Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/rWecwzOy_r05COuEiZl4KWht5j4.roa
File:                     rWecwzOy_r05COuEiZl4KWht5j4.roa (raw, json)
Hash identifier:          APFZzX7MSHk1ET0fGFHAZgyisv5z2ZfhR0L4cxUpeKo=
Subject key identifier:   AD:67:9C:C3:33:B2:FE:BD:39:08:EB:84:89:99:78:29:68:6D:E6:3E
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       01942825D6979571B867D237ED17099C2337
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/rWecwzOy_r05COuEiZl4KWht5j4.roa
Signing time:             Thu 02 Jan 2025 17:52:35 +0000
ROA not before:           Thu 02 Jan 2025 17:52:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198483
IP address blocks:        176.96.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:d6:97:95:71:b8:67:d2:37:ed:17:09:9c:23:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Jan  2 17:52:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad679cc333b2febd3908eb8489997829686de63e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8f:89:31:83:0e:27:c1:97:65:52:49:0f:a8:
                    6a:39:ae:dd:41:23:55:c2:7c:44:eb:f0:8e:09:fb:
                    74:e7:29:c3:94:2e:bb:47:19:26:c1:90:5e:9f:09:
                    07:62:93:9c:c2:29:c8:78:d9:61:69:11:ef:34:ad:
                    91:36:e9:65:57:cd:f9:c7:90:41:25:fc:b6:43:47:
                    2e:0c:83:84:2c:c1:f2:1f:17:cf:18:ce:df:c3:e3:
                    5e:5a:40:2e:94:75:57:73:f3:4a:b1:59:7f:4c:d7:
                    c9:1c:68:24:e8:a7:6c:27:16:ca:cc:1b:e9:41:06:
                    7d:de:f5:27:16:57:9d:be:fd:60:b9:f7:ae:86:a1:
                    09:31:ab:23:56:1a:b7:fb:2f:69:20:5d:db:9a:4b:
                    98:9a:0b:e7:d4:4f:a8:b0:3e:c6:8f:d2:a7:fb:d9:
                    f3:0d:57:ed:d1:3c:0b:44:54:8c:fe:c8:a3:cd:c5:
                    2b:4f:18:61:e5:62:bc:56:a8:c6:48:ac:a3:b8:fe:
                    4d:12:33:86:dd:cf:36:20:23:54:b6:d4:19:74:f5:
                    76:60:5e:91:c4:63:43:6e:3b:4b:fd:5b:eb:24:54:
                    14:1f:00:9d:36:52:75:d0:46:3f:6f:eb:3b:fe:36:
                    5e:aa:93:00:ac:b5:55:c1:dd:51:df:07:e5:83:eb:
                    09:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:67:9C:C3:33:B2:FE:BD:39:08:EB:84:89:99:78:29:68:6D:E6:3E
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/rWecwzOy_r05COuEiZl4KWht5j4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:48:a2:fc:12:3c:55:39:6a:2a:3a:e7:ea:67:b6:3a:1d:fb:
         23:af:cd:e6:43:17:44:93:eb:75:6a:f4:70:2a:b0:02:05:8d:
         7c:56:de:2e:f3:6e:dc:19:db:a2:41:4b:00:84:07:aa:dd:1a:
         eb:3a:69:6f:7c:51:c6:f4:24:52:24:ba:d4:8a:ad:d6:ba:a5:
         91:35:7b:92:4c:64:da:cc:67:ca:3b:92:2a:cd:a7:26:a0:a0:
         f0:39:2d:7c:4d:cc:f2:aa:1b:1d:cd:a7:e2:79:72:3d:b0:2c:
         73:2b:cd:e9:34:5f:b4:12:61:88:87:af:54:9c:16:c8:5c:1e:
         91:70:40:15:6e:2d:27:41:13:78:33:c3:87:b1:8e:a7:c2:3f:
         cc:71:d4:c7:90:9f:62:c3:1e:cf:5a:98:11:42:51:e9:26:bb:
         c9:a1:c1:7d:e1:33:32:03:42:ab:88:23:22:68:df:43:94:a5:
         c9:a7:d5:0d:91:36:4d:29:96:f5:1c:df:59:96:89:f6:b1:6d:
         b0:14:95:7d:b4:5d:8b:1e:85:f5:26:4a:90:77:c8:bd:80:b4:
         b0:2a:14:e5:d9:fe:a7:5a:a8:6c:1a:e2:8f:82:c3:e4:f1:67:
         bb:e2:40:5a:45:13:5f:8a:3c:d2:87:7b:6d:01:c2:d9:cf:fb:
         3f:c0:87:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJdaXlXG4Z9I37RcJnCM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjUwMTAyMTc1MjM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY3OWNjMzMzYjJmZWJkMzkwOGViODQ4OTk5NzgyOTY4NmRlNjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsY+JMYMOJ8GXZVJJD6hqOa7dQSNV
wnxE6/COCft05ynDlC67RxkmwZBenwkHYpOcwinIeNlhaRHvNK2RNullV835x5BB
Jfy2Q0cuDIOELMHyHxfPGM7fw+NeWkAulHVXc/NKsVl/TNfJHGgk6KdsJxbKzBvp
QQZ93vUnFledvv1gufeuhqEJMasjVhq3+y9pIF3bmkuYmgvn1E+osD7Gj9Kn+9nz
DVft0TwLRFSM/sijzcUrTxhh5WK8VqjGSKyjuP5NEjOG3c82ICNUttQZdPV2YF6R
xGNDbjtL/VvrJFQUHwCdNlJ10EY/b+s7/jZeqpMArLVVwd1R3wflg+sJxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1nnMMzsv69OQjrhImZeClobeY+MB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvcldlY3d6T3lfcjA1Q091RWlabDRLV2h0NWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGDjMA0G
CSqGSIb3DQEBCwUAA4IBAQB1SKL8EjxVOWoqOufqZ7Y6Hfsjr83mQxdEk+t1avRw
KrACBY18Vt4u827cGduiQUsAhAeq3RrrOmlvfFHG9CRSJLrUiq3WuqWRNXuSTGTa
zGfKO5IqzacmoKDwOS18TczyqhsdzafieXI9sCxzK83pNF+0EmGIh69UnBbIXB6R
cEAVbi0nQRN4M8OHsY6nwj/McdTHkJ9iwx7PWpgRQlHpJrvJocF94TMyA0KriCMi
aN9DlKXJp9UNkTZNKZb1HN9Zlon2sW2wFJV9tF2LHoX1JkqQd8i9gLSwKhTl2f6n
WqhsGuKPgsPk8We74kBaRRNfijzSh3ttAcLZz/s/wIdr
-----END CERTIFICATE-----