Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/40d220-621d-46fb-ac9c-48b8366ff23e/1/AsCX6ZK7MSFIrR_Tj4gsofudkx8.roa
File:                     AsCX6ZK7MSFIrR_Tj4gsofudkx8.roa (raw, json)
Hash identifier:          koeX1g/3zKnyIZAPlNTdGhmrG89T81e8m/RIS8JSkRA=
Subject key identifier:   02:C0:97:E9:92:BB:31:21:48:AD:1F:D3:8F:88:2C:A1:FB:9D:93:1F
Certificate issuer:       /CN=2bf0a0197868c6d8c34dd16b3f44decc5e4236f5
Certificate serial:       018CC4255E3B2C9BAE5056BD1A1A63A91B37
Authority key identifier: 2B:F0:A0:19:78:68:C6:D8:C3:4D:D1:6B:3F:44:DE:CC:5E:42:36:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K_CgGXhoxtjDTdFrP0TezF5CNvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/40d220-621d-46fb-ac9c-48b8366ff23e/1/AsCX6ZK7MSFIrR_Tj4gsofudkx8.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6758
IP address blocks:        176.121.52.0/22 maxlen: 22
                          185.243.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/40d220-621d-46fb-ac9c-48b8366ff23e/1/K_CgGXhoxtjDTdFrP0TezF5CNvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/40d220-621d-46fb-ac9c-48b8366ff23e/1/K_CgGXhoxtjDTdFrP0TezF5CNvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K_CgGXhoxtjDTdFrP0TezF5CNvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5e:3b:2c:9b:ae:50:56:bd:1a:1a:63:a9:1b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bf0a0197868c6d8c34dd16b3f44decc5e4236f5
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02c097e992bb312148ad1fd38f882ca1fb9d931f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ae:2b:9d:f8:54:fc:24:e3:d8:35:7b:89:31:
                    33:ea:c0:de:4a:15:9d:ee:e9:8e:fb:32:b3:e0:30:
                    36:48:20:08:31:77:8b:da:dc:cb:3b:d3:de:cd:92:
                    b2:58:85:03:c8:8e:91:c0:30:67:c5:94:77:8a:91:
                    0a:08:a7:e1:49:ff:49:ee:57:3f:6e:23:9f:73:4c:
                    ba:d5:03:6f:3f:05:c1:38:72:8b:23:29:c4:b0:9a:
                    94:75:bc:aa:ca:0f:92:8a:2d:77:13:87:06:28:53:
                    21:8e:96:87:85:ce:e4:3f:1a:de:e5:ca:55:39:4c:
                    9b:c5:72:af:c6:46:e0:cc:f6:7f:60:cc:9e:d6:60:
                    bd:86:6f:b3:d9:a4:66:76:e9:d6:44:6c:44:ac:f2:
                    8d:4e:0e:4b:6e:ad:32:57:a3:70:1e:98:38:78:21:
                    aa:c1:81:45:bf:12:14:e6:e0:2f:fd:37:28:d1:69:
                    06:df:64:15:fa:62:c8:13:88:31:aa:cb:c2:5b:da:
                    6b:a2:43:28:15:70:f9:1d:c8:3e:44:dc:39:1c:8c:
                    d1:c0:e3:11:5f:37:c2:d8:a6:ce:d4:78:1a:9e:28:
                    b9:8c:a7:6d:9c:27:76:4b:da:30:9a:e5:eb:85:be:
                    ad:30:07:a6:d4:c7:98:a2:29:e2:d3:dd:ca:a0:4b:
                    be:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C0:97:E9:92:BB:31:21:48:AD:1F:D3:8F:88:2C:A1:FB:9D:93:1F
            X509v3 Authority Key Identifier:
                keyid:2B:F0:A0:19:78:68:C6:D8:C3:4D:D1:6B:3F:44:DE:CC:5E:42:36:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K_CgGXhoxtjDTdFrP0TezF5CNvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/40d220-621d-46fb-ac9c-48b8366ff23e/1/AsCX6ZK7MSFIrR_Tj4gsofudkx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/40d220-621d-46fb-ac9c-48b8366ff23e/1/K_CgGXhoxtjDTdFrP0TezF5CNvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.52.0/22
                  185.243.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:cf:18:a5:63:cb:c4:28:4b:d9:50:ce:97:94:ff:02:cf:d0:
         7d:8e:ab:fb:1b:3c:ea:eb:c0:bd:54:7c:a4:4c:a7:82:fc:36:
         e3:91:c1:0a:42:df:dd:fa:e3:61:06:6e:a1:dd:69:7e:cb:b7:
         d0:33:15:4d:50:6a:d6:27:f0:fc:16:b6:21:05:cf:9b:9e:59:
         63:d4:f6:e3:c3:fb:00:7b:ef:d9:e8:93:36:1b:58:1c:55:55:
         eb:8f:f6:15:43:db:af:87:4a:90:ec:6d:cf:1d:4e:ec:29:30:
         27:bc:b1:d7:3d:21:5a:9d:e5:18:bd:50:5a:f3:34:75:13:39:
         c1:43:03:ba:e3:15:0d:87:8c:43:78:57:6f:d0:74:c8:79:c4:
         fe:51:19:c6:61:d3:4d:d0:bd:62:77:34:f5:eb:c0:31:f2:e9:
         e8:fe:d3:bb:b0:8b:76:35:9a:b0:fc:78:a3:d8:ad:cb:7c:55:
         c6:67:f1:09:11:31:d1:b6:c4:3f:9a:41:f1:9f:2c:82:a3:3b:
         cb:3e:59:0d:25:97:69:3c:64:14:06:59:28:e3:63:77:10:a1:
         48:c6:8b:9d:18:08:ea:50:60:c2:cb:90:8d:f9:86:af:45:6a:
         45:cd:c1:88:46:50:43:e8:1d:de:12:26:d3:28:2b:e5:b8:5d:
         0e:10:24:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJV47LJuuUFa9GhpjqRs3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZjBhMDE5Nzg2OGM2ZDhjMzRkZDE2YjNmNDRkZWNjNWU0
MjM2ZjUwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmMwOTdlOTkyYmIzMTIxNDhhZDFmZDM4Zjg4MmNhMWZiOWQ5MzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwq4rnfhU/CTj2DV7iTEz6sDeShWd
7umO+zKz4DA2SCAIMXeL2tzLO9PezZKyWIUDyI6RwDBnxZR3ipEKCKfhSf9J7lc/
biOfc0y61QNvPwXBOHKLIynEsJqUdbyqyg+Sii13E4cGKFMhjpaHhc7kPxre5cpV
OUybxXKvxkbgzPZ/YMye1mC9hm+z2aRmdunWRGxErPKNTg5Lbq0yV6NwHpg4eCGq
wYFFvxIU5uAv/Tco0WkG32QV+mLIE4gxqsvCW9prokMoFXD5Hcg+RNw5HIzRwOMR
XzfC2KbO1Hganii5jKdtnCd2S9owmuXrhb6tMAem1MeYoini093KoEu+lwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFALAl+mSuzEhSK0f04+ILKH7nZMfMB8GA1UdIwQY
MBaAFCvwoBl4aMbYw03Raz9E3sxeQjb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS19DZ0dYaG94dGpEVGRGclAwVGV6RjVDTnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80MGQyMjAtNjIxZC00NmZiLWFjOWMt
NDhiODM2NmZmMjNlLzEvQXNDWDZaSzdNU0ZJclJfVGo0Z3NvZnVka3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80MGQyMjAtNjIxZC00NmZiLWFjOWMtNDhiODM2NmZmMjNl
LzEvS19DZ0dYaG94dGpEVGRGclAwVGV6RjVDTnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsHk0AwQA
ufMDMA0GCSqGSIb3DQEBCwUAA4IBAQAmzxilY8vEKEvZUM6XlP8Cz9B9jqv7Gzzq
68C9VHykTKeC/DbjkcEKQt/d+uNhBm6h3Wl+y7fQMxVNUGrWJ/D8FrYhBc+bnllj
1Pbjw/sAe+/Z6JM2G1gcVVXrj/YVQ9uvh0qQ7G3PHU7sKTAnvLHXPSFaneUYvVBa
8zR1EznBQwO64xUNh4xDeFdv0HTIecT+URnGYdNN0L1idzT168Ax8uno/tO7sIt2
NZqw/Hij2K3LfFXGZ/EJETHRtsQ/mkHxnyyCozvLPlkNJZdpPGQUBlko42N3EKFI
xoudGAjqUGDCy5CN+YavRWpFzcGIRlBD6B3eEibTKCvluF0OECQB
-----END CERTIFICATE-----