Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/wJQFxsy59gS6UwBjlAHF3cZMZrw.roa
File:                     wJQFxsy59gS6UwBjlAHF3cZMZrw.roa (raw, json)
Hash identifier:          2TdoP4dQbAdvKCcTwBPpDqqW+oY9mGfU5dl1jy/9suU=
Subject key identifier:   C0:94:05:C6:CC:B9:F6:04:BA:53:00:63:94:01:C5:DD:C6:4C:66:BC
Certificate issuer:       /CN=c7c24de99101fafdf74bca293fd6d95060d50a63
Certificate serial:       019299F6BBCE7D6C89DFB1059B4A974C9850
Authority key identifier: C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/wJQFxsy59gS6UwBjlAHF3cZMZrw.roa
Signing time:             Thu 17 Oct 2024 10:12:16 +0000
ROA not before:           Thu 17 Oct 2024 10:12:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29283
IP address blocks:        176.140.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:f6:bb:ce:7d:6c:89:df:b1:05:9b:4a:97:4c:98:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7c24de99101fafdf74bca293fd6d95060d50a63
        Validity
            Not Before: Oct 17 10:12:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c09405c6ccb9f604ba5300639401c5ddc64c66bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ba:04:67:dc:ca:de:f4:e2:03:4f:dc:29:ae:
                    9c:3c:09:4b:85:d6:f8:c2:89:45:41:51:28:4b:c9:
                    3f:2f:79:7a:16:36:73:b6:27:7a:74:a1:9d:66:22:
                    69:fe:99:ce:81:78:a7:6a:50:ba:08:78:83:45:36:
                    c1:8a:4a:59:b6:ea:65:b5:80:83:04:ff:e8:ba:59:
                    54:c3:f4:54:e6:d1:ef:80:63:af:c3:9e:dd:2d:23:
                    3f:9a:1f:f2:94:2c:14:4f:82:c4:34:a7:30:01:f5:
                    43:d2:09:9b:07:bb:ac:5b:82:50:5e:51:98:8c:a2:
                    7c:9e:8e:64:6b:9f:f5:35:28:6b:24:86:6b:d5:e0:
                    c0:4c:5b:91:81:d4:f9:ff:4c:cf:88:0c:ea:99:63:
                    6d:5c:13:2f:ac:e8:d1:1f:78:45:db:1a:f2:94:f2:
                    9c:7c:36:db:89:0d:09:cd:0e:ef:20:30:1f:69:5d:
                    99:6e:84:92:1a:c2:f0:c6:2c:e3:46:a1:02:89:ff:
                    43:d5:e8:01:93:2f:cb:34:97:f7:c1:47:b8:b8:4d:
                    11:bc:b2:13:c7:49:24:83:d3:b9:29:ee:a7:93:f3:
                    5d:5c:67:a3:b4:08:90:88:79:f4:df:da:3a:61:42:
                    35:63:d0:38:ed:b2:e8:68:c5:63:0b:c1:6b:e2:27:
                    0d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:94:05:C6:CC:B9:F6:04:BA:53:00:63:94:01:C5:DD:C6:4C:66:BC
            X509v3 Authority Key Identifier:
                keyid:C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/wJQFxsy59gS6UwBjlAHF3cZMZrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.140.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:97:31:8b:9d:f3:ca:64:6e:e4:07:dc:3b:a6:65:40:51:0c:
         c1:05:d5:46:27:90:72:9c:5a:49:6f:32:9a:9b:b0:99:fa:35:
         0b:f6:01:e4:5a:84:00:b2:4e:d4:07:0a:a5:c3:32:3f:f3:1d:
         a9:cf:d2:e4:8c:1b:90:0b:76:cc:5e:30:bd:98:3e:26:41:81:
         22:6a:62:97:12:2d:89:97:dc:43:9d:9d:61:c4:42:0c:00:ca:
         4f:12:49:46:2a:05:79:1c:bf:76:cb:db:16:ac:5c:1e:19:08:
         3a:22:32:12:56:b1:68:9c:6f:8c:8c:36:7a:56:c7:e1:2d:4c:
         36:25:08:d5:fd:eb:ac:72:ac:5a:cb:38:56:23:26:ae:86:7e:
         6f:76:17:fd:bd:25:53:14:76:78:ca:f0:e6:6a:66:78:d7:34:
         86:a4:09:81:72:37:17:49:4e:b3:73:1a:d7:3d:12:2a:22:f3:
         b0:d6:80:c4:74:5b:42:ef:19:65:44:e5:71:bd:2a:26:40:1b:
         4b:d0:06:68:f3:98:6d:12:8d:68:89:78:8a:84:5a:c7:81:4a:
         68:2a:fc:1b:0e:0f:2e:3b:94:5c:0e:1a:ba:fc:05:9e:4a:3b:
         a8:35:24:09:95:41:f0:eb:ed:bb:61:7e:c5:20:df:cc:38:7c:
         8e:67:62:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKZ9rvOfWyJ37EFm0qXTJhQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YzI0ZGU5OTEwMWZhZmRmNzRiY2EyOTNmZDZkOTUwNjBk
NTBhNjMwHhcNMjQxMDE3MTAxMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDk0MDVjNmNjYjlmNjA0YmE1MzAwNjM5NDAxYzVkZGM2NGM2NmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLoEZ9zK3vTiA0/cKa6cPAlLhdb4
wolFQVEoS8k/L3l6FjZztid6dKGdZiJp/pnOgXinalC6CHiDRTbBikpZtupltYCD
BP/oullUw/RU5tHvgGOvw57dLSM/mh/ylCwUT4LENKcwAfVD0gmbB7usW4JQXlGY
jKJ8no5ka5/1NShrJIZr1eDATFuRgdT5/0zPiAzqmWNtXBMvrOjRH3hF2xrylPKc
fDbbiQ0JzQ7vIDAfaV2ZboSSGsLwxizjRqECif9D1egBky/LNJf3wUe4uE0RvLIT
x0kkg9O5Ke6nk/NdXGejtAiQiHn039o6YUI1Y9A47bLoaMVjC8Fr4icNswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMCUBcbMufYEulMAY5QBxd3GTGa8MB8GA1UdIwQY
MBaAFMfCTemRAfr990vKKT/W2VBg1QpjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQt
ZWQ1ZDZjZThkN2U4LzEvd0pRRnhzeTU5Z1M2VXdCamxBSEYzY1pNWnJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQtZWQ1ZDZjZThkN2U4
LzEveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsIxsMA0G
CSqGSIb3DQEBCwUAA4IBAQCelzGLnfPKZG7kB9w7pmVAUQzBBdVGJ5BynFpJbzKa
m7CZ+jUL9gHkWoQAsk7UBwqlwzI/8x2pz9LkjBuQC3bMXjC9mD4mQYEiamKXEi2J
l9xDnZ1hxEIMAMpPEklGKgV5HL92y9sWrFweGQg6IjISVrFonG+MjDZ6VsfhLUw2
JQjV/euscqxayzhWIyauhn5vdhf9vSVTFHZ4yvDmamZ41zSGpAmBcjcXSU6zcxrX
PRIqIvOw1oDEdFtC7xllROVxvSomQBtL0AZo85htEo1oiXiKhFrHgUpoKvwbDg8u
O5RcDhq6/AWeSjuoNSQJlUHw6+27YX7FIN/MOHyOZ2K7
-----END CERTIFICATE-----