Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/59f743-f1c5-42f8-867c-61deaa5631b2/1/trrhHhwqjhNm1K99jSssWVKkG6w.roa
File:                     trrhHhwqjhNm1K99jSssWVKkG6w.roa (raw, json)
Hash identifier:          uaRTvsevUue62djF3U5FCHExrXKMh8kCJT5N/3X0i7I=
Subject key identifier:   B6:BA:E1:1E:1C:2A:8E:13:66:D4:AF:7D:8D:2B:2C:59:52:A4:1B:AC
Certificate issuer:       /CN=171da75128da7582e10f6a4bf22b9391349ba9f1
Certificate serial:       018E2880F6E1A61B6B4B6FBF7D62A90F86C1
Authority key identifier: 17:1D:A7:51:28:DA:75:82:E1:0F:6A:4B:F2:2B:93:91:34:9B:A9:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fx2nUSjadYLhD2pL8iuTkTSbqfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/59f743-f1c5-42f8-867c-61deaa5631b2/1/trrhHhwqjhNm1K99jSssWVKkG6w.roa
Signing time:             Sun 10 Mar 2024 13:15:24 +0000
ROA not before:           Sun 10 Mar 2024 13:15:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50670
IP address blocks:        185.96.68.0/22 maxlen: 22
                          185.96.68.0/24 maxlen: 24
                          185.96.69.0/24 maxlen: 24
                          185.96.70.0/24 maxlen: 24
                          185.96.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/59f743-f1c5-42f8-867c-61deaa5631b2/1/Fx2nUSjadYLhD2pL8iuTkTSbqfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/59f743-f1c5-42f8-867c-61deaa5631b2/1/Fx2nUSjadYLhD2pL8iuTkTSbqfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fx2nUSjadYLhD2pL8iuTkTSbqfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:28:80:f6:e1:a6:1b:6b:4b:6f:bf:7d:62:a9:0f:86:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=171da75128da7582e10f6a4bf22b9391349ba9f1
        Validity
            Not Before: Mar 10 13:15:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6bae11e1c2a8e1366d4af7d8d2b2c5952a41bac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:cc:be:10:64:89:ab:1b:76:81:5c:64:0c:38:
                    d0:08:cb:eb:62:e7:d4:37:d9:f8:b9:9b:5f:ba:44:
                    38:6a:0b:c2:3e:c5:fa:73:a1:1d:b8:f9:9c:fd:d7:
                    51:c0:c7:ef:71:ef:19:9e:3f:a7:b9:b9:a6:c6:81:
                    d7:d6:e4:f1:0e:28:a8:06:db:fa:af:27:3a:93:c4:
                    bb:5c:31:48:3c:d1:57:96:9c:d4:08:88:5d:ed:d6:
                    9e:59:df:61:3d:3c:44:ae:46:e2:89:89:46:9b:ea:
                    9a:d0:10:02:2f:00:4d:6e:b0:db:a3:fc:2a:a0:ae:
                    2a:4e:2f:52:aa:5e:91:52:f6:46:ab:c8:4b:6d:62:
                    0e:0f:8d:dc:bd:b4:fb:71:ec:cb:ca:d6:97:6b:5f:
                    d5:16:8e:c8:09:a9:2f:fe:6c:5a:99:22:2b:a3:d0:
                    48:76:89:42:a2:74:4c:86:a6:5b:79:65:41:c6:e8:
                    15:53:d4:f3:cc:28:ac:a2:2c:52:62:2c:ec:57:02:
                    95:0d:fa:9e:a9:ae:c5:26:dc:5f:f1:d6:aa:14:12:
                    8a:d7:22:b2:b4:e0:cc:35:46:e0:7b:d8:39:e3:1b:
                    5f:3b:76:f8:d0:ed:f5:8f:6f:c8:f3:c2:15:80:dd:
                    57:31:27:da:a9:3e:c6:00:f8:b4:79:61:07:36:88:
                    e3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:BA:E1:1E:1C:2A:8E:13:66:D4:AF:7D:8D:2B:2C:59:52:A4:1B:AC
            X509v3 Authority Key Identifier:
                keyid:17:1D:A7:51:28:DA:75:82:E1:0F:6A:4B:F2:2B:93:91:34:9B:A9:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fx2nUSjadYLhD2pL8iuTkTSbqfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/59f743-f1c5-42f8-867c-61deaa5631b2/1/trrhHhwqjhNm1K99jSssWVKkG6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/59f743-f1c5-42f8-867c-61deaa5631b2/1/Fx2nUSjadYLhD2pL8iuTkTSbqfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:97:60:c8:de:24:1f:ca:92:1a:8d:96:b8:54:97:5b:83:9d:
         62:59:83:71:99:49:30:5c:0d:0c:5c:2c:5f:43:9a:3c:7b:f3:
         2e:36:93:e9:30:05:78:8b:00:21:06:36:c2:6f:57:dd:39:8a:
         78:55:3d:18:6d:9a:4c:43:01:39:b6:eb:73:38:d5:b7:a8:3c:
         f2:a1:cc:fe:a8:92:8c:59:5c:cb:7c:1e:8b:ac:07:6b:f2:77:
         82:72:02:f6:b2:7a:fe:01:61:7e:fa:67:61:81:46:19:5e:56:
         c4:7c:0f:15:af:10:8d:60:54:4c:1b:85:fb:8f:c3:33:73:eb:
         34:32:6e:ae:d7:05:61:72:7b:df:3e:74:34:2d:93:14:4c:61:
         96:7c:70:15:5a:39:af:41:ac:79:01:8a:fb:7e:54:86:0b:2f:
         6c:55:22:0b:a3:e0:64:65:69:0d:7d:9b:3c:40:f1:2a:0e:7a:
         84:a7:17:87:87:6a:0b:62:c4:21:30:9b:94:99:05:4c:28:2b:
         6a:b0:64:56:9d:25:67:0b:59:bf:72:47:13:58:bd:5c:4f:8f:
         2f:81:39:bf:fc:13:7d:3c:63:85:9d:1f:ec:27:cf:3d:e3:a7:
         8d:c9:72:9d:59:f8:fc:fe:53:06:6f:80:dd:87:e6:51:86:89:
         a5:dd:fc:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4ogPbhphtrS2+/fWKpD4bBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MWRhNzUxMjhkYTc1ODJlMTBmNmE0YmYyMmI5MzkxMzQ5
YmE5ZjEwHhcNMjQwMzEwMTMxNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmJhZTExZTFjMmE4ZTEzNjZkNGFmN2Q4ZDJiMmM1OTUyYTQxYmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cy+EGSJqxt2gVxkDDjQCMvrYufU
N9n4uZtfukQ4agvCPsX6c6EduPmc/ddRwMfvce8Znj+nubmmxoHX1uTxDiioBtv6
ryc6k8S7XDFIPNFXlpzUCIhd7daeWd9hPTxErkbiiYlGm+qa0BACLwBNbrDbo/wq
oK4qTi9Sql6RUvZGq8hLbWIOD43cvbT7cezLytaXa1/VFo7ICakv/mxamSIro9BI
dolConRMhqZbeWVBxugVU9TzzCisoixSYizsVwKVDfqeqa7FJtxf8daqFBKK1yKy
tODMNUbge9g54xtfO3b40O31j2/I88IVgN1XMSfaqT7GAPi0eWEHNojjRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLa64R4cKo4TZtSvfY0rLFlSpBusMB8GA1UdIwQY
MBaAFBcdp1Eo2nWC4Q9qS/Irk5E0m6nxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRngyblVTamFkWUxoRDJwTDhpdVRrVFNicWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC81OWY3NDMtZjFjNS00MmY4LTg2N2Mt
NjFkZWFhNTYzMWIyLzEvdHJyaEhod3FqaE5tMUs5OWpTc3NXVktrRzZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC81OWY3NDMtZjFjNS00MmY4LTg2N2MtNjFkZWFhNTYzMWIy
LzEvRngyblVTamFkWUxoRDJwTDhpdVRrVFNicWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWBEMA0G
CSqGSIb3DQEBCwUAA4IBAQBcl2DI3iQfypIajZa4VJdbg51iWYNxmUkwXA0MXCxf
Q5o8e/MuNpPpMAV4iwAhBjbCb1fdOYp4VT0YbZpMQwE5tutzONW3qDzyocz+qJKM
WVzLfB6LrAdr8neCcgL2snr+AWF++mdhgUYZXlbEfA8VrxCNYFRMG4X7j8Mzc+s0
Mm6u1wVhcnvfPnQ0LZMUTGGWfHAVWjmvQax5AYr7flSGCy9sVSILo+BkZWkNfZs8
QPEqDnqEpxeHh2oLYsQhMJuUmQVMKCtqsGRWnSVnC1m/ckcTWL1cT48vgTm//BN9
PGOFnR/sJ88946eNyXKdWfj8/lMGb4Ddh+ZRhoml3fyW
-----END CERTIFICATE-----