Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/j3zdRvhYtHlZWJgeKwuTzi0QxUo.roa
File:                     j3zdRvhYtHlZWJgeKwuTzi0QxUo.roa (raw, json)
Hash identifier:          gJVgWJu+5WrnZnO7c/srjqqS1kejydFZewi90QP//Gc=
Subject key identifier:   8F:7C:DD:46:F8:58:B4:79:59:58:98:1E:2B:0B:93:CE:2D:10:C5:4A
Certificate issuer:       /CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
Certificate serial:       018CC7947578067319BF3E7861BF7C7B263A
Authority key identifier: B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/j3zdRvhYtHlZWJgeKwuTzi0QxUo.roa
Signing time:             Tue 02 Jan 2024 00:30:44 +0000
ROA not before:           Tue 02 Jan 2024 00:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        132.75.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 21:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:75:78:06:73:19:bf:3e:78:61:bf:7c:7b:26:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d251c4bfd526da062d4ce2af56b6e46e925117
        Validity
            Not Before: Jan  2 00:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f7cdd46f858b4795958981e2b0b93ce2d10c54a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1f:a4:1a:cb:4d:00:aa:22:f8:ba:00:a7:b0:
                    de:d5:45:1a:df:13:16:d3:12:a0:fa:92:2b:31:31:
                    cb:c8:ac:a9:57:70:6e:e6:5b:fc:4d:bc:8e:a5:35:
                    5a:ce:2f:c3:d3:dc:31:9b:4b:c6:20:40:3b:55:8b:
                    ce:99:e5:5f:ad:94:c2:50:07:24:67:2c:a2:7a:c5:
                    83:98:a4:5c:f4:f2:51:95:91:8a:c1:4e:35:74:8f:
                    72:e3:08:4b:ea:b2:68:a7:a2:a0:e9:de:99:0d:8c:
                    05:0d:9d:d2:25:41:2c:e5:20:56:f6:13:df:13:ee:
                    db:63:2c:6e:37:9c:2d:7d:af:98:aa:f0:20:e0:bb:
                    75:b5:ed:a5:3f:5a:8d:c8:97:bb:e6:8b:a9:9c:83:
                    30:57:5d:70:40:ab:bb:0c:3e:eb:8f:f6:65:76:b6:
                    fb:c9:ad:34:2a:09:03:62:f7:be:15:ce:c5:d8:a6:
                    54:73:dd:e3:d8:3b:3c:c6:58:40:49:a2:44:be:5d:
                    2d:34:fd:25:d4:bb:ca:8d:76:32:5e:38:02:a6:0c:
                    c7:48:03:3b:b0:3b:41:f7:bc:33:a4:58:d3:dc:07:
                    6e:1b:f3:bc:39:dd:a1:4a:13:d8:b7:5a:5d:d8:a3:
                    83:12:19:d9:9a:ba:53:68:1e:a9:36:af:d0:92:c6:
                    23:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:7C:DD:46:F8:58:B4:79:59:58:98:1E:2B:0B:93:CE:2D:10:C5:4A
            X509v3 Authority Key Identifier:
                keyid:B8:D2:51:C4:BF:D5:26:DA:06:2D:4C:E2:AF:56:B6:E4:6E:92:51:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNJRxL_VJtoGLUzir1a25G6SURc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/j3zdRvhYtHlZWJgeKwuTzi0QxUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/621941-f53c-448f-bd30-42b3d68b5676/1/uNJRxL_VJtoGLUzir1a25G6SURc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.75.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:9d:aa:f5:3b:16:2a:01:a0:c4:ee:d0:e3:71:f0:dc:be:41:
         f3:7b:eb:c8:ab:43:0e:97:d7:62:0e:f1:80:e7:6c:c6:2d:37:
         69:bd:8a:36:35:23:b3:14:98:e3:e9:79:df:54:65:2b:6e:df:
         93:80:5f:be:74:28:39:0d:5c:5d:1f:2c:ed:e3:ef:48:5a:45:
         c9:28:30:9b:d4:c9:7d:75:62:d6:8b:9d:4f:09:e5:05:6c:9d:
         b7:a3:c4:cb:f4:3f:10:ec:71:bb:50:b1:f7:b6:d2:b8:1f:05:
         51:dc:4e:47:95:03:7d:b1:05:40:c8:28:c6:e9:62:a6:9f:38:
         af:6b:f8:10:95:f8:63:d4:be:a7:9c:9b:a5:48:8d:a8:dc:56:
         77:95:4b:06:7e:e5:98:1a:d2:85:1e:33:04:a2:e8:79:34:ef:
         a3:60:8a:ea:d5:dc:f0:ed:8d:8d:65:cc:ab:60:e3:ef:9a:60:
         37:dc:c1:ca:65:5f:f8:e9:1b:fe:99:fb:9d:56:02:35:84:d6:
         4f:d2:d7:11:df:a5:e2:b9:f3:a2:55:8d:d3:ab:b7:3d:9e:9b:
         92:48:d4:16:25:44:2b:e8:f4:11:97:af:12:34:26:e4:81:11:
         a3:d5:41:22:9f:1d:61:0f:7b:9e:c1:1c:87:5d:3e:64:37:0b:
         ba:f3:61:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlHV4BnMZvz54Yb98eyY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDI1MWM0YmZkNTI2ZGEwNjJkNGNlMmFmNTZiNmU0NmU5
MjUxMTcwHhcNMjQwMTAyMDAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdjZGQ0NmY4NThiNDc5NTk1ODk4MWUyYjBiOTNjZTJkMTBjNTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR+kGstNAKoi+LoAp7De1UUa3xMW
0xKg+pIrMTHLyKypV3Bu5lv8TbyOpTVazi/D09wxm0vGIEA7VYvOmeVfrZTCUAck
ZyyiesWDmKRc9PJRlZGKwU41dI9y4whL6rJop6Kg6d6ZDYwFDZ3SJUEs5SBW9hPf
E+7bYyxuN5wtfa+YqvAg4Lt1te2lP1qNyJe75oupnIMwV11wQKu7DD7rj/Zldrb7
ya00KgkDYve+Fc7F2KZUc93j2Ds8xlhASaJEvl0tNP0l1LvKjXYyXjgCpgzHSAM7
sDtB97wzpFjT3AduG/O8Od2hShPYt1pd2KODEhnZmrpTaB6pNq/QksYjoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI983Ub4WLR5WViYHisLk84tEMVKMB8GA1UdIwQY
MBaAFLjSUcS/1SbaBi1M4q9WtuRuklEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAt
NDJiM2Q2OGI1Njc2LzEvajN6ZFJ2aFl0SGxaV0pnZUt3dVR6aTBReFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi82MjE5NDEtZjUzYy00NDhmLWJkMzAtNDJiM2Q2OGI1Njc2
LzEvdU5KUnhMX1ZKdG9HTFV6aXIxYTI1RzZTVVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhEtgMA0G
CSqGSIb3DQEBCwUAA4IBAQBOnar1OxYqAaDE7tDjcfDcvkHze+vIq0MOl9diDvGA
52zGLTdpvYo2NSOzFJjj6XnfVGUrbt+TgF++dCg5DVxdHyzt4+9IWkXJKDCb1Ml9
dWLWi51PCeUFbJ23o8TL9D8Q7HG7ULH3ttK4HwVR3E5HlQN9sQVAyCjG6WKmnziv
a/gQlfhj1L6nnJulSI2o3FZ3lUsGfuWYGtKFHjMEouh5NO+jYIrq1dzw7Y2NZcyr
YOPvmmA33MHKZV/46Rv+mfudVgI1hNZP0tcR36XiufOiVY3Tq7c9npuSSNQWJUQr
6PQRl68SNCbkgRGj1UEinx1hD3uewRyHXT5kNwu682Eu
-----END CERTIFICATE-----