Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/76wNd9NP3c59k2JmOuL5wP1wxzs.roa
File:                     76wNd9NP3c59k2JmOuL5wP1wxzs.roa (raw, json)
Hash identifier:          GnE5a73cFzUrd7zRF9b+uvueqPR9EUoEHdPFO0coQ50=
Subject key identifier:   EF:AC:0D:77:D3:4F:DD:CE:7D:93:62:66:3A:E2:F9:C0:FD:70:C7:3B
Certificate issuer:       /CN=6832c32d2259013991260d530d9120031aaefcd0
Certificate serial:       018CC348F07F299BC1FFAB487F6780708041
Authority key identifier: 68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/76wNd9NP3c59k2JmOuL5wP1wxzs.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        145.46.170.0/24 maxlen: 24
                          145.46.168.0/24 maxlen: 24
                          145.46.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f0:7f:29:9b:c1:ff:ab:48:7f:67:80:70:80:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6832c32d2259013991260d530d9120031aaefcd0
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efac0d77d34fddce7d9362663ae2f9c0fd70c73b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:65:75:44:cc:d1:22:80:4d:b9:df:76:94:c2:
                    91:30:28:47:c5:2b:be:6b:41:cb:f6:87:d7:cd:fb:
                    71:8b:4c:1b:df:88:e0:9f:55:7d:e6:f9:b7:5c:51:
                    0c:28:48:66:8b:14:cc:02:fc:cd:d6:8a:04:e5:eb:
                    ba:22:29:44:fa:32:8c:8d:f3:c3:71:24:8f:31:38:
                    f5:8a:fb:40:7c:9e:12:b2:36:8d:1e:b5:cb:43:1b:
                    65:18:17:5f:3c:a3:ce:3e:c8:1d:f7:ff:6b:6a:dd:
                    2e:ce:21:d9:14:60:b2:df:39:d4:d4:48:e9:9c:3d:
                    07:2a:16:6b:d6:50:fc:26:95:82:ab:bb:0f:5c:19:
                    2e:6e:da:59:7c:60:99:1a:14:1b:ed:ef:eb:30:6a:
                    c0:3c:c8:07:d1:9f:d6:f5:af:1c:3d:fc:cc:23:db:
                    c1:f5:ff:f8:dd:5d:7c:0e:db:c5:a8:80:68:9d:dc:
                    ad:a0:32:2a:6c:7e:2e:21:03:ba:76:d4:67:c2:c8:
                    79:24:b4:63:8f:90:14:e6:1e:99:aa:26:fc:33:e5:
                    eb:6a:76:66:41:04:f3:19:d9:b4:d1:3b:35:b0:8b:
                    21:a1:36:a4:23:d5:2f:af:3f:58:58:75:a4:ec:10:
                    de:3e:74:36:4e:3a:4a:0e:e0:d1:6f:c9:5c:2b:05:
                    a2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:AC:0D:77:D3:4F:DD:CE:7D:93:62:66:3A:E2:F9:C0:FD:70:C7:3B
            X509v3 Authority Key Identifier:
                keyid:68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/76wNd9NP3c59k2JmOuL5wP1wxzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.46.168.0-145.46.170.255

    Signature Algorithm: sha256WithRSAEncryption
         3b:d3:ac:2a:e1:87:46:88:1b:59:b3:3a:e9:54:f3:d8:23:09:
         a7:f6:fa:75:c8:33:28:e4:20:0d:99:64:06:e2:0d:31:07:17:
         a8:33:2d:3e:c7:69:25:6b:b4:08:ed:8b:7c:4c:9f:cd:0d:a1:
         ca:41:f5:bf:fe:6d:0e:b1:d2:7f:8a:0d:11:47:87:7a:e8:1f:
         a7:11:61:83:5c:90:8b:2d:2b:ba:45:0d:18:02:b7:3c:f6:7b:
         82:b2:df:ea:8e:62:db:cf:95:cf:48:2b:63:b6:d7:82:1f:cc:
         01:ba:7e:b6:c0:70:0b:03:29:4d:53:d7:fd:86:6c:74:52:84:
         5c:32:f5:26:7b:bb:25:af:62:cc:32:66:10:85:2a:0f:6f:e9:
         9d:18:65:f0:0d:eb:86:17:5b:cc:cb:e9:a9:4e:07:23:06:56:
         2f:cb:69:8f:ad:07:7a:00:95:15:c1:8a:f2:f5:c5:6a:26:c8:
         60:b1:a8:f9:cf:af:3e:f1:b3:54:fc:76:f2:2c:e7:ae:b5:c8:
         a0:45:7e:a5:41:7a:0c:de:fe:d1:83:8a:21:84:f0:91:90:d1:
         9f:9a:17:6f:cc:99:15:81:3c:e7:3a:32:6f:97:65:9d:a1:cd:
         3c:59:31:81:42:1a:fc:7a:b3:d5:99:fa:9e:fb:ca:f9:73:e6:
         a2:c7:60:67
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSPB/KZvB/6tIf2eAcIBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzJjMzJkMjI1OTAxMzk5MTI2MGQ1MzBkOTEyMDAzMWFh
ZWZjZDAwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmFjMGQ3N2QzNGZkZGNlN2Q5MzYyNjYzYWUyZjljMGZkNzBjNzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWV1RMzRIoBNud92lMKRMChHxSu+
a0HL9ofXzftxi0wb34jgn1V95vm3XFEMKEhmixTMAvzN1ooE5eu6IilE+jKMjfPD
cSSPMTj1ivtAfJ4SsjaNHrXLQxtlGBdfPKPOPsgd9/9rat0uziHZFGCy3znU1Ejp
nD0HKhZr1lD8JpWCq7sPXBkubtpZfGCZGhQb7e/rMGrAPMgH0Z/W9a8cPfzMI9vB
9f/43V18DtvFqIBondytoDIqbH4uIQO6dtRnwsh5JLRjj5AU5h6Zqib8M+XranZm
QQTzGdm00Ts1sIshoTakI9Uvrz9YWHWk7BDePnQ2TjpKDuDRb8lcKwWiqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO+sDXfTT93OfZNiZjri+cD9cMc7MB8GA1UdIwQY
MBaAFGgywy0iWQE5kSYNUw2RIAMarvzQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYt
NzcwZjhlYWIyYWU3LzEvNzZ3TmQ5TlAzYzU5azJKbU91TDV3UDF3eHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYtNzcwZjhlYWIyYWU3
LzEvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAORLqgD
BACRLqowDQYJKoZIhvcNAQELBQADggEBADvTrCrhh0aIG1mzOulU89gjCaf2+nXI
MyjkIA2ZZAbiDTEHF6gzLT7HaSVrtAjti3xMn80NocpB9b/+bQ6x0n+KDRFHh3ro
H6cRYYNckIstK7pFDRgCtzz2e4Ky3+qOYtvPlc9IK2O214IfzAG6frbAcAsDKU1T
1/2GbHRShFwy9SZ7uyWvYswyZhCFKg9v6Z0YZfAN64YXW8zL6alOByMGVi/LaY+t
B3oAlRXBivL1xWomyGCxqPnPrz7xs1T8dvIs5661yKBFfqVBegze/tGDiiGE8JGQ
0Z+aF2/MmRWBPOc6Mm+XZZ2hzTxZMYFCGvx6s9WZ+p77yvlz5qLHYGc=
-----END CERTIFICATE-----