Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/Yo_r7BP8txqHSnjrvBag7QUFkmQ.roa
File:                     Yo_r7BP8txqHSnjrvBag7QUFkmQ.roa (raw, json)
Hash identifier:          cvqSrM28EeSMNdZlR6yXJifNPUhVAZt56oOf0IQ5tVE=
Subject key identifier:   62:8F:EB:EC:13:FC:B7:1A:87:4A:78:EB:BC:16:A0:ED:05:05:92:64
Certificate issuer:       /CN=de7c82b2276cbdf130ccad046b65feab2c27ed49
Certificate serial:       018CC26D43C2545856A0E20DF076A6676B74
Authority key identifier: DE:7C:82:B2:27:6C:BD:F1:30:CC:AD:04:6B:65:FE:AB:2C:27:ED:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/Yo_r7BP8txqHSnjrvBag7QUFkmQ.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52204
IP address blocks:        176.118.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:43:c2:54:58:56:a0:e2:0d:f0:76:a6:67:6b:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de7c82b2276cbdf130ccad046b65feab2c27ed49
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=628febec13fcb71a874a78ebbc16a0ed05059264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:83:a5:ef:4a:99:81:af:6f:ff:32:b7:73:77:
                    22:90:20:c1:f5:16:ff:85:08:8e:dc:44:14:0e:ec:
                    bf:35:49:46:b7:da:94:a3:64:b0:6e:34:cd:b0:c3:
                    09:65:6b:b6:97:06:c8:a7:de:d5:c5:cd:8b:5b:6a:
                    33:81:d8:93:fd:7b:b5:55:38:76:0f:0f:ac:e7:4a:
                    1e:84:05:ad:52:b5:12:15:69:c1:1e:2d:95:d7:35:
                    92:7a:26:35:bd:4f:62:5f:53:1b:c5:57:e5:f4:7a:
                    20:32:1f:31:1c:ce:9d:68:8b:8f:26:59:c2:e0:50:
                    8b:42:0d:2d:80:f2:c8:cd:2c:d4:d8:06:22:2f:cc:
                    0f:45:20:0f:0a:f1:7a:4d:37:eb:ff:30:66:1f:26:
                    31:cb:f7:9d:bc:75:69:ad:0c:4d:95:d3:8b:ef:52:
                    42:7f:c1:74:3b:1e:8a:cf:c1:47:1c:c2:e8:a9:4c:
                    8b:26:66:e9:36:10:04:e0:cc:a8:d0:18:7c:70:74:
                    f6:30:0e:6b:fc:aa:a5:d9:cd:6e:07:51:ea:2e:83:
                    19:67:f3:8a:6a:56:d7:00:66:d2:f7:cd:ac:c0:9c:
                    d8:f4:50:39:ff:38:d2:28:33:a8:33:5e:f3:cb:22:
                    bd:73:73:95:92:9e:92:06:31:b9:22:1c:a3:9a:74:
                    82:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:8F:EB:EC:13:FC:B7:1A:87:4A:78:EB:BC:16:A0:ED:05:05:92:64
            X509v3 Authority Key Identifier:
                keyid:DE:7C:82:B2:27:6C:BD:F1:30:CC:AD:04:6B:65:FE:AB:2C:27:ED:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3nyCsidsvfEwzK0Ea2X-qywn7Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/Yo_r7BP8txqHSnjrvBag7QUFkmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/6fa5df-fb9f-4ae5-ba89-7faf7c1de7b0/1/3nyCsidsvfEwzK0Ea2X-qywn7Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:7a:8d:9c:f7:ab:9e:a8:8b:cb:0d:47:7f:f9:94:c3:03:22:
         48:6d:55:2d:88:07:06:5a:4c:3d:75:70:0f:73:87:72:88:49:
         7b:58:9f:72:19:71:8c:3b:d3:b2:6c:59:e4:6d:e6:c5:ff:bc:
         ef:7e:56:51:4a:be:96:f7:47:96:78:70:9f:c0:d1:f4:84:42:
         af:70:c6:61:93:c4:b2:9c:be:a1:4a:6d:01:3c:aa:d1:67:74:
         8a:81:4d:ca:5d:86:03:b7:d4:4c:88:68:69:09:60:08:23:ce:
         b5:ee:86:61:ed:65:3d:44:c3:b6:f4:4d:cc:59:6c:f9:47:12:
         65:19:1c:0a:65:bc:4e:bd:e3:f4:49:cf:db:dc:5b:31:37:41:
         62:5b:1f:7f:02:60:e7:05:ef:47:67:50:d5:0a:06:a3:d7:1a:
         42:95:55:28:a2:71:8f:74:fb:d0:e2:e4:39:f5:fc:5b:02:ef:
         45:54:1d:ab:73:5e:27:19:e6:67:d8:18:38:8d:a7:91:8b:ce:
         56:d4:0b:5c:93:89:13:bf:97:98:8f:11:83:13:a0:52:f0:d0:
         25:96:32:00:83:88:11:0a:13:3b:d6:a4:b9:ec:da:97:70:27:
         d8:c3:8f:7f:60:b4:cd:48:db:dc:d7:13:ba:48:11:85:eb:59:
         f8:38:3e:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUPCVFhWoOIN8HamZ2t0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlN2M4MmIyMjc2Y2JkZjEzMGNjYWQwNDZiNjVmZWFiMmMy
N2VkNDkwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjhmZWJlYzEzZmNiNzFhODc0YTc4ZWJiYzE2YTBlZDA1MDU5MjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIOl70qZga9v/zK3c3cikCDB9Rb/
hQiO3EQUDuy/NUlGt9qUo2SwbjTNsMMJZWu2lwbIp97Vxc2LW2ozgdiT/Xu1VTh2
Dw+s50oehAWtUrUSFWnBHi2V1zWSeiY1vU9iX1MbxVfl9HogMh8xHM6daIuPJlnC
4FCLQg0tgPLIzSzU2AYiL8wPRSAPCvF6TTfr/zBmHyYxy/edvHVprQxNldOL71JC
f8F0Ox6Kz8FHHMLoqUyLJmbpNhAE4Myo0Bh8cHT2MA5r/Kql2c1uB1HqLoMZZ/OK
albXAGbS982swJzY9FA5/zjSKDOoM17zyyK9c3OVkp6SBjG5IhyjmnSCtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKP6+wT/Lcah0p467wWoO0FBZJkMB8GA1UdIwQY
MBaAFN58grInbL3xMMytBGtl/qssJ+1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM255Q3NpZHN2ZkV3ekswRWEyWC1xeXduN1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi82ZmE1ZGYtZmI5Zi00YWU1LWJhODkt
N2ZhZjdjMWRlN2IwLzEvWW9fcjdCUDh0eHFIU25qcnZCYWc3UVVGa21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi82ZmE1ZGYtZmI5Zi00YWU1LWJhODktN2ZhZjdjMWRlN2Iw
LzEvM255Q3NpZHN2ZkV3ekswRWEyWC1xeXduN1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHa4MA0G
CSqGSIb3DQEBCwUAA4IBAQCReo2c96ueqIvLDUd/+ZTDAyJIbVUtiAcGWkw9dXAP
c4dyiEl7WJ9yGXGMO9OybFnkbebF/7zvflZRSr6W90eWeHCfwNH0hEKvcMZhk8Sy
nL6hSm0BPKrRZ3SKgU3KXYYDt9RMiGhpCWAII8617oZh7WU9RMO29E3MWWz5RxJl
GRwKZbxOveP0Sc/b3FsxN0FiWx9/AmDnBe9HZ1DVCgaj1xpClVUoonGPdPvQ4uQ5
9fxbAu9FVB2rc14nGeZn2Bg4jaeRi85W1Atck4kTv5eYjxGDE6BS8NAlljIAg4gR
ChM71qS57NqXcCfYw49/YLTNSNvc1xO6SBGF61n4OD6R
-----END CERTIFICATE-----