Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/PbKdORNKJdP7MTpjXvgAWx6Kj2M.roa
File:                     PbKdORNKJdP7MTpjXvgAWx6Kj2M.roa (raw, json)
Hash identifier:          pMmdjtsJ3f0KTjYc+yn/sgXgx44vxiEZmUHD/yi5sto=
Subject key identifier:   3D:B2:9D:39:13:4A:25:D3:FB:31:3A:63:5E:F8:00:5B:1E:8A:8F:63
Certificate issuer:       /CN=a57089c45c55088fe90eb61002f07f0f95862672
Certificate serial:       018CC86F285C5188C699065C9B53321D1FAA
Authority key identifier: A5:70:89:C4:5C:55:08:8F:E9:0E:B6:10:02:F0:7F:0F:95:86:26:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXCJxFxVCI_pDrYQAvB_D5WGJnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/PbKdORNKJdP7MTpjXvgAWx6Kj2M.roa
Signing time:             Tue 02 Jan 2024 04:29:37 +0000
ROA not before:           Tue 02 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59987
IP address blocks:        176.119.196.0/24 maxlen: 24
                          2a06:6840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/pXCJxFxVCI_pDrYQAvB_D5WGJnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/pXCJxFxVCI_pDrYQAvB_D5WGJnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXCJxFxVCI_pDrYQAvB_D5WGJnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:28:5c:51:88:c6:99:06:5c:9b:53:32:1d:1f:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a57089c45c55088fe90eb61002f07f0f95862672
        Validity
            Not Before: Jan  2 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3db29d39134a25d3fb313a635ef8005b1e8a8f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4b:8d:65:40:04:08:60:88:78:de:6f:cf:c4:
                    b8:44:3d:b0:8a:7f:38:9a:c0:02:f0:e4:91:58:5a:
                    8e:02:59:e3:8a:1f:73:c9:b9:e0:d5:c7:c0:bd:89:
                    5f:00:64:a6:3e:d1:d3:17:66:af:a6:01:35:63:97:
                    58:7c:94:ce:ae:53:e1:39:ce:7c:9d:24:c8:9d:e4:
                    21:8e:11:3b:49:0f:8c:1f:a3:3d:d5:3d:0a:a7:f9:
                    82:e7:dd:c1:28:41:8f:5c:67:e4:36:b5:e7:fe:20:
                    56:3f:3b:8a:91:5b:8a:3a:64:19:9b:06:a9:2a:32:
                    23:38:51:68:a0:44:57:de:0f:a2:e3:98:61:35:3f:
                    32:b2:79:9a:8f:7e:6f:e9:93:5c:cc:84:69:01:0e:
                    4f:b5:88:fd:6a:79:3f:6d:6a:b6:49:a5:d0:8e:a3:
                    db:3e:67:08:8a:ec:bd:23:82:8f:55:b7:c7:05:39:
                    8e:3f:1f:0d:72:4a:ca:81:eb:db:c2:48:70:88:0e:
                    2b:ae:76:1f:f2:98:be:11:ce:f1:cc:6b:fd:91:b5:
                    9f:45:e6:81:c7:a9:9a:64:7a:b4:8c:95:eb:d6:46:
                    d7:a9:df:6e:fe:c4:51:27:4d:c2:ec:0f:90:41:be:
                    5c:1c:8a:b2:19:c7:53:bc:37:10:7a:b9:25:f5:a1:
                    f1:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B2:9D:39:13:4A:25:D3:FB:31:3A:63:5E:F8:00:5B:1E:8A:8F:63
            X509v3 Authority Key Identifier:
                keyid:A5:70:89:C4:5C:55:08:8F:E9:0E:B6:10:02:F0:7F:0F:95:86:26:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXCJxFxVCI_pDrYQAvB_D5WGJnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/PbKdORNKJdP7MTpjXvgAWx6Kj2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/c3f4a2-8b8e-49a3-aa9f-d92d64b9f801/1/pXCJxFxVCI_pDrYQAvB_D5WGJnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.196.0/24
                IPv6:
                  2a06:6840::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:5f:c9:76:7d:bf:b9:f5:77:65:c9:ad:a5:c5:46:a1:9e:d1:
         de:da:6d:d9:27:a3:8d:49:1f:8c:62:98:c5:d4:3c:b6:38:dc:
         d6:9c:aa:0a:63:aa:d5:b2:93:b2:13:14:95:d1:44:3d:4a:b9:
         52:20:f7:83:ac:e4:1f:e7:60:e7:fc:54:b2:fa:95:5a:a3:0d:
         e1:18:6e:81:85:db:0e:af:7f:07:41:a4:c7:19:5b:b5:c6:35:
         d5:29:e1:c9:dd:07:9d:ab:d8:f8:89:a2:bc:0e:ae:a3:43:cc:
         a9:91:fa:c6:47:3a:df:b2:b8:60:50:cf:e7:8c:d8:db:3d:23:
         ab:6e:e2:11:f1:80:9c:36:84:82:b7:41:c8:c1:af:5f:8d:c4:
         8b:65:71:5d:61:3a:69:69:4d:86:c0:49:25:fa:4a:67:c0:44:
         2f:60:6c:34:d5:e6:92:2e:4b:9b:a8:f1:56:1d:1b:06:30:cc:
         7f:e4:d6:62:65:8c:5a:3c:ca:e4:a4:3e:ee:96:99:e6:3d:5f:
         a6:5c:06:a4:cc:c3:65:55:01:8d:5d:25:4d:50:49:ac:80:ee:
         be:eb:3b:0c:f4:05:e3:ae:a3:95:dd:84:1e:a7:b9:41:47:a2:
         a4:30:1d:9f:90:1b:d7:b9:c1:d3:36:f3:2f:67:05:9f:d7:a7:
         e0:83:8c:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbyhcUYjGmQZcm1MyHR+qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzA4OWM0NWM1NTA4OGZlOTBlYjYxMDAyZjA3ZjBmOTU4
NjI2NzIwHhcNMjQwMTAyMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGIyOWQzOTEzNGEyNWQzZmIzMTNhNjM1ZWY4MDA1YjFlOGE4ZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskuNZUAECGCIeN5vz8S4RD2win84
msAC8OSRWFqOAlnjih9zybng1cfAvYlfAGSmPtHTF2avpgE1Y5dYfJTOrlPhOc58
nSTIneQhjhE7SQ+MH6M91T0Kp/mC593BKEGPXGfkNrXn/iBWPzuKkVuKOmQZmwap
KjIjOFFooERX3g+i45hhNT8ysnmaj35v6ZNczIRpAQ5PtYj9ank/bWq2SaXQjqPb
PmcIiuy9I4KPVbfHBTmOPx8NckrKgevbwkhwiA4rrnYf8pi+Ec7xzGv9kbWfReaB
x6maZHq0jJXr1kbXqd9u/sRRJ03C7A+QQb5cHIqyGcdTvDcQerkl9aHxGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD2ynTkTSiXT+zE6Y174AFseio9jMB8GA1UdIwQY
MBaAFKVwicRcVQiP6Q62EALwfw+VhiZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhDSnhGeFZDSV9wRHJZUUF2Ql9ENVdHSm5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9jM2Y0YTItOGI4ZS00OWEzLWFhOWYt
ZDkyZDY0YjlmODAxLzEvUGJLZE9STktKZFA3TVRwalh2Z0FXeDZLajJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9jM2Y0YTItOGI4ZS00OWEzLWFhOWYtZDkyZDY0YjlmODAx
LzEvcFhDSnhGeFZDSV9wRHJZUUF2Ql9ENVdHSm5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAsHfEMA0E
AgACMAcDBQMqBmhAMA0GCSqGSIb3DQEBCwUAA4IBAQBfX8l2fb+59Xdlya2lxUah
ntHe2m3ZJ6ONSR+MYpjF1Dy2ONzWnKoKY6rVspOyExSV0UQ9SrlSIPeDrOQf52Dn
/FSy+pVaow3hGG6BhdsOr38HQaTHGVu1xjXVKeHJ3Qedq9j4iaK8Dq6jQ8ypkfrG
RzrfsrhgUM/njNjbPSOrbuIR8YCcNoSCt0HIwa9fjcSLZXFdYTppaU2GwEkl+kpn
wEQvYGw01eaSLkubqPFWHRsGMMx/5NZiZYxaPMrkpD7ulpnmPV+mXAakzMNlVQGN
XSVNUEmsgO6+6zsM9AXjrqOV3YQep7lBR6KkMB2fkBvXucHTNvMvZwWf16fgg4wV
-----END CERTIFICATE-----