Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/w7_mO8AQoyQ-F3fpZVslMLy8tCA.roa
File:                     w7_mO8AQoyQ-F3fpZVslMLy8tCA.roa (raw, json)
Hash identifier:          V8sNQBZ9Au0jrMyVsKeOrLHo76+LB3ETFF0zWeozZE8=
Subject key identifier:   C3:BF:E6:3B:C0:10:A3:24:3E:17:77:E9:65:5B:25:30:BC:BC:B4:20
Certificate issuer:       /CN=c4df0bd04aa843e68082f6dece0798732b6f8832
Certificate serial:       018CC3B704A61F34D316597AB5B0850554ED
Authority key identifier: C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/w7_mO8AQoyQ-F3fpZVslMLy8tCA.roa
Signing time:             Mon 01 Jan 2024 06:30:00 +0000
ROA not before:           Mon 01 Jan 2024 06:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21005
IP address blocks:        176.122.210.0/23 maxlen: 23
                          176.122.211.0/24 maxlen: 24
                          176.122.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:04:a6:1f:34:d3:16:59:7a:b5:b0:85:05:54:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4df0bd04aa843e68082f6dece0798732b6f8832
        Validity
            Not Before: Jan  1 06:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3bfe63bc010a3243e1777e9655b2530bcbcb420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:09:dc:86:8d:56:33:36:e9:fc:f8:9b:38:b4:
                    05:8e:ba:3c:fc:32:11:6c:f5:bb:20:3c:7b:9b:d4:
                    07:42:b3:44:f3:1e:37:15:58:88:aa:37:f0:97:8a:
                    bd:01:76:04:04:39:3d:e3:d6:d5:6b:11:d0:ab:18:
                    17:ce:fd:3b:59:d0:35:b4:1a:70:35:99:11:36:7e:
                    f5:ac:a0:a5:b8:b5:bd:82:3f:4d:10:59:58:55:b1:
                    02:4b:97:68:2d:9f:85:50:6a:dd:2f:64:a1:03:2d:
                    db:9a:2a:c9:46:c6:6a:c2:60:3f:b7:fb:e9:7d:f0:
                    82:68:62:e0:df:00:36:7d:a6:f8:79:59:26:6f:50:
                    2b:8c:cd:60:53:68:cb:51:86:98:64:c3:a2:8e:71:
                    2a:89:43:e3:de:f4:77:9e:95:b2:7b:94:dd:52:26:
                    06:bd:e6:c1:e0:65:df:6b:e7:da:c0:34:f9:e1:4a:
                    05:eb:ae:49:39:b8:0a:18:c0:43:f3:83:55:27:ea:
                    0a:00:27:7d:eb:12:55:ad:f5:55:f2:9f:f1:65:bf:
                    58:5a:4a:3e:3b:84:ac:05:b3:17:ab:03:bf:72:b8:
                    e0:47:6e:ce:04:39:fe:1a:31:71:e5:67:cb:57:ea:
                    7c:f5:6f:e3:d7:e8:db:9c:6a:b7:03:f9:c3:ef:ba:
                    03:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:BF:E6:3B:C0:10:A3:24:3E:17:77:E9:65:5B:25:30:BC:BC:B4:20
            X509v3 Authority Key Identifier:
                keyid:C4:DF:0B:D0:4A:A8:43:E6:80:82:F6:DE:CE:07:98:73:2B:6F:88:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN8L0EqoQ-aAgvbezgeYcytviDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/w7_mO8AQoyQ-F3fpZVslMLy8tCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/95de21-0fbc-4d13-b6e0-cb9e1ed779ac/1/xN8L0EqoQ-aAgvbezgeYcytviDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.122.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:38:a4:05:db:18:eb:e0:dd:95:a3:51:dd:7b:73:78:0f:f7:
         d0:70:47:d9:93:8f:f2:f8:06:cc:94:c4:7b:01:50:c3:65:6a:
         88:ca:47:1c:0e:42:0b:b4:fc:90:a5:ae:69:12:40:23:74:73:
         e8:a1:eb:db:8d:39:c1:29:c8:8b:3c:07:a4:b1:b7:75:63:27:
         14:c9:7f:9f:b6:1b:98:97:54:02:0b:c3:4d:c8:d9:d1:bf:d2:
         25:02:4e:b5:bf:34:09:19:b9:7c:4e:0f:ff:2e:45:9c:cb:86:
         8f:85:9e:34:dd:82:2b:1b:0d:4e:a0:09:14:58:18:5c:1e:17:
         c1:7e:e2:57:50:25:dd:fc:f1:39:f3:a7:e7:76:09:b8:a7:2e:
         4b:76:fd:a6:fb:84:f5:53:44:e7:8f:55:97:1c:e7:d0:3a:ad:
         16:80:b6:65:10:2f:16:be:c2:45:22:31:39:e1:c1:f5:d1:07:
         09:21:a0:03:13:2f:ae:6b:8e:75:32:2c:72:fe:76:cb:e5:0c:
         d6:62:22:4f:cd:d0:fa:15:9b:e0:77:e5:3b:53:36:27:bc:2f:
         b5:e8:89:07:f9:5a:dd:ad:33:30:09:6e:08:b4:e3:da:7e:ea:
         52:26:91:d0:5d:c6:59:a1:1a:7d:bc:67:e7:6a:b3:b0:85:53:
         62:d7:e8:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwSmHzTTFll6tbCFBVTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGYwYmQwNGFhODQzZTY4MDgyZjZkZWNlMDc5ODczMmI2
Zjg4MzIwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2JmZTYzYmMwMTBhMzI0M2UxNzc3ZTk2NTViMjUzMGJjYmNiNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwncho1WMzbp/PibOLQFjro8/DIR
bPW7IDx7m9QHQrNE8x43FViIqjfwl4q9AXYEBDk949bVaxHQqxgXzv07WdA1tBpw
NZkRNn71rKCluLW9gj9NEFlYVbECS5doLZ+FUGrdL2ShAy3bmirJRsZqwmA/t/vp
ffCCaGLg3wA2fab4eVkmb1ArjM1gU2jLUYaYZMOijnEqiUPj3vR3npWye5TdUiYG
vebB4GXfa+fawDT54UoF665JObgKGMBD84NVJ+oKACd96xJVrfVV8p/xZb9YWko+
O4SsBbMXqwO/crjgR27OBDn+GjFx5WfLV+p89W/j1+jbnGq3A/nD77oDmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMO/5jvAEKMkPhd36WVbJTC8vLQgMB8GA1UdIwQY
MBaAFMTfC9BKqEPmgIL23s4HmHMrb4gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAt
Y2I5ZTFlZDc3OWFjLzEvdzdfbU84QVFveVEtRjNmcFpWc2xNTHk4dENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85NWRlMjEtMGZiYy00ZDEzLWI2ZTAtY2I5ZTFlZDc3OWFj
LzEveE44TDBFcW9RLWFBZ3ZiZXpnZVljeXR2aURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHrSMA0G
CSqGSIb3DQEBCwUAA4IBAQBZOKQF2xjr4N2Vo1Hde3N4D/fQcEfZk4/y+AbMlMR7
AVDDZWqIykccDkILtPyQpa5pEkAjdHPooevbjTnBKciLPAeksbd1YycUyX+fthuY
l1QCC8NNyNnRv9IlAk61vzQJGbl8Tg//LkWcy4aPhZ403YIrGw1OoAkUWBhcHhfB
fuJXUCXd/PE586fndgm4py5Ldv2m+4T1U0Tnj1WXHOfQOq0WgLZlEC8WvsJFIjE5
4cH10QcJIaADEy+ua451Mixy/nbL5QzWYiJPzdD6FZvgd+U7UzYnvC+16IkH+Vrd
rTMwCW4ItOPafupSJpHQXcZZoRp9vGfnarOwhVNi1+g/
-----END CERTIFICATE-----