Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/9oxwHTaGkfZuJT32md6CYBToQ80.roa
File:                     9oxwHTaGkfZuJT32md6CYBToQ80.roa (raw, json)
Hash identifier:          JTermiy/BlRohLzvMWVrfYu9ASPrTjmJy+WVr2FnAVE=
Subject key identifier:   F6:8C:70:1D:36:86:91:F6:6E:25:3D:F6:99:DE:82:60:14:E8:43:CD
Certificate issuer:       /CN=427ce5719caa681adbd493a8d9a38a675d6bd639
Certificate serial:       018CC8DF737C9BB1B2B784E08BFD489ABF99
Authority key identifier: 42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/9oxwHTaGkfZuJT32md6CYBToQ80.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        176.52.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:73:7c:9b:b1:b2:b7:84:e0:8b:fd:48:9a:bf:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427ce5719caa681adbd493a8d9a38a675d6bd639
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f68c701d368691f66e253df699de826014e843cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:89:48:fc:4d:4b:f5:c2:1b:27:76:c1:71:d2:
                    bd:d0:b0:52:e1:25:93:1f:9b:e0:40:7d:91:dc:f1:
                    1b:93:1b:f3:4d:aa:e2:5e:3d:39:e3:89:e4:65:af:
                    8e:78:18:0b:e4:8c:15:48:95:a2:3d:33:b3:ff:06:
                    aa:fa:13:d9:a0:b0:56:62:7d:28:8b:fb:40:60:5a:
                    b1:a2:dd:d7:9e:87:22:f6:fa:0e:2d:ec:b5:fd:dc:
                    ce:76:6f:87:29:80:95:af:78:0d:00:e7:04:aa:07:
                    9b:04:db:a3:06:50:4c:5e:0c:5a:87:5e:48:90:0c:
                    e4:d1:4f:cc:2e:88:2f:bb:80:db:aa:b6:93:7b:8a:
                    81:a9:48:ef:c5:a9:e8:9f:85:b7:ee:b2:b2:23:38:
                    e4:d0:70:79:60:d0:55:cc:d5:35:b8:27:c4:44:50:
                    93:60:c4:33:5b:6b:d3:c9:f9:0a:2b:d8:dc:62:03:
                    aa:88:71:e2:f2:b2:7d:28:a6:cd:e7:39:be:52:75:
                    7d:62:05:53:4e:77:69:9e:5f:ee:b3:d3:34:40:bc:
                    58:24:a8:5e:ee:aa:c2:30:00:43:31:21:90:11:f0:
                    26:9f:bb:68:a6:3e:c0:cc:5e:96:e9:56:e1:d7:82:
                    d0:ed:a3:9d:e8:c3:d7:89:e8:14:9d:7a:fd:06:fd:
                    20:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:8C:70:1D:36:86:91:F6:6E:25:3D:F6:99:DE:82:60:14:E8:43:CD
            X509v3 Authority Key Identifier:
                keyid:42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/9oxwHTaGkfZuJT32md6CYBToQ80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:cc:5e:30:5b:77:e9:a5:90:36:fb:05:cb:40:13:24:04:72:
         b6:02:f1:98:ba:93:4a:e4:48:46:48:cc:50:a4:c1:ce:6f:22:
         af:5e:6c:4f:4f:93:4b:8c:0a:64:33:80:54:42:a7:a3:bc:85:
         96:74:96:d3:e5:a8:63:c2:d8:95:76:40:30:91:2d:94:34:79:
         dc:65:01:70:83:3a:d4:eb:e6:09:d2:0f:0d:ff:e0:4c:61:29:
         88:48:59:ee:6a:83:43:d8:16:a7:b1:e4:b2:b6:c2:38:c3:55:
         e8:1d:ea:8e:32:73:e8:10:2c:b0:ae:7f:ba:14:81:ab:60:5a:
         38:38:34:df:42:37:9d:7f:a5:04:5f:52:a3:69:4c:52:9b:a1:
         1b:a6:a0:94:0d:b6:c3:fc:e2:0a:51:9c:a2:5f:d0:ff:c5:76:
         ca:aa:11:3d:08:a3:25:cf:f1:36:d3:86:8a:0c:b1:51:8f:f9:
         f7:47:bf:2d:74:d0:06:f3:19:43:7c:7b:3b:b5:61:d4:83:2d:
         07:c9:f2:d1:f4:2d:0f:33:b0:0c:f3:8d:3f:fb:27:0d:2b:7b:
         81:e2:2b:56:bb:5f:17:18:65:67:89:9e:0d:e7:3e:ee:60:4f:
         5b:67:87:d4:37:23:0c:e9:92:e3:2e:e4:ab:d4:40:af:0d:dc:
         f1:a5:fa:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33N8m7Gyt4Tgi/1Imr+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2NlNTcxOWNhYTY4MWFkYmQ0OTNhOGQ5YTM4YTY3NWQ2
YmQ2MzkwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjhjNzAxZDM2ODY5MWY2NmUyNTNkZjY5OWRlODI2MDE0ZTg0M2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIlI/E1L9cIbJ3bBcdK90LBS4SWT
H5vgQH2R3PEbkxvzTariXj0544nkZa+OeBgL5IwVSJWiPTOz/waq+hPZoLBWYn0o
i/tAYFqxot3Xnoci9voOLey1/dzOdm+HKYCVr3gNAOcEqgebBNujBlBMXgxah15I
kAzk0U/MLogvu4DbqraTe4qBqUjvxanon4W37rKyIzjk0HB5YNBVzNU1uCfERFCT
YMQzW2vTyfkKK9jcYgOqiHHi8rJ9KKbN5zm+UnV9YgVTTndpnl/us9M0QLxYJKhe
7qrCMABDMSGQEfAmn7topj7AzF6W6Vbh14LQ7aOd6MPXiegUnXr9Bv0gowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPaMcB02hpH2biU99pnegmAU6EPNMB8GA1UdIwQY
MBaAFEJ85XGcqmga29STqNmjimdda9Y5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTkt
MDkxYzJkMzAzZmU4LzEvOW94d0hUYUdrZlp1SlQzMm1kNkNZQlRvUTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTktMDkxYzJkMzAzZmU4
LzEvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDS7MA0G
CSqGSIb3DQEBCwUAA4IBAQBKzF4wW3fppZA2+wXLQBMkBHK2AvGYupNK5EhGSMxQ
pMHObyKvXmxPT5NLjApkM4BUQqejvIWWdJbT5ahjwtiVdkAwkS2UNHncZQFwgzrU
6+YJ0g8N/+BMYSmISFnuaoND2BanseSytsI4w1XoHeqOMnPoECywrn+6FIGrYFo4
ODTfQjedf6UEX1KjaUxSm6EbpqCUDbbD/OIKUZyiX9D/xXbKqhE9CKMlz/E204aK
DLFRj/n3R78tdNAG8xlDfHs7tWHUgy0HyfLR9C0PM7AM840/+ycNK3uB4itWu18X
GGVniZ4N5z7uYE9bZ4fUNyMM6ZLjLuSr1ECvDdzxpfpC
-----END CERTIFICATE-----