Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/d0LdSOjOTB7k4B61BN6K04kgjEc.roa
File:                     d0LdSOjOTB7k4B61BN6K04kgjEc.roa (raw, json)
Hash identifier:          Jqro2IvRWlii8yoVXk/DotoPA8F0mbN0TZAVfamHJ1U=
Subject key identifier:   77:42:DD:48:E8:CE:4C:1E:E4:E0:1E:B5:04:DE:8A:D3:89:20:8C:47
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCBBC1040D52C159CADAC5AFF3E931
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/d0LdSOjOTB7k4B61BN6K04kgjEc.roa
Signing time:             Mon 01 Jan 2024 16:30:26 +0000
ROA not before:           Mon 01 Jan 2024 16:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34901
IP address blocks:        212.22.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:bb:c1:04:0d:52:c1:59:ca:da:c5:af:f3:e9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7742dd48e8ce4c1ee4e01eb504de8ad389208c47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:82:76:e9:00:07:7f:3a:c4:96:b1:d8:00:b5:
                    56:f9:26:f2:db:dd:6b:bd:1e:40:25:33:d9:ef:b4:
                    5c:41:76:25:ef:d7:2a:8b:7c:9c:7d:17:d9:ee:08:
                    5c:68:af:b6:15:75:b2:03:17:9c:1c:c7:6c:ca:91:
                    36:02:cc:51:1b:08:b1:f8:bb:c8:f8:fe:06:41:4c:
                    aa:2b:77:c9:d4:06:00:32:27:c3:93:d3:05:ff:02:
                    4b:42:37:9e:dd:23:a1:0b:5b:63:77:71:12:42:82:
                    b0:09:ed:3e:42:ca:72:6e:e9:92:7c:67:8e:d7:12:
                    0f:8f:0e:4f:e9:67:8b:a9:3a:af:0f:d6:e8:11:d9:
                    22:9e:f0:5e:8c:0b:ba:c4:fd:91:74:d4:43:1a:f6:
                    d7:86:0b:c0:2b:e0:d3:63:df:db:33:b2:94:fb:2d:
                    5b:a8:d6:30:e1:78:2e:7b:06:59:4b:52:63:a0:18:
                    31:e9:c7:57:68:45:80:a1:e4:08:a6:eb:e3:98:8c:
                    cf:d1:42:89:c9:3e:91:1a:5a:a7:24:f4:ca:46:a4:
                    e9:4e:93:92:14:6d:60:72:a0:4f:0a:7e:56:b9:fc:
                    2a:b7:9f:d7:e4:bb:d0:16:39:54:64:2d:5c:8d:94:
                    ef:53:25:a8:33:38:b8:e1:7a:5a:06:31:e4:ed:5f:
                    0f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:42:DD:48:E8:CE:4C:1E:E4:E0:1E:B5:04:DE:8A:D3:89:20:8C:47
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/d0LdSOjOTB7k4B61BN6K04kgjEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:01:00:94:11:71:3e:5c:3e:24:b5:c4:67:e7:d3:3e:48:5e:
         8a:bd:f9:75:05:91:e5:fd:6f:15:82:b8:e8:5f:ab:b4:6a:13:
         df:ab:c8:d4:25:9f:af:07:24:23:c1:f4:c8:f5:ec:2e:f0:48:
         01:a9:55:d6:a3:c8:fb:e0:20:65:bd:b3:f1:67:87:d6:91:ce:
         2c:a4:5f:5c:a4:4f:ad:fa:56:f1:b0:8c:7a:18:13:f1:32:b2:
         d0:6d:a8:43:7e:81:ae:38:c1:e0:ff:12:19:86:76:0f:26:19:
         1d:97:07:51:ad:fc:7e:84:85:08:f1:dd:ea:5a:59:4c:b5:2a:
         d0:7c:9e:e6:dc:98:2f:b1:c2:81:f2:e7:63:ef:32:fa:98:4e:
         09:aa:23:f4:d1:49:3e:13:54:11:9f:a6:80:85:fb:df:13:d6:
         00:24:4e:22:88:8d:b8:87:bc:49:be:6d:6b:0c:31:c3:71:eb:
         ab:8d:5b:d0:0d:9c:e7:1d:54:5b:19:3e:c5:a4:74:ba:83:9f:
         2a:c1:d1:a7:72:89:33:e4:0d:24:69:3c:24:19:c7:65:56:cf:
         b2:f5:08:7f:16:8a:08:00:f4:2c:52:de:9c:38:9f:af:2a:db:
         46:2b:b4:db:07:0f:c5:5e:14:db:e3:bb:1f:d4:74:2f:c0:a8:
         5f:e8:81:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3LvBBA1SwVnK2sWv8+kxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQyZGQ0OGU4Y2U0YzFlZTRlMDFlYjUwNGRlOGFkMzg5MjA4YzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4J26QAHfzrElrHYALVW+Sby291r
vR5AJTPZ77RcQXYl79cqi3ycfRfZ7ghcaK+2FXWyAxecHMdsypE2AsxRGwix+LvI
+P4GQUyqK3fJ1AYAMifDk9MF/wJLQjee3SOhC1tjd3ESQoKwCe0+QspybumSfGeO
1xIPjw5P6WeLqTqvD9boEdkinvBejAu6xP2RdNRDGvbXhgvAK+DTY9/bM7KU+y1b
qNYw4XguewZZS1JjoBgx6cdXaEWAoeQIpuvjmIzP0UKJyT6RGlqnJPTKRqTpTpOS
FG1gcqBPCn5Wufwqt5/X5LvQFjlUZC1cjZTvUyWoMzi44XpaBjHk7V8PHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdC3Ujozkwe5OAetQTeitOJIIxHMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvZDBMZFNPak9UQjdrNEI2MUJONkswNGtnakVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZBMA0G
CSqGSIb3DQEBCwUAA4IBAQBdAQCUEXE+XD4ktcRn59M+SF6Kvfl1BZHl/W8Vgrjo
X6u0ahPfq8jUJZ+vByQjwfTI9ewu8EgBqVXWo8j74CBlvbPxZ4fWkc4spF9cpE+t
+lbxsIx6GBPxMrLQbahDfoGuOMHg/xIZhnYPJhkdlwdRrfx+hIUI8d3qWllMtSrQ
fJ7m3JgvscKB8udj7zL6mE4JqiP00Uk+E1QRn6aAhfvfE9YAJE4iiI24h7xJvm1r
DDHDceurjVvQDZznHVRbGT7FpHS6g58qwdGncokz5A0kaTwkGcdlVs+y9Qh/FooI
APQsUt6cOJ+vKttGK7TbBw/FXhTb47sf1HQvwKhf6IHP
-----END CERTIFICATE-----