Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/GxK70MZxLYx8qXLUPuipKdF6AD4.roa
File:                     GxK70MZxLYx8qXLUPuipKdF6AD4.roa (raw, json)
Hash identifier:          YnqugVgTD4pnamRm/fSWmHvH92SK1OGc52L7IowKS14=
Subject key identifier:   1B:12:BB:D0:C6:71:2D:8C:7C:A9:72:D4:3E:E8:A9:29:D1:7A:00:3E
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B50C6BF7CE8BDD1D00AAF746A3C46
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/GxK70MZxLYx8qXLUPuipKdF6AD4.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49666
IP address blocks:        176.65.243.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:50:c6:bf:7c:e8:bd:d1:d0:0a:af:74:6a:3c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b12bbd0c6712d8c7ca972d43ee8a929d17a003e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c6:8f:03:46:97:db:81:45:e8:a0:61:ed:63:
                    f4:fb:9b:28:6c:5f:6f:d9:ae:a9:d7:db:d8:f5:db:
                    67:4f:4f:89:93:0e:c6:5e:51:39:ee:8d:8c:02:1d:
                    8c:22:22:a4:97:78:d3:f6:82:7d:66:16:04:63:a5:
                    9c:4d:66:fd:78:3d:70:35:0c:ad:a5:ad:3a:11:6f:
                    05:d4:9d:48:79:5e:86:23:7d:6e:c3:a0:3e:a1:07:
                    e3:c2:1d:3a:f5:88:55:25:70:1c:e3:c2:e6:48:80:
                    07:2d:2e:07:13:09:40:77:6f:25:61:89:01:4c:72:
                    c3:80:3e:7e:07:76:e0:78:4e:1b:71:78:63:47:28:
                    df:2d:37:90:df:06:c1:77:44:b1:e9:54:5b:a6:43:
                    5f:52:26:b3:1b:42:3f:1d:2d:e2:37:fd:c8:8e:cd:
                    1a:e2:2e:34:43:72:87:a0:04:07:74:5e:5e:c7:1e:
                    94:02:f7:e3:cc:89:bb:38:b1:39:e0:ca:b0:b7:01:
                    16:bb:e7:47:e1:e6:ce:fa:6b:33:3f:95:d9:0d:18:
                    f4:db:2c:84:a9:b6:21:c9:11:8f:40:6d:8d:67:3d:
                    86:ef:22:37:74:19:43:09:72:68:28:93:06:a8:01:
                    82:7f:d2:c1:1a:60:0d:05:ac:3f:a9:7d:e8:70:af:
                    2e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:12:BB:D0:C6:71:2D:8C:7C:A9:72:D4:3E:E8:A9:29:D1:7A:00:3E
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/GxK70MZxLYx8qXLUPuipKdF6AD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.65.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:f7:58:18:80:08:03:f1:1a:fb:fe:1e:e9:65:d3:3e:63:7b:
         8d:2f:b9:86:51:01:68:b1:15:35:d2:96:72:23:be:5d:c1:2e:
         f1:a3:1f:40:95:91:1e:41:6b:72:5d:7e:9a:df:8e:b9:94:d4:
         c1:bc:15:07:63:65:2f:db:b3:38:89:ca:ec:28:ae:9c:53:12:
         fc:ac:6b:22:5f:b2:21:7d:36:a7:97:cd:0f:72:b8:42:1d:b0:
         2a:9f:c9:bc:82:98:58:7e:a6:8c:01:7c:94:ce:e2:9f:89:ce:
         fe:23:1c:e1:c4:2b:34:fa:f8:a5:ca:8a:b9:23:18:30:7e:84:
         d8:cc:8a:54:83:ed:26:3d:41:81:89:e3:49:20:26:5e:ad:cb:
         0a:22:7a:d2:f8:bc:5b:32:a5:27:7a:bd:98:40:ca:83:70:3e:
         cc:9b:6d:9e:0f:77:b3:76:19:ec:47:12:e4:bd:a4:67:ef:08:
         3d:e8:4b:8e:25:1d:c4:3f:df:5d:0a:4b:b4:33:71:5c:ad:e0:
         64:6b:5e:92:0e:c3:f8:f2:85:99:fd:67:2d:57:e8:28:b5:15:
         f2:51:58:af:db:6e:9b:6b:2c:52:ae:6d:05:5b:2b:6d:78:00:
         d3:63:b3:c2:a4:d2:81:69:01:20:37:90:74:f9:39:8b:67:b4:
         34:22:6a:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1DGv3zovdHQCq90ajxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjEyYmJkMGM2NzEyZDhjN2NhOTcyZDQzZWU4YTkyOWQxN2EwMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMaPA0aX24FF6KBh7WP0+5sobF9v
2a6p19vY9dtnT0+Jkw7GXlE57o2MAh2MIiKkl3jT9oJ9ZhYEY6WcTWb9eD1wNQyt
pa06EW8F1J1IeV6GI31uw6A+oQfjwh069YhVJXAc48LmSIAHLS4HEwlAd28lYYkB
THLDgD5+B3bgeE4bcXhjRyjfLTeQ3wbBd0Sx6VRbpkNfUiazG0I/HS3iN/3Ijs0a
4i40Q3KHoAQHdF5exx6UAvfjzIm7OLE54MqwtwEWu+dH4ebO+mszP5XZDRj02yyE
qbYhyRGPQG2NZz2G7yI3dBlDCXJoKJMGqAGCf9LBGmANBaw/qX3ocK8uGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsSu9DGcS2MfKly1D7oqSnRegA+MB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvR3hLNzBNWnhMWXg4cVhMVVB1aXBLZEY2QUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsEHzMA0G
CSqGSIb3DQEBCwUAA4IBAQAk91gYgAgD8Rr7/h7pZdM+Y3uNL7mGUQFosRU10pZy
I75dwS7xox9AlZEeQWtyXX6a3465lNTBvBUHY2Uv27M4icrsKK6cUxL8rGsiX7Ih
fTanl80PcrhCHbAqn8m8gphYfqaMAXyUzuKfic7+IxzhxCs0+vilyoq5IxgwfoTY
zIpUg+0mPUGBieNJICZercsKInrS+LxbMqUner2YQMqDcD7Mm22eD3ezdhnsRxLk
vaRn7wg96EuOJR3EP99dCku0M3FcreBka16SDsP48oWZ/WctV+gotRXyUViv226b
ayxSrm0FWytteADTY7PCpNKBaQEgN5B0+TmLZ7Q0ImoU
-----END CERTIFICATE-----