Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/1a0c6a-1a5e-424b-9a69-995531862419/1/19clcZ_5Rhv3B04NhF4MWlfmEBc.roa
File:                     19clcZ_5Rhv3B04NhF4MWlfmEBc.roa (raw, json)
Hash identifier:          gfjeL3PY+mNwXTbPjxPaZ1YPzt59LK4u/3RhP8liFZE=
Subject key identifier:   D7:D7:25:71:9F:F9:46:1B:F7:07:4E:0D:84:5E:0C:5A:57:E6:10:17
Certificate issuer:       /CN=24295ce712473d0e3e6daa777db8906f8001df70
Certificate serial:       018CC9BC9A6D849B59198DAAF8DEE68C3F4F
Authority key identifier: 24:29:5C:E7:12:47:3D:0E:3E:6D:AA:77:7D:B8:90:6F:80:01:DF:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JClc5xJHPQ4-bap3fbiQb4AB33A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/1a0c6a-1a5e-424b-9a69-995531862419/1/19clcZ_5Rhv3B04NhF4MWlfmEBc.roa
Signing time:             Tue 02 Jan 2024 10:33:49 +0000
ROA not before:           Tue 02 Jan 2024 10:33:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49101
IP address blocks:        176.102.64.0/22 maxlen: 22
                          2a07:dbc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/1a0c6a-1a5e-424b-9a69-995531862419/1/JClc5xJHPQ4-bap3fbiQb4AB33A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/1a0c6a-1a5e-424b-9a69-995531862419/1/JClc5xJHPQ4-bap3fbiQb4AB33A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JClc5xJHPQ4-bap3fbiQb4AB33A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9a:6d:84:9b:59:19:8d:aa:f8:de:e6:8c:3f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24295ce712473d0e3e6daa777db8906f8001df70
        Validity
            Not Before: Jan  2 10:33:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7d725719ff9461bf7074e0d845e0c5a57e61017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b8:a8:8c:c1:81:a9:92:b2:b0:09:8b:14:7b:
                    3a:1a:32:8e:26:d2:78:f4:be:50:b7:8b:f4:73:e6:
                    fa:74:bc:68:c6:78:93:cf:2e:2f:ae:fb:df:c1:36:
                    f8:04:b8:43:60:fb:24:41:c6:a3:7b:6d:62:14:54:
                    f7:47:38:06:28:c6:78:37:12:51:87:e9:0d:ed:33:
                    b1:d4:42:4f:da:26:4b:1c:87:10:31:a7:c5:0d:24:
                    7b:d2:45:e6:cc:e1:9e:4c:4a:a4:c3:54:28:fb:26:
                    2d:90:66:e9:29:6c:bc:75:1e:ea:47:06:a5:87:24:
                    4f:7c:9e:3f:2e:6b:6a:06:68:a3:d4:ce:8c:c7:d2:
                    10:e9:25:a6:2a:36:f7:9f:d4:fd:86:9c:68:e7:ff:
                    04:84:1d:6b:18:14:b4:57:12:59:fe:51:1e:cd:96:
                    25:0b:88:be:db:5b:8f:2f:ff:10:07:13:16:04:b2:
                    fe:78:fe:d6:66:e0:be:a4:19:4c:d2:9f:11:e3:82:
                    21:51:a5:30:b1:2e:07:28:8e:29:22:ae:2b:a9:7b:
                    e9:53:46:0d:d7:b0:6d:1a:a9:ba:31:b8:76:31:99:
                    fd:45:96:54:4e:fb:77:85:af:0e:00:ab:b5:38:1d:
                    6a:08:89:94:41:ce:68:49:b8:d3:d3:f7:86:3b:bd:
                    33:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D7:25:71:9F:F9:46:1B:F7:07:4E:0D:84:5E:0C:5A:57:E6:10:17
            X509v3 Authority Key Identifier:
                keyid:24:29:5C:E7:12:47:3D:0E:3E:6D:AA:77:7D:B8:90:6F:80:01:DF:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JClc5xJHPQ4-bap3fbiQb4AB33A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/1a0c6a-1a5e-424b-9a69-995531862419/1/19clcZ_5Rhv3B04NhF4MWlfmEBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/1a0c6a-1a5e-424b-9a69-995531862419/1/JClc5xJHPQ4-bap3fbiQb4AB33A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.102.64.0/22
                IPv6:
                  2a07:dbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:3e:d0:64:cc:f7:dd:16:8c:92:de:54:40:43:28:5c:0f:d9:
         ab:cf:f2:82:71:a8:b4:2c:34:e0:b3:7a:95:6b:37:71:ac:f1:
         64:b5:0a:eb:bb:80:ab:43:df:66:1e:e9:75:d4:af:6f:cb:9e:
         d8:ae:85:53:b8:f7:d8:72:21:77:bc:b3:fc:83:54:b1:22:b5:
         84:26:d4:d4:88:c2:cb:f6:d4:4a:4e:d6:fd:f1:f5:a5:b4:98:
         3f:14:e1:58:91:95:73:03:45:fa:d7:9b:35:38:12:10:fb:ec:
         7a:78:f0:10:a5:ca:04:a1:1b:64:84:d8:29:a3:89:f9:60:65:
         87:46:55:94:25:84:6e:4e:2d:b1:ef:2e:0a:4a:23:04:19:83:
         98:49:ef:f8:e7:71:64:53:1e:90:69:9e:5b:9a:5d:d0:7d:e6:
         0d:97:7f:fd:67:a1:68:8c:40:93:c4:46:28:a6:d5:14:0f:8d:
         62:19:f7:52:4d:30:64:9a:1e:31:fd:6f:59:83:28:f4:5a:4a:
         0c:c5:f7:a5:42:2d:d4:99:b0:45:a1:0e:54:23:bb:05:88:ae:
         3c:23:5f:08:f6:99:eb:e7:af:92:06:03:07:62:e5:69:18:e1:
         25:1c:bc:97:78:b7:87:4b:a0:b6:2a:33:a1:b9:52:de:dc:62:
         55:5e:e8:85
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvJpthJtZGY2q+N7mjD9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0Mjk1Y2U3MTI0NzNkMGUzZTZkYWE3NzdkYjg5MDZmODAw
MWRmNzAwHhcNMjQwMTAyMTAzMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Q3MjU3MTlmZjk0NjFiZjcwNzRlMGQ4NDVlMGM1YTU3ZTYxMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLiojMGBqZKysAmLFHs6GjKOJtJ4
9L5Qt4v0c+b6dLxoxniTzy4vrvvfwTb4BLhDYPskQcaje21iFFT3RzgGKMZ4NxJR
h+kN7TOx1EJP2iZLHIcQMafFDSR70kXmzOGeTEqkw1Qo+yYtkGbpKWy8dR7qRwal
hyRPfJ4/LmtqBmij1M6Mx9IQ6SWmKjb3n9T9hpxo5/8EhB1rGBS0VxJZ/lEezZYl
C4i+21uPL/8QBxMWBLL+eP7WZuC+pBlM0p8R44IhUaUwsS4HKI4pIq4rqXvpU0YN
17BtGqm6Mbh2MZn9RZZUTvt3ha8OAKu1OB1qCImUQc5oSbjT0/eGO70zZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNfXJXGf+UYb9wdODYReDFpX5hAXMB8GA1UdIwQY
MBaAFCQpXOcSRz0OPm2qd324kG+AAd9wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkNsYzV4SkhQUTQtYmFwM2ZiaVFiNEFCMzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8xYTBjNmEtMWE1ZS00MjRiLTlhNjkt
OTk1NTMxODYyNDE5LzEvMTljbGNaXzVSaHYzQjA0TmhGNE1XbGZtRUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8xYTBjNmEtMWE1ZS00MjRiLTlhNjktOTk1NTMxODYyNDE5
LzEvSkNsYzV4SkhQUTQtYmFwM2ZiaVFiNEFCMzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCsGZAMA0E
AgACMAcDBQAqB9vAMA0GCSqGSIb3DQEBCwUAA4IBAQB+PtBkzPfdFoyS3lRAQyhc
D9mrz/KCcai0LDTgs3qVazdxrPFktQrru4CrQ99mHul11K9vy57YroVTuPfYciF3
vLP8g1SxIrWEJtTUiMLL9tRKTtb98fWltJg/FOFYkZVzA0X615s1OBIQ++x6ePAQ
pcoEoRtkhNgpo4n5YGWHRlWUJYRuTi2x7y4KSiMEGYOYSe/453FkUx6QaZ5bml3Q
feYNl3/9Z6FojECTxEYoptUUD41iGfdSTTBkmh4x/W9Zgyj0WkoMxfelQi3UmbBF
oQ5UI7sFiK48I18I9pnr56+SBgMHYuVpGOElHLyXeLeHS6C2KjOhuVLe3GJVXuiF
-----END CERTIFICATE-----