Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/69322d-ad71-4877-a470-9ad9099de1d3/1/_v-QkM_7839GBBphE2mL0zRs7Ak.roa
File:                     _v-QkM_7839GBBphE2mL0zRs7Ak.roa (raw, json)
Hash identifier:          u85RMb6EXsYoNauTgd40RYwvBVRTvz2eUk5ID/By4Eg=
Subject key identifier:   FE:FF:90:90:CF:FB:F3:7F:46:04:1A:61:13:69:8B:D3:34:6C:EC:09
Certificate issuer:       /CN=4eef204d7e86ff81624a6181286e76d433876bc7
Certificate serial:       018CC64AC69F59D93C4E8AE5451092E09F57
Authority key identifier: 4E:EF:20:4D:7E:86:FF:81:62:4A:61:81:28:6E:76:D4:33:87:6B:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tu8gTX6G_4FiSmGBKG521DOHa8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/69322d-ad71-4877-a470-9ad9099de1d3/1/_v-QkM_7839GBBphE2mL0zRs7Ak.roa
Signing time:             Mon 01 Jan 2024 18:30:38 +0000
ROA not before:           Mon 01 Jan 2024 18:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210061
IP address blocks:        176.118.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/69322d-ad71-4877-a470-9ad9099de1d3/1/Tu8gTX6G_4FiSmGBKG521DOHa8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/69322d-ad71-4877-a470-9ad9099de1d3/1/Tu8gTX6G_4FiSmGBKG521DOHa8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tu8gTX6G_4FiSmGBKG521DOHa8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c6:9f:59:d9:3c:4e:8a:e5:45:10:92:e0:9f:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eef204d7e86ff81624a6181286e76d433876bc7
        Validity
            Not Before: Jan  1 18:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=feff9090cffbf37f46041a6113698bd3346cec09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:de:26:75:ff:3a:6d:d5:7a:37:73:03:89:8d:
                    8b:53:e7:cd:a0:92:e4:6a:28:4b:46:7e:8b:4e:ed:
                    75:0b:d2:16:65:de:ef:6d:41:bf:5f:6c:77:64:c1:
                    01:0c:23:13:44:4c:5b:79:25:5d:11:1c:cf:bc:4b:
                    3c:0c:13:68:28:54:f8:84:9c:50:9d:21:b3:b7:2b:
                    88:aa:69:74:cb:13:be:c8:da:9f:9d:3b:03:a4:cf:
                    d3:78:1e:81:59:63:9d:71:09:d9:83:ce:4b:e6:99:
                    d5:17:9a:bb:34:d8:03:0d:c5:01:d4:ff:c9:29:43:
                    da:34:b5:d5:70:0f:38:79:53:04:42:08:4c:75:26:
                    4c:55:39:3d:fb:df:37:8c:16:dc:68:99:b4:ea:16:
                    aa:a9:6f:ee:38:98:59:60:17:71:be:ab:ef:d4:de:
                    55:85:9e:3c:8f:97:a7:52:06:40:b6:37:5a:67:fa:
                    30:07:f7:d5:e8:a9:23:94:cc:2d:1d:80:1c:ae:db:
                    cd:67:14:57:68:15:ad:43:f2:2a:21:7b:82:f4:58:
                    0b:42:f8:fe:e7:6b:83:3b:92:9c:a7:fc:ef:b7:e5:
                    ca:84:09:59:89:ee:34:51:92:9d:e6:2f:c1:6b:2f:
                    0f:d5:98:40:54:f5:4a:3f:03:e2:fa:f6:43:53:c9:
                    b1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:FF:90:90:CF:FB:F3:7F:46:04:1A:61:13:69:8B:D3:34:6C:EC:09
            X509v3 Authority Key Identifier:
                keyid:4E:EF:20:4D:7E:86:FF:81:62:4A:61:81:28:6E:76:D4:33:87:6B:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tu8gTX6G_4FiSmGBKG521DOHa8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/69322d-ad71-4877-a470-9ad9099de1d3/1/_v-QkM_7839GBBphE2mL0zRs7Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/69322d-ad71-4877-a470-9ad9099de1d3/1/Tu8gTX6G_4FiSmGBKG521DOHa8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:11:6d:c7:4a:41:c9:99:58:1f:9c:ee:68:cb:73:21:a8:27:
         b6:06:f6:b2:43:f8:6c:33:b0:8c:ee:fd:5a:5e:fa:cf:ef:e0:
         a0:83:9a:83:6e:f5:53:2d:cb:e3:6e:6f:79:a8:c8:20:03:90:
         61:c8:80:1f:81:59:a8:0d:48:6a:2a:14:89:58:1a:82:72:30:
         a9:c2:7c:ef:ba:30:f3:e4:e0:75:42:c0:c8:3f:4d:61:ac:5c:
         d5:87:30:b0:2b:bb:e8:8b:b0:b6:5b:86:54:a5:5d:24:1c:1a:
         3a:68:17:51:37:62:50:d0:cb:09:a3:d5:8c:08:e4:3e:64:e5:
         9e:bb:c5:3b:fe:2d:49:f9:0e:fe:77:28:17:ed:88:f2:05:67:
         fe:e0:3f:18:98:cb:83:8e:f4:3b:97:01:ec:78:3f:b2:1d:e7:
         09:e7:03:96:51:3e:a8:07:8a:02:5e:71:59:63:cc:e4:08:4e:
         be:0e:d6:15:1d:df:fc:8e:76:18:5e:ff:e5:58:cb:2d:0a:61:
         26:1d:58:39:ab:73:cc:da:61:68:f9:90:09:01:75:a4:8a:52:
         d1:fc:93:fa:04:7b:22:40:19:9a:8b:7d:24:de:c6:9d:db:f4:
         94:2f:e7:11:d7:59:7b:4b:d4:21:6d:07:d6:14:1e:86:49:a0:
         6d:4f:d0:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSsafWdk8TorlRRCS4J9XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWYyMDRkN2U4NmZmODE2MjRhNjE4MTI4NmU3NmQ0MzM4
NzZiYzcwHhcNMjQwMTAxMTgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWZmOTA5MGNmZmJmMzdmNDYwNDFhNjExMzY5OGJkMzM0NmNlYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn94mdf86bdV6N3MDiY2LU+fNoJLk
aihLRn6LTu11C9IWZd7vbUG/X2x3ZMEBDCMTRExbeSVdERzPvEs8DBNoKFT4hJxQ
nSGztyuIqml0yxO+yNqfnTsDpM/TeB6BWWOdcQnZg85L5pnVF5q7NNgDDcUB1P/J
KUPaNLXVcA84eVMEQghMdSZMVTk9+983jBbcaJm06haqqW/uOJhZYBdxvqvv1N5V
hZ48j5enUgZAtjdaZ/owB/fV6KkjlMwtHYAcrtvNZxRXaBWtQ/IqIXuC9FgLQvj+
52uDO5Kcp/zvt+XKhAlZie40UZKd5i/Bay8P1ZhAVPVKPwPi+vZDU8mx9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7/kJDP+/N/RgQaYRNpi9M0bOwJMB8GA1UdIwQY
MBaAFE7vIE1+hv+BYkphgShudtQzh2vHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHU4Z1RYNkdfNEZpU21HQktHNTIxRE9IYThjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS82OTMyMmQtYWQ3MS00ODc3LWE0NzAt
OWFkOTA5OWRlMWQzLzEvX3YtUWtNXzc4MzlHQkJwaEUybUwwelJzN0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS82OTMyMmQtYWQ3MS00ODc3LWE0NzAtOWFkOTA5OWRlMWQz
LzEvVHU4Z1RYNkdfNEZpU21HQktHNTIxRE9IYThjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHaoMA0G
CSqGSIb3DQEBCwUAA4IBAQCPEW3HSkHJmVgfnO5oy3MhqCe2BvayQ/hsM7CM7v1a
XvrP7+Cgg5qDbvVTLcvjbm95qMggA5BhyIAfgVmoDUhqKhSJWBqCcjCpwnzvujDz
5OB1QsDIP01hrFzVhzCwK7voi7C2W4ZUpV0kHBo6aBdRN2JQ0MsJo9WMCOQ+ZOWe
u8U7/i1J+Q7+dygX7YjyBWf+4D8YmMuDjvQ7lwHseD+yHecJ5wOWUT6oB4oCXnFZ
Y8zkCE6+DtYVHd/8jnYYXv/lWMstCmEmHVg5q3PM2mFo+ZAJAXWkilLR/JP6BHsi
QBmai30k3sad2/SUL+cR11l7S9QhbQfWFB6GSaBtT9A6
-----END CERTIFICATE-----