Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/oiVF5VSk_xnRYuv6VQGND_rgH14.roa
File:                     oiVF5VSk_xnRYuv6VQGND_rgH14.roa (raw, json)
Hash identifier:          /NnAcnSeAPwVnb3WvC5kC8Q29h7iaHWEWXwyESJ2HEI=
Subject key identifier:   A2:25:45:E5:54:A4:FF:19:D1:62:EB:FA:55:01:8D:0F:FA:E0:1F:5E
Certificate issuer:       /CN=6d365f0d9bee484c085cf3fe338ad035c3f98479
Certificate serial:       018D405FED848748F417D11469898D391302
Authority key identifier: 6D:36:5F:0D:9B:EE:48:4C:08:5C:F3:FE:33:8A:D0:35:C3:F9:84:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bTZfDZvuSEwIXPP-M4rQNcP5hHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/oiVF5VSk_xnRYuv6VQGND_rgH14.roa
Signing time:             Thu 25 Jan 2024 11:27:25 +0000
ROA not before:           Thu 25 Jan 2024 11:27:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204949
IP address blocks:        176.53.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/bTZfDZvuSEwIXPP-M4rQNcP5hHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/bTZfDZvuSEwIXPP-M4rQNcP5hHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bTZfDZvuSEwIXPP-M4rQNcP5hHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:40:5f:ed:84:87:48:f4:17:d1:14:69:89:8d:39:13:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d365f0d9bee484c085cf3fe338ad035c3f98479
        Validity
            Not Before: Jan 25 11:27:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a22545e554a4ff19d162ebfa55018d0ffae01f5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4c:7e:8b:6c:a9:23:2a:1e:17:7a:2e:a9:bb:
                    b4:52:1d:22:f1:05:3e:18:ed:28:09:44:bc:56:41:
                    6d:25:5b:00:28:23:22:d3:dc:3b:c6:17:44:bd:b2:
                    0f:7f:cc:1d:ea:69:e7:1b:82:69:20:94:d5:83:dc:
                    bb:15:84:53:81:d0:f1:5e:c6:af:10:2f:20:82:40:
                    f6:8c:82:ef:34:7a:9c:7b:ec:7d:82:64:f5:99:58:
                    2a:5f:fb:ee:cf:e9:7f:50:39:af:c9:8e:66:2d:28:
                    ae:57:d6:d4:cb:19:ed:93:71:90:2b:e8:d7:36:15:
                    7d:af:fc:a6:ef:ac:79:5b:b6:ae:80:ce:4f:6e:30:
                    e5:b1:3c:1a:f2:02:6d:8b:80:4b:2d:93:8a:62:3d:
                    f4:9d:cf:08:5f:c5:45:f4:8b:67:fd:57:69:0b:04:
                    1f:5c:dc:de:55:83:86:5e:63:cd:8e:a2:0c:ba:c9:
                    0c:4f:0f:2a:b7:e6:f8:80:16:60:ce:cf:32:ab:5e:
                    b1:a3:bf:8d:6a:e0:5f:37:1b:ad:f4:a7:1a:4d:5b:
                    81:7f:fe:82:6f:5f:7e:98:1b:0b:91:e7:9f:10:91:
                    6c:45:ff:bc:f1:d2:7f:a2:41:02:c1:0a:f6:6b:36:
                    21:b2:f5:4a:0c:c0:02:40:26:d6:58:de:99:0e:f0:
                    89:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:25:45:E5:54:A4:FF:19:D1:62:EB:FA:55:01:8D:0F:FA:E0:1F:5E
            X509v3 Authority Key Identifier:
                keyid:6D:36:5F:0D:9B:EE:48:4C:08:5C:F3:FE:33:8A:D0:35:C3:F9:84:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bTZfDZvuSEwIXPP-M4rQNcP5hHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/oiVF5VSk_xnRYuv6VQGND_rgH14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1b4bdf-67ad-4f0e-81ed-9e5c85af93a5/1/bTZfDZvuSEwIXPP-M4rQNcP5hHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:3b:41:21:1f:0d:7d:9c:65:95:e3:4a:2c:98:2b:21:1f:fa:
         73:e3:aa:a5:e2:26:64:43:bd:e4:57:0a:54:fc:ba:2b:58:e7:
         e7:17:3f:ae:af:a9:95:d2:f5:19:17:b0:c9:00:57:ce:fc:48:
         cf:86:88:11:f4:2e:0c:78:13:06:93:1f:4b:0d:c1:e0:b6:b0:
         cf:a2:97:ea:d0:0b:de:c5:c4:f8:38:55:7f:33:cb:a9:a8:42:
         38:37:ab:ae:46:5b:c8:37:25:5d:92:a2:c6:83:d7:f7:1c:7f:
         3f:85:71:6a:17:aa:30:d9:99:00:d8:90:95:55:15:fa:a2:aa:
         0e:80:5f:39:89:b7:8a:00:51:c1:e3:12:82:e4:a2:a9:de:db:
         4e:92:b6:c8:75:95:21:dd:de:1c:44:24:aa:00:78:61:42:65:
         9e:b1:da:fe:c8:55:9e:55:3b:85:6d:b7:a9:9e:d2:aa:a2:39:
         99:f2:8a:0f:9d:a9:11:df:d6:41:fa:4b:73:6d:04:fe:52:32:
         eb:62:a8:6a:18:f4:12:af:8a:44:f6:b1:a2:77:b0:75:5b:84:
         6d:04:88:56:c0:58:7b:70:d0:45:65:19:74:3e:02:28:ff:a0:
         5d:2a:28:91:e8:bd:95:d5:c0:21:24:ec:5b:c5:32:ec:23:ff:
         99:7a:70:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1AX+2Eh0j0F9EUaYmNORMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMzY1ZjBkOWJlZTQ4NGMwODVjZjNmZTMzOGFkMDM1YzNm
OTg0NzkwHhcNMjQwMTI1MTEyNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjI1NDVlNTU0YTRmZjE5ZDE2MmViZmE1NTAxOGQwZmZhZTAxZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkx+i2ypIyoeF3ouqbu0Uh0i8QU+
GO0oCUS8VkFtJVsAKCMi09w7xhdEvbIPf8wd6mnnG4JpIJTVg9y7FYRTgdDxXsav
EC8ggkD2jILvNHqce+x9gmT1mVgqX/vuz+l/UDmvyY5mLSiuV9bUyxntk3GQK+jX
NhV9r/ym76x5W7augM5PbjDlsTwa8gJti4BLLZOKYj30nc8IX8VF9Itn/VdpCwQf
XNzeVYOGXmPNjqIMuskMTw8qt+b4gBZgzs8yq16xo7+NauBfNxut9KcaTVuBf/6C
b19+mBsLkeefEJFsRf+88dJ/okECwQr2azYhsvVKDMACQCbWWN6ZDvCJ0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIlReVUpP8Z0WLr+lUBjQ/64B9eMB8GA1UdIwQY
MBaAFG02Xw2b7khMCFzz/jOK0DXD+YR5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlRaZkRadnVTRXdJWFBQLU00clFOY1A1aEhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xYjRiZGYtNjdhZC00ZjBlLTgxZWQt
OWU1Yzg1YWY5M2E1LzEvb2lWRjVWU2tfeG5SWXV2NlZRR05EX3JnSDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xYjRiZGYtNjdhZC00ZjBlLTgxZWQtOWU1Yzg1YWY5M2E1
LzEvYlRaZkRadnVTRXdJWFBQLU00clFOY1A1aEhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDWRMA0G
CSqGSIb3DQEBCwUAA4IBAQBcO0EhHw19nGWV40osmCshH/pz46ql4iZkQ73kVwpU
/LorWOfnFz+ur6mV0vUZF7DJAFfO/EjPhogR9C4MeBMGkx9LDcHgtrDPopfq0Ave
xcT4OFV/M8upqEI4N6uuRlvINyVdkqLGg9f3HH8/hXFqF6ow2ZkA2JCVVRX6oqoO
gF85ibeKAFHB4xKC5KKp3ttOkrbIdZUh3d4cRCSqAHhhQmWesdr+yFWeVTuFbbep
ntKqojmZ8ooPnakR39ZB+ktzbQT+UjLrYqhqGPQSr4pE9rGid7B1W4RtBIhWwFh7
cNBFZRl0PgIo/6BdKiiR6L2V1cAhJOxbxTLsI/+ZenDK
-----END CERTIFICATE-----