Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/xaX_IYc27r_CCTdTRIUt2Ia496k.roa
File:                     xaX_IYc27r_CCTdTRIUt2Ia496k.roa (raw, json)
Hash identifier:          0Z7ffEDqnjmXfzgns8lzd55nzcm3PWGSTI9/QBTdwX8=
Subject key identifier:   C5:A5:FF:21:87:36:EE:BF:C2:09:37:53:44:85:2D:D8:86:B8:F7:A9
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DDDB28D5BCB8ED0DBA5585D78826E
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/xaX_IYc27r_CCTdTRIUt2Ia496k.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8263
IP address blocks:        178.176.224.0/24 maxlen: 24
                          178.176.226.0/24 maxlen: 24
                          178.176.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:dd:b2:8d:5b:cb:8e:d0:db:a5:58:5d:78:82:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5a5ff218736eebfc209375344852dd886b8f7a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5b:61:02:cf:b4:7e:b1:2b:67:78:e5:bf:e6:
                    c0:ed:7d:36:b3:34:07:ab:9c:46:88:44:38:85:00:
                    9a:6d:4a:0e:d9:10:08:fc:4c:97:14:4d:20:40:21:
                    f1:8e:f7:82:50:74:36:3e:49:05:28:c7:8c:da:4b:
                    ab:f3:31:84:68:c9:b7:6f:5c:78:96:22:00:9c:49:
                    d6:d9:e9:aa:9b:27:40:7b:2e:8a:97:5d:e8:c9:18:
                    2d:3d:bd:72:90:1b:2c:b3:6c:41:55:18:64:ed:de:
                    68:f5:11:61:6c:b8:4c:d2:89:97:7c:16:32:45:81:
                    72:2f:e0:a8:42:f7:1a:0e:d0:dc:da:a8:78:73:c2:
                    fb:1d:ae:be:92:03:19:7d:80:d2:97:55:96:57:1d:
                    66:ed:1d:e2:ff:0a:aa:7d:e1:26:15:66:55:80:f9:
                    40:63:0a:a2:9f:8b:19:1e:81:86:ab:1a:13:72:5c:
                    e7:91:44:27:39:dc:39:41:ff:cf:be:ba:d4:48:2b:
                    53:a9:f5:f8:08:97:c4:2e:f2:46:a8:81:de:22:41:
                    a6:f6:7e:12:38:60:6a:c8:c3:2c:c4:e5:8a:4b:9c:
                    0c:ba:cc:ec:37:fe:f0:81:a6:8e:56:18:26:f8:c6:
                    74:12:6e:03:33:e0:e9:f7:25:35:c3:92:a5:4a:e1:
                    38:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A5:FF:21:87:36:EE:BF:C2:09:37:53:44:85:2D:D8:86:B8:F7:A9
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/xaX_IYc27r_CCTdTRIUt2Ia496k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.176.224.0-178.176.226.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:36:08:49:b6:81:55:98:ce:56:d9:88:42:fc:aa:85:4d:00:
         b3:38:db:26:8a:d2:3c:c7:dc:fc:b6:39:37:5c:38:fa:e4:a6:
         2c:c5:33:f6:eb:b4:28:66:8f:4c:c4:29:44:d6:fe:2c:46:ea:
         f5:0e:d9:34:5f:ec:33:c4:b3:8a:58:77:79:2c:e0:ca:c3:de:
         bd:12:ed:82:63:d4:ee:db:50:0a:73:15:02:a8:e2:25:11:32:
         85:65:73:ac:18:9a:27:f8:2c:a3:25:d2:cf:63:78:93:5f:1d:
         f3:3e:3e:1a:aa:1e:a4:04:52:1e:b8:ec:47:ce:de:50:fd:19:
         fa:32:be:1d:25:6c:17:42:cf:81:b7:3e:ae:88:ae:7d:a9:bc:
         d0:16:17:c3:67:51:dd:e7:4d:7f:27:f7:2e:1a:e7:b9:ba:5d:
         c7:3f:d4:e0:c1:eb:01:be:6c:58:15:3c:61:5c:03:2e:1a:6e:
         e8:db:8c:89:ec:32:64:dc:a6:d1:a7:64:de:0e:06:e6:91:96:
         c8:70:04:69:07:bc:39:9c:76:fa:10:96:7b:c9:68:54:a8:22:
         3f:92:09:04:fb:1b:07:81:d1:28:03:18:22:0b:04:fa:04:b1:
         c9:0d:65:3c:05:52:d3:f8:d2:3c:d1:1c:ce:2d:34:aa:82:39:
         3a:1b:66:d2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbd2yjVvLjtDbpVhdeIJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE1ZmYyMTg3MzZlZWJmYzIwOTM3NTM0NDg1MmRkODg2YjhmN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFthAs+0frErZ3jlv+bA7X02szQH
q5xGiEQ4hQCabUoO2RAI/EyXFE0gQCHxjveCUHQ2PkkFKMeM2kur8zGEaMm3b1x4
liIAnEnW2emqmydAey6Kl13oyRgtPb1ykBsss2xBVRhk7d5o9RFhbLhM0omXfBYy
RYFyL+CoQvcaDtDc2qh4c8L7Ha6+kgMZfYDSl1WWVx1m7R3i/wqqfeEmFWZVgPlA
Ywqin4sZHoGGqxoTclznkUQnOdw5Qf/PvrrUSCtTqfX4CJfELvJGqIHeIkGm9n4S
OGBqyMMsxOWKS5wMuszsN/7wgaaOVhgm+MZ0Em4DM+Dp9yU1w5KlSuE4hQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMWl/yGHNu6/wgk3U0SFLdiGuPepMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEveGFYX0lZYzI3cl9DQ1RkVFJJVXQySWE0OTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAWysOAD
BACysOIwDQYJKoZIhvcNAQELBQADggEBADw2CEm2gVWYzlbZiEL8qoVNALM42yaK
0jzH3Py2OTdcOPrkpizFM/brtChmj0zEKUTW/ixG6vUO2TRf7DPEs4pYd3ks4MrD
3r0S7YJj1O7bUApzFQKo4iURMoVlc6wYmif4LKMl0s9jeJNfHfM+PhqqHqQEUh64
7EfO3lD9Gfoyvh0lbBdCz4G3Pq6Irn2pvNAWF8NnUd3nTX8n9y4a57m6Xcc/1ODB
6wG+bFgVPGFcAy4abujbjInsMmTcptGnZN4OBuaRlshwBGkHvDmcdvoQlnvJaFSo
Ij+SCQT7GweB0SgDGCILBPoEsckNZTwFUtP40jzRHM4tNKqCOTobZtI=
-----END CERTIFICATE-----