Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/hmOrkY3iSICuWt7V7WeE4RyXJhg.roa
File:                     hmOrkY3iSICuWt7V7WeE4RyXJhg.roa (raw, json)
Hash identifier:          vSKZz9uoWLQoiZrVC3KG5aoi9j/LAruzZpMNix+8Bjc=
Subject key identifier:   86:63:AB:91:8D:E2:48:80:AE:5A:DE:D5:ED:67:84:E1:1C:97:26:18
Certificate issuer:       /CN=c4df0bd04aa843e68082f6dece0798732b6f8832
Certificate serial:       018CC3B7055DA68C7D8D21175D98571B541B
Authority key identifier: C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/hmOrkY3iSICuWt7V7WeE4RyXJhg.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24631
IP address blocks:        176.122.211.0/24 maxlen: 24
                          176.122.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:05:5d:a6:8c:7d:8d:21:17:5d:98:57:1b:54:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4df0bd04aa843e68082f6dece0798732b6f8832
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8663ab918de24880ae5aded5ed6784e11c972618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f0:0f:b0:af:73:4c:74:07:91:47:e3:b2:32:
                    e4:37:98:66:a6:d3:a0:2b:b2:b2:1b:12:31:1b:09:
                    52:13:ff:c7:38:07:71:e7:09:1a:46:22:99:bf:03:
                    22:0c:ff:d3:dd:28:90:8e:9e:5a:3d:59:62:cd:97:
                    13:31:92:4a:da:dc:cf:ae:01:8f:13:3d:e1:1d:bc:
                    db:3d:87:5e:86:bc:ce:b8:50:32:3e:fd:00:c4:46:
                    c0:c5:a4:9e:79:73:e5:8d:ce:b5:4d:9f:3a:7e:36:
                    91:c7:d6:c1:5b:f2:0f:59:5e:36:11:4f:e6:50:e6:
                    bd:e4:81:c1:7d:01:9d:66:c6:e9:f5:f4:7a:af:59:
                    68:52:cb:f1:03:e3:39:c3:36:b8:6e:5c:0d:23:04:
                    53:ab:e9:1d:ac:41:74:92:29:96:ae:d4:73:04:5a:
                    b6:26:db:9d:a4:e1:dc:c2:3f:3e:af:49:f7:f8:5f:
                    14:31:c2:1e:86:c4:57:fe:ca:03:ad:f7:69:9d:24:
                    72:38:b0:76:10:a3:d8:a9:c3:22:ca:80:c8:ce:00:
                    dd:6e:09:b1:b9:39:e4:57:5f:46:a3:d3:02:b1:25:
                    69:f7:a8:2f:70:ad:9b:7e:fe:e0:ac:01:cc:79:06:
                    1e:30:5e:4a:63:77:8a:b2:29:58:cb:7d:f5:b3:09:
                    cd:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:63:AB:91:8D:E2:48:80:AE:5A:DE:D5:ED:67:84:E1:1C:97:26:18
            X509v3 Authority Key Identifier:
                keyid:C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/hmOrkY3iSICuWt7V7WeE4RyXJhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.122.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:eb:c6:28:e5:e0:b1:00:35:9b:f1:c8:d6:f6:4e:f4:5c:1e:
         c6:3a:21:33:6b:28:eb:72:a0:8f:70:e9:14:a4:98:04:8f:67:
         58:69:0a:68:ea:cb:59:ea:7e:52:88:a8:cf:68:6b:0f:80:09:
         4c:7c:96:b1:5e:2c:9b:b7:b6:0f:18:bd:9a:89:9f:34:c7:cf:
         41:62:1a:cf:9f:cd:c7:08:14:5a:84:af:37:7b:de:f0:20:f2:
         b7:2d:b2:36:5b:7e:11:59:50:7f:81:1b:88:64:3a:e9:19:f3:
         58:3b:78:74:d0:53:03:46:5e:e6:58:98:67:e9:c5:c5:00:15:
         55:c7:7f:95:cf:33:48:e2:25:cd:5d:35:6b:c0:d2:e2:b2:81:
         3f:f0:05:9a:3c:ac:c5:77:ce:ae:f0:6f:62:a6:ee:2f:5a:b7:
         d5:58:bc:36:d5:45:e9:1b:21:c2:cb:c3:7e:1f:3b:91:8d:67:
         ae:31:f1:0b:a6:ab:e9:35:d7:a3:e4:73:d7:5d:a9:61:6c:ec:
         4b:29:d2:f4:cc:1b:ab:e8:20:d8:80:4e:d2:0e:9c:af:3e:de:
         31:ff:2c:0d:8b:a2:68:d2:c4:8d:aa:fc:52:9c:83:f9:e0:5b:
         bb:c2:c9:06:07:59:59:1d:92:a9:ef:c6:6e:4e:b1:36:a9:d3:
         ae:bc:f6:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwVdpox9jSEXXZhXG1QbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGYwYmQwNGFhODQzZTY4MDgyZjZkZWNlMDc5ODczMmI2
Zjg4MzIwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYzYWI5MThkZTI0ODgwYWU1YWRlZDVlZDY3ODRlMTFjOTcyNjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivAPsK9zTHQHkUfjsjLkN5hmptOg
K7KyGxIxGwlSE//HOAdx5wkaRiKZvwMiDP/T3SiQjp5aPVlizZcTMZJK2tzPrgGP
Ez3hHbzbPYdehrzOuFAyPv0AxEbAxaSeeXPljc61TZ86fjaRx9bBW/IPWV42EU/m
UOa95IHBfQGdZsbp9fR6r1loUsvxA+M5wza4blwNIwRTq+kdrEF0kimWrtRzBFq2
JtudpOHcwj8+r0n3+F8UMcIehsRX/soDrfdpnSRyOLB2EKPYqcMiyoDIzgDdbgmx
uTnkV19Go9MCsSVp96gvcK2bfv7grAHMeQYeMF5KY3eKsilYy331swnNLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZjq5GN4kiArlre1e1nhOEclyYYMB8GA1UdIwQY
MBaAFMTfC9BKqEPmgIL23s4HmHMrb4gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAt
Y2I5ZTFlZDc3OWFjLzEvaG1PcmtZM2lTSUN1V3Q3VjdXZUU0UnlYSmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAtY2I5ZTFlZDc3OWFj
LzEveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHrSMA0G
CSqGSIb3DQEBCwUAA4IBAQAh68Yo5eCxADWb8cjW9k70XB7GOiEzayjrcqCPcOkU
pJgEj2dYaQpo6stZ6n5SiKjPaGsPgAlMfJaxXiybt7YPGL2aiZ80x89BYhrPn83H
CBRahK83e97wIPK3LbI2W34RWVB/gRuIZDrpGfNYO3h00FMDRl7mWJhn6cXFABVV
x3+VzzNI4iXNXTVrwNLisoE/8AWaPKzFd86u8G9ipu4vWrfVWLw21UXpGyHCy8N+
HzuRjWeuMfELpqvpNdej5HPXXalhbOxLKdL0zBur6CDYgE7SDpyvPt4x/ywNi6Jo
0sSNqvxSnIP54Fu7wskGB1lZHZKp78ZuTrE2qdOuvPZ3
-----END CERTIFICATE-----