Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/43b78c-4539-4112-b757-fa36fc3b7376/1/DVvfsN-btBZU3BRetUvEV7nj7s8.roa
File:                     DVvfsN-btBZU3BRetUvEV7nj7s8.roa (raw, json)
Hash identifier:          P94DxJduTWXof5L1Lev9v+3fTkEAd+CnU/B2mfTZgKE=
Subject key identifier:   0D:5B:DF:B0:DF:9B:B4:16:54:DC:14:5E:B5:4B:C4:57:B9:E3:EE:CF
Certificate issuer:       /CN=5d4d631166e8eede7872ead8ab9a81adc877d4d1
Certificate serial:       018CC79482E87643667638E6C7CB0CE5555C
Authority key identifier: 5D:4D:63:11:66:E8:EE:DE:78:72:EA:D8:AB:9A:81:AD:C8:77:D4:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XU1jEWbo7t54curYq5qBrch31NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/43b78c-4539-4112-b757-fa36fc3b7376/1/DVvfsN-btBZU3BRetUvEV7nj7s8.roa
Signing time:             Tue 02 Jan 2024 00:30:47 +0000
ROA not before:           Tue 02 Jan 2024 00:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12611
IP address blocks:        194.55.106.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/43b78c-4539-4112-b757-fa36fc3b7376/1/XU1jEWbo7t54curYq5qBrch31NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/43b78c-4539-4112-b757-fa36fc3b7376/1/XU1jEWbo7t54curYq5qBrch31NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XU1jEWbo7t54curYq5qBrch31NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:82:e8:76:43:66:76:38:e6:c7:cb:0c:e5:55:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d4d631166e8eede7872ead8ab9a81adc877d4d1
        Validity
            Not Before: Jan  2 00:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d5bdfb0df9bb41654dc145eb54bc457b9e3eecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:54:14:76:78:eb:a1:9e:4a:40:4f:4f:5e:5d:
                    1b:8a:f6:81:bb:7b:de:3d:55:3c:33:d1:db:bd:d3:
                    ac:98:47:f0:93:6d:00:ec:87:d5:f6:fa:47:54:81:
                    3d:79:27:13:c6:2d:ea:46:05:4d:5f:b1:39:d3:38:
                    0c:ef:b7:dc:81:48:56:72:d9:e2:bb:98:cf:89:b5:
                    2b:e3:b0:ff:24:2f:41:1b:67:7f:db:82:b7:8a:46:
                    0e:25:51:65:bb:36:c3:8f:b2:49:78:47:c8:d1:c7:
                    94:30:d5:ec:fe:58:52:c2:6a:4e:c1:29:ed:9d:97:
                    58:ae:7d:da:72:88:71:bd:18:24:5b:cb:c4:49:1c:
                    8e:f3:e4:bb:4d:b8:0b:97:7a:20:0f:95:95:a6:9a:
                    0a:d1:6a:e1:41:f9:44:2d:28:c6:5d:db:12:96:c2:
                    75:40:9e:47:98:43:af:23:f4:a2:bf:5b:ba:59:ef:
                    bb:ce:b1:cc:66:b7:81:da:c0:9d:aa:c9:0e:6c:31:
                    9e:93:a5:63:c6:79:ad:75:1a:cf:2c:a2:fa:a5:fa:
                    42:78:f0:67:a4:38:30:44:de:94:3c:2d:33:cb:31:
                    68:75:ac:e6:bb:b2:8f:0e:08:7e:fe:1c:5d:a2:0b:
                    df:34:7d:8e:1a:39:f6:e0:5f:fc:6c:f7:4b:24:be:
                    b5:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:5B:DF:B0:DF:9B:B4:16:54:DC:14:5E:B5:4B:C4:57:B9:E3:EE:CF
            X509v3 Authority Key Identifier:
                keyid:5D:4D:63:11:66:E8:EE:DE:78:72:EA:D8:AB:9A:81:AD:C8:77:D4:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XU1jEWbo7t54curYq5qBrch31NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/43b78c-4539-4112-b757-fa36fc3b7376/1/DVvfsN-btBZU3BRetUvEV7nj7s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/43b78c-4539-4112-b757-fa36fc3b7376/1/XU1jEWbo7t54curYq5qBrch31NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:2e:f4:56:4b:a2:e1:35:3e:b6:61:e9:e1:ef:e0:99:30:5a:
         ca:7f:7f:c3:5d:cf:06:37:07:81:f7:12:0f:9e:67:c7:0e:36:
         cd:19:e7:31:45:b4:31:a7:ed:28:9b:d0:88:39:11:8d:59:36:
         9a:77:42:8d:02:df:73:16:f7:7d:57:3b:27:93:93:ca:95:1c:
         2c:e8:05:fe:bb:b5:c3:54:48:cf:f1:b1:c9:e6:55:fa:c9:50:
         d6:89:2b:cc:77:01:17:b7:a8:c5:aa:8b:96:6e:f9:9e:3d:d8:
         0d:2e:e6:3b:8f:32:71:25:6c:f1:62:96:83:5c:23:81:4c:88:
         d1:4a:4f:47:56:04:a8:54:9b:85:18:e8:52:3c:1a:9d:0c:e4:
         86:54:80:90:c8:a5:72:a2:8f:eb:c2:07:66:b0:8c:db:8a:30:
         16:19:76:56:82:99:3d:57:c6:e5:a9:32:17:ab:3e:e5:51:52:
         02:d9:6a:22:e5:0d:24:68:24:e5:5c:47:2e:c6:7b:b1:df:37:
         00:e2:94:cc:26:1d:eb:ac:76:51:46:8d:fc:e0:23:83:e1:ba:
         59:e9:b0:81:61:71:e4:8c:e9:86:de:84:c4:07:4a:c6:0b:bf:
         aa:b3:6c:a9:36:39:cf:75:3b:a2:21:73:65:6f:f3:4f:04:4b:
         41:21:d4:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlILodkNmdjjmx8sM5VVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNGQ2MzExNjZlOGVlZGU3ODcyZWFkOGFiOWE4MWFkYzg3
N2Q0ZDEwHhcNMjQwMTAyMDAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDViZGZiMGRmOWJiNDE2NTRkYzE0NWViNTRiYzQ1N2I5ZTNlZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1QUdnjroZ5KQE9PXl0bivaBu3ve
PVU8M9HbvdOsmEfwk20A7IfV9vpHVIE9eScTxi3qRgVNX7E50zgM77fcgUhWctni
u5jPibUr47D/JC9BG2d/24K3ikYOJVFluzbDj7JJeEfI0ceUMNXs/lhSwmpOwSnt
nZdYrn3acohxvRgkW8vESRyO8+S7TbgLl3ogD5WVppoK0WrhQflELSjGXdsSlsJ1
QJ5HmEOvI/Siv1u6We+7zrHMZreB2sCdqskObDGek6VjxnmtdRrPLKL6pfpCePBn
pDgwRN6UPC0zyzFodazmu7KPDgh+/hxdogvfNH2OGjn24F/8bPdLJL61twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1b37Dfm7QWVNwUXrVLxFe54+7PMB8GA1UdIwQY
MBaAFF1NYxFm6O7eeHLq2Kuaga3Id9TRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFUxakVXYm83dDU0Y3VyWXE1cUJyY2gzMU5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS80M2I3OGMtNDUzOS00MTEyLWI3NTct
ZmEzNmZjM2I3Mzc2LzEvRFZ2ZnNOLWJ0QlpVM0JSZXRVdkVWN25qN3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS80M2I3OGMtNDUzOS00MTEyLWI3NTctZmEzNmZjM2I3Mzc2
LzEvWFUxakVXYm83dDU0Y3VyWXE1cUJyY2gzMU5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjdqMA0G
CSqGSIb3DQEBCwUAA4IBAQB9LvRWS6LhNT62Yenh7+CZMFrKf3/DXc8GNweB9xIP
nmfHDjbNGecxRbQxp+0om9CIORGNWTaad0KNAt9zFvd9Vzsnk5PKlRws6AX+u7XD
VEjP8bHJ5lX6yVDWiSvMdwEXt6jFqouWbvmePdgNLuY7jzJxJWzxYpaDXCOBTIjR
Sk9HVgSoVJuFGOhSPBqdDOSGVICQyKVyoo/rwgdmsIzbijAWGXZWgpk9V8blqTIX
qz7lUVIC2Woi5Q0kaCTlXEcuxnux3zcA4pTMJh3rrHZRRo384COD4bpZ6bCBYXHk
jOmG3oTEB0rGC7+qs2ypNjnPdTuiIXNlb/NPBEtBIdSD
-----END CERTIFICATE-----