Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/dr3FvpX0zsC5u26y8bl6QOFyXy4.roa
File:                     dr3FvpX0zsC5u26y8bl6QOFyXy4.roa (raw, json)
Hash identifier:          jzgJElxmelriLlO3cJzAYs/rPlTKtYsrKy8LQ5ADQEM=
Subject key identifier:   76:BD:C5:BE:95:F4:CE:C0:B9:BB:6E:B2:F1:B9:7A:40:E1:72:5F:2E
Certificate issuer:       /CN=aebf394e2f1b251c88d988a87161084580786ef5
Certificate serial:       018CC5DD375AAF7393359719BE7EE3FD78C1
Authority key identifier: AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/dr3FvpX0zsC5u26y8bl6QOFyXy4.roa
Signing time:             Mon 01 Jan 2024 16:30:58 +0000
ROA not before:           Mon 01 Jan 2024 16:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12395
IP address blocks:        178.249.167.0/24 maxlen: 24
                          2a01:728:108::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:37:5a:af:73:93:35:97:19:be:7e:e3:fd:78:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aebf394e2f1b251c88d988a87161084580786ef5
        Validity
            Not Before: Jan  1 16:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76bdc5be95f4cec0b9bb6eb2f1b97a40e1725f2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:69:6b:1b:7c:ff:42:63:0f:00:ab:10:72:91:
                    3e:53:36:11:67:68:87:90:09:92:73:b9:55:f2:91:
                    7f:6b:f5:a6:ad:46:5c:13:e3:5b:d7:7f:42:a5:f4:
                    f5:ca:b7:c6:f5:1b:fc:5e:be:23:fb:dc:13:78:6c:
                    8f:d4:88:a9:b6:94:95:5e:31:d1:d5:43:13:c0:4e:
                    b7:78:1b:b9:cb:62:47:a0:1b:a2:b4:a7:c5:6e:46:
                    2a:a0:71:36:29:95:ba:0c:58:a1:79:c4:f2:1e:5f:
                    06:83:49:ef:6b:b0:b2:77:22:b1:fd:93:be:b8:47:
                    f7:af:a4:79:81:e7:c0:04:66:7d:77:62:42:6b:4a:
                    ac:cf:42:6e:c2:5d:dd:cf:51:7c:f3:d6:b5:b7:3f:
                    a7:84:73:32:c8:f2:5c:dc:fc:de:e0:66:08:ed:cd:
                    83:b4:17:4d:a8:49:84:b1:ca:7f:9e:59:55:13:d5:
                    8e:a4:16:b8:aa:f1:0e:59:e8:d6:a0:43:3b:14:0f:
                    68:5e:a1:4b:9e:17:71:e2:cd:b3:3f:3b:75:45:4e:
                    55:ab:4f:6d:ae:d1:1c:a6:5a:95:c8:b3:0c:e7:2d:
                    98:5b:35:ea:72:ac:05:ec:ff:40:cd:23:88:c3:3f:
                    73:06:73:65:61:c9:39:15:c1:74:d8:04:90:13:c2:
                    5a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:BD:C5:BE:95:F4:CE:C0:B9:BB:6E:B2:F1:B9:7A:40:E1:72:5F:2E
            X509v3 Authority Key Identifier:
                keyid:AE:BF:39:4E:2F:1B:25:1C:88:D9:88:A8:71:61:08:45:80:78:6E:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rr85Ti8bJRyI2YiocWEIRYB4bvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/dr3FvpX0zsC5u26y8bl6QOFyXy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40498e-d1c0-484c-abcb-61e7f40d5dd6/1/rr85Ti8bJRyI2YiocWEIRYB4bvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.249.167.0/24
                IPv6:
                  2a01:728:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:10:89:c0:40:91:5a:2f:3c:71:0a:81:7e:6f:44:d4:e8:fa:
         4e:43:a0:bf:6d:d4:d3:95:ed:30:cb:31:ad:c3:34:fb:96:c8:
         a1:d1:fc:dc:a3:0d:a0:28:26:30:ae:07:c9:d0:7f:69:cd:72:
         44:5e:f9:c0:e4:6f:75:a9:43:23:0c:d9:e0:71:b5:52:67:85:
         d6:40:8b:df:a8:2a:37:00:cc:1d:d1:83:1d:7d:eb:a9:76:db:
         3d:8c:eb:c8:af:21:5b:49:c4:a7:05:9c:63:82:59:55:ea:b7:
         4d:8d:ed:bf:be:8a:02:2a:40:47:eb:ea:27:e1:a5:67:04:8f:
         3c:5c:56:10:d0:9a:40:22:0e:ce:f0:be:dc:c4:4d:10:11:ab:
         f2:1b:f3:2c:48:55:a3:bd:e9:b8:94:56:d9:ad:c4:61:40:df:
         e8:f9:f3:08:47:2b:b5:98:8e:91:d6:3e:61:6b:32:29:10:66:
         10:b7:1c:b6:7f:43:82:92:64:aa:07:0a:e3:a6:08:74:ea:e2:
         f6:be:64:b3:a8:d3:30:9a:cf:8c:fe:5f:0e:cf:26:62:68:2f:
         db:70:c4:07:b5:c9:e4:d1:3c:cf:72:36:93:2a:e6:f3:3e:de:
         d2:af:d1:7f:16:6b:58:c6:74:37:8f:92:d5:54:bf:7d:16:4c:
         59:ae:4a:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3Tdar3OTNZcZvn7j/XjBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmYzOTRlMmYxYjI1MWM4OGQ5ODhhODcxNjEwODQ1ODA3
ODZlZjUwHhcNMjQwMTAxMTYzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmJkYzViZTk1ZjRjZWMwYjliYjZlYjJmMWI5N2E0MGUxNzI1ZjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWlrG3z/QmMPAKsQcpE+UzYRZ2iH
kAmSc7lV8pF/a/WmrUZcE+Nb139CpfT1yrfG9Rv8Xr4j+9wTeGyP1IiptpSVXjHR
1UMTwE63eBu5y2JHoBuitKfFbkYqoHE2KZW6DFihecTyHl8Gg0nva7CydyKx/ZO+
uEf3r6R5gefABGZ9d2JCa0qsz0Juwl3dz1F889a1tz+nhHMyyPJc3Pze4GYI7c2D
tBdNqEmEscp/nllVE9WOpBa4qvEOWejWoEM7FA9oXqFLnhdx4s2zPzt1RU5Vq09t
rtEcplqVyLMM5y2YWzXqcqwF7P9AzSOIwz9zBnNlYck5FcF02ASQE8JaswIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHa9xb6V9M7AubtusvG5ekDhcl8uMB8GA1UdIwQY
MBaAFK6/OU4vGyUciNmIqHFhCEWAeG71MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2It
NjFlN2Y0MGQ1ZGQ2LzEvZHIzRnZwWDB6c0M1dTI2eThibDZRT0Z5WHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS80MDQ5OGUtZDFjMC00ODRjLWFiY2ItNjFlN2Y0MGQ1ZGQ2
LzEvcnI4NVRpOGJKUnlJMllpb2NXRUlSWUI0YnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsvmnMA8E
AgACMAkDBwAqAQcoAQgwDQYJKoZIhvcNAQELBQADggEBAB8QicBAkVovPHEKgX5v
RNTo+k5DoL9t1NOV7TDLMa3DNPuWyKHR/NyjDaAoJjCuB8nQf2nNckRe+cDkb3Wp
QyMM2eBxtVJnhdZAi9+oKjcAzB3Rgx1966l22z2M68ivIVtJxKcFnGOCWVXqt02N
7b++igIqQEfr6ifhpWcEjzxcVhDQmkAiDs7wvtzETRARq/Ib8yxIVaO96biUVtmt
xGFA3+j58whHK7WYjpHWPmFrMikQZhC3HLZ/Q4KSZKoHCuOmCHTq4va+ZLOo0zCa
z4z+Xw7PJmJoL9twxAe1yeTRPM9yNpMq5vM+3tKv0X8Wa1jGdDePktVUv30WTFmu
SrU=
-----END CERTIFICATE-----