Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/v9jUvXCc6z64bwiQ1DLhE0I8fDU.roa
File:                     v9jUvXCc6z64bwiQ1DLhE0I8fDU.roa (raw, json)
Hash identifier:          tWy/H20VGAZgBF5GQVdK9hzbP9MHoN6e7FQrhgB2tCU=
Subject key identifier:   BF:D8:D4:BD:70:9C:EB:3E:B8:6F:08:90:D4:32:E1:13:42:3C:7C:35
Certificate issuer:       /CN=c4df0bd04aa843e68082f6dece0798732b6f8832
Certificate serial:       018CC3B70731A7D19AE9834A9D070359920B
Authority key identifier: C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/v9jUvXCc6z64bwiQ1DLhE0I8fDU.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49100
IP address blocks:        176.122.211.0/24 maxlen: 24
                          176.122.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:07:31:a7:d1:9a:e9:83:4a:9d:07:03:59:92:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4df0bd04aa843e68082f6dece0798732b6f8832
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfd8d4bd709ceb3eb86f0890d432e113423c7c35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:25:3f:0e:c2:cb:ef:88:f8:c9:dd:e9:08:b6:
                    a9:71:f9:cb:39:2d:3a:c6:46:39:85:a0:a8:d7:3e:
                    f9:26:58:1f:90:73:38:a6:10:c4:5d:a9:2a:4d:d5:
                    b0:7d:f0:23:48:1f:1e:7b:49:91:04:b7:d9:da:1d:
                    da:1b:18:9f:6e:2b:50:20:03:58:6e:3d:4a:96:4f:
                    7a:9b:e0:d5:49:21:4b:8b:e3:8b:e1:48:97:f4:92:
                    be:d1:c0:c4:82:65:26:95:e3:c9:85:3b:24:0a:84:
                    71:57:12:c6:2f:c0:0a:48:be:68:15:70:64:61:2e:
                    15:cd:15:79:4d:79:5d:eb:3a:cd:ad:c4:da:e1:97:
                    7c:57:38:52:32:44:ca:fb:ce:36:ba:a8:38:67:60:
                    f4:53:f4:23:40:f8:ea:ae:bb:4d:ca:70:2c:15:1e:
                    bd:f1:cd:cd:c0:df:bf:2c:93:7a:c5:3c:29:52:58:
                    2d:7f:02:71:2b:8d:9f:fa:f4:0a:17:1e:b9:ec:f8:
                    65:55:df:ed:48:53:df:16:e9:c1:91:11:54:17:27:
                    cd:8d:d6:38:b6:4a:65:ee:8b:87:92:58:82:ef:83:
                    d6:68:8a:21:5b:1e:db:ce:41:54:36:7d:4a:07:15:
                    0f:5e:26:6c:c2:ed:53:10:cb:60:49:d4:e7:f8:e7:
                    02:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D8:D4:BD:70:9C:EB:3E:B8:6F:08:90:D4:32:E1:13:42:3C:7C:35
            X509v3 Authority Key Identifier:
                keyid:C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/v9jUvXCc6z64bwiQ1DLhE0I8fDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.122.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:a9:43:ea:a0:bc:98:a1:26:80:44:25:91:c7:9a:e4:4c:da:
         17:6e:7e:27:55:07:95:ca:a0:62:31:44:fc:12:e7:4a:7b:a0:
         c2:72:91:1f:cc:dc:4a:60:c5:d6:dc:c9:58:36:c1:a3:10:41:
         d9:10:5c:57:d4:ad:c6:f5:37:a3:37:28:a5:f7:73:25:19:be:
         61:9a:b7:fb:d0:fc:d5:db:6b:4a:f5:7c:d0:c0:35:3d:a6:9d:
         44:36:8f:9d:f5:b6:32:5b:7f:7a:5a:13:e9:c9:8d:39:b4:2e:
         1c:e1:d1:15:80:90:f7:74:48:b1:43:5a:e6:a2:6d:3f:66:a7:
         2c:36:97:80:47:ec:6b:60:e4:00:52:05:e1:19:c3:5c:dd:d6:
         57:be:d6:08:58:af:39:95:8e:7a:dc:39:8c:fd:fd:07:16:ae:
         9a:e3:cb:4a:22:33:89:d2:1a:df:d6:b4:a8:7b:44:79:15:00:
         32:af:f9:40:7d:09:7e:14:1c:a9:5b:17:df:a0:be:7c:e9:a3:
         41:0a:c2:72:7f:84:bc:22:84:fb:f7:a7:a2:f3:2f:10:07:b5:
         93:0c:ec:7e:25:c8:b6:03:41:24:06:93:71:c4:6d:50:99:87:
         c8:cb:fc:36:12:78:88:f7:73:36:49:a2:5c:32:d2:04:fa:ba:
         80:73:1a:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwcxp9Ga6YNKnQcDWZILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGYwYmQwNGFhODQzZTY4MDgyZjZkZWNlMDc5ODczMmI2
Zjg4MzIwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQ4ZDRiZDcwOWNlYjNlYjg2ZjA4OTBkNDMyZTExMzQyM2M3YzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyU/DsLL74j4yd3pCLapcfnLOS06
xkY5haCo1z75JlgfkHM4phDEXakqTdWwffAjSB8ee0mRBLfZ2h3aGxifbitQIANY
bj1Klk96m+DVSSFLi+OL4UiX9JK+0cDEgmUmlePJhTskCoRxVxLGL8AKSL5oFXBk
YS4VzRV5TXld6zrNrcTa4Zd8VzhSMkTK+842uqg4Z2D0U/QjQPjqrrtNynAsFR69
8c3NwN+/LJN6xTwpUlgtfwJxK42f+vQKFx657PhlVd/tSFPfFunBkRFUFyfNjdY4
tkpl7ouHkliC74PWaIohWx7bzkFUNn1KBxUPXiZswu1TEMtgSdTn+OcC5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/Y1L1wnOs+uG8IkNQy4RNCPHw1MB8GA1UdIwQY
MBaAFMTfC9BKqEPmgIL23s4HmHMrb4gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAt
Y2I5ZTFlZDc3OWFjLzEvdjlqVXZYQ2M2ejY0YndpUTFETGhFMEk4ZkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAtY2I5ZTFlZDc3OWFj
LzEveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHrSMA0G
CSqGSIb3DQEBCwUAA4IBAQBtqUPqoLyYoSaARCWRx5rkTNoXbn4nVQeVyqBiMUT8
EudKe6DCcpEfzNxKYMXW3MlYNsGjEEHZEFxX1K3G9TejNyil93MlGb5hmrf70PzV
22tK9XzQwDU9pp1ENo+d9bYyW396WhPpyY05tC4c4dEVgJD3dEixQ1rmom0/Zqcs
NpeAR+xrYOQAUgXhGcNc3dZXvtYIWK85lY563DmM/f0HFq6a48tKIjOJ0hrf1rSo
e0R5FQAyr/lAfQl+FBypWxffoL586aNBCsJyf4S8IoT796ei8y8QB7WTDOx+Jci2
A0EkBpNxxG1QmYfIy/w2EniI93M2SaJcMtIE+rqAcxrP
-----END CERTIFICATE-----