Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/Ku9Y9Q0rH8d5PXoVU4yisdC3I8I.roa
File:                     Ku9Y9Q0rH8d5PXoVU4yisdC3I8I.roa (raw, json)
Hash identifier:          DXIMSg9SxkObYQRECD1j8CF557w8e7KhFY4RaOnPwsE=
Subject key identifier:   2A:EF:58:F5:0D:2B:1F:C7:79:3D:7A:15:53:8C:A2:B1:D0:B7:23:C2
Certificate issuer:       /CN=fec6fb5a467974c977a997c6dda1464805ed379f
Certificate serial:       018CC26D16CA0A0EE9892948B8D89D067F1F
Authority key identifier: FE:C6:FB:5A:46:79:74:C9:77:A9:97:C6:DD:A1:46:48:05:ED:37:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_sb7WkZ5dMl3qZfG3aFGSAXtN58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/Ku9Y9Q0rH8d5PXoVU4yisdC3I8I.roa
Signing time:             Mon 01 Jan 2024 00:29:38 +0000
ROA not before:           Mon 01 Jan 2024 00:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        176.116.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/_sb7WkZ5dMl3qZfG3aFGSAXtN58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/_sb7WkZ5dMl3qZfG3aFGSAXtN58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_sb7WkZ5dMl3qZfG3aFGSAXtN58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:16:ca:0a:0e:e9:89:29:48:b8:d8:9d:06:7f:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fec6fb5a467974c977a997c6dda1464805ed379f
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2aef58f50d2b1fc7793d7a15538ca2b1d0b723c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3d:00:c9:64:8d:ac:eb:c4:d0:e7:13:04:77:
                    79:97:55:40:ca:27:ad:f9:c6:fe:3c:d8:a8:36:55:
                    58:61:33:da:bf:9c:4e:5d:39:ac:f4:9d:cc:66:8a:
                    66:db:38:8f:79:79:d5:d9:cf:ee:6c:0c:4f:7c:a9:
                    35:51:3b:f5:5a:01:6f:a6:be:33:b1:23:5c:0a:23:
                    fd:07:a8:7d:c4:68:9e:3d:99:56:3c:14:29:ef:74:
                    ae:02:9e:74:5f:48:24:fb:31:2c:b5:b4:1b:6e:ad:
                    94:7f:45:20:8b:06:a1:4d:e5:bb:34:bb:97:2c:59:
                    a9:15:7d:69:35:5d:2e:5a:92:db:e4:2c:0f:c4:17:
                    e8:b5:21:4a:b5:ec:d5:ed:70:ac:76:57:e0:40:17:
                    f6:32:7f:84:4e:57:7a:01:13:9a:29:f0:c5:52:4e:
                    b5:b1:9e:cd:e1:0e:9f:ec:dc:14:c6:47:69:a5:78:
                    96:73:28:db:15:8c:43:e7:8d:df:bf:ad:1a:07:74:
                    61:55:b0:4a:d4:09:d3:50:91:69:ca:fe:ce:9c:fc:
                    35:09:1a:21:0f:75:24:87:07:23:4b:3d:ec:cf:90:
                    4b:ca:bf:93:bf:be:66:5f:c5:6c:dc:ec:01:f2:86:
                    43:f1:ed:9d:9d:16:8e:70:d1:86:d1:c8:96:4b:d8:
                    cc:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:EF:58:F5:0D:2B:1F:C7:79:3D:7A:15:53:8C:A2:B1:D0:B7:23:C2
            X509v3 Authority Key Identifier:
                keyid:FE:C6:FB:5A:46:79:74:C9:77:A9:97:C6:DD:A1:46:48:05:ED:37:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_sb7WkZ5dMl3qZfG3aFGSAXtN58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/Ku9Y9Q0rH8d5PXoVU4yisdC3I8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ac52c3-ca44-4784-b72e-12641f9e6fc0/1/_sb7WkZ5dMl3qZfG3aFGSAXtN58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:3d:90:66:a4:2a:a2:db:c6:cb:1c:df:f5:0d:0d:d4:1b:53:
         fe:0e:db:8f:5c:2f:11:d2:80:b3:af:91:58:83:5c:49:9f:dd:
         0c:bd:bc:ba:86:db:7e:e8:7e:2d:a8:b8:18:4c:6b:c8:74:7f:
         da:af:95:86:13:d4:9e:e4:64:54:48:79:84:47:e6:5c:5c:cb:
         c4:8a:e0:0e:ae:c1:54:a6:8b:73:0c:77:90:79:2d:07:ec:fa:
         b1:3a:07:07:f8:6d:08:47:a9:c3:d1:f0:85:6c:65:2f:2b:25:
         41:ad:bf:5f:21:69:18:08:16:c2:7e:3d:29:1e:fb:d6:f1:71:
         f0:8a:49:5b:54:17:bc:e8:97:b6:2e:44:78:c5:87:3f:18:cb:
         28:d2:2a:fd:63:14:04:f6:3a:d2:f3:91:14:e1:19:e5:9b:aa:
         a6:0f:54:08:14:33:8e:75:50:da:43:d9:ae:ef:0f:c2:12:61:
         fc:7c:82:86:07:22:3d:9e:3f:41:3b:89:c7:52:98:65:cf:88:
         b3:1d:94:28:7f:a8:a2:a3:cb:e0:0c:7e:65:17:55:de:16:e6:
         92:db:17:4f:1b:80:c5:c4:b9:ac:d7:25:fd:62:73:57:36:ce:
         56:b2:f6:22:33:d0:89:a9:42:0b:71:f5:4a:33:f4:c9:d3:6a:
         1c:aa:7a:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRbKCg7piSlIuNidBn8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYzZmYjVhNDY3OTc0Yzk3N2E5OTdjNmRkYTE0NjQ4MDVl
ZDM3OWYwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWVmNThmNTBkMmIxZmM3NzkzZDdhMTU1MzhjYTJiMWQwYjcyM2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT0AyWSNrOvE0OcTBHd5l1VAyiet
+cb+PNioNlVYYTPav5xOXTms9J3MZopm2ziPeXnV2c/ubAxPfKk1UTv1WgFvpr4z
sSNcCiP9B6h9xGiePZlWPBQp73SuAp50X0gk+zEstbQbbq2Uf0UgiwahTeW7NLuX
LFmpFX1pNV0uWpLb5CwPxBfotSFKtezV7XCsdlfgQBf2Mn+ETld6AROaKfDFUk61
sZ7N4Q6f7NwUxkdppXiWcyjbFYxD543fv60aB3RhVbBK1AnTUJFpyv7OnPw1CRoh
D3UkhwcjSz3sz5BLyr+Tv75mX8Vs3OwB8oZD8e2dnRaOcNGG0ciWS9jMvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrvWPUNKx/HeT16FVOMorHQtyPCMB8GA1UdIwQY
MBaAFP7G+1pGeXTJd6mXxt2hRkgF7TefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3NiN1drWjVkTWwzcVpmRzNhRkdTQVh0TjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hYzUyYzMtY2E0NC00Nzg0LWI3MmUt
MTI2NDFmOWU2ZmMwLzEvS3U5WTlRMHJIOGQ1UFhvVlU0eWlzZEMzSThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hYzUyYzMtY2E0NC00Nzg0LWI3MmUtMTI2NDFmOWU2ZmMw
LzEvX3NiN1drWjVkTWwzcVpmRzNhRkdTQVh0TjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHR7MA0G
CSqGSIb3DQEBCwUAA4IBAQBuPZBmpCqi28bLHN/1DQ3UG1P+DtuPXC8R0oCzr5FY
g1xJn90Mvby6htt+6H4tqLgYTGvIdH/ar5WGE9Se5GRUSHmER+ZcXMvEiuAOrsFU
potzDHeQeS0H7PqxOgcH+G0IR6nD0fCFbGUvKyVBrb9fIWkYCBbCfj0pHvvW8XHw
iklbVBe86Je2LkR4xYc/GMso0ir9YxQE9jrS85EU4Rnlm6qmD1QIFDOOdVDaQ9mu
7w/CEmH8fIKGByI9nj9BO4nHUphlz4izHZQof6iio8vgDH5lF1XeFuaS2xdPG4DF
xLms1yX9YnNXNs5WsvYiM9CJqUILcfVKM/TJ02ocqnrP
-----END CERTIFICATE-----