Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/aVtFH88y7uCWbrWqw27027nph-0.roa
File:                     aVtFH88y7uCWbrWqw27027nph-0.roa (raw, json)
Hash identifier:          YbCx5cqoCzuNfIj9BuD9IgDcRkaV62g+OdGWlSdBxao=
Subject key identifier:   69:5B:45:1F:CF:32:EE:E0:96:6E:B5:AA:C3:6E:F4:DB:B9:E9:87:ED
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01905A580E65162DE8D5F9BF09D2F03ED040
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/aVtFH88y7uCWbrWqw27027nph-0.roa
Signing time:             Thu 27 Jun 2024 15:37:18 +0000
ROA not before:           Thu 27 Jun 2024 15:37:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        193.177.222.0/24 maxlen: 24
                          2a0d:c7c2::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5a:58:0e:65:16:2d:e8:d5:f9:bf:09:d2:f0:3e:d0:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jun 27 15:37:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=695b451fcf32eee0966eb5aac36ef4dbb9e987ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:be:c1:54:bb:5c:16:58:4c:9f:70:ab:0b:00:
                    38:d1:64:0b:e0:7f:bd:e0:1f:71:99:96:7a:e1:e4:
                    9e:c5:c3:d6:58:86:36:37:92:09:6c:09:90:91:29:
                    e0:4c:15:6c:be:ac:83:ea:91:e9:ae:8c:13:32:ce:
                    ed:54:69:57:a5:62:c4:1d:5d:01:12:cd:19:99:8f:
                    6e:e2:7d:58:f9:56:ee:02:f2:d9:61:e3:2a:23:9e:
                    d4:03:c2:ab:9c:af:c5:f3:f7:bb:a2:ad:94:6d:92:
                    1c:e4:73:2f:13:47:04:63:28:2b:a9:99:98:30:cd:
                    75:76:cf:cf:4c:56:52:e2:ea:d6:0c:9d:e1:a6:22:
                    4b:d1:fd:46:bb:f0:fb:c7:af:61:81:51:51:e6:6e:
                    64:95:3c:8f:cf:3e:ae:be:e6:9e:26:72:76:2f:ee:
                    8d:ce:7e:f5:dd:cc:c8:f2:fa:39:50:25:29:0d:e7:
                    aa:52:c2:cc:e1:2e:30:32:c3:d5:31:ad:73:a7:2f:
                    9b:d9:16:c4:5a:3d:f7:95:df:19:87:e8:dd:c1:96:
                    9a:ad:d1:d2:c4:63:10:00:ec:ab:a2:f6:8e:9f:0d:
                    da:f8:71:15:71:0a:02:55:ff:c2:3d:2d:82:7d:b8:
                    b2:b4:96:43:49:a1:a7:04:01:2e:49:ee:06:07:0c:
                    37:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:5B:45:1F:CF:32:EE:E0:96:6E:B5:AA:C3:6E:F4:DB:B9:E9:87:ED
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/aVtFH88y7uCWbrWqw27027nph-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.222.0/24
                IPv6:
                  2a0d:c7c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:1f:bd:01:02:fa:f8:41:4c:c7:11:38:bf:25:84:fc:d2:60:
         4a:37:1c:73:2f:ed:a4:b3:99:89:bc:ab:61:10:2a:aa:40:54:
         e3:d8:85:a1:66:3c:75:63:b7:b6:1c:f8:09:bd:36:96:f1:4b:
         59:5a:a2:ea:55:04:e7:d6:51:7c:ac:16:86:78:56:b8:1c:45:
         cc:c8:74:6a:b0:54:81:db:91:3e:01:07:c5:b9:17:76:76:22:
         8c:fb:7e:f7:98:19:33:0a:52:61:fd:bd:43:32:ec:48:8d:49:
         ed:19:8b:5e:4b:3b:62:fb:6a:12:31:c9:b3:af:7c:c0:79:c0:
         1a:8e:e3:77:33:04:b1:32:44:1c:d9:3d:f4:dd:1c:ed:2b:90:
         08:ed:57:b2:9a:cf:28:8c:a9:6f:2d:e0:7c:fa:6d:62:4b:86:
         2f:0b:16:47:00:55:f5:57:27:9f:73:c5:8d:a5:e0:ec:92:1d:
         70:57:11:74:64:91:c5:fe:71:dc:92:aa:bb:85:ed:ec:a5:fa:
         66:6d:2f:0c:ff:15:30:09:33:80:14:a5:d5:37:a8:43:8f:28:
         10:c7:96:b2:b7:99:b1:2f:3a:bd:ba:47:dd:55:3b:9d:12:11:
         c7:fe:8f:ac:6e:86:04:ed:7a:65:26:10:88:69:54:bb:c2:c8:
         d1:ea:60:d7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBaWA5lFi3o1fm/CdLwPtBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwNjI3MTUzNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTViNDUxZmNmMzJlZWUwOTY2ZWI1YWFjMzZlZjRkYmI5ZTk4N2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr7BVLtcFlhMn3CrCwA40WQL4H+9
4B9xmZZ64eSexcPWWIY2N5IJbAmQkSngTBVsvqyD6pHprowTMs7tVGlXpWLEHV0B
Es0ZmY9u4n1Y+VbuAvLZYeMqI57UA8KrnK/F8/e7oq2UbZIc5HMvE0cEYygrqZmY
MM11ds/PTFZS4urWDJ3hpiJL0f1Gu/D7x69hgVFR5m5klTyPzz6uvuaeJnJ2L+6N
zn713czI8vo5UCUpDeeqUsLM4S4wMsPVMa1zpy+b2RbEWj33ld8Zh+jdwZaardHS
xGMQAOyrovaOnw3a+HEVcQoCVf/CPS2CfbiytJZDSaGnBAEuSe4GBww3LQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGlbRR/PMu7glm61qsNu9Nu56YftMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvYVZ0Rkg4OHk3dUNXYnJXcXcyNzAyN25waC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwbHeMA0E
AgACMAcDBQAqDcfCMA0GCSqGSIb3DQEBCwUAA4IBAQAaH70BAvr4QUzHETi/JYT8
0mBKNxxzL+2ks5mJvKthECqqQFTj2IWhZjx1Y7e2HPgJvTaW8UtZWqLqVQTn1lF8
rBaGeFa4HEXMyHRqsFSB25E+AQfFuRd2diKM+373mBkzClJh/b1DMuxIjUntGYte
Szti+2oSMcmzr3zAecAajuN3MwSxMkQc2T303RztK5AI7Veyms8ojKlvLeB8+m1i
S4YvCxZHAFX1Vyefc8WNpeDskh1wVxF0ZJHF/nHckqq7he3spfpmbS8M/xUwCTOA
FKXVN6hDjygQx5ayt5mxLzq9ukfdVTudEhHH/o+sboYE7XplJhCIaVS7wsjR6mDX
-----END CERTIFICATE-----