Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/D1tjoEa5wuIpOR-5mBMYT5sCRXc.roa
File:                     D1tjoEa5wuIpOR-5mBMYT5sCRXc.roa (raw, json)
Hash identifier:          JStlypfpmzATBb4GVMcO++CdR5YvgLH5c2DCdpEBVrk=
Subject key identifier:   0F:5B:63:A0:46:B9:C2:E2:29:39:1F:B9:98:13:18:4F:9B:02:45:77
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC801322E44257DB6CB71DAE51E816721
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/D1tjoEa5wuIpOR-5mBMYT5sCRXc.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     553
IP address blocks:        153.96.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:32:2e:44:25:7d:b6:cb:71:da:e5:1e:81:67:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f5b63a046b9c2e229391fb99813184f9b024577
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:16:b6:6c:67:77:c7:52:3c:ae:e7:33:6c:05:
                    9f:28:dd:8f:41:bf:90:12:c6:14:d0:35:28:06:77:
                    74:06:5e:8c:90:9c:2e:e8:91:70:8a:a9:58:ff:e6:
                    8a:ef:fb:d4:e6:5e:7c:a8:f0:e7:cb:22:24:07:1a:
                    eb:93:b5:a1:52:ea:80:2e:c6:a3:c0:06:e8:7b:a9:
                    84:0f:4f:0a:52:62:d9:be:05:cb:9c:f7:03:f1:75:
                    26:b7:b0:a7:ee:ba:b3:25:c3:d6:90:51:04:4e:4d:
                    09:90:14:f4:21:d1:dd:5d:60:1e:27:b2:e7:27:b6:
                    a6:8d:8d:b4:0c:d0:7d:4b:b1:13:c4:22:56:6a:12:
                    38:e9:3f:17:cd:89:a5:e3:58:1e:80:f5:2e:6f:1f:
                    47:bb:4e:18:73:de:ce:42:24:4c:0b:f3:ff:e7:c6:
                    c4:bd:21:45:7d:c4:7e:7d:99:5e:93:cd:b8:a3:ed:
                    d6:3f:25:c6:4a:d1:75:48:fd:0a:07:7e:1a:f0:0e:
                    6d:10:4e:74:e6:30:f8:e2:ca:2b:b5:fa:98:af:c6:
                    24:94:03:f0:fd:fc:ea:c9:a7:92:70:08:95:ab:5d:
                    99:1b:5e:e6:8b:23:52:e4:f6:1b:28:c9:d3:54:ba:
                    f8:bf:48:bf:9c:ef:6d:29:7c:07:24:26:d5:a1:ac:
                    bc:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:5B:63:A0:46:B9:C2:E2:29:39:1F:B9:98:13:18:4F:9B:02:45:77
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/D1tjoEa5wuIpOR-5mBMYT5sCRXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e9:4b:5c:8c:17:dd:48:7f:d4:55:3f:86:21:ad:65:3f:0f:
         ba:d1:2a:12:a6:f7:e0:aa:8b:14:fd:49:6c:da:2e:f5:1f:b9:
         63:12:9f:e3:ad:66:c7:20:8d:63:38:0f:60:71:94:53:1a:b4:
         2e:ce:9c:87:3a:67:cf:ab:16:3c:87:4d:a5:b4:97:d6:39:99:
         db:9d:c8:36:4d:66:f9:3b:67:43:5b:0c:9e:bd:79:a9:b9:89:
         2b:ed:c9:b6:7f:da:da:7a:9d:ce:ab:83:08:64:01:12:4d:15:
         d4:9a:06:f7:09:37:71:20:be:80:5c:2e:be:60:c4:60:d3:d6:
         c3:41:4c:8d:2f:fd:6d:4b:9f:4c:a5:30:eb:c3:83:43:10:56:
         b3:29:5d:27:68:bb:e4:15:c3:f2:cc:bd:e2:8f:ed:18:34:72:
         ea:70:6d:0b:d1:78:ea:9c:24:bf:a7:f6:5a:44:25:6c:83:0f:
         93:e8:bb:ec:26:dd:f2:2b:06:cc:45:aa:ce:83:85:07:3f:fd:
         7d:b1:4c:54:dd:b8:d0:a4:4b:9b:81:fb:7a:3f:39:59:62:0e:
         64:9f:bc:dd:af:17:8b:8e:9f:b2:b7:0e:5b:ea:48:5a:a0:01:
         5e:8a:f9:b9:92:57:58:9c:d5:5e:0b:60:5e:7d:0e:08:15:0c:
         df:be:96:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATIuRCV9tstx2uUegWchMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjViNjNhMDQ2YjljMmUyMjkzOTFmYjk5ODEzMTg0ZjliMDI0NTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxa2bGd3x1I8ruczbAWfKN2PQb+Q
EsYU0DUoBnd0Bl6MkJwu6JFwiqlY/+aK7/vU5l58qPDnyyIkBxrrk7WhUuqALsaj
wAboe6mED08KUmLZvgXLnPcD8XUmt7Cn7rqzJcPWkFEETk0JkBT0IdHdXWAeJ7Ln
J7amjY20DNB9S7ETxCJWahI46T8XzYml41gegPUubx9Hu04Yc97OQiRMC/P/58bE
vSFFfcR+fZlek824o+3WPyXGStF1SP0KB34a8A5tEE505jD44sortfqYr8YklAPw
/fzqyaeScAiVq12ZG17miyNS5PYbKMnTVLr4v0i/nO9tKXwHJCbVoay8OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9bY6BGucLiKTkfuZgTGE+bAkV3MB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvRDF0am9FYTV3dUlwT1ItNW1CTVlUNXNDUlhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmWBTMA0G
CSqGSIb3DQEBCwUAA4IBAQA86UtcjBfdSH/UVT+GIa1lPw+60SoSpvfgqosU/Uls
2i71H7ljEp/jrWbHII1jOA9gcZRTGrQuzpyHOmfPqxY8h02ltJfWOZnbncg2TWb5
O2dDWwyevXmpuYkr7cm2f9raep3Oq4MIZAESTRXUmgb3CTdxIL6AXC6+YMRg09bD
QUyNL/1tS59MpTDrw4NDEFazKV0naLvkFcPyzL3ij+0YNHLqcG0L0XjqnCS/p/Za
RCVsgw+T6LvsJt3yKwbMRarOg4UHP/19sUxU3bjQpEubgft6PzlZYg5kn7zdrxeL
jp+ytw5b6khaoAFeivm5kldYnNVeC2BefQ4IFQzfvpZS
-----END CERTIFICATE-----