Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/qwK8fMpeJh5VOiCgSOAD8Os7-hk.roa
File:                     qwK8fMpeJh5VOiCgSOAD8Os7-hk.roa (raw, json)
Hash identifier:          UFSf46JhhBB8vLWkl6r7FvIuIaXuc4/Sn69P9skEC1g=
Subject key identifier:   AB:02:BC:7C:CA:5E:26:1E:55:3A:20:A0:48:E0:03:F0:EB:3B:FA:19
Certificate issuer:       /CN=cccd583c8d71a2427e0060e3cc924f32dc1a820b
Certificate serial:       018E13870B5F0E8999E04DF1008C8E6CDFE7
Authority key identifier: CC:CD:58:3C:8D:71:A2:42:7E:00:60:E3:CC:92:4F:32:DC:1A:82:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/qwK8fMpeJh5VOiCgSOAD8Os7-hk.roa
Signing time:             Wed 06 Mar 2024 11:30:01 +0000
ROA not before:           Wed 06 Mar 2024 11:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        176.124.220.0/24 maxlen: 24
                          176.124.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 06:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:87:0b:5f:0e:89:99:e0:4d:f1:00:8c:8e:6c:df:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cccd583c8d71a2427e0060e3cc924f32dc1a820b
        Validity
            Not Before: Mar  6 11:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab02bc7cca5e261e553a20a048e003f0eb3bfa19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d9:3d:1c:0c:f3:9a:95:24:1d:a5:d2:bd:eb:
                    fa:fd:23:90:e3:65:4f:d4:bb:a2:45:eb:cf:3a:11:
                    3d:c7:ee:1e:f9:19:7f:e2:13:5f:d9:7e:e1:50:71:
                    ab:b9:4c:27:1f:95:0e:af:a0:eb:a1:27:7a:a0:ff:
                    24:da:be:b8:25:5d:47:24:13:86:9b:2f:92:03:5a:
                    7c:ae:cb:fd:20:e5:af:ca:3e:b2:ae:ac:68:09:0a:
                    b1:1e:06:7d:9a:da:25:1d:ca:db:13:fe:22:5a:c9:
                    c0:9b:7f:c9:f2:1b:93:2d:dc:69:81:3b:a9:8b:9d:
                    75:2c:d6:1d:e5:d2:ba:ba:65:c8:88:47:fa:55:e2:
                    3a:3f:69:33:6b:a9:da:5a:a9:e7:7b:d1:48:4d:5e:
                    68:21:dd:59:fb:d1:92:78:89:2c:3d:b4:e5:8e:d7:
                    0a:5b:1a:a5:1d:fe:5f:06:24:cd:81:a6:11:04:20:
                    ed:a4:1d:c1:fe:94:ed:df:f9:87:5a:bc:6f:10:8a:
                    ea:bc:f5:5a:26:e8:52:9d:c1:31:77:1f:56:26:77:
                    99:6c:e7:1c:57:bf:b3:b7:e4:52:e3:47:da:29:50:
                    39:fe:55:19:42:ff:85:70:7e:c4:a3:81:7a:e6:38:
                    10:8d:4c:39:78:34:ef:19:75:05:36:6c:28:f2:49:
                    40:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:02:BC:7C:CA:5E:26:1E:55:3A:20:A0:48:E0:03:F0:EB:3B:FA:19
            X509v3 Authority Key Identifier:
                keyid:CC:CD:58:3C:8D:71:A2:42:7E:00:60:E3:CC:92:4F:32:DC:1A:82:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/qwK8fMpeJh5VOiCgSOAD8Os7-hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:6f:04:df:90:ea:b1:5f:f6:af:5b:4e:9b:c7:b5:1f:5f:f2:
         82:fe:7b:e3:83:df:2a:4f:ac:96:c9:e5:9a:d3:3c:6c:37:c0:
         bd:30:97:f5:24:83:74:ea:fe:f0:3c:19:b8:b1:a4:90:0e:8d:
         17:eb:6f:c4:9b:a2:b9:e5:14:51:41:cc:67:02:fd:21:fb:51:
         f9:d0:e7:35:67:2a:94:5f:f3:db:5b:aa:49:9c:81:8f:5d:67:
         aa:b5:c9:f4:3d:a5:44:a8:f1:5f:82:d2:f6:80:18:f6:c2:e3:
         36:27:50:e5:fb:5e:38:19:c7:ce:ea:ca:2c:e8:36:4c:ee:8a:
         a7:ea:8d:97:83:93:ff:58:18:b2:73:4c:8c:7a:85:bd:a9:5c:
         e4:5d:34:c6:ff:0a:b7:81:95:7e:66:18:64:53:9e:21:3c:08:
         22:2b:e6:c7:32:2b:fc:df:34:08:d0:b5:71:c5:36:66:8c:31:
         3c:5b:de:75:d5:0d:19:ab:db:28:62:70:a5:53:20:8d:02:a7:
         a8:8c:d9:2a:5f:87:48:e0:8b:ef:65:8e:7a:4b:61:99:d0:79:
         8d:b7:94:59:96:23:f1:1c:f8:ac:8f:96:b4:88:f8:03:11:39:
         95:52:d7:c3:9a:b9:6d:f0:38:bf:73:2a:82:a0:c6:6e:a4:84:
         3a:86:04:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4ThwtfDomZ4E3xAIyObN/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjY2Q1ODNjOGQ3MWEyNDI3ZTAwNjBlM2NjOTI0ZjMyZGMx
YTgyMGIwHhcNMjQwMzA2MTEzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjAyYmM3Y2NhNWUyNjFlNTUzYTIwYTA0OGUwMDNmMGViM2JmYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtk9HAzzmpUkHaXSvev6/SOQ42VP
1LuiRevPOhE9x+4e+Rl/4hNf2X7hUHGruUwnH5UOr6DroSd6oP8k2r64JV1HJBOG
my+SA1p8rsv9IOWvyj6yrqxoCQqxHgZ9mtolHcrbE/4iWsnAm3/J8huTLdxpgTup
i511LNYd5dK6umXIiEf6VeI6P2kza6naWqnne9FITV5oId1Z+9GSeIksPbTljtcK
WxqlHf5fBiTNgaYRBCDtpB3B/pTt3/mHWrxvEIrqvPVaJuhSncExdx9WJneZbOcc
V7+zt+RS40faKVA5/lUZQv+FcH7Eo4F65jgQjUw5eDTvGXUFNmwo8klATQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsCvHzKXiYeVTogoEjgA/DrO/oZMB8GA1UdIwQY
MBaAFMzNWDyNcaJCfgBg48ySTzLcGoILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek0xWVBJMXhva0otQUdEanpKSlBNdHdhZ2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81NmEwMmEtYzVmZC00MTE5LThjNWYt
ZjQ4NTAyZDEzOTQ4LzEvcXdLOGZNcGVKaDVWT2lDZ1NPQUQ4T3M3LWhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81NmEwMmEtYzVmZC00MTE5LThjNWYtZjQ4NTAyZDEzOTQ4
LzEvek0xWVBJMXhva0otQUdEanpKSlBNdHdhZ2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHzcMA0G
CSqGSIb3DQEBCwUAA4IBAQCJbwTfkOqxX/avW06bx7UfX/KC/nvjg98qT6yWyeWa
0zxsN8C9MJf1JIN06v7wPBm4saSQDo0X62/Em6K55RRRQcxnAv0h+1H50Oc1ZyqU
X/PbW6pJnIGPXWeqtcn0PaVEqPFfgtL2gBj2wuM2J1Dl+144GcfO6sos6DZM7oqn
6o2Xg5P/WBiyc0yMeoW9qVzkXTTG/wq3gZV+ZhhkU54hPAgiK+bHMiv83zQI0LVx
xTZmjDE8W9511Q0Zq9soYnClUyCNAqeojNkqX4dI4IvvZY56S2GZ0HmNt5RZliPx
HPisj5a0iPgDETmVUtfDmrlt8Di/cyqCoMZupIQ6hgQg
-----END CERTIFICATE-----