Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/aXdWyB6YGPpk-J46No4vsmKxGCE.roa
File:                     aXdWyB6YGPpk-J46No4vsmKxGCE.roa (raw, json)
Hash identifier:          TIgYhNRVQ3p/R3gXtf1t15mu2N3p/Mr9E78IoFCU1PY=
Subject key identifier:   69:77:56:C8:1E:98:18:FA:64:F8:9E:3A:36:8E:2F:B2:62:B1:18:21
Certificate issuer:       /CN=cccd583c8d71a2427e0060e3cc924f32dc1a820b
Certificate serial:       01965D47D487152F21A299F325D6F71E7000
Authority key identifier: CC:CD:58:3C:8D:71:A2:42:7E:00:60:E3:CC:92:4F:32:DC:1A:82:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/aXdWyB6YGPpk-J46No4vsmKxGCE.roa
Signing time:             Tue 22 Apr 2025 11:35:10 +0000
ROA not before:           Tue 22 Apr 2025 11:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210976
IP address blocks:        176.124.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5d:47:d4:87:15:2f:21:a2:99:f3:25:d6:f7:1e:70:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cccd583c8d71a2427e0060e3cc924f32dc1a820b
        Validity
            Not Before: Apr 22 11:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=697756c81e9818fa64f89e3a368e2fb262b11821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e4:35:ee:5d:e9:c7:e6:b0:90:4a:c5:52:bd:
                    fa:9c:b0:8b:cb:32:ba:42:86:69:8a:e2:68:c5:fa:
                    08:5d:63:33:e5:be:ee:3f:c9:e4:98:4d:82:7c:79:
                    33:18:a8:37:6d:5b:0f:3c:5d:5e:65:db:a4:c3:af:
                    55:63:de:87:eb:a7:85:92:86:e7:e7:94:95:95:e2:
                    d9:9e:49:ba:6a:61:9a:3e:55:b5:6c:49:93:86:b0:
                    90:58:f7:90:0b:ed:4e:96:7a:03:36:c2:c8:53:ed:
                    03:6d:7b:cd:af:15:4e:38:66:f0:5b:f3:1f:f1:b1:
                    ab:30:48:2a:4f:ae:16:50:c3:14:8a:21:32:df:ac:
                    7f:91:61:b3:44:0d:62:b1:e1:26:1c:05:a5:d3:c0:
                    3f:e5:7c:53:54:1f:75:8f:a2:c7:41:d0:6f:da:df:
                    25:c3:62:08:93:0c:b7:e2:c2:6c:78:9b:db:67:90:
                    3b:ec:e1:b1:04:10:13:5c:ba:8b:bf:18:3c:c3:e2:
                    f9:52:0d:e8:65:fa:5d:24:0a:18:62:19:3b:33:d6:
                    ca:91:37:05:66:23:41:8f:01:da:64:3f:cc:88:dd:
                    c7:1a:59:94:8e:94:93:bd:94:9b:26:ce:48:ca:ec:
                    8b:48:aa:82:f4:c7:5b:92:98:ef:11:4f:60:65:99:
                    cd:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:77:56:C8:1E:98:18:FA:64:F8:9E:3A:36:8E:2F:B2:62:B1:18:21
            X509v3 Authority Key Identifier:
                keyid:CC:CD:58:3C:8D:71:A2:42:7E:00:60:E3:CC:92:4F:32:DC:1A:82:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/aXdWyB6YGPpk-J46No4vsmKxGCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:59:79:21:bd:aa:ef:a9:1c:28:b5:10:83:27:52:5e:ed:f4:
         22:a4:b3:99:7e:2f:ef:a7:07:04:10:fa:01:a1:de:3e:3f:51:
         36:cc:40:63:39:e8:26:e5:d7:49:b7:6f:20:9a:b9:3d:06:b1:
         67:ac:dc:85:fa:65:2f:77:85:3d:ed:7e:f8:f3:fb:92:b5:bc:
         13:a3:64:ea:ab:31:a4:70:c7:ae:10:a4:b0:06:35:23:91:75:
         27:d7:88:44:b4:c5:1c:42:51:e9:90:1c:23:c7:15:b8:37:b2:
         3d:15:a2:dd:a8:04:9a:64:da:db:30:85:5f:a9:7a:05:8e:1d:
         f0:4b:9a:0f:63:51:92:0d:0b:d4:61:3d:a9:b9:f9:01:5e:6f:
         d0:50:86:0f:d9:3a:35:17:30:94:44:53:84:9f:3e:38:18:24:
         b3:15:a9:9e:dc:8a:35:43:3f:f0:c2:2d:97:0e:77:ea:19:d6:
         fb:03:27:d3:ff:9f:cb:1b:06:ea:85:21:cc:6f:48:52:56:ad:
         2c:d4:6e:f7:de:b4:87:d2:7f:72:c5:14:ad:97:03:f3:d8:bc:
         30:03:6e:aa:4e:83:61:86:27:80:df:77:bb:a9:12:22:5d:fa:
         11:46:12:a8:79:21:c0:f6:ac:34:bc:3d:83:66:52:cb:5c:f1:
         f4:ba:ca:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZdR9SHFS8hopnzJdb3HnAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjY2Q1ODNjOGQ3MWEyNDI3ZTAwNjBlM2NjOTI0ZjMyZGMx
YTgyMGIwHhcNMjUwNDIyMTEzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTc3NTZjODFlOTgxOGZhNjRmODllM2EzNjhlMmZiMjYyYjExODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+Q17l3px+awkErFUr36nLCLyzK6
QoZpiuJoxfoIXWMz5b7uP8nkmE2CfHkzGKg3bVsPPF1eZdukw69VY96H66eFkobn
55SVleLZnkm6amGaPlW1bEmThrCQWPeQC+1OlnoDNsLIU+0DbXvNrxVOOGbwW/Mf
8bGrMEgqT64WUMMUiiEy36x/kWGzRA1iseEmHAWl08A/5XxTVB91j6LHQdBv2t8l
w2IIkwy34sJseJvbZ5A77OGxBBATXLqLvxg8w+L5Ug3oZfpdJAoYYhk7M9bKkTcF
ZiNBjwHaZD/MiN3HGlmUjpSTvZSbJs5IyuyLSKqC9MdbkpjvEU9gZZnNeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGl3VsgemBj6ZPieOjaOL7JisRghMB8GA1UdIwQY
MBaAFMzNWDyNcaJCfgBg48ySTzLcGoILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek0xWVBJMXhva0otQUdEanpKSlBNdHdhZ2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81NmEwMmEtYzVmZC00MTE5LThjNWYt
ZjQ4NTAyZDEzOTQ4LzEvYVhkV3lCNllHUHBrLUo0Nk5vNHZzbUt4R0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81NmEwMmEtYzVmZC00MTE5LThjNWYtZjQ4NTAyZDEzOTQ4
LzEvek0xWVBJMXhva0otQUdEanpKSlBNdHdhZ2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHzJMA0G
CSqGSIb3DQEBCwUAA4IBAQBxWXkhvarvqRwotRCDJ1Je7fQipLOZfi/vpwcEEPoB
od4+P1E2zEBjOegm5ddJt28gmrk9BrFnrNyF+mUvd4U97X748/uStbwTo2TqqzGk
cMeuEKSwBjUjkXUn14hEtMUcQlHpkBwjxxW4N7I9FaLdqASaZNrbMIVfqXoFjh3w
S5oPY1GSDQvUYT2pufkBXm/QUIYP2To1FzCURFOEnz44GCSzFame3Io1Qz/wwi2X
DnfqGdb7AyfT/5/LGwbqhSHMb0hSVq0s1G733rSH0n9yxRStlwPz2LwwA26qToNh
hieA33e7qRIiXfoRRhKoeSHA9qw0vD2DZlLLXPH0usq2
-----END CERTIFICATE-----