Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/778c47-4609-43d3-aeef-79c8a2472a0c/1/TtprNlI93N4M8WhtkOrRXUjprBg.roa
File:                     TtprNlI93N4M8WhtkOrRXUjprBg.roa (raw, json)
Hash identifier:          L0FT2ScI3rDQ8ahtt0+5pqpeWPGOhDcYBuV/UJ+1Cl4=
Subject key identifier:   4E:DA:6B:36:52:3D:DC:DE:0C:F1:68:6D:90:EA:D1:5D:48:E9:AC:18
Certificate issuer:       /CN=a41870fc1854a3b093938c09cf60651ba993ffc6
Certificate serial:       018CC801AAC970339B4387870E6B1B41CD11
Authority key identifier: A4:18:70:FC:18:54:A3:B0:93:93:8C:09:CF:60:65:1B:A9:93:FF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pBhw_BhUo7CTk4wJz2BlG6mT_8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/778c47-4609-43d3-aeef-79c8a2472a0c/1/TtprNlI93N4M8WhtkOrRXUjprBg.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57460
IP address blocks:        176.100.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/778c47-4609-43d3-aeef-79c8a2472a0c/1/pBhw_BhUo7CTk4wJz2BlG6mT_8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/778c47-4609-43d3-aeef-79c8a2472a0c/1/pBhw_BhUo7CTk4wJz2BlG6mT_8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pBhw_BhUo7CTk4wJz2BlG6mT_8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:aa:c9:70:33:9b:43:87:87:0e:6b:1b:41:cd:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a41870fc1854a3b093938c09cf60651ba993ffc6
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4eda6b36523ddcde0cf1686d90ead15d48e9ac18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:77:7a:32:08:d8:7a:34:ea:c6:6f:b1:5c:96:
                    41:32:5a:48:b4:94:4e:5d:69:ff:54:ff:6a:a2:4e:
                    cf:e4:81:44:6a:84:36:e7:35:9b:30:e1:a4:3a:cb:
                    db:93:69:a9:a5:a8:e5:4b:7e:68:e7:69:57:7d:ca:
                    9b:55:b9:36:e9:93:ab:a9:93:98:3e:e5:e9:8f:a7:
                    6d:60:ba:2e:aa:c9:06:f2:7a:90:0c:17:57:a0:0d:
                    d4:14:bd:f3:76:ed:40:34:83:3d:26:70:af:e8:f5:
                    56:84:a3:ba:fd:8b:b7:8e:54:54:8e:da:18:e5:8a:
                    01:37:9d:17:b2:9e:17:79:a7:7d:dc:ef:a9:11:9e:
                    50:a3:29:48:3d:d4:5f:a1:f0:ff:eb:d5:4c:db:34:
                    a7:cb:68:39:d1:bd:8f:23:5c:ac:ed:0a:2b:05:6d:
                    c3:ab:55:56:ee:e7:ef:4a:3e:ab:ab:ef:1e:c8:b3:
                    79:d9:32:40:0c:b9:c3:0e:81:49:e7:5a:9b:da:70:
                    76:c8:28:b4:c9:60:9d:a4:c7:e9:48:c2:38:e0:a3:
                    29:f2:ad:40:d9:e8:3f:44:00:8b:d8:99:c5:cc:af:
                    da:f2:ca:3a:22:db:5c:14:d2:cb:e3:ed:14:24:bc:
                    b4:39:f3:99:d9:4c:64:4f:fd:f8:31:2f:cb:02:5f:
                    17:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:DA:6B:36:52:3D:DC:DE:0C:F1:68:6D:90:EA:D1:5D:48:E9:AC:18
            X509v3 Authority Key Identifier:
                keyid:A4:18:70:FC:18:54:A3:B0:93:93:8C:09:CF:60:65:1B:A9:93:FF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pBhw_BhUo7CTk4wJz2BlG6mT_8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/778c47-4609-43d3-aeef-79c8a2472a0c/1/TtprNlI93N4M8WhtkOrRXUjprBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/778c47-4609-43d3-aeef-79c8a2472a0c/1/pBhw_BhUo7CTk4wJz2BlG6mT_8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b9:86:e6:ff:91:9e:57:ce:2f:e7:d6:bf:ef:10:71:cf:bb:b3:
         27:7c:e9:2d:60:5e:4d:cc:1c:7d:ee:7b:e9:df:bf:9f:8f:2a:
         b0:cb:fe:ce:d4:24:88:9a:8f:52:62:df:f7:ef:02:ae:8c:db:
         6f:3d:9d:66:43:6c:e1:04:6e:93:35:34:31:a7:08:84:63:6f:
         92:36:a8:6c:37:40:96:6b:63:7a:6c:b9:4e:97:11:54:8d:03:
         d9:25:6e:87:b0:be:41:07:2b:da:be:75:d8:9a:4a:0d:a4:4c:
         79:e5:ff:80:02:d3:3a:3b:8d:66:5b:6e:29:47:53:5b:3d:22:
         82:eb:8a:36:0d:df:3c:27:3b:16:28:a5:10:22:9b:42:67:f2:
         e2:da:ed:96:17:03:36:14:03:d6:be:d8:af:ee:8c:56:52:b0:
         94:98:29:51:27:7a:ff:92:b1:6d:52:40:4a:e9:a6:d8:bc:3e:
         31:60:ff:15:6d:14:67:4b:69:d6:84:82:b5:09:b0:c4:7f:67:
         f6:f3:7a:83:ec:12:04:9c:ad:fe:65:ca:7f:a3:c6:b5:1f:26:
         df:ce:d0:2b:bd:16:52:75:c6:61:f7:0a:f9:53:8b:d2:7d:82:
         9e:ca:4f:9b:59:d5:eb:88:38:ec:34:0b:56:cb:88:62:52:87:
         69:bf:a8:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAarJcDObQ4eHDmsbQc0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MTg3MGZjMTg1NGEzYjA5MzkzOGMwOWNmNjA2NTFiYTk5
M2ZmYzYwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWRhNmIzNjUyM2RkY2RlMGNmMTY4NmQ5MGVhZDE1ZDQ4ZTlhYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXd6MgjYejTqxm+xXJZBMlpItJRO
XWn/VP9qok7P5IFEaoQ25zWbMOGkOsvbk2mppajlS35o52lXfcqbVbk26ZOrqZOY
PuXpj6dtYLouqskG8nqQDBdXoA3UFL3zdu1ANIM9JnCv6PVWhKO6/Yu3jlRUjtoY
5YoBN50Xsp4Xead93O+pEZ5QoylIPdRfofD/69VM2zSny2g50b2PI1ys7QorBW3D
q1VW7ufvSj6rq+8eyLN52TJADLnDDoFJ51qb2nB2yCi0yWCdpMfpSMI44KMp8q1A
2eg/RACL2JnFzK/a8so6IttcFNLL4+0UJLy0OfOZ2UxkT/34MS/LAl8XpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7aazZSPdzeDPFobZDq0V1I6awYMB8GA1UdIwQY
MBaAFKQYcPwYVKOwk5OMCc9gZRupk//GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEJod19CaFVvN0NUazR3SnoyQmxHNm1UXzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83NzhjNDctNDYwOS00M2QzLWFlZWYt
NzljOGEyNDcyYTBjLzEvVHRwck5sSTkzTjRNOFdodGtPclJYVWpwckJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83NzhjNDctNDYwOS00M2QzLWFlZWYtNzljOGEyNDcyYTBj
LzEvcEJod19CaFVvN0NUazR3SnoyQmxHNm1UXzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGQ4MA0G
CSqGSIb3DQEBCwUAA4IBAQC5hub/kZ5Xzi/n1r/vEHHPu7MnfOktYF5NzBx97nvp
37+fjyqwy/7O1CSImo9SYt/37wKujNtvPZ1mQ2zhBG6TNTQxpwiEY2+SNqhsN0CW
a2N6bLlOlxFUjQPZJW6HsL5BByvavnXYmkoNpEx55f+AAtM6O41mW24pR1NbPSKC
64o2Dd88JzsWKKUQIptCZ/Li2u2WFwM2FAPWvtiv7oxWUrCUmClRJ3r/krFtUkBK
6abYvD4xYP8VbRRnS2nWhIK1CbDEf2f283qD7BIEnK3+Zcp/o8a1HybfztArvRZS
dcZh9wr5U4vSfYKeyk+bWdXriDjsNAtWy4hiUodpv6ht
-----END CERTIFICATE-----