Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/DPuxzU-LlBbQxIQVQedDqsAwOBg.roa
File:                     DPuxzU-LlBbQxIQVQedDqsAwOBg.roa (raw, json)
Hash identifier:          /BY4SJ7sStkk9W3aEtVXdOihlzWYflAAA0qL6eBjzbQ=
Subject key identifier:   0C:FB:B1:CD:4F:8B:94:16:D0:C4:84:15:41:E7:43:AA:C0:30:38:18
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       018CC2DB10B507D75F5421B3858D794FBA82
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/DPuxzU-LlBbQxIQVQedDqsAwOBg.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209873
IP address blocks:        176.118.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:10:b5:07:d7:5f:54:21:b3:85:8d:79:4f:ba:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cfbb1cd4f8b9416d0c4841541e743aac0303818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:c8:77:a0:65:e1:82:36:80:ef:71:4c:7c:97:
                    ca:61:9c:16:80:4f:d1:f5:24:17:04:3a:9c:35:1d:
                    c9:bd:8b:86:54:ef:a2:4d:1b:11:00:54:fb:fa:93:
                    ec:9c:31:f5:5c:bd:92:cb:f9:76:04:23:9b:e0:3a:
                    90:b0:82:0d:6d:25:c7:85:0c:ef:9c:e5:60:12:45:
                    5d:f4:bb:fd:75:12:03:c5:be:1d:d3:bf:03:63:ec:
                    ab:0b:18:2a:8c:66:6d:32:1b:6f:c4:05:3c:06:8b:
                    52:d6:75:b9:10:d7:00:a1:d1:22:89:ad:d1:df:88:
                    e2:22:4e:d6:f9:8a:e4:6b:6e:01:c4:53:62:c7:08:
                    2d:81:28:b2:0f:07:01:ec:e0:3a:77:b1:23:85:63:
                    4c:77:76:93:e5:d8:77:f8:5a:4f:22:eb:81:bf:b4:
                    d4:0c:42:31:28:ad:50:1e:3d:cf:56:e0:76:3e:3b:
                    dd:80:ee:3a:f5:45:37:18:fb:05:f7:71:61:5e:77:
                    82:0d:66:1e:9e:e9:23:b1:ca:84:8d:1a:8f:b9:ea:
                    c6:60:6b:ee:2d:d2:25:28:1f:90:71:2e:ed:54:fb:
                    d5:49:db:10:8f:4b:ac:7d:33:dd:50:25:1c:d1:a4:
                    8c:85:d4:e3:2c:af:29:0f:c3:6e:96:d8:c2:cf:bc:
                    58:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:FB:B1:CD:4F:8B:94:16:D0:C4:84:15:41:E7:43:AA:C0:30:38:18
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/DPuxzU-LlBbQxIQVQedDqsAwOBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:ef:1a:9a:eb:4e:e2:87:fd:fa:d9:32:06:ea:3e:48:cb:90:
         b4:b5:00:24:1e:0d:bf:02:ba:79:6a:b2:4f:b3:de:e6:b2:83:
         98:5e:ea:1e:55:d6:00:a7:d2:e1:2c:fa:f2:48:74:8d:82:14:
         58:69:6b:04:9f:01:1f:cf:19:90:eb:59:d9:5f:2c:c3:a8:84:
         70:96:88:e4:bc:8f:3c:0f:fc:0d:ef:be:6c:24:57:4f:82:1f:
         f8:2d:bd:c9:f5:13:29:37:a5:8c:9f:95:34:3c:c7:f5:0d:70:
         24:86:19:63:25:1a:70:76:91:f5:1a:c1:83:6d:66:26:c1:85:
         13:f5:c0:2b:8e:0d:91:b8:70:ac:7e:a9:1c:92:0c:7f:be:39:
         a2:33:c5:00:30:94:5e:8c:f7:61:ef:6e:ca:d7:46:7b:51:67:
         e7:23:e5:79:b0:30:9e:1c:b1:2e:d4:15:6d:fd:f0:fb:ec:50:
         1a:06:bf:1e:1f:80:bb:1d:d3:e3:0d:34:9d:4b:1c:a5:49:59:
         fe:d1:f4:00:b1:6f:91:44:f9:1f:06:ab:05:4d:11:93:47:9d:
         5d:51:17:74:56:69:76:36:a6:10:4e:79:e6:38:6a:42:3e:66:
         0c:46:9a:f7:a1:e9:59:af:62:33:06:3a:f7:51:3e:7a:f4:b8:
         eb:47:a4:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xC1B9dfVCGzhY15T7qCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2ZiYjFjZDRmOGI5NDE2ZDBjNDg0MTU0MWU3NDNhYWMwMzAzODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMh3oGXhgjaA73FMfJfKYZwWgE/R
9SQXBDqcNR3JvYuGVO+iTRsRAFT7+pPsnDH1XL2Sy/l2BCOb4DqQsIINbSXHhQzv
nOVgEkVd9Lv9dRIDxb4d078DY+yrCxgqjGZtMhtvxAU8BotS1nW5ENcAodEiia3R
34jiIk7W+Yrka24BxFNixwgtgSiyDwcB7OA6d7EjhWNMd3aT5dh3+FpPIuuBv7TU
DEIxKK1QHj3PVuB2PjvdgO469UU3GPsF93FhXneCDWYenukjscqEjRqPuerGYGvu
LdIlKB+QcS7tVPvVSdsQj0usfTPdUCUc0aSMhdTjLK8pD8NultjCz7xYMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAz7sc1Pi5QW0MSEFUHnQ6rAMDgYMB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvRFB1eHpVLUxsQmJReElRVlFlZERxc0F3T0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHbUMA0G
CSqGSIb3DQEBCwUAA4IBAQBT7xqa607ih/362TIG6j5Iy5C0tQAkHg2/Arp5arJP
s97msoOYXuoeVdYAp9LhLPrySHSNghRYaWsEnwEfzxmQ61nZXyzDqIRwlojkvI88
D/wN775sJFdPgh/4Lb3J9RMpN6WMn5U0PMf1DXAkhhljJRpwdpH1GsGDbWYmwYUT
9cArjg2RuHCsfqkckgx/vjmiM8UAMJRejPdh727K10Z7UWfnI+V5sDCeHLEu1BVt
/fD77FAaBr8eH4C7HdPjDTSdSxylSVn+0fQAsW+RRPkfBqsFTRGTR51dURd0Vml2
NqYQTnnmOGpCPmYMRpr3oelZr2IzBjr3UT569LjrR6Sw
-----END CERTIFICATE-----