Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/GiofCIeGchDN46s-xhy0jQmApvs.roa
File:                     GiofCIeGchDN46s-xhy0jQmApvs.roa (raw, json)
Hash identifier:          YO4Y5EEAVg6sI+qoOUvSWq4x3YJ1QkuKdweCsfDEWxA=
Subject key identifier:   1A:2A:1F:08:87:86:72:10:CD:E3:AB:3E:C6:1C:B4:8D:09:80:A6:FB
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC8E05AC2980A6D599AA75D740D40
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/GiofCIeGchDN46s-xhy0jQmApvs.roa
Signing time:             Mon 01 Jan 2024 02:29:27 +0000
ROA not before:           Mon 01 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199738
IP address blocks:        176.32.54.0/24 maxlen: 24
                          176.32.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 22:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c8:e0:5a:c2:98:0a:6d:59:9a:a7:5d:74:0d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a2a1f0887867210cde3ab3ec61cb48d0980a6fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ff:a5:20:89:78:12:48:b0:b7:12:ca:36:84:
                    c1:fb:51:7a:6b:c3:ba:44:6e:74:5e:b0:49:6e:07:
                    d1:9c:86:50:31:a3:e1:f1:d7:9c:08:ce:92:1c:a6:
                    68:96:16:90:52:b3:9b:4c:65:95:07:a4:cd:28:bc:
                    00:82:52:8b:c1:e7:02:61:bb:fb:d9:38:5f:73:40:
                    4a:40:01:3b:fe:38:52:fe:8f:30:bf:f5:45:4b:2b:
                    d3:1e:0d:1a:02:aa:1a:09:ef:44:2b:5e:ef:73:07:
                    d4:f0:54:e8:58:40:f5:72:d5:2b:b4:96:ff:6a:a8:
                    8c:f9:23:f4:4e:ba:d0:31:a5:40:0f:16:4c:02:01:
                    57:5f:8e:72:da:55:ec:a1:4e:96:7b:7e:4a:f3:23:
                    df:b9:2b:3e:34:47:f3:be:b1:95:ce:ae:39:77:98:
                    71:02:eb:41:b4:b0:89:e5:05:38:9e:9a:3e:6a:39:
                    5c:b3:bb:8e:09:ef:5f:1c:01:f6:7e:e8:33:94:84:
                    c3:12:fd:0a:eb:10:6c:e5:22:ec:26:0f:6d:e1:29:
                    0b:36:bf:e4:26:d0:47:7f:52:6a:ea:e6:38:71:1a:
                    86:d8:b6:70:c5:8d:fe:1b:72:3b:93:aa:eb:13:e9:
                    f5:c1:d6:22:7a:5d:f4:7d:02:cc:eb:a5:ba:d8:63:
                    c1:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:2A:1F:08:87:86:72:10:CD:E3:AB:3E:C6:1C:B4:8D:09:80:A6:FB
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/GiofCIeGchDN46s-xhy0jQmApvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.32.50.0/24
                  176.32.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:67:3d:73:d3:b7:f2:da:2c:6a:58:af:d3:e0:a1:d9:2b:eb:
         73:2b:8f:e6:d5:a6:ac:a7:42:50:3f:5e:b2:a8:cb:d1:3b:bf:
         66:50:9d:41:3c:d5:6d:34:13:c2:b0:3c:e2:4b:26:bd:d9:c9:
         15:5d:db:7a:14:8c:3c:e2:e6:d8:f8:d6:dd:2b:df:d4:78:17:
         a0:cd:38:70:10:8e:30:36:83:68:d3:f8:5b:79:e7:f6:15:3e:
         5c:a8:03:4c:c3:b6:a2:84:fd:5b:14:37:73:07:b1:35:71:73:
         df:23:51:1b:dc:4f:da:e7:c8:76:31:71:42:d7:c4:d1:6c:91:
         e5:bf:59:b6:26:21:28:9b:b8:e5:cd:1e:be:31:df:84:26:43:
         ac:11:e3:8e:c3:b2:23:78:ee:62:03:b1:75:86:cc:18:92:68:
         10:b7:7a:d7:1c:b8:97:94:8d:50:da:50:8e:64:de:27:30:1e:
         b1:72:5a:50:21:13:48:9b:2a:08:19:47:cc:4e:fe:bd:54:94:
         00:ff:a7:c4:cd:bb:97:c9:30:f2:b0:d2:ae:d5:49:fb:62:05:
         37:b8:b5:b1:68:c1:a6:a7:c8:88:b7:c2:fe:f1:37:ae:14:b8:
         a8:b7:70:5e:ca:ef:8d:b4:88:af:3f:8d:23:24:e1:0e:58:c1:
         9b:7a:1e:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2sjgWsKYCm1ZmqdddA1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTJhMWYwODg3ODY3MjEwY2RlM2FiM2VjNjFjYjQ4ZDA5ODBhNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/+lIIl4EkiwtxLKNoTB+1F6a8O6
RG50XrBJbgfRnIZQMaPh8decCM6SHKZolhaQUrObTGWVB6TNKLwAglKLwecCYbv7
2Thfc0BKQAE7/jhS/o8wv/VFSyvTHg0aAqoaCe9EK17vcwfU8FToWED1ctUrtJb/
aqiM+SP0TrrQMaVADxZMAgFXX45y2lXsoU6We35K8yPfuSs+NEfzvrGVzq45d5hx
AutBtLCJ5QU4npo+ajlcs7uOCe9fHAH2fugzlITDEv0K6xBs5SLsJg9t4SkLNr/k
JtBHf1Jq6uY4cRqG2LZwxY3+G3I7k6rrE+n1wdYiel30fQLM66W62GPB6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBoqHwiHhnIQzeOrPsYctI0JgKb7MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvR2lvZkNJZUdjaERONDZzLXhoeTBqUW1BcHZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsCAyAwQA
sCA2MA0GCSqGSIb3DQEBCwUAA4IBAQCfZz1z07fy2ixqWK/T4KHZK+tzK4/m1aas
p0JQP16yqMvRO79mUJ1BPNVtNBPCsDziSya92ckVXdt6FIw84ubY+NbdK9/UeBeg
zThwEI4wNoNo0/hbeef2FT5cqANMw7aihP1bFDdzB7E1cXPfI1Eb3E/a58h2MXFC
18TRbJHlv1m2JiEom7jlzR6+Md+EJkOsEeOOw7IjeO5iA7F1hswYkmgQt3rXHLiX
lI1Q2lCOZN4nMB6xclpQIRNImyoIGUfMTv69VJQA/6fEzbuXyTDysNKu1Un7YgU3
uLWxaMGmp8iIt8L+8TeuFLiot3Beyu+NtIivP40jJOEOWMGbeh5z
-----END CERTIFICATE-----