Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/aGoV6aa7uY6k2IgW_2eObvLIsPA.roa
File:                     aGoV6aa7uY6k2IgW_2eObvLIsPA.roa (raw, json)
Hash identifier:          mSnHXmlUXFqvIfsnbj0PYtknF8TEioRnFhHosu9lJh4=
Subject key identifier:   68:6A:15:E9:A6:BB:B9:8E:A4:D8:88:16:FF:67:8E:6E:F2:C8:B0:F0
Certificate issuer:       /CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
Certificate serial:       018CC8DF4E06725342BE2C99C6D1CCA3F01B
Authority key identifier: 25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/aGoV6aa7uY6k2IgW_2eObvLIsPA.roa
Signing time:             Tue 02 Jan 2024 06:32:06 +0000
ROA not before:           Tue 02 Jan 2024 06:32:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16247
IP address blocks:        185.57.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:4e:06:72:53:42:be:2c:99:c6:d1:cc:a3:f0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
        Validity
            Not Before: Jan  2 06:32:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=686a15e9a6bbb98ea4d88816ff678e6ef2c8b0f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:41:e6:e7:ec:f6:f9:d0:16:78:22:16:81:db:
                    b3:a1:9b:00:74:0c:c0:36:aa:a4:57:ad:ff:49:b9:
                    2b:93:68:d7:34:d2:a0:87:a2:ba:80:7a:76:b7:81:
                    62:3f:63:95:67:fb:cd:9c:80:a6:8b:6b:1e:63:f8:
                    02:71:81:d8:4e:c5:76:16:14:ce:78:46:6f:e6:95:
                    1f:96:24:2b:ff:ec:51:02:91:25:21:6a:de:84:8b:
                    c6:e5:c6:5f:d4:04:14:5c:b3:e0:12:12:c7:53:1f:
                    af:d4:6a:9c:b6:0c:4c:13:73:e0:90:55:a1:5d:16:
                    3d:06:1a:e0:16:e1:1c:2c:5d:4a:ee:00:27:76:c4:
                    80:fe:8c:7f:0d:67:6b:75:9a:43:5c:3a:b6:7c:b6:
                    97:24:e1:0b:95:5f:5d:7b:d0:5f:e7:8d:16:ef:70:
                    c4:00:00:b9:69:d7:60:92:a1:46:d9:bc:96:13:66:
                    3e:57:5e:73:46:f1:88:03:a7:fb:d8:6d:ed:bb:64:
                    27:cc:ec:ee:09:b6:44:40:78:28:19:bc:91:54:b0:
                    44:df:f0:d9:06:36:21:49:8d:71:5c:0c:8a:68:6e:
                    d7:f8:d1:1a:5a:3d:e8:59:d9:90:26:d2:3b:b1:b2:
                    ef:43:e1:f5:a9:dc:ef:28:ef:bd:51:23:d7:d9:60:
                    ea:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:6A:15:E9:A6:BB:B9:8E:A4:D8:88:16:FF:67:8E:6E:F2:C8:B0:F0
            X509v3 Authority Key Identifier:
                keyid:25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/aGoV6aa7uY6k2IgW_2eObvLIsPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:13:ce:83:22:36:48:1e:22:ed:a0:81:6c:b4:db:f2:c6:47:
         51:dd:15:f4:05:61:d6:9c:ca:77:73:18:04:72:71:79:01:e7:
         8f:6a:36:0b:dd:bc:31:7c:e4:16:b8:75:df:17:b8:de:43:30:
         72:94:ce:4e:07:70:59:7e:f7:c0:83:f6:e9:c3:d5:1b:d3:40:
         e9:f6:f3:ad:24:39:80:0e:33:5b:50:a1:68:f4:39:e3:c1:4b:
         b2:c8:62:9e:4f:69:59:f4:a3:69:e3:3f:2f:b9:96:b7:49:e7:
         f8:f5:35:e6:f0:b1:3b:22:d8:fc:7d:70:3d:73:a1:a9:a7:cd:
         85:73:16:77:8e:17:7d:5f:33:e9:30:38:b3:66:f6:6c:41:11:
         1d:3c:07:87:90:3d:1f:0e:7e:82:a6:ea:4e:18:9f:a6:fd:d8:
         10:2a:85:9f:82:47:66:12:63:e2:f2:b3:d9:83:91:76:51:6d:
         90:78:ca:3c:11:c6:f8:20:12:30:19:49:61:6a:39:b9:20:d1:
         99:51:af:23:09:f2:7a:61:10:b8:f0:09:ec:7e:07:7a:68:d7:
         29:87:5e:f8:7a:ca:2c:7b:ee:bf:79:8a:2d:83:a0:9f:fc:80:
         79:2b:26:85:1b:cb:12:9b:49:17:52:26:e2:6e:9a:60:6a:d7:
         8a:f3:24:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI304GclNCviyZxtHMo/AbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ODYyM2VjYzhkY2I5MTNkMTAyMjhhOTQ2MGE4NmU2NjBj
YjhmYjIwHhcNMjQwMTAyMDYzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODZhMTVlOWE2YmJiOThlYTRkODg4MTZmZjY3OGU2ZWYyYzhiMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUHm5+z2+dAWeCIWgduzoZsAdAzA
NqqkV63/Sbkrk2jXNNKgh6K6gHp2t4FiP2OVZ/vNnICmi2seY/gCcYHYTsV2FhTO
eEZv5pUfliQr/+xRApElIWrehIvG5cZf1AQUXLPgEhLHUx+v1GqctgxME3PgkFWh
XRY9BhrgFuEcLF1K7gAndsSA/ox/DWdrdZpDXDq2fLaXJOELlV9de9Bf540W73DE
AAC5addgkqFG2byWE2Y+V15zRvGIA6f72G3tu2QnzOzuCbZEQHgoGbyRVLBE3/DZ
BjYhSY1xXAyKaG7X+NEaWj3oWdmQJtI7sbLvQ+H1qdzvKO+9USPX2WDqzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhqFemmu7mOpNiIFv9njm7yyLDwMB8GA1UdIwQY
MBaAFCWGI+zI3LkT0QIoqUYKhuZgy4+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUt
NTY4OWVlMDZlMTRjLzEvYUdvVjZhYTd1WTZrMklnV18yZU9idkxJc1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUtNTY4OWVlMDZlMTRj
LzEvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTlMMA0G
CSqGSIb3DQEBCwUAA4IBAQBbE86DIjZIHiLtoIFstNvyxkdR3RX0BWHWnMp3cxgE
cnF5AeePajYL3bwxfOQWuHXfF7jeQzBylM5OB3BZfvfAg/bpw9Ub00Dp9vOtJDmA
DjNbUKFo9DnjwUuyyGKeT2lZ9KNp4z8vuZa3Sef49TXm8LE7Itj8fXA9c6Gpp82F
cxZ3jhd9XzPpMDizZvZsQREdPAeHkD0fDn6CpupOGJ+m/dgQKoWfgkdmEmPi8rPZ
g5F2UW2QeMo8Ecb4IBIwGUlhajm5INGZUa8jCfJ6YRC48Ansfgd6aNcph174esos
e+6/eYotg6Cf/IB5KyaFG8sSm0kXUibibppgateK8yRM
-----END CERTIFICATE-----