Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/hSbc4PwY-BshQfEmID_l75pdDQM.roa
File:                     hSbc4PwY-BshQfEmID_l75pdDQM.roa (raw, json)
Hash identifier:          bl5WGqYVUpIejA9BRWTfEuTu3J5iUH1matNZOw3BznM=
Subject key identifier:   85:26:DC:E0:FC:18:F8:1B:21:41:F1:26:20:3F:E5:EF:9A:5D:0D:03
Certificate issuer:       /CN=aaab6111e004c2a044f168b8d28273cf6744f3a8
Certificate serial:       018CC5DBE57B5307B666C5636B36F8061570
Authority key identifier: AA:AB:61:11:E0:04:C2:A0:44:F1:68:B8:D2:82:73:CF:67:44:F3:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/hSbc4PwY-BshQfEmID_l75pdDQM.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200845
IP address blocks:        176.32.48.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e5:7b:53:07:b6:66:c5:63:6b:36:f8:06:15:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaab6111e004c2a044f168b8d28273cf6744f3a8
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8526dce0fc18f81b2141f126203fe5ef9a5d0d03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0c:1b:f2:c5:83:b7:fd:8b:ca:08:5d:8f:f5:
                    82:e1:15:bf:97:86:61:80:23:75:c1:ea:ba:55:26:
                    a9:8c:1c:6f:3b:53:1a:a2:ee:98:9b:cc:24:b9:b2:
                    9a:32:b9:54:f8:df:5c:dc:fe:5a:13:4e:97:2d:7d:
                    4b:1b:c1:19:77:02:a3:43:b8:e2:48:0e:84:9f:bc:
                    25:72:68:ba:0d:9f:dc:04:73:90:b1:a7:37:7a:b1:
                    1c:06:ce:e3:69:fd:bf:1a:02:95:b7:de:b3:66:07:
                    83:19:f0:bb:cc:03:fa:6b:cb:8d:89:d1:b1:1b:4c:
                    71:05:4c:34:20:a5:ac:cc:db:99:4c:e5:9f:2e:c5:
                    ba:25:e7:a8:63:ca:af:ca:12:7b:65:8e:f4:03:88:
                    6f:aa:71:e7:8d:33:19:31:99:f8:b4:af:f2:c5:6e:
                    60:f3:28:2a:bd:ff:f8:fe:0e:4d:92:ea:f3:b6:76:
                    d8:f6:a5:73:3f:f9:ed:ad:fe:21:3a:b7:33:fe:08:
                    c9:46:5d:c6:5c:0d:01:f9:2e:15:f0:bc:eb:5f:5b:
                    56:87:6f:ef:12:a8:8e:59:5a:55:9a:4f:c2:df:2d:
                    c1:3a:42:25:b7:81:d5:a6:eb:61:c1:e8:33:47:cd:
                    dd:1c:72:c8:01:98:2f:25:27:c8:be:69:1c:72:b8:
                    e5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:26:DC:E0:FC:18:F8:1B:21:41:F1:26:20:3F:E5:EF:9A:5D:0D:03
            X509v3 Authority Key Identifier:
                keyid:AA:AB:61:11:E0:04:C2:A0:44:F1:68:B8:D2:82:73:CF:67:44:F3:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/hSbc4PwY-BshQfEmID_l75pdDQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:59:8f:bd:77:ba:a6:25:a2:c0:93:6d:14:c3:ae:54:07:43:
         f4:df:59:8c:22:fb:db:28:43:ee:40:ee:f1:de:d1:69:88:e0:
         88:4e:d0:16:c9:92:50:35:9e:d5:d3:24:7d:df:83:9b:2b:31:
         91:c7:37:4d:67:04:97:a1:46:49:16:0b:a6:22:2c:62:60:d3:
         18:36:70:55:e7:c0:8a:02:0a:5c:04:68:f7:9f:ec:ca:fc:59:
         74:ec:61:05:9b:96:ce:4e:c2:29:b9:e3:74:8c:69:36:5f:68:
         b2:fe:29:61:6d:f5:fe:d7:60:bf:72:0d:62:ef:fa:27:ef:f7:
         d8:e4:75:de:45:e7:ae:74:cb:76:01:b0:94:17:90:68:6d:fb:
         2e:fa:4e:81:d1:47:08:26:d4:96:87:f4:01:f1:de:79:ab:88:
         47:70:c6:c8:eb:d0:96:2f:27:b5:4e:2e:9e:ea:0a:8d:e0:3f:
         80:fe:94:0f:f3:3b:07:84:b2:c4:12:fb:19:ed:d2:27:a1:25:
         f4:18:ee:ea:2a:8f:92:a8:53:c5:f5:55:50:13:49:01:4e:c0:
         42:54:51:55:43:b9:4e:5d:87:ef:e3:7b:b2:4a:31:12:0b:dc:
         4a:7b:15:d9:5b:38:c4:e7:80:a0:49:0d:3a:a6:da:67:11:f3:
         47:12:e6:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+V7Uwe2ZsVjazb4BhVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYWI2MTExZTAwNGMyYTA0NGYxNjhiOGQyODI3M2NmNjc0
NGYzYTgwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI2ZGNlMGZjMThmODFiMjE0MWYxMjYyMDNmZTVlZjlhNWQwZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQwb8sWDt/2Lyghdj/WC4RW/l4Zh
gCN1weq6VSapjBxvO1Maou6Ym8wkubKaMrlU+N9c3P5aE06XLX1LG8EZdwKjQ7ji
SA6En7wlcmi6DZ/cBHOQsac3erEcBs7jaf2/GgKVt96zZgeDGfC7zAP6a8uNidGx
G0xxBUw0IKWszNuZTOWfLsW6JeeoY8qvyhJ7ZY70A4hvqnHnjTMZMZn4tK/yxW5g
8ygqvf/4/g5NkurztnbY9qVzP/ntrf4hOrcz/gjJRl3GXA0B+S4V8LzrX1tWh2/v
EqiOWVpVmk/C3y3BOkIlt4HVputhwegzR83dHHLIAZgvJSfIvmkccrjlJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUm3OD8GPgbIUHxJiA/5e+aXQ0DMB8GA1UdIwQY
MBaAFKqrYRHgBMKgRPFouNKCc89nRPOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXF0aEVlQUV3cUJFOFdpNDBvSnp6MmRFODZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNGFkMGYtMGIzMC00MWZmLWE4ZDkt
ODJlZGVkYTdmZTdhLzEvaFNiYzRQd1ktQnNoUWZFbUlEX2w3NXBkRFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNGFkMGYtMGIzMC00MWZmLWE4ZDktODJlZGVkYTdmZTdh
LzEvcXF0aEVlQUV3cUJFOFdpNDBvSnp6MmRFODZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsCAwMA0G
CSqGSIb3DQEBCwUAA4IBAQBaWY+9d7qmJaLAk20Uw65UB0P031mMIvvbKEPuQO7x
3tFpiOCITtAWyZJQNZ7V0yR934ObKzGRxzdNZwSXoUZJFgumIixiYNMYNnBV58CK
AgpcBGj3n+zK/Fl07GEFm5bOTsIpueN0jGk2X2iy/ilhbfX+12C/cg1i7/on7/fY
5HXeReeudMt2AbCUF5Bobfsu+k6B0UcIJtSWh/QB8d55q4hHcMbI69CWLye1Ti6e
6gqN4D+A/pQP8zsHhLLEEvsZ7dInoSX0GO7qKo+SqFPF9VVQE0kBTsBCVFFVQ7lO
XYfv43uySjESC9xKexXZWzjE54CgSQ06ptpnEfNHEubq
-----END CERTIFICATE-----