Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/Xxyv3ALQpvh6K6WIVJ4SuOikDTg.roa
File:                     Xxyv3ALQpvh6K6WIVJ4SuOikDTg.roa (raw, json)
Hash identifier:          u1EnFF3OOfir4mmIvPzAOj/CoenuZ/G//dvPlsOGwnw=
Subject key identifier:   5F:1C:AF:DC:02:D0:A6:F8:7A:2B:A5:88:54:9E:12:B8:E8:A4:0D:38
Certificate issuer:       /CN=49c403d43b5f38fca2119cd1409a92763edefe71
Certificate serial:       018FE2BD4C6127B178856A07A593B0649D89
Authority key identifier: 49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/Xxyv3ALQpvh6K6WIVJ4SuOikDTg.roa
Signing time:             Tue 04 Jun 2024 10:13:27 +0000
ROA not before:           Tue 04 Jun 2024 10:13:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18734
IP address blocks:        176.57.203.0/24 maxlen: 24
                          176.57.204.0/24 maxlen: 24
                          176.57.205.0/24 maxlen: 24
                          176.57.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e2:bd:4c:61:27:b1:78:85:6a:07:a5:93:b0:64:9d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49c403d43b5f38fca2119cd1409a92763edefe71
        Validity
            Not Before: Jun  4 10:13:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f1cafdc02d0a6f87a2ba588549e12b8e8a40d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:70:ee:3e:1d:00:74:8f:e5:64:ec:c0:ce:5b:
                    9f:3a:b5:2b:6e:07:49:05:8c:5d:e3:eb:df:0d:af:
                    f5:98:49:89:9a:53:72:9a:8d:9b:0c:f0:b7:5a:90:
                    96:de:e8:a0:19:09:f5:4c:a8:28:ed:a9:86:d2:42:
                    fc:4f:88:2e:b0:b0:3b:7c:a8:46:88:f9:32:2d:98:
                    33:49:93:57:a7:c4:63:a9:4f:a6:7e:4f:48:f1:c2:
                    df:e3:95:5f:f1:e9:a6:86:5b:19:db:02:09:8f:5d:
                    5a:b1:32:57:fc:c2:7e:2a:c5:65:60:cd:34:5b:10:
                    1e:0e:ee:3b:ec:14:06:ac:bd:7b:8a:2e:11:11:00:
                    64:a2:4d:d9:89:07:0a:8c:c5:b1:f9:df:4c:e9:c5:
                    43:ec:32:09:3e:98:fc:ba:e7:5f:90:ca:b1:f4:ee:
                    30:69:1b:75:83:c9:94:bc:80:e7:1c:47:32:a0:22:
                    0b:08:13:3b:46:29:26:61:9a:78:98:5a:7f:f4:d3:
                    9d:a6:6e:74:ad:d6:94:fc:f4:bf:d1:d4:a8:ae:51:
                    63:4b:09:61:63:b3:a1:8d:d8:2b:96:ac:5c:19:e6:
                    d7:f2:ba:a7:80:33:77:66:ec:35:40:8d:fd:14:65:
                    80:4c:63:51:8c:c4:64:bc:8d:61:30:41:39:d4:c3:
                    ea:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1C:AF:DC:02:D0:A6:F8:7A:2B:A5:88:54:9E:12:B8:E8:A4:0D:38
            X509v3 Authority Key Identifier:
                keyid:49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/Xxyv3ALQpvh6K6WIVJ4SuOikDTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.203.0-176.57.206.255

    Signature Algorithm: sha256WithRSAEncryption
         5b:f2:5c:9b:78:2c:43:47:19:3b:7d:2c:21:aa:41:31:63:27:
         67:09:97:a5:87:79:a9:63:c4:67:be:f6:5d:8d:d8:75:fb:aa:
         fc:42:68:49:4f:a7:6c:60:56:40:1e:c0:00:d3:de:b9:5f:fe:
         f8:f3:9d:3a:d4:37:94:d1:d8:b6:a4:88:b1:cd:89:94:bf:10:
         46:9c:9d:f8:6b:82:1f:f1:92:c6:50:f6:a0:b0:b0:b1:6f:8f:
         ca:b3:e7:c3:7d:97:7c:8c:5f:84:41:40:77:0a:9b:10:68:86:
         6f:cd:d4:4d:ab:99:9c:1e:56:66:65:40:b9:f1:78:a8:77:fd:
         c8:3f:92:06:20:1b:44:af:d1:47:77:30:cf:69:ab:5b:70:7f:
         28:b1:63:37:c4:46:f1:63:84:e1:4b:f5:a9:cf:92:88:c2:15:
         70:bb:bc:0f:40:a1:59:f9:f6:3e:1d:44:77:52:d8:18:88:6a:
         8c:03:9f:34:98:3d:ec:9d:0a:ac:53:75:ac:e1:2f:08:50:21:
         8a:d6:fb:6c:7f:88:e7:b7:2a:6a:0c:a5:48:6b:f3:ee:f9:3a:
         31:7f:dd:1f:39:1e:d8:c1:e2:96:79:54:79:c2:58:59:58:20:
         57:cd:f5:21:ab:56:10:f2:25:a2:0e:f3:74:26:42:b9:ad:4d:
         c6:7e:9c:db
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY/ivUxhJ7F4hWoHpZOwZJ2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YzQwM2Q0M2I1ZjM4ZmNhMjExOWNkMTQwOWE5Mjc2M2Vk
ZWZlNzEwHhcNMjQwNjA0MTAxMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFjYWZkYzAyZDBhNmY4N2EyYmE1ODg1NDllMTJiOGU4YTQwZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXDuPh0AdI/lZOzAzlufOrUrbgdJ
BYxd4+vfDa/1mEmJmlNymo2bDPC3WpCW3uigGQn1TKgo7amG0kL8T4gusLA7fKhG
iPkyLZgzSZNXp8RjqU+mfk9I8cLf45Vf8emmhlsZ2wIJj11asTJX/MJ+KsVlYM00
WxAeDu477BQGrL17ii4REQBkok3ZiQcKjMWx+d9M6cVD7DIJPpj8uudfkMqx9O4w
aRt1g8mUvIDnHEcyoCILCBM7RikmYZp4mFp/9NOdpm50rdaU/PS/0dSorlFjSwlh
Y7OhjdgrlqxcGebX8rqngDN3Zuw1QI39FGWATGNRjMRkvI1hMEE51MPqEwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF8cr9wC0Kb4eiuliFSeErjopA04MB8GA1UdIwQY
MBaAFEnEA9Q7Xzj8ohGc0UCaknY+3v5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQt
Zjg4OWNhMTYxYzAxLzEvWHh5djNBTFFwdmg2SzZXSVZKNFN1T2lrRFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQtZjg4OWNhMTYxYzAx
LzEvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACwOcsD
BACwOc4wDQYJKoZIhvcNAQELBQADggEBAFvyXJt4LENHGTt9LCGqQTFjJ2cJl6WH
ealjxGe+9l2N2HX7qvxCaElPp2xgVkAewADT3rlf/vjznTrUN5TR2LakiLHNiZS/
EEacnfhrgh/xksZQ9qCwsLFvj8qz58N9l3yMX4RBQHcKmxBohm/N1E2rmZweVmZl
QLnxeKh3/cg/kgYgG0Sv0Ud3MM9pq1twfyixYzfERvFjhOFL9anPkojCFXC7vA9A
oVn59j4dRHdS2BiIaowDnzSYPeydCqxTdazhLwhQIYrW+2x/iOe3KmoMpUhr8+75
OjF/3R85HtjB4pZ5VHnCWFlYIFfN9SGrVhDyJaIO83QmQrmtTcZ+nNs=
-----END CERTIFICATE-----