5:da:e8:5c:
                    a5:9e:52:ac:4b:8f:84:ed:bb:58:45:8f:ee:50:f8:
                    3d:cf:53:26:75:2f:96:38:84:5f:87:39:c7:eb:7b:
                    d7:82:b0:94:b1:0d:5c:5e:5b:44:05:54:da:52:73:
                    8c:eb:13:cb:bc:0e:9a:1e:3f:6b:5b:54:df:40:5b:
                    e3:ba:42:e1:d0:cf:0a:e1:02:70:b3:90:bb:11:d3:
                    4c:95:f7:73:8b:f1:9b:8d:63:db:f9:31:40:1c:03:
                    21:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B5:8D:F3:70:22:3A:25:EB:6D:8A:C7:9A:62:A0:27:8E:99:EC:96
            X509v3 Authority Key Identifier:
                keyid:D3:1A:F2:87:2C:3F:55:03:07:38:66:DF:FE:F4:88:B7:17:83:DA:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0xryhyw_VQMHOGbf_vSItxeD2rY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/7bWN83AiOiXrbYrHmmKgJ46Z7JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/68b75c-83df-474e-a9fe-01bf1f145c26/1/0xryhyw_VQMHOGbf_vSItxeD2rY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:75:08:2e:ca:05:e4:17:b0:49:ae:49:6d:c5:19:48:ba:7d:
         e0:b4:b2:c4:12:08:70:10:b8:51:38:34:74:93:06:e2:7d:9c:
         f6:dc:14:ba:5c:df:9f:0f:82:6d:49:d2:c5:2c:82:2f:b3:f0:
         1c:c3:36:e2:e5:84:a3:36:05:10:47:8c:16:a5:86:9d:fd:3e:
         03:30:20:a7:e9:ae:1f:7c:d5:49:0b:b5:48:4f:15:42:5f:4d:
         1a:a9:3e:0f:28:57:77:85:3f:31:22:fe:82:2c:2a:10:1f:73:
         bf:3f:ec:07:21:46:2b:59:82:93:57:0b:0a:73:a8:7f:b7:21:
         95:8a:e8:aa:b9:9e:d8:01:51:c4:78:27:10:11:15:8b:97:f8:
         a7:da:12:b9:38:6f:88:1d:d4:bb:bf:1d:d2:39:59:05:03:2f:
         75:c5:c9:e2:65:fc:a3:d9:2c:2d:6b:c5:40:10:58:d4:03:6c:
         a3:b4:89:13:ae:ba:20:85:f8:ad:74:d1:ba:29:f4:96:ac:e8:
         68:17:eb:92:fc:89:22:85:a9:0f:7d:a3:aa:ad:11:75:21:f9:
         35:44:b2:09:ca:49:80:28:ed:a0:43:1d:99:a1:2b:e0:9f:3c:
         05:7a:3f:96:86:58:8a:37:62:48:19:85:1c:2f:94:50:ba:0c:
         9a:e8:02:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyFrKWAgRKcUL8ob+1nkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWFmMjg3MmMzZjU1MDMwNzM4NjZkZmZlZjQ4OGI3MTc4
M2RhYjYwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGI1OGRmMzcwMjIzYTI1ZWI2ZDhhYzc5YTYyYTAyNzhlOTllYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqczzWEz2QBGy/4JVpjfyLIiXCvE
A/Ta63JGRNT1LJ1xhoNuXDaCJv+NPxlgrVEYazxqBhcHUBpQnv14+zHXBcHeeBPt
FgbdApIAYpTr03XxY6vvHX+hkVvwvkHyTS+1cSxHVPFwr1BmOmLyVQ0trHZuO3c0
PZd0DxPWF9CT4nHtzVflEc9+DCLOhJIl8BAo2Mxn7Uhb/5ox7FKHGdgJo9Xa6Fyl
nlKsS4+E7btYRY/uUPg9z1MmdS+WOIRfhznH63vXgrCUsQ1cXltEBVTaUnOM6xPL
vA6aHj9rW1TfQFvjukLh0M8K4QJws5C7EdNMlfdzi/GbjWPb+TFAHAMh3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO21jfNwIjol622Kx5pioCeOmeyWMB8GA1UdIwQY
MBaAFNMa8ocsP1UDBzhm3/70iLcXg9q2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHhyeWh5d19WUU1IT0diZl92U0l0eGVEMnJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82OGI3NWMtODNkZi00NzRlLWE5ZmUt
MDFiZjFmMTQ1YzI2LzEvN2JXTjgzQWlPaVhyYllySG1tS2dKNDZaN0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82OGI3NWMtODNkZi00NzRlLWE5ZmUtMDFiZjFmMTQ1YzI2
LzEvMHhyeWh5d19WUU1IT0diZl92U0l0eGVEMnJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHsxMA0G
CSqGSIb3DQEBCwUAA4IBAQA2dQguygXkF7BJrkltxRlIun3gtLLEEghwELhRODR0
kwbifZz23BS6XN+fD4JtSdLFLIIvs/Acwzbi5YSjNgUQR4wWpYad/T4DMCCn6a4f
fNVJC7VITxVCX00aqT4PKFd3hT8xIv6CLCoQH3O/P+wHIUYrWYKTVwsKc6h/tyGV
iuiquZ7YAVHEeCcQERWLl/in2hK5OG+IHdS7vx3SOVkFAy91xcniZfyj2Swta8VA
EFjUA2yjtIkTrroghfitdNG6KfSWrOhoF+uS/IkihakPfaOqrRF1Ifk1RLIJykmA
KO2gQx2ZoSvgnzwFej+WhliKN2JIGYUcL5RQugya6AL+
-----END CERTIFICATE-----