Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/67eoqG91uPb0qKs6o9u8iWmBu5E.roa
File:                     67eoqG91uPb0qKs6o9u8iWmBu5E.roa (raw, json)
Hash identifier:          X7PdsI+8Vqe/sn1k4eouy9G8VQENViluqcMCKu1b5rk=
Subject key identifier:   EB:B7:A8:A8:6F:75:B8:F6:F4:A8:AB:3A:A3:DB:BC:89:69:81:BB:91
Certificate issuer:       /CN=0277acd112f1c6c833bec22f8b53cc70d2390876
Certificate serial:       018CC86F56111F38869E84A195038C271F77
Authority key identifier: 02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/67eoqG91uPb0qKs6o9u8iWmBu5E.roa
Signing time:             Tue 02 Jan 2024 04:29:48 +0000
ROA not before:           Tue 02 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399587
IP address blocks:        176.58.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:56:11:1f:38:86:9e:84:a1:95:03:8c:27:1f:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0277acd112f1c6c833bec22f8b53cc70d2390876
        Validity
            Not Before: Jan  2 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebb7a8a86f75b8f6f4a8ab3aa3dbbc896981bb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6f:59:f2:99:41:02:7d:39:54:3d:e7:cd:c8:
                    4b:78:7e:ce:c1:d3:15:91:a3:00:fe:32:ba:3d:58:
                    9e:e9:d2:84:61:1b:b9:79:08:1e:e8:a4:d7:d3:8d:
                    29:d3:dc:fc:95:16:b6:04:b7:2e:f8:37:5a:df:4e:
                    4e:72:4d:88:da:08:84:de:33:67:ae:8c:b5:b4:80:
                    25:f6:f9:1b:73:2c:eb:fa:bb:f0:ad:30:34:8f:6b:
                    05:1d:5f:e4:dc:6a:d4:65:f7:eb:e4:c6:d3:6f:ad:
                    66:eb:0f:08:62:27:6d:74:79:51:e6:2d:d2:2f:ba:
                    22:47:89:9f:c4:95:8c:22:cf:9b:09:ed:13:ef:1f:
                    ad:05:26:68:44:f1:fd:12:34:5c:cc:ef:89:e2:57:
                    f4:a9:28:70:ed:ff:25:bd:92:5c:a5:7e:06:83:7e:
                    2e:45:07:49:c0:b1:5e:ac:1c:84:48:47:58:ce:cf:
                    7f:f4:1d:61:51:88:09:67:44:fb:eb:64:cf:62:f9:
                    5a:83:36:1e:e2:63:01:f4:06:c1:6f:28:b5:7a:e4:
                    be:36:8e:79:b4:7a:e3:be:e2:1e:9d:4c:09:b4:1d:
                    e8:5d:69:43:02:46:cb:30:28:8c:ef:96:08:3d:03:
                    8d:80:40:6e:6d:9d:57:d7:ea:5b:10:db:e8:5d:fb:
                    fc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B7:A8:A8:6F:75:B8:F6:F4:A8:AB:3A:A3:DB:BC:89:69:81:BB:91
            X509v3 Authority Key Identifier:
                keyid:02:77:AC:D1:12:F1:C6:C8:33:BE:C2:2F:8B:53:CC:70:D2:39:08:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Anes0RLxxsgzvsIvi1PMcNI5CHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/67eoqG91uPb0qKs6o9u8iWmBu5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/2c0f0b-7831-41d3-916d-d9655987874a/1/Anes0RLxxsgzvsIvi1PMcNI5CHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.58.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f9:15:cf:05:c3:44:9a:68:71:84:1e:d8:27:de:5b:bd:81:
         58:a4:da:ee:65:0f:15:30:09:5b:9c:43:03:d2:21:9a:58:39:
         fb:dc:cc:1e:cd:ad:c3:35:69:8d:a7:d1:79:8e:2d:dc:9d:57:
         19:97:96:aa:68:d5:8e:5f:fd:38:33:5f:8c:c3:6a:93:02:cc:
         b0:c3:0a:09:2c:0d:15:1c:93:2b:fb:d5:49:b2:21:83:f4:17:
         76:3a:e0:c6:c0:27:15:03:cd:5d:88:2b:e3:c8:69:93:3f:16:
         da:0d:3e:43:d8:ff:55:4c:c7:d5:c8:99:0a:d8:cd:d6:ea:a5:
         ea:e1:e4:64:a4:c5:ea:5b:1e:13:1e:31:89:e5:1d:9a:c3:17:
         30:24:9f:7c:ed:68:34:3c:0b:51:59:8c:a8:9a:2b:e0:18:ea:
         82:33:05:23:b5:37:16:db:24:b8:cf:23:99:e1:6b:a3:6b:22:
         33:17:28:94:dc:b2:f6:e4:b2:2a:7a:7e:2a:ba:7f:65:b1:ff:
         26:87:3b:50:37:a8:97:66:0c:2e:cb:8f:66:ab:95:e5:3b:a3:
         e8:53:3f:0a:1f:8a:89:a3:1d:14:94:c3:1d:55:3a:70:24:02:
         08:5a:3f:a4:5a:f7:c3:1f:24:93:4e:5e:f9:8d:b9:fd:d0:8f:
         f3:3d:e5:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1YRHziGnoShlQOMJx93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNzdhY2QxMTJmMWM2YzgzM2JlYzIyZjhiNTNjYzcwZDIz
OTA4NzYwHhcNMjQwMTAyMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmI3YThhODZmNzViOGY2ZjRhOGFiM2FhM2RiYmM4OTY5ODFiYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjW9Z8plBAn05VD3nzchLeH7OwdMV
kaMA/jK6PVie6dKEYRu5eQge6KTX040p09z8lRa2BLcu+Dda305Ock2I2giE3jNn
roy1tIAl9vkbcyzr+rvwrTA0j2sFHV/k3GrUZffr5MbTb61m6w8IYidtdHlR5i3S
L7oiR4mfxJWMIs+bCe0T7x+tBSZoRPH9EjRczO+J4lf0qShw7f8lvZJcpX4Gg34u
RQdJwLFerByESEdYzs9/9B1hUYgJZ0T762TPYvlagzYe4mMB9AbBbyi1euS+No55
tHrjvuIenUwJtB3oXWlDAkbLMCiM75YIPQONgEBubZ1X1+pbENvoXfv8oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOu3qKhvdbj29KirOqPbvIlpgbuRMB8GA1UdIwQY
MBaAFAJ3rNES8cbIM77CL4tTzHDSOQh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQt
ZDk2NTU5ODc4NzRhLzEvNjdlb3FHOTF1UGIwcUtzNm85dThpV21CdTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yYzBmMGItNzgzMS00MWQzLTkxNmQtZDk2NTU5ODc4NzRh
LzEvQW5lczBSTHh4c2d6dnNJdmkxUE1jTkk1Q0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDpIMA0G
CSqGSIb3DQEBCwUAA4IBAQBp+RXPBcNEmmhxhB7YJ95bvYFYpNruZQ8VMAlbnEMD
0iGaWDn73Mweza3DNWmNp9F5ji3cnVcZl5aqaNWOX/04M1+Mw2qTAsywwwoJLA0V
HJMr+9VJsiGD9Bd2OuDGwCcVA81diCvjyGmTPxbaDT5D2P9VTMfVyJkK2M3W6qXq
4eRkpMXqWx4THjGJ5R2awxcwJJ987Wg0PAtRWYyomivgGOqCMwUjtTcW2yS4zyOZ
4WujayIzFyiU3LL25LIqen4qun9lsf8mhztQN6iXZgwuy49mq5XlO6PoUz8KH4qJ
ox0UlMMdVTpwJAIIWj+kWvfDHySTTl75jbn90I/zPeUe
-----END CERTIFICATE-----