Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/R2dA2ty1pCSycjHQ6L6ZKx1cBQE.roa
File:                     R2dA2ty1pCSycjHQ6L6ZKx1cBQE.roa (raw, json)
Hash identifier:          ZrZbEiKnYvdF1ybpvLV8JmkMRlMKNday5EBcJJ1oW0k=
Subject key identifier:   47:67:40:DA:DC:B5:A4:24:B2:72:31:D0:E8:BE:99:2B:1D:5C:05:01
Certificate issuer:       /CN=dc899c28664ee8194a64048e46c60c6e5f190c53
Certificate serial:       018CC8017C4F10B0B3AA87C5F2FFAFE4DBCE
Authority key identifier: DC:89:9C:28:66:4E:E8:19:4A:64:04:8E:46:C6:0C:6E:5F:19:0C:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/R2dA2ty1pCSycjHQ6L6ZKx1cBQE.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60492
IP address blocks:        213.167.75.0/24 maxlen: 24
                          213.167.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/3ImcKGZO6BlKZASORsYMbl8ZDFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/3ImcKGZO6BlKZASORsYMbl8ZDFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7c:4f:10:b0:b3:aa:87:c5:f2:ff:af:e4:db:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc899c28664ee8194a64048e46c60c6e5f190c53
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=476740dadcb5a424b27231d0e8be992b1d5c0501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d7:66:6a:1a:6f:e2:5e:c5:68:d7:ac:07:cf:
                    ea:20:fb:56:80:fd:3f:ff:d3:3f:f1:a2:6f:fb:8f:
                    e1:7f:1a:3e:29:df:cd:b2:d5:78:32:73:5f:b1:4a:
                    58:5a:e5:45:54:88:97:37:f3:f4:ed:74:92:32:4c:
                    2e:19:85:5b:cd:76:6b:5a:81:a7:b3:d1:31:1d:eb:
                    85:ed:67:30:e7:a4:3d:61:56:ed:c6:b0:28:b0:8a:
                    4a:d0:76:a4:b2:f7:78:2a:7f:3f:45:35:b6:46:34:
                    30:1d:0e:64:a6:95:48:ae:bb:82:33:35:8e:7e:77:
                    eb:ec:d3:a3:2e:25:6e:48:a2:54:39:48:c3:82:bd:
                    cc:2f:68:9d:79:6b:45:b8:bb:ce:06:d6:d6:49:54:
                    c8:67:2c:c5:39:88:ba:a1:7a:ac:a4:f5:69:8c:79:
                    19:28:f3:12:34:36:30:e8:a2:ca:c0:b4:c0:f2:c3:
                    8c:7d:8a:cb:1a:96:69:ee:bd:8c:66:fa:ac:30:ea:
                    17:97:b1:83:54:36:73:4a:33:5d:d2:4c:60:f6:8c:
                    14:8b:b1:a1:92:a8:88:29:2e:af:f8:b2:0c:38:aa:
                    07:a5:ed:6f:57:30:5d:e6:08:eb:3e:e6:69:f4:79:
                    48:6c:fd:93:c7:f8:1e:99:20:01:c5:cf:48:4a:6a:
                    44:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:67:40:DA:DC:B5:A4:24:B2:72:31:D0:E8:BE:99:2B:1D:5C:05:01
            X509v3 Authority Key Identifier:
                keyid:DC:89:9C:28:66:4E:E8:19:4A:64:04:8E:46:C6:0C:6E:5F:19:0C:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ImcKGZO6BlKZASORsYMbl8ZDFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/R2dA2ty1pCSycjHQ6L6ZKx1cBQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/56d6a8-0752-4cbd-8845-52fe10513129/1/3ImcKGZO6BlKZASORsYMbl8ZDFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.167.75.0/24
                  213.167.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c1:47:92:0a:fd:e7:a4:2c:33:eb:7f:bb:b5:b3:75:61:8f:
         18:c1:ef:6a:9f:a7:7e:80:19:80:44:e7:f4:cd:43:6c:09:52:
         6d:23:b2:d8:61:08:e3:df:ca:60:07:e3:ff:59:44:74:c0:b3:
         c2:ec:a5:34:e1:ad:ff:af:dc:d4:19:a7:89:b7:fc:3e:26:1b:
         8a:e7:24:e3:07:81:8f:e7:7a:a6:4c:af:1a:2d:82:13:ad:f0:
         d9:53:b3:2b:7c:d4:fa:ae:73:16:71:3a:05:92:69:55:29:d3:
         1a:8b:20:4e:e7:28:b6:00:27:40:9d:3c:00:f6:60:86:ed:d7:
         21:92:41:6b:36:34:32:cf:a6:86:e3:39:03:a6:6b:ab:7c:c2:
         fd:7b:5f:0f:4d:50:04:44:1b:4a:3b:16:c5:52:44:23:19:92:
         89:2c:55:3c:af:ad:b9:36:57:bb:f5:21:8b:9a:e3:29:f8:2a:
         f6:ac:be:4a:1b:06:3c:6e:ca:a4:90:47:65:1a:3b:eb:55:01:
         22:cc:e3:b1:22:3b:b7:a4:52:d9:46:88:2b:1e:86:a5:d7:7c:
         ec:ca:41:d6:95:93:1a:73:7d:05:26:88:03:aa:32:17:f3:97:
         fc:e4:de:40:85:08:05:6d:1c:e2:c4:8d:9d:bb:43:fd:53:26:
         f7:e3:17:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAXxPELCzqofF8v+v5NvOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODk5YzI4NjY0ZWU4MTk0YTY0MDQ4ZTQ2YzYwYzZlNWYx
OTBjNTMwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzY3NDBkYWRjYjVhNDI0YjI3MjMxZDBlOGJlOTkyYjFkNWMwNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuddmahpv4l7FaNesB8/qIPtWgP0/
/9M/8aJv+4/hfxo+Kd/NstV4MnNfsUpYWuVFVIiXN/P07XSSMkwuGYVbzXZrWoGn
s9ExHeuF7Wcw56Q9YVbtxrAosIpK0Haksvd4Kn8/RTW2RjQwHQ5kppVIrruCMzWO
fnfr7NOjLiVuSKJUOUjDgr3ML2ideWtFuLvOBtbWSVTIZyzFOYi6oXqspPVpjHkZ
KPMSNDYw6KLKwLTA8sOMfYrLGpZp7r2MZvqsMOoXl7GDVDZzSjNd0kxg9owUi7Gh
kqiIKS6v+LIMOKoHpe1vVzBd5gjrPuZp9HlIbP2Tx/gemSABxc9ISmpEkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEdnQNrctaQksnIx0Oi+mSsdXAUBMB8GA1UdIwQY
MBaAFNyJnChmTugZSmQEjkbGDG5fGQxTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0ltY0tHWk82QmxLWkFTT1JzWU1ibDhaREZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81NmQ2YTgtMDc1Mi00Y2JkLTg4NDUt
NTJmZTEwNTEzMTI5LzEvUjJkQTJ0eTFwQ1N5Y2pIUTZMNlpLeDFjQlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81NmQ2YTgtMDc1Mi00Y2JkLTg4NDUtNTJmZTEwNTEzMTI5
LzEvM0ltY0tHWk82QmxLWkFTT1JzWU1ibDhaREZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1adLAwQA
1adRMA0GCSqGSIb3DQEBCwUAA4IBAQBGwUeSCv3npCwz63+7tbN1YY8Ywe9qn6d+
gBmAROf0zUNsCVJtI7LYYQjj38pgB+P/WUR0wLPC7KU04a3/r9zUGaeJt/w+JhuK
5yTjB4GP53qmTK8aLYITrfDZU7MrfNT6rnMWcToFkmlVKdMaiyBO5yi2ACdAnTwA
9mCG7dchkkFrNjQyz6aG4zkDpmurfML9e18PTVAERBtKOxbFUkQjGZKJLFU8r625
Nle79SGLmuMp+Cr2rL5KGwY8bsqkkEdlGjvrVQEizOOxIju3pFLZRogrHoal13zs
ykHWlZMac30FJogDqjIX85f85N5AhQgFbRzixI2du0P9Uyb34xeJ
-----END CERTIFICATE-----