Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/8H6wuTsu5z3B4EEcrRei1aP6-2I.roa
File:                     8H6wuTsu5z3B4EEcrRei1aP6-2I.roa (raw, json)
Hash identifier:          5c7XTob91Vtay6xBxYZLRZWUnR16vbLtcwH36ES9rx0=
Subject key identifier:   F0:7E:B0:B9:3B:2E:E7:3D:C1:E0:41:1C:AD:17:A2:D5:A3:FA:FB:62
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       0192FF9AB36654B2AE79A9DEDD80A94A085E
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/8H6wuTsu5z3B4EEcrRei1aP6-2I.roa
Signing time:             Wed 06 Nov 2024 03:53:01 +0000
ROA not before:           Wed 06 Nov 2024 03:53:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202673
IP address blocks:        176.105.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ff:9a:b3:66:54:b2:ae:79:a9:de:dd:80:a9:4a:08:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Nov  6 03:53:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f07eb0b93b2ee73dc1e0411cad17a2d5a3fafb62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:02:b9:ee:4a:44:06:bc:b8:85:3a:d7:d6:b1:
                    c4:02:46:51:f1:1a:a7:25:20:4f:b0:94:db:99:70:
                    b8:62:cf:d2:1f:94:74:72:6c:74:fb:60:97:9c:dc:
                    0a:b8:34:ba:ad:df:ff:32:fc:3b:1d:5b:44:37:b6:
                    74:15:14:67:bb:8b:21:f0:72:23:19:88:cd:38:28:
                    b2:99:b4:e5:54:91:55:ef:1a:18:b7:52:d7:df:53:
                    7b:fc:25:36:be:e3:4b:d4:7d:95:83:24:fe:d3:9c:
                    59:02:30:9a:11:b2:a9:04:df:8c:49:23:4a:5d:d3:
                    f2:f1:42:65:fd:ee:97:03:66:6a:93:9b:42:da:1b:
                    2f:95:71:4e:57:7a:08:bf:47:af:30:b5:de:74:93:
                    02:04:f7:55:71:c9:86:56:28:07:b6:34:10:01:71:
                    5c:96:2a:a0:c9:c3:63:2c:c1:42:55:4e:26:63:60:
                    11:ff:5f:17:11:d9:b1:28:fa:ff:72:46:4e:c2:d6:
                    d6:45:5b:4e:0d:62:75:ff:78:ad:22:10:24:b7:96:
                    2e:c7:05:37:22:e5:a5:7d:91:19:0f:b4:2f:7d:61:
                    f5:32:03:81:70:75:33:fb:32:08:4b:a0:37:37:46:
                    e6:4f:7f:1d:84:d0:61:5d:ee:d9:eb:22:8e:3d:dd:
                    f0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:7E:B0:B9:3B:2E:E7:3D:C1:E0:41:1C:AD:17:A2:D5:A3:FA:FB:62
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/8H6wuTsu5z3B4EEcrRei1aP6-2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.105.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:da:bf:37:81:dd:07:60:d1:c8:89:e0:e7:3c:28:4e:2c:45:
         8c:ac:b0:78:2e:f0:42:55:ca:ed:8e:f1:14:67:3b:0f:fe:9a:
         ad:fa:67:4e:9e:b0:99:30:30:e1:51:4d:82:9e:fa:68:b2:d1:
         c9:45:5d:27:0d:65:08:fd:93:69:a0:5e:ab:7c:d2:1a:25:b3:
         72:ea:45:f1:84:36:2f:9a:95:1b:28:d2:af:45:cf:cf:5d:60:
         f6:6c:55:28:23:69:35:25:85:55:8e:be:cc:c6:ea:5b:a4:4d:
         ac:a3:1b:83:7c:f5:f9:5d:e0:17:dc:4f:69:85:24:58:88:ed:
         e4:63:df:03:19:a3:f1:5d:66:bf:36:08:99:ee:c8:d8:eb:cf:
         45:a0:92:a0:e3:01:4a:9f:0f:a5:b0:38:88:09:b3:57:b0:9c:
         83:87:a9:6d:23:fc:0c:2b:5d:fc:15:56:24:af:a0:c5:67:86:
         a6:f3:22:8b:20:93:b3:89:74:5f:22:de:49:a6:88:0f:f6:4a:
         48:e1:70:16:3e:b7:4b:25:2a:db:77:35:02:1b:4c:9f:b0:0f:
         3a:42:df:4e:f0:2f:ed:c1:29:f7:47:5f:d7:64:2d:d2:04:d7:
         82:29:32:ff:c5:f4:0b:03:60:b3:de:f9:92:58:11:af:84:62:
         01:4e:0b:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL/mrNmVLKueane3YCpSgheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQxMTA2MDM1MzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDdlYjBiOTNiMmVlNzNkYzFlMDQxMWNhZDE3YTJkNWEzZmFmYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gK57kpEBry4hTrX1rHEAkZR8Rqn
JSBPsJTbmXC4Ys/SH5R0cmx0+2CXnNwKuDS6rd//Mvw7HVtEN7Z0FRRnu4sh8HIj
GYjNOCiymbTlVJFV7xoYt1LX31N7/CU2vuNL1H2VgyT+05xZAjCaEbKpBN+MSSNK
XdPy8UJl/e6XA2Zqk5tC2hsvlXFOV3oIv0evMLXedJMCBPdVccmGVigHtjQQAXFc
liqgycNjLMFCVU4mY2AR/18XEdmxKPr/ckZOwtbWRVtODWJ1/3itIhAkt5YuxwU3
IuWlfZEZD7QvfWH1MgOBcHUz+zIIS6A3N0bmT38dhNBhXe7Z6yKOPd3wQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPB+sLk7Luc9weBBHK0XotWj+vtiMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvOEg2d3VUc3U1ejNCNEVFY3JSZWkxYVA2LTJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGnmMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ2r83gd0HYNHIieDnPChOLEWMrLB4LvBCVcrtjvEU
ZzsP/pqt+mdOnrCZMDDhUU2CnvpostHJRV0nDWUI/ZNpoF6rfNIaJbNy6kXxhDYv
mpUbKNKvRc/PXWD2bFUoI2k1JYVVjr7MxupbpE2soxuDfPX5XeAX3E9phSRYiO3k
Y98DGaPxXWa/NgiZ7sjY689FoJKg4wFKnw+lsDiICbNXsJyDh6ltI/wMK138FVYk
r6DFZ4am8yKLIJOziXRfIt5JpogP9kpI4XAWPrdLJSrbdzUCG0yfsA86Qt9O8C/t
wSn3R1/XZC3SBNeCKTL/xfQLA2Cz3vmSWBGvhGIBTgtX
-----END CERTIFICATE-----