Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/40fb78-4189-497d-b06b-8e7b709da653/1/b_KhxVQxJgpfHE8W7W9eBaXyPus.roa
File:                     b_KhxVQxJgpfHE8W7W9eBaXyPus.roa (raw, json)
Hash identifier:          NB27YEbhz/ZZherJR1pqVdHZ4o4+0/p1pt4bGY+NHUw=
Subject key identifier:   6F:F2:A1:C5:54:31:26:0A:5F:1C:4F:16:ED:6F:5E:05:A5:F2:3E:EB
Certificate issuer:       /CN=e2e4242563473cdf142ccb7cce3c2cc36ea3d465
Certificate serial:       018CC7943BB41B1DE706D7800D41EF9D4C2B
Authority key identifier: E2:E4:24:25:63:47:3C:DF:14:2C:CB:7C:CE:3C:2C:C3:6E:A3:D4:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uQkJWNHPN8ULMt8zjwsw26j1GU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/40fb78-4189-497d-b06b-8e7b709da653/1/b_KhxVQxJgpfHE8W7W9eBaXyPus.roa
Signing time:             Tue 02 Jan 2024 00:30:29 +0000
ROA not before:           Tue 02 Jan 2024 00:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60257
IP address blocks:        193.56.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/40fb78-4189-497d-b06b-8e7b709da653/1/4uQkJWNHPN8ULMt8zjwsw26j1GU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/40fb78-4189-497d-b06b-8e7b709da653/1/4uQkJWNHPN8ULMt8zjwsw26j1GU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4uQkJWNHPN8ULMt8zjwsw26j1GU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:3b:b4:1b:1d:e7:06:d7:80:0d:41:ef:9d:4c:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e4242563473cdf142ccb7cce3c2cc36ea3d465
        Validity
            Not Before: Jan  2 00:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ff2a1c55431260a5f1c4f16ed6f5e05a5f23eeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1d:7b:7f:10:9b:83:ac:60:53:b1:5e:19:bb:
                    f4:b8:ad:db:b7:20:62:0e:ef:ec:d3:d6:5a:e3:d6:
                    ad:b6:99:6b:c6:ca:fb:d5:0b:a0:d2:2f:6b:ee:55:
                    06:6b:41:00:04:58:d6:b1:56:59:00:41:55:a8:fe:
                    4f:9c:d1:cc:69:10:87:ac:b8:63:a8:6a:61:7e:9e:
                    08:ce:e5:08:41:8a:fb:d5:93:eb:45:f2:b4:86:5c:
                    65:cf:c2:9c:bf:df:00:9b:a1:c4:60:53:9a:2f:28:
                    4d:c2:bf:55:9e:6b:4a:18:f3:e8:55:94:49:c2:59:
                    d4:fe:c9:77:20:c1:1a:d5:9b:cf:b1:87:34:dd:25:
                    4c:9c:ef:aa:4e:89:ca:00:a6:35:28:cd:41:b0:1d:
                    75:f4:3b:cf:05:af:85:91:a6:40:13:d5:1f:a1:96:
                    dd:3b:87:98:a8:1d:88:38:b5:ae:51:48:59:56:75:
                    cb:20:54:3d:07:ae:6d:6f:d0:2d:f8:59:93:51:c1:
                    4e:6d:b0:cc:54:46:3f:c1:cc:c4:8e:7d:03:e3:ac:
                    2f:00:dc:ac:c3:16:a2:f9:8c:1f:bc:07:52:79:a8:
                    bc:da:97:dc:94:28:93:4d:16:82:d3:f4:3a:8b:b9:
                    9a:4b:32:90:3e:8e:a8:a9:44:c1:d9:ac:0b:12:29:
                    da:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F2:A1:C5:54:31:26:0A:5F:1C:4F:16:ED:6F:5E:05:A5:F2:3E:EB
            X509v3 Authority Key Identifier:
                keyid:E2:E4:24:25:63:47:3C:DF:14:2C:CB:7C:CE:3C:2C:C3:6E:A3:D4:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uQkJWNHPN8ULMt8zjwsw26j1GU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40fb78-4189-497d-b06b-8e7b709da653/1/b_KhxVQxJgpfHE8W7W9eBaXyPus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/40fb78-4189-497d-b06b-8e7b709da653/1/4uQkJWNHPN8ULMt8zjwsw26j1GU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:08:04:c3:e1:22:8f:c1:24:1c:a6:0b:8f:97:79:fd:d3:47:
         12:59:85:7b:b0:45:e2:5e:85:ea:af:2a:04:33:af:a1:92:f6:
         d7:ca:f2:75:7d:9b:e4:87:0a:a0:f9:5f:96:57:ca:4c:5f:24:
         49:27:f9:f5:a9:a1:c9:07:aa:16:09:f9:73:1d:2b:15:6b:04:
         2c:22:1b:0b:b1:2f:d4:13:f7:49:98:a1:d0:f0:66:5a:b2:da:
         70:4a:c5:1d:ed:1c:35:fb:9b:15:22:2c:21:59:23:17:95:28:
         69:ff:ab:69:e9:6c:e7:12:43:e0:6e:79:b8:67:92:88:43:33:
         ae:1a:68:73:b1:f1:de:8a:0a:2c:b9:29:e0:e5:35:f2:f6:ed:
         89:bc:ec:67:d9:bd:e7:02:81:4c:4f:e8:72:60:00:73:5e:61:
         46:3c:e3:c2:58:c5:69:df:f1:62:65:2b:1e:a6:c8:ca:ec:20:
         9e:4d:c7:48:64:0f:41:b7:c6:da:ef:a9:8e:40:16:e8:85:b5:
         eb:3e:aa:14:45:b6:ad:ef:23:18:3e:18:ff:94:f2:e2:e8:af:
         e2:ab:b0:6a:30:b7:41:b9:93:ef:27:a3:a4:d2:43:aa:39:8d:
         c1:c2:5f:22:c8:3e:f7:8d:32:92:7b:d4:5b:41:87:4d:03:42:
         8a:8b:55:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDu0Gx3nBteADUHvnUwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZTQyNDI1NjM0NzNjZGYxNDJjY2I3Y2NlM2MyY2MzNmVh
M2Q0NjUwHhcNMjQwMTAyMDAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYyYTFjNTU0MzEyNjBhNWYxYzRmMTZlZDZmNWUwNWE1ZjIzZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjh17fxCbg6xgU7FeGbv0uK3btyBi
Du/s09Za49attplrxsr71Qug0i9r7lUGa0EABFjWsVZZAEFVqP5PnNHMaRCHrLhj
qGphfp4IzuUIQYr71ZPrRfK0hlxlz8Kcv98Am6HEYFOaLyhNwr9VnmtKGPPoVZRJ
wlnU/sl3IMEa1ZvPsYc03SVMnO+qTonKAKY1KM1BsB119DvPBa+FkaZAE9UfoZbd
O4eYqB2IOLWuUUhZVnXLIFQ9B65tb9At+FmTUcFObbDMVEY/wczEjn0D46wvANys
wxai+YwfvAdSeai82pfclCiTTRaC0/Q6i7maSzKQPo6oqUTB2awLEinaXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/yocVUMSYKXxxPFu1vXgWl8j7rMB8GA1UdIwQY
MBaAFOLkJCVjRzzfFCzLfM48LMNuo9RlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVRa0pXTkhQTjhVTE10OHpqd3N3MjZqMUdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MGZiNzgtNDE4OS00OTdkLWIwNmIt
OGU3YjcwOWRhNjUzLzEvYl9LaHhWUXhKZ3BmSEU4VzdXOWVCYVh5UHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MGZiNzgtNDE4OS00OTdkLWIwNmItOGU3YjcwOWRhNjUz
LzEvNHVRa0pXTkhQTjhVTE10OHpqd3N3MjZqMUdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTiwMA0G
CSqGSIb3DQEBCwUAA4IBAQC3CATD4SKPwSQcpguPl3n900cSWYV7sEXiXoXqryoE
M6+hkvbXyvJ1fZvkhwqg+V+WV8pMXyRJJ/n1qaHJB6oWCflzHSsVawQsIhsLsS/U
E/dJmKHQ8GZastpwSsUd7Rw1+5sVIiwhWSMXlShp/6tp6WznEkPgbnm4Z5KIQzOu
GmhzsfHeigosuSng5TXy9u2JvOxn2b3nAoFMT+hyYABzXmFGPOPCWMVp3/FiZSse
psjK7CCeTcdIZA9Bt8ba76mOQBbohbXrPqoURbat7yMYPhj/lPLi6K/iq7BqMLdB
uZPvJ6Ok0kOqOY3Bwl8iyD73jTKSe9RbQYdNA0KKi1Vd
-----END CERTIFICATE-----