Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/n05hXgC92qs6ITPZmPpf1sg9X3g.roa
File:                     n05hXgC92qs6ITPZmPpf1sg9X3g.roa (raw, json)
Hash identifier:          WeiBujRSQunZkAqoteB13KXK7OEE+rj0nY8jyghykfo=
Subject key identifier:   9F:4E:61:5E:00:BD:DA:AB:3A:21:33:D9:98:FA:5F:D6:C8:3D:5F:78
Certificate issuer:       /CN=3da4c2fbdf10f8231f3df531ce5a3a2e3b23cefc
Certificate serial:       018CC870BAAC216A6774E577F77FF43D5242
Authority key identifier: 3D:A4:C2:FB:DF:10:F8:23:1F:3D:F5:31:CE:5A:3A:2E:3B:23:CE:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/n05hXgC92qs6ITPZmPpf1sg9X3g.roa
Signing time:             Tue 02 Jan 2024 04:31:20 +0000
ROA not before:           Tue 02 Jan 2024 04:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        176.110.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:ba:ac:21:6a:67:74:e5:77:f7:7f:f4:3d:52:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3da4c2fbdf10f8231f3df531ce5a3a2e3b23cefc
        Validity
            Not Before: Jan  2 04:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f4e615e00bddaab3a2133d998fa5fd6c83d5f78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:cb:0a:48:5c:48:00:4b:79:0a:c8:82:77:a0:
                    43:ef:69:49:b5:7b:6a:b0:4d:b4:b2:b8:4d:07:61:
                    96:6b:79:09:e4:b4:29:90:db:3f:89:86:d7:4c:e6:
                    80:c9:97:42:26:81:ab:20:52:2c:8f:33:a0:9a:63:
                    e0:4f:35:8a:f3:9d:20:3e:9b:7a:e4:d1:43:41:60:
                    f7:d9:4e:13:b4:02:c0:84:1c:75:85:ee:4f:05:3f:
                    9a:64:2b:12:96:cc:97:b4:25:0f:a1:bc:8a:93:82:
                    d1:66:9f:ec:b9:ca:df:a2:6f:76:80:0d:e4:18:3c:
                    c5:b4:aa:c2:11:52:32:ac:00:e9:91:5f:2a:1e:d1:
                    4b:68:a5:fa:f7:7e:72:62:3e:78:c0:6a:51:42:33:
                    5b:ba:08:d3:fa:be:ae:33:e0:f8:90:e9:b9:03:90:
                    d0:fa:8f:0c:4e:b6:30:dc:2b:02:69:a7:ae:74:f0:
                    d9:59:9c:ce:fa:46:c0:33:b9:d6:39:d5:f7:f8:7a:
                    1b:48:57:b6:bb:bd:94:64:d2:07:ae:ef:0d:15:bc:
                    14:5a:5e:4c:fb:35:02:fb:cc:d2:da:e0:18:9d:fb:
                    ee:63:df:8d:56:44:ed:08:7e:c3:21:0f:74:de:d0:
                    9f:30:78:3e:ae:f6:52:a3:b6:3f:30:2a:6e:49:f1:
                    85:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4E:61:5E:00:BD:DA:AB:3A:21:33:D9:98:FA:5F:D6:C8:3D:5F:78
            X509v3 Authority Key Identifier:
                keyid:3D:A4:C2:FB:DF:10:F8:23:1F:3D:F5:31:CE:5A:3A:2E:3B:23:CE:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/n05hXgC92qs6ITPZmPpf1sg9X3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/349c58-fbb0-4ddd-a080-d2c97d65efa8/1/PaTC-98Q-CMfPfUxzlo6Ljsjzvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.110.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:80:33:c4:b7:43:df:de:19:a7:25:35:da:9e:af:02:9a:fc:
         dd:b0:6a:09:d4:b9:f2:88:10:46:d6:96:55:af:35:b2:7f:1f:
         c2:3d:af:bb:d5:ab:0f:f5:11:67:86:0a:01:34:65:2a:ce:2f:
         5b:3b:a9:00:2e:bc:d5:a5:da:41:72:5a:a5:41:59:0a:dd:41:
         30:a7:63:0e:aa:ed:54:31:97:7e:d2:35:2c:29:29:da:8c:b8:
         4d:0e:1a:0b:3c:1b:69:43:85:6d:d4:b3:05:3d:49:25:5e:91:
         b9:17:74:a0:07:21:f4:97:08:a0:57:61:dc:c8:91:b0:6a:93:
         fe:f3:37:38:83:00:de:88:16:cf:4f:36:2b:1b:23:40:55:f8:
         59:90:35:98:4c:6e:f4:be:bf:83:73:2f:b3:9a:01:7d:b4:e2:
         17:21:f0:cd:82:f5:b7:af:ee:c7:7a:c7:35:73:5b:b9:c9:05:
         18:32:6d:99:a6:82:1b:6a:c5:84:72:b5:f3:f4:b0:69:e8:db:
         32:51:e4:ae:9d:4a:31:03:c3:ef:c9:a4:e1:f3:b5:b7:20:1f:
         48:19:fe:31:8e:5d:50:64:ce:0e:b2:07:ea:c1:7d:c9:0b:a8:
         5f:e3:51:60:3a:44:e2:3d:49:49:7c:70:dd:10:3c:cb:4d:46:
         c5:a2:65:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcLqsIWpndOV393/0PVJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYTRjMmZiZGYxMGY4MjMxZjNkZjUzMWNlNWEzYTJlM2Iy
M2NlZmMwHhcNMjQwMTAyMDQzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjRlNjE1ZTAwYmRkYWFiM2EyMTMzZDk5OGZhNWZkNmM4M2Q1Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMsKSFxIAEt5CsiCd6BD72lJtXtq
sE20srhNB2GWa3kJ5LQpkNs/iYbXTOaAyZdCJoGrIFIsjzOgmmPgTzWK850gPpt6
5NFDQWD32U4TtALAhBx1he5PBT+aZCsSlsyXtCUPobyKk4LRZp/sucrfom92gA3k
GDzFtKrCEVIyrADpkV8qHtFLaKX6935yYj54wGpRQjNbugjT+r6uM+D4kOm5A5DQ
+o8MTrYw3CsCaaeudPDZWZzO+kbAM7nWOdX3+HobSFe2u72UZNIHru8NFbwUWl5M
+zUC+8zS2uAYnfvuY9+NVkTtCH7DIQ903tCfMHg+rvZSo7Y/MCpuSfGFnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9OYV4AvdqrOiEz2Zj6X9bIPV94MB8GA1UdIwQY
MBaAFD2kwvvfEPgjHz31Mc5aOi47I878MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGFUQy05OFEtQ01mUGZVeHpsbzZManNqenZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8zNDljNTgtZmJiMC00ZGRkLWEwODAt
ZDJjOTdkNjVlZmE4LzEvbjA1aFhnQzkycXM2SVRQWm1QcGYxc2c5WDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8zNDljNTgtZmJiMC00ZGRkLWEwODAtZDJjOTdkNjVlZmE4
LzEvUGFUQy05OFEtQ01mUGZVeHpsbzZManNqenZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsG5oMA0G
CSqGSIb3DQEBCwUAA4IBAQBGgDPEt0Pf3hmnJTXanq8CmvzdsGoJ1LnyiBBG1pZV
rzWyfx/CPa+71asP9RFnhgoBNGUqzi9bO6kALrzVpdpBclqlQVkK3UEwp2MOqu1U
MZd+0jUsKSnajLhNDhoLPBtpQ4Vt1LMFPUklXpG5F3SgByH0lwigV2HcyJGwapP+
8zc4gwDeiBbPTzYrGyNAVfhZkDWYTG70vr+Dcy+zmgF9tOIXIfDNgvW3r+7Hesc1
c1u5yQUYMm2ZpoIbasWEcrXz9LBp6NsyUeSunUoxA8PvyaTh87W3IB9IGf4xjl1Q
ZM4OsgfqwX3JC6hf41FgOkTiPUlJfHDdEDzLTUbFomXu
-----END CERTIFICATE-----