Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/bf8411-6960-4cef-91f9-13b6a6d71a41/1/xctHlnXs2EVS3lM3J0-O6PdNbUc.roa
File:                     xctHlnXs2EVS3lM3J0-O6PdNbUc.roa (raw, json)
Hash identifier:          AZVDKoxr/tzbjI4yxUatIj0uMvuCNjez1t0bC4AXOwA=
Subject key identifier:   C5:CB:47:96:75:EC:D8:45:52:DE:53:37:27:4F:8E:E8:F7:4D:6D:47
Certificate issuer:       /CN=a77325e495cb0150203b79f246f4cd4c0fec24ff
Certificate serial:       018CC6B7B4B6D62241E89DB9BDAF0A35C2B3
Authority key identifier: A7:73:25:E4:95:CB:01:50:20:3B:79:F2:46:F4:CD:4C:0F:EC:24:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p3Ml5JXLAVAgO3nyRvTNTA_sJP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/bf8411-6960-4cef-91f9-13b6a6d71a41/1/xctHlnXs2EVS3lM3J0-O6PdNbUc.roa
Signing time:             Mon 01 Jan 2024 20:29:37 +0000
ROA not before:           Mon 01 Jan 2024 20:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15520
IP address blocks:        194.176.172.0/24 maxlen: 24
                          194.176.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/bf8411-6960-4cef-91f9-13b6a6d71a41/1/p3Ml5JXLAVAgO3nyRvTNTA_sJP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/bf8411-6960-4cef-91f9-13b6a6d71a41/1/p3Ml5JXLAVAgO3nyRvTNTA_sJP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p3Ml5JXLAVAgO3nyRvTNTA_sJP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b4:b6:d6:22:41:e8:9d:b9:bd:af:0a:35:c2:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a77325e495cb0150203b79f246f4cd4c0fec24ff
        Validity
            Not Before: Jan  1 20:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5cb479675ecd84552de5337274f8ee8f74d6d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c9:bb:54:60:35:a2:e9:4e:65:5b:e1:c0:eb:
                    a2:95:de:7a:6f:05:75:e5:48:90:ea:27:e7:79:9f:
                    f0:4f:0c:90:98:d4:dc:69:6f:c1:3d:5f:0c:ed:3b:
                    11:7a:39:77:67:5f:e7:c3:93:1f:6e:c6:70:fd:d6:
                    81:47:29:50:66:0d:af:5e:89:b8:55:57:87:8e:0b:
                    8f:f5:0c:4a:f0:98:7b:e0:29:0f:53:95:bf:a4:ee:
                    0f:57:13:cd:fa:a1:f2:fc:2b:c7:6a:ac:0d:5d:91:
                    84:61:d7:64:dd:8d:ce:62:d1:f0:00:c6:06:ca:f8:
                    61:f8:6a:27:04:7a:55:49:e0:8a:c4:79:5a:05:b7:
                    72:b3:58:19:e4:bd:04:c5:68:92:cf:47:a7:e4:9d:
                    05:73:60:47:67:77:57:05:0d:eb:cc:89:e4:2f:bc:
                    b2:45:ab:39:96:33:b1:73:63:57:fe:46:2f:1a:06:
                    0b:56:29:0e:85:aa:3e:14:dc:57:34:0a:2d:45:1a:
                    14:f3:2f:6e:29:65:86:1a:5f:70:76:2b:ba:28:95:
                    9e:3e:94:80:d6:44:13:e8:67:98:1d:2b:93:11:ef:
                    2d:46:5c:7f:9b:68:6b:7b:4a:b6:60:1e:4d:99:41:
                    47:f9:16:07:a9:95:fd:0a:33:c9:88:f9:44:10:b2:
                    aa:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:CB:47:96:75:EC:D8:45:52:DE:53:37:27:4F:8E:E8:F7:4D:6D:47
            X509v3 Authority Key Identifier:
                keyid:A7:73:25:E4:95:CB:01:50:20:3B:79:F2:46:F4:CD:4C:0F:EC:24:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p3Ml5JXLAVAgO3nyRvTNTA_sJP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/bf8411-6960-4cef-91f9-13b6a6d71a41/1/xctHlnXs2EVS3lM3J0-O6PdNbUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/bf8411-6960-4cef-91f9-13b6a6d71a41/1/p3Ml5JXLAVAgO3nyRvTNTA_sJP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.176.168.0-194.176.172.255

    Signature Algorithm: sha256WithRSAEncryption
         6a:3b:dd:e4:cf:0c:a0:b9:ff:0c:4d:88:ea:52:99:97:24:16:
         75:5a:0b:44:3a:41:f5:11:8c:a7:78:ad:d7:a2:e0:ae:82:20:
         ea:cc:2c:b9:c4:f2:80:18:4b:5a:58:27:b5:16:b7:11:80:98:
         00:de:bc:59:0f:66:1a:66:81:8e:02:18:87:9c:30:e8:ba:bf:
         57:2c:35:a1:f5:05:37:04:59:7f:d9:8d:ea:19:39:e7:93:c3:
         5b:33:c3:d0:6b:96:c8:2b:0b:d2:11:85:99:5e:ab:e0:78:e8:
         0f:d8:34:81:b1:a0:e8:6b:1d:71:a7:08:93:d9:62:30:ac:c2:
         09:ff:44:5b:40:87:45:89:7f:6b:8a:a3:e7:9f:cf:f2:01:22:
         95:6a:bf:6a:a3:03:a6:1b:f8:ea:a1:0f:1d:63:de:40:da:d2:
         65:f2:09:4a:5e:08:4b:38:58:74:31:c4:96:46:27:65:4d:d5:
         ea:85:59:e0:16:37:81:ab:a5:ec:90:86:34:3b:7e:e7:8f:8e:
         88:d9:f9:c4:45:e3:9c:27:6f:f4:5e:d4:a4:2a:b1:bc:5a:a7:
         63:3a:13:c6:7a:1a:23:5a:75:3d:1d:84:16:65:53:1f:96:32:
         e5:88:b2:a9:eb:d8:69:d8:ce:d2:a8:9b:91:47:fa:0b:30:85:
         32:a1:5a:4e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt7S21iJB6J25va8KNcKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NzMyNWU0OTVjYjAxNTAyMDNiNzlmMjQ2ZjRjZDRjMGZl
YzI0ZmYwHhcNMjQwMTAxMjAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWNiNDc5Njc1ZWNkODQ1NTJkZTUzMzcyNzRmOGVlOGY3NGQ2ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsm7VGA1oulOZVvhwOuild56bwV1
5UiQ6ifneZ/wTwyQmNTcaW/BPV8M7TsRejl3Z1/nw5MfbsZw/daBRylQZg2vXom4
VVeHjguP9QxK8Jh74CkPU5W/pO4PVxPN+qHy/CvHaqwNXZGEYddk3Y3OYtHwAMYG
yvhh+GonBHpVSeCKxHlaBbdys1gZ5L0ExWiSz0en5J0Fc2BHZ3dXBQ3rzInkL7yy
Ras5ljOxc2NX/kYvGgYLVikOhao+FNxXNAotRRoU8y9uKWWGGl9wdiu6KJWePpSA
1kQT6GeYHSuTEe8tRlx/m2hre0q2YB5NmUFH+RYHqZX9CjPJiPlEELKqBQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMXLR5Z17NhFUt5TNydPjuj3TW1HMB8GA1UdIwQY
MBaAFKdzJeSVywFQIDt58kb0zUwP7CT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDNNbDVKWExBVkFnTzNueVJ2VE5UQV9zSlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9iZjg0MTEtNjk2MC00Y2VmLTkxZjkt
MTNiNmE2ZDcxYTQxLzEveGN0SGxuWHMyRVZTM2xNM0owLU82UGROYlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9iZjg0MTEtNjk2MC00Y2VmLTkxZjktMTNiNmE2ZDcxYTQx
LzEvcDNNbDVKWExBVkFnTzNueVJ2VE5UQV9zSlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAPCsKgD
BADCsKwwDQYJKoZIhvcNAQELBQADggEBAGo73eTPDKC5/wxNiOpSmZckFnVaC0Q6
QfURjKd4rdei4K6CIOrMLLnE8oAYS1pYJ7UWtxGAmADevFkPZhpmgY4CGIecMOi6
v1csNaH1BTcEWX/ZjeoZOeeTw1szw9BrlsgrC9IRhZleq+B46A/YNIGxoOhrHXGn
CJPZYjCswgn/RFtAh0WJf2uKo+efz/IBIpVqv2qjA6Yb+OqhDx1j3kDa0mXyCUpe
CEs4WHQxxJZGJ2VN1eqFWeAWN4GrpeyQhjQ7fuePjojZ+cRF45wnb/Re1KQqsbxa
p2M6E8Z6GiNadT0dhBZlUx+WMuWIsqnr2GnYztKom5FH+gswhTKhWk4=
-----END CERTIFICATE-----