Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8O47t1EkFpDL-I_MKYgBBXQrG-c.roa
File:                     8O47t1EkFpDL-I_MKYgBBXQrG-c.roa (raw, json)
Hash identifier:          8Vxu7XmYYy2HHX39yAF/XDBVlK3p93Zvb3HkHlZd5oA=
Subject key identifier:   F0:EE:3B:B7:51:24:16:90:CB:F8:8F:CC:29:88:01:05:74:2B:1B:E7
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018EA2E38BA6F612E6E5094A3094B093B863
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8O47t1EkFpDL-I_MKYgBBXQrG-c.roa
Signing time:             Wed 03 Apr 2024 07:36:45 +0000
ROA not before:           Wed 03 Apr 2024 07:36:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206338
IP address blocks:        176.211.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:e3:8b:a6:f6:12:e6:e5:09:4a:30:94:b0:93:b8:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr  3 07:36:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0ee3bb751241690cbf88fcc29880105742b1be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d6:57:21:49:00:62:0d:9f:6f:3b:ea:1c:49:
                    36:86:cd:45:bf:bf:2e:6a:cb:d8:a8:9d:81:16:1b:
                    4f:29:ff:cb:75:c1:9c:75:7f:6c:0e:dd:fe:52:18:
                    fc:18:dc:af:60:f1:32:93:60:6b:77:2a:46:e5:a6:
                    60:95:32:86:7b:78:b2:d8:d1:0a:75:0a:bb:4b:a0:
                    67:da:1c:73:84:6a:02:c0:3b:37:29:1d:ab:77:01:
                    75:a0:7d:79:ad:63:30:43:2e:50:9d:75:a4:2c:13:
                    fe:61:f9:d5:97:3b:d9:77:ca:3d:21:4c:34:21:a3:
                    65:0d:a8:27:a4:9f:88:d0:3c:ee:e9:a2:a2:36:3c:
                    b4:05:94:17:70:b4:21:4f:c1:0f:ea:c9:c4:be:7a:
                    da:8e:d7:a1:94:a5:6a:f4:90:c5:c6:4e:60:a1:72:
                    0c:37:38:38:af:94:76:25:17:84:97:6f:57:3b:92:
                    e5:41:63:94:3d:34:e8:bc:2d:d1:c8:08:ff:f8:a2:
                    84:48:5c:be:1d:19:20:11:45:56:37:dc:c5:7b:6d:
                    04:7b:aa:36:ca:fb:e7:8c:f2:d7:73:6a:c9:9f:3d:
                    a2:d3:bf:e2:9a:34:8c:35:5b:dd:c0:07:a6:ae:55:
                    81:2b:2b:f5:09:96:fd:d0:f5:2a:98:2e:a4:15:8a:
                    59:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:EE:3B:B7:51:24:16:90:CB:F8:8F:CC:29:88:01:05:74:2B:1B:E7
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/8O47t1EkFpDL-I_MKYgBBXQrG-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.211.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:f9:f5:03:91:5e:c7:f6:32:b4:7a:f1:09:2d:78:ca:1c:41:
         03:2c:f5:32:a6:74:15:0b:fd:9d:9b:3d:31:d2:5f:56:32:e0:
         e5:53:82:bc:a0:35:75:11:cb:e3:15:a6:a3:4b:7a:aa:23:a4:
         6d:ad:91:64:f9:ba:7f:8d:20:ca:25:39:2b:47:f4:cc:f3:82:
         9b:74:29:ac:2e:ef:e3:bd:ee:e1:cc:ec:44:a9:dc:eb:b8:ac:
         38:e5:ed:85:f8:51:c1:c3:06:16:b9:25:79:a7:f7:25:e1:2b:
         fa:81:66:b5:6b:40:d5:c8:05:00:96:9b:3e:7a:d7:c5:f8:61:
         f7:85:e0:b8:49:ef:10:ce:e2:9d:4d:d9:32:df:42:db:15:e1:
         79:63:8c:35:84:3e:dd:6f:f1:ec:a0:06:16:f8:6f:ab:cb:e5:
         92:51:e5:76:08:d0:02:d1:7a:36:70:9a:4d:62:b1:04:ae:68:
         be:8d:6c:9a:d0:f5:d4:a1:93:2a:ac:8c:fa:eb:e5:60:b3:f8:
         1a:32:e6:74:3f:e5:53:21:66:d0:b9:65:fc:31:65:e7:5a:2a:
         53:e7:2a:6e:13:21:42:69:85:4c:6f:62:d2:57:b8:52:17:53:
         47:da:1f:5d:15:24:bf:ef:96:d7:69:8e:eb:42:1d:f3:82:68:
         d7:bf:8b:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6i44um9hLm5QlKMJSwk7hjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDAzMDczNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGVlM2JiNzUxMjQxNjkwY2JmODhmY2MyOTg4MDEwNTc0MmIxYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9ZXIUkAYg2fbzvqHEk2hs1Fv78u
asvYqJ2BFhtPKf/LdcGcdX9sDt3+Uhj8GNyvYPEyk2BrdypG5aZglTKGe3iy2NEK
dQq7S6Bn2hxzhGoCwDs3KR2rdwF1oH15rWMwQy5QnXWkLBP+YfnVlzvZd8o9IUw0
IaNlDagnpJ+I0Dzu6aKiNjy0BZQXcLQhT8EP6snEvnrajtehlKVq9JDFxk5goXIM
Nzg4r5R2JReEl29XO5LlQWOUPTTovC3RyAj/+KKESFy+HRkgEUVWN9zFe20Ee6o2
yvvnjPLXc2rJnz2i07/imjSMNVvdwAemrlWBKyv1CZb90PUqmC6kFYpZDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPDuO7dRJBaQy/iPzCmIAQV0KxvnMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvOE80N3QxRWtGcERMLUlfTUtZZ0JCWFFyRy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsNNKMA0G
CSqGSIb3DQEBCwUAA4IBAQB0+fUDkV7H9jK0evEJLXjKHEEDLPUypnQVC/2dmz0x
0l9WMuDlU4K8oDV1EcvjFaajS3qqI6RtrZFk+bp/jSDKJTkrR/TM84KbdCmsLu/j
ve7hzOxEqdzruKw45e2F+FHBwwYWuSV5p/cl4Sv6gWa1a0DVyAUAlps+etfF+GH3
heC4Se8QzuKdTdky30LbFeF5Y4w1hD7db/HsoAYW+G+ry+WSUeV2CNAC0Xo2cJpN
YrEErmi+jWya0PXUoZMqrIz66+Vgs/gaMuZ0P+VTIWbQuWX8MWXnWipT5ypuEyFC
aYVMb2LSV7hSF1NH2h9dFSS/75bXaY7rQh3zgmjXv4vn
-----END CERTIFICATE-----