Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/AlnFP2-OnHXs0Eb_bJ5hC7nG3cc.roa
File:                     AlnFP2-OnHXs0Eb_bJ5hC7nG3cc.roa (raw, json)
Hash identifier:          gL4zvkYZgwzOL8ct0SaRMVtqZNZqoG8oS9EgIzgORXE=
Subject key identifier:   02:59:C5:3F:6F:8E:9C:75:EC:D0:46:FF:6C:9E:61:0B:B9:C6:DD:C7
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801E0E9821C9986F9A7193A62EC794B
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/AlnFP2-OnHXs0Eb_bJ5hC7nG3cc.roa
Signing time:             Tue 02 Jan 2024 02:30:15 +0000
ROA not before:           Tue 02 Jan 2024 02:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209484
IP address blocks:        176.113.70.0/24 maxlen: 24
                          176.113.68.0/24 maxlen: 24
                          176.113.71.0/24 maxlen: 24
                          176.113.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e0:e9:82:1c:99:86:f9:a7:19:3a:62:ec:79:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0259c53f6f8e9c75ecd046ff6c9e610bb9c6ddc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:61:ea:a4:6a:93:95:6c:e7:80:33:36:17:73:
                    2b:eb:2a:39:83:2a:5e:ba:59:f2:61:c7:e8:0b:8f:
                    aa:4d:3c:69:da:ed:e2:b9:a7:cf:7d:5e:12:c4:8d:
                    62:d3:93:64:cc:97:b9:ac:b8:10:70:57:fe:a2:ed:
                    14:af:8b:8a:6e:9c:82:01:ea:30:c6:f4:4b:ad:8d:
                    e8:1f:b0:aa:3d:61:41:61:6f:48:8a:41:b8:5f:cb:
                    8b:47:26:65:e5:12:3a:66:f3:04:72:5e:39:68:7a:
                    94:05:98:86:2e:bc:0e:f3:22:ea:6f:f6:57:fb:bd:
                    f9:fa:ae:aa:fb:7e:d5:e4:18:8a:8e:e2:01:99:a6:
                    5a:99:93:4b:fb:44:12:f5:73:d2:ab:eb:08:99:01:
                    87:ef:9c:59:21:35:49:c1:14:5b:57:9f:8b:ba:3d:
                    fe:14:56:e9:7d:b8:9d:38:9b:94:04:7f:e7:a7:b2:
                    1c:aa:28:2e:30:66:99:c8:e6:49:60:8a:79:85:74:
                    2f:6e:d3:06:f7:6c:26:02:e3:6b:8f:02:64:84:01:
                    54:cb:78:3a:f2:b3:33:f8:e7:6b:64:e8:2e:86:23:
                    64:0f:95:79:4e:b4:d2:6a:0c:99:94:d7:1c:c0:60:
                    9b:54:3e:26:c6:29:cf:39:ab:ef:d9:f7:22:a4:57:
                    a0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:59:C5:3F:6F:8E:9C:75:EC:D0:46:FF:6C:9E:61:0B:B9:C6:DD:C7
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/AlnFP2-OnHXs0Eb_bJ5hC7nG3cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:a5:de:43:22:70:1d:f3:f6:4a:09:f5:2f:64:1b:4c:2d:39:
         45:16:6c:90:c3:bc:ff:41:96:cc:ed:99:c4:37:e4:51:e6:14:
         1e:4d:f1:a5:e5:f3:47:3a:07:81:5e:2d:02:36:2d:b9:25:38:
         c7:4a:c2:55:29:6f:71:fa:c3:94:f0:48:5d:08:77:e2:9a:51:
         79:4c:5b:5b:af:19:38:df:60:d6:c2:17:ae:18:b9:80:8c:02:
         79:0e:56:fa:73:df:3a:07:c5:5d:f4:7c:86:17:57:57:bc:7a:
         19:3a:a8:39:f0:9a:f1:bd:52:9f:76:70:0a:53:09:dc:de:6f:
         51:30:cd:cf:08:4d:c5:4d:a1:38:73:68:01:96:7f:cd:7c:73:
         c4:3a:00:03:69:de:5f:e2:a0:dc:6b:c9:c7:28:8d:a4:76:66:
         63:e7:18:fa:c3:91:3f:0c:74:14:6e:0c:ad:f8:a6:dc:10:6c:
         08:de:35:8c:2f:cb:dc:aa:52:b6:96:51:cc:f0:3e:dc:7f:08:
         ce:02:26:4b:66:fd:e5:db:52:cf:6b:75:8a:97:dd:11:46:d1:
         8c:d0:5c:81:d3:1d:47:9f:d8:88:88:3d:42:7e:78:3b:55:72:
         cb:df:84:7a:ca:ad:49:3d:94:68:50:be:91:28:35:e4:f7:e5:
         1c:b1:84:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAeDpghyZhvmnGTpi7HlLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU5YzUzZjZmOGU5Yzc1ZWNkMDQ2ZmY2YzllNjEwYmI5YzZkZGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomHqpGqTlWzngDM2F3Mr6yo5gype
ulnyYcfoC4+qTTxp2u3iuafPfV4SxI1i05NkzJe5rLgQcFf+ou0Ur4uKbpyCAeow
xvRLrY3oH7CqPWFBYW9IikG4X8uLRyZl5RI6ZvMEcl45aHqUBZiGLrwO8yLqb/ZX
+735+q6q+37V5BiKjuIBmaZamZNL+0QS9XPSq+sImQGH75xZITVJwRRbV5+Luj3+
FFbpfbidOJuUBH/np7IcqiguMGaZyOZJYIp5hXQvbtMG92wmAuNrjwJkhAFUy3g6
8rMz+OdrZOguhiNkD5V5TrTSagyZlNccwGCbVD4mxinPOavv2fcipFeg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJZxT9vjpx17NBG/2yeYQu5xt3HMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvQWxuRlAyLU9uSFhzMEViX2JKNWhDN25HM2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHFEMA0G
CSqGSIb3DQEBCwUAA4IBAQArpd5DInAd8/ZKCfUvZBtMLTlFFmyQw7z/QZbM7ZnE
N+RR5hQeTfGl5fNHOgeBXi0CNi25JTjHSsJVKW9x+sOU8EhdCHfimlF5TFtbrxk4
32DWwheuGLmAjAJ5Dlb6c986B8Vd9HyGF1dXvHoZOqg58JrxvVKfdnAKUwnc3m9R
MM3PCE3FTaE4c2gBln/NfHPEOgADad5f4qDca8nHKI2kdmZj5xj6w5E/DHQUbgyt
+KbcEGwI3jWML8vcqlK2llHM8D7cfwjOAiZLZv3l21LPa3WKl90RRtGM0FyB0x1H
n9iIiD1Cfng7VXLL34R6yq1JPZRoUL6RKDXk9+UcsYQD
-----END CERTIFICATE-----