Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/9f285b-a00b-4222-9e55-799a18c9ac5a/1/ckdiPs08Pf7oJH2AV2l5YzbLfm0.roa
File:                     ckdiPs08Pf7oJH2AV2l5YzbLfm0.roa (raw, json)
Hash identifier:          Rx3MxQ/UIZXCwSXhbflxxuKGay1yaqusEMW9u1x4ueo=
Subject key identifier:   72:47:62:3E:CD:3C:3D:FE:E8:24:7D:80:57:69:79:63:36:CB:7E:6D
Certificate issuer:       /CN=aae448271d85ae879a9abf15b3bca983470a1348
Certificate serial:       018EACFF36B822E886A448FBA4A3E0D919D3
Authority key identifier: AA:E4:48:27:1D:85:AE:87:9A:9A:BF:15:B3:BC:A9:83:47:0A:13:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quRIJx2Froeamr8Vs7ypg0cKE0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/9f285b-a00b-4222-9e55-799a18c9ac5a/1/ckdiPs08Pf7oJH2AV2l5YzbLfm0.roa
Signing time:             Fri 05 Apr 2024 06:43:10 +0000
ROA not before:           Fri 05 Apr 2024 06:43:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29509
IP address blocks:        176.100.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/9f285b-a00b-4222-9e55-799a18c9ac5a/1/quRIJx2Froeamr8Vs7ypg0cKE0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/9f285b-a00b-4222-9e55-799a18c9ac5a/1/quRIJx2Froeamr8Vs7ypg0cKE0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/quRIJx2Froeamr8Vs7ypg0cKE0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ac:ff:36:b8:22:e8:86:a4:48:fb:a4:a3:e0:d9:19:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae448271d85ae879a9abf15b3bca983470a1348
        Validity
            Not Before: Apr  5 06:43:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7247623ecd3c3dfee8247d805769796336cb7e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0d:bb:85:d7:3c:44:33:ca:b2:5f:bf:37:7e:
                    ef:a2:3b:6a:ec:df:d7:94:72:08:f3:c3:05:7c:63:
                    d8:fa:c9:17:8e:49:e4:17:e6:eb:49:93:98:dc:21:
                    d6:4b:c1:e3:1d:7d:3c:ac:75:e3:ed:8e:67:cf:5b:
                    a8:97:bb:3e:ae:fc:03:b3:e1:b0:e3:de:b9:44:be:
                    f2:53:a5:3d:b0:02:ba:43:60:28:a7:cb:43:c9:05:
                    98:1f:67:52:0c:5f:29:08:ba:89:4b:d4:e8:d0:98:
                    fd:28:01:ef:9e:e8:a9:10:d4:64:f9:2f:94:8d:7c:
                    f3:ff:8d:6f:1c:ed:ab:76:8a:37:61:fe:99:f4:a5:
                    8b:1b:df:88:e5:cc:0f:75:b1:33:44:0a:40:51:3d:
                    56:5b:0a:bb:d4:1e:fb:9b:98:07:0d:2a:d2:68:03:
                    88:ec:9b:b1:f2:60:96:82:79:ab:18:9e:fe:4c:73:
                    0f:38:8a:35:27:b7:89:ba:8c:39:fb:e7:ad:40:77:
                    af:43:57:4e:9e:2e:5c:1d:2b:ac:f2:92:2e:dc:6d:
                    13:16:36:36:15:80:4c:d8:b9:36:fc:e8:da:20:93:
                    f8:a4:b9:10:53:d9:20:34:db:c4:fe:83:5c:00:d7:
                    d8:b6:6f:6a:16:6f:d7:6c:c6:a1:40:e2:a3:f0:03:
                    e0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:47:62:3E:CD:3C:3D:FE:E8:24:7D:80:57:69:79:63:36:CB:7E:6D
            X509v3 Authority Key Identifier:
                keyid:AA:E4:48:27:1D:85:AE:87:9A:9A:BF:15:B3:BC:A9:83:47:0A:13:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quRIJx2Froeamr8Vs7ypg0cKE0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/9f285b-a00b-4222-9e55-799a18c9ac5a/1/ckdiPs08Pf7oJH2AV2l5YzbLfm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/9f285b-a00b-4222-9e55-799a18c9ac5a/1/quRIJx2Froeamr8Vs7ypg0cKE0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:3b:fc:14:01:e3:d9:28:75:70:09:38:b8:cd:47:66:8a:91:
         47:a1:1b:6c:9e:d4:a6:ea:59:18:55:1f:43:24:a9:3b:b4:e0:
         77:9e:06:c2:6a:c4:b3:9b:09:4b:b9:bd:77:29:08:4e:74:43:
         d0:a7:9b:c5:4f:23:f6:65:f2:2d:62:97:08:7a:1b:85:55:37:
         60:07:8e:d6:9a:1e:0a:c5:df:01:3f:85:cb:df:94:d2:b4:eb:
         4e:d2:b0:d0:d6:13:c5:f8:d7:59:ad:69:c8:5d:1f:d1:c8:12:
         50:a5:97:10:12:ec:e7:74:e7:ff:ac:8e:20:58:e3:69:b6:d3:
         4e:c1:f8:3c:6a:f8:ee:00:b9:40:df:04:77:20:f3:79:48:6c:
         c2:c3:c3:f1:38:5a:3a:0e:28:e5:f3:8d:74:af:5b:9e:bb:39:
         42:d2:4d:09:b5:a2:55:31:22:02:cd:4f:39:c3:f4:e9:ed:83:
         ea:75:81:65:bf:b6:23:4e:81:81:7a:be:37:c8:80:09:62:c9:
         07:7b:a2:64:1b:b9:fe:dc:ca:14:8a:4d:ea:96:ef:0f:b7:ff:
         31:7a:05:08:68:09:4a:2a:c5:2b:84:ac:c1:e8:90:00:cc:97:
         61:75:3c:3f:59:7f:b3:d8:b1:07:2a:57:0a:12:d5:f9:b2:01:
         d1:6f:33:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6s/za4IuiGpEj7pKPg2RnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZTQ0ODI3MWQ4NWFlODc5YTlhYmYxNWIzYmNhOTgzNDcw
YTEzNDgwHhcNMjQwNDA1MDY0MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjQ3NjIzZWNkM2MzZGZlZTgyNDdkODA1NzY5Nzk2MzM2Y2I3ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA27hdc8RDPKsl+/N37vojtq7N/X
lHII88MFfGPY+skXjknkF+brSZOY3CHWS8HjHX08rHXj7Y5nz1uol7s+rvwDs+Gw
4965RL7yU6U9sAK6Q2Aop8tDyQWYH2dSDF8pCLqJS9To0Jj9KAHvnuipENRk+S+U
jXzz/41vHO2rdoo3Yf6Z9KWLG9+I5cwPdbEzRApAUT1WWwq71B77m5gHDSrSaAOI
7Jux8mCWgnmrGJ7+THMPOIo1J7eJuow5++etQHevQ1dOni5cHSus8pIu3G0TFjY2
FYBM2Lk2/OjaIJP4pLkQU9kgNNvE/oNcANfYtm9qFm/XbMahQOKj8APgqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJHYj7NPD3+6CR9gFdpeWM2y35tMB8GA1UdIwQY
MBaAFKrkSCcdha6Hmpq/FbO8qYNHChNIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXVSSUp4MkZyb2VhbXI4VnM3eXBnMGNLRTBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi85ZjI4NWItYTAwYi00MjIyLTllNTUt
Nzk5YTE4YzlhYzVhLzEvY2tkaVBzMDhQZjdvSkgyQVYybDVZemJMZm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi85ZjI4NWItYTAwYi00MjIyLTllNTUtNzk5YTE4YzlhYzVh
LzEvcXVSSUp4MkZyb2VhbXI4VnM3eXBnMGNLRTBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGT7MA0G
CSqGSIb3DQEBCwUAA4IBAQCNO/wUAePZKHVwCTi4zUdmipFHoRtsntSm6lkYVR9D
JKk7tOB3ngbCasSzmwlLub13KQhOdEPQp5vFTyP2ZfItYpcIehuFVTdgB47Wmh4K
xd8BP4XL35TStOtO0rDQ1hPF+NdZrWnIXR/RyBJQpZcQEuzndOf/rI4gWONpttNO
wfg8avjuALlA3wR3IPN5SGzCw8PxOFo6Dijl8410r1ueuzlC0k0JtaJVMSICzU85
w/Tp7YPqdYFlv7YjToGBer43yIAJYskHe6JkG7n+3MoUik3qlu8Pt/8xegUIaAlK
KsUrhKzB6JAAzJdhdTw/WX+z2LEHKlcKEtX5sgHRbzN9
-----END CERTIFICATE-----