Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/hz3fTpI1lwrvFVtEnKx9NKR7N50.roa
File:                     hz3fTpI1lwrvFVtEnKx9NKR7N50.roa (raw, json)
Hash identifier:          W0fBSutWFdtp7909BU4tJHERmUBXhOmXW5w6d1a0xNk=
Subject key identifier:   87:3D:DF:4E:92:35:97:0A:EF:15:5B:44:9C:AC:7D:34:A4:7B:37:9D
Certificate issuer:       /CN=b55d4e6317c62a1a69dac31f4f143e3bc280ba62
Certificate serial:       018CC64B840EB38DFB3A8EF55A0E65E246A5
Authority key identifier: B5:5D:4E:63:17:C6:2A:1A:69:DA:C3:1F:4F:14:3E:3B:C2:80:BA:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/hz3fTpI1lwrvFVtEnKx9NKR7N50.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16321
IP address blocks:        176.116.240.0/20 maxlen: 20
                          91.196.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:84:0e:b3:8d:fb:3a:8e:f5:5a:0e:65:e2:46:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b55d4e6317c62a1a69dac31f4f143e3bc280ba62
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=873ddf4e9235970aef155b449cac7d34a47b379d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:85:2b:8f:61:c9:af:fe:20:53:89:c4:d2:22:
                    52:15:29:0b:e9:69:79:da:cd:a9:5a:23:b8:52:31:
                    c9:42:31:19:59:3f:53:7c:79:f0:02:70:71:15:a4:
                    37:ca:7b:21:82:42:20:6e:77:c0:18:2b:73:a2:7f:
                    83:2d:91:32:a1:08:39:03:61:a0:92:5a:76:36:f0:
                    5b:29:09:15:ee:3c:78:da:27:29:78:62:91:72:8c:
                    4e:b7:76:84:ad:c0:a4:2c:55:23:9c:87:56:3e:12:
                    3f:e6:9a:79:88:fc:2b:b2:ec:3a:57:70:46:a8:b1:
                    6a:aa:67:13:51:b0:5c:ef:bb:d2:fe:bf:f9:29:69:
                    82:8e:08:68:24:25:fa:39:90:98:57:f7:5e:c2:4a:
                    24:4a:b9:13:98:0e:8a:7e:09:e1:ff:6e:9b:fa:4b:
                    e6:1f:79:f8:cb:78:3c:fe:30:47:f4:7c:65:55:9b:
                    eb:af:ef:be:79:5a:06:23:3b:2b:9f:a2:4b:8b:c3:
                    2f:75:f0:dd:23:58:b5:56:b2:0f:ec:d2:c3:7f:24:
                    1b:69:f2:ad:8e:91:58:04:f5:93:54:61:d8:c7:ff:
                    ae:ea:62:43:5f:1c:22:3b:62:db:37:be:a1:3c:93:
                    c1:7b:ea:05:69:d1:58:12:53:db:ce:44:38:8c:71:
                    97:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:3D:DF:4E:92:35:97:0A:EF:15:5B:44:9C:AC:7D:34:A4:7B:37:9D
            X509v3 Authority Key Identifier:
                keyid:B5:5D:4E:63:17:C6:2A:1A:69:DA:C3:1F:4F:14:3E:3B:C2:80:BA:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tV1OYxfGKhpp2sMfTxQ-O8KAumI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/hz3fTpI1lwrvFVtEnKx9NKR7N50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/654f36-ac5a-4292-8140-534d78898d6b/1/tV1OYxfGKhpp2sMfTxQ-O8KAumI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.252.0/22
                  176.116.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3a:32:72:81:b1:8c:37:26:dc:8e:d2:b2:d0:e6:4e:de:4a:7e:
         d3:1d:5d:60:dc:37:27:65:aa:51:cb:55:5e:b5:d4:7b:64:75:
         e7:e5:62:87:f6:ab:d1:04:f6:ae:80:0c:84:b3:42:5f:55:26:
         34:34:67:63:03:a9:d3:c5:4a:a1:17:5f:a2:4e:94:5b:f1:da:
         88:d9:83:61:b1:08:0b:e6:49:6b:a6:98:51:9d:e4:9d:7a:d0:
         99:46:6c:87:cc:ae:83:95:09:36:8d:2e:1f:bb:f9:d0:56:ab:
         7e:73:43:4a:b0:87:9c:72:b9:14:ab:cc:31:b4:d0:89:95:41:
         37:50:92:c6:44:f1:57:fa:6d:3c:70:71:49:f9:e9:6c:ea:34:
         82:c7:0a:e3:2e:7b:4a:59:2f:fc:25:2f:dd:5a:69:d0:ac:64:
         63:43:44:ac:9d:96:61:be:30:b9:6c:6e:50:6e:d5:5a:4b:e0:
         de:6c:c4:35:70:6b:88:ec:82:8f:b6:11:41:08:7c:53:73:88:
         a5:44:d4:1a:b8:d3:12:2e:aa:74:f6:0e:93:0e:a3:33:27:7e:
         b2:b8:67:80:7c:f9:78:9f:f1:66:7e:99:cc:f4:4c:26:c5:b5:
         70:60:32:fd:20:8a:47:f0:4e:d9:ea:06:57:0a:4a:3a:75:e7:
         3c:d2:91:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS4QOs437Oo71Wg5l4kalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NWQ0ZTYzMTdjNjJhMWE2OWRhYzMxZjRmMTQzZTNiYzI4
MGJhNjIwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzNkZGY0ZTkyMzU5NzBhZWYxNTViNDQ5Y2FjN2QzNGE0N2IzNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4Urj2HJr/4gU4nE0iJSFSkL6Wl5
2s2pWiO4UjHJQjEZWT9TfHnwAnBxFaQ3ynshgkIgbnfAGCtzon+DLZEyoQg5A2Gg
klp2NvBbKQkV7jx42icpeGKRcoxOt3aErcCkLFUjnIdWPhI/5pp5iPwrsuw6V3BG
qLFqqmcTUbBc77vS/r/5KWmCjghoJCX6OZCYV/dewkokSrkTmA6Kfgnh/26b+kvm
H3n4y3g8/jBH9HxlVZvrr+++eVoGIzsrn6JLi8MvdfDdI1i1VrIP7NLDfyQbafKt
jpFYBPWTVGHYx/+u6mJDXxwiO2LbN76hPJPBe+oFadFYElPbzkQ4jHGX4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIc9306SNZcK7xVbRJysfTSkezedMB8GA1UdIwQY
MBaAFLVdTmMXxioaadrDH08UPjvCgLpiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFYxT1l4ZkdLaHBwMnNNZlR4US1POEtBdW1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82NTRmMzYtYWM1YS00MjkyLTgxNDAt
NTM0ZDc4ODk4ZDZiLzEvaHozZlRwSTFsd3J2RlZ0RW5LeDlOS1I3TjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82NTRmMzYtYWM1YS00MjkyLTgxNDAtNTM0ZDc4ODk4ZDZi
LzEvdFYxT1l4ZkdLaHBwMnNNZlR4US1POEtBdW1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8T8AwQE
sHTwMA0GCSqGSIb3DQEBCwUAA4IBAQA6MnKBsYw3JtyO0rLQ5k7eSn7THV1g3Dcn
ZapRy1VetdR7ZHXn5WKH9qvRBPaugAyEs0JfVSY0NGdjA6nTxUqhF1+iTpRb8dqI
2YNhsQgL5klrpphRneSdetCZRmyHzK6DlQk2jS4fu/nQVqt+c0NKsIeccrkUq8wx
tNCJlUE3UJLGRPFX+m08cHFJ+els6jSCxwrjLntKWS/8JS/dWmnQrGRjQ0SsnZZh
vjC5bG5QbtVaS+DebMQ1cGuI7IKPthFBCHxTc4ilRNQauNMSLqp09g6TDqMzJ36y
uGeAfPl4n/FmfpnM9EwmxbVwYDL9IIpH8E7Z6gZXCko6dec80pGS
-----END CERTIFICATE-----