Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/L53Tm2Mnrm9z3IeaSry7M_UsCjc.roa
File:                     L53Tm2Mnrm9z3IeaSry7M_UsCjc.roa (raw, json)
Hash identifier:          gbrEcVKzjwlxXkXkV+ziBHDj1ZawqQK3McYgGB2eIso=
Subject key identifier:   2F:9D:D3:9B:63:27:AE:6F:73:DC:87:9A:4A:BC:BB:33:F5:2C:0A:37
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79562B90751C1E93008BF61315BDB2F
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/L53Tm2Mnrm9z3IeaSry7M_UsCjc.roa
Signing time:             Tue 02 Jan 2024 00:31:45 +0000
ROA not before:           Tue 02 Jan 2024 00:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62032
IP address blocks:        188.214.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:62:b9:07:51:c1:e9:30:08:bf:61:31:5b:db:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f9dd39b6327ae6f73dc879a4abcbb33f52c0a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:78:6e:31:59:c1:74:32:6a:ad:62:f2:ef:c0:
                    12:34:6e:3b:77:5a:9e:c4:1b:b4:c5:df:d2:be:81:
                    93:0f:68:3d:08:6e:8a:7a:44:3e:ca:71:7a:89:07:
                    da:33:e9:88:7f:cb:e7:5a:36:4e:7b:d1:25:47:b5:
                    27:d0:0e:56:29:76:a4:6d:a8:2a:6a:17:e8:ee:69:
                    11:d5:33:ac:f0:1b:64:f9:0b:f1:29:9c:ef:7d:25:
                    70:51:dd:41:34:54:ad:d3:17:10:ba:3e:a5:61:d4:
                    5a:46:2b:d6:99:36:0a:b8:02:2f:fc:31:1a:8d:15:
                    4c:00:f3:79:e6:84:5a:f7:77:57:75:0f:52:ae:32:
                    77:1a:d2:6c:f7:2e:e4:7d:b3:d5:dd:8f:b3:b6:ed:
                    38:c7:8a:9c:95:21:43:48:59:dd:cd:60:f3:b3:00:
                    50:cc:b2:e6:2b:e6:70:c6:6e:11:c6:21:9a:6d:6e:
                    53:7d:2a:24:e1:0f:28:2f:8d:aa:5a:fd:0d:e7:aa:
                    1b:a6:8f:d0:2c:91:3d:62:97:bf:42:90:d6:be:9c:
                    27:90:2d:d2:11:4e:75:97:da:47:61:76:ca:e8:99:
                    f4:5f:7c:80:0f:f2:99:04:78:ee:ec:22:af:af:7f:
                    30:85:2d:ca:db:45:4b:b3:0f:33:9a:3c:3a:94:5e:
                    65:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:9D:D3:9B:63:27:AE:6F:73:DC:87:9A:4A:BC:BB:33:F5:2C:0A:37
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/L53Tm2Mnrm9z3IeaSry7M_UsCjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:cd:f0:a3:b1:57:b1:75:ad:89:b5:cd:b2:f6:e8:0d:a2:4a:
         d3:a5:bb:89:6a:45:8f:61:3f:eb:b6:c1:bd:1c:c5:57:1c:fe:
         9a:4b:7e:67:07:cf:71:c3:8f:a8:fb:91:75:43:84:3e:51:c2:
         26:75:0d:80:18:77:48:03:96:30:8e:1f:ab:e4:8e:dd:c6:54:
         4e:03:59:91:4f:59:26:44:0b:45:1e:2c:03:30:55:78:75:51:
         4e:0b:32:6a:93:91:7e:3c:d6:bb:9e:1d:9e:30:9b:c7:a5:34:
         85:ab:0d:19:20:93:96:0d:99:e0:31:3c:86:f7:7a:4a:6f:a9:
         1e:e1:7d:0b:0e:d4:e2:9b:3a:f8:fe:6c:55:06:c0:f1:a5:77:
         e7:c5:72:20:e2:05:b9:c1:aa:ee:f4:3c:6d:7c:95:5f:87:e4:
         c1:93:e4:99:9c:e0:17:50:9b:78:52:3d:70:5c:38:f7:85:81:
         a8:c9:8e:72:46:56:fd:63:59:60:ba:89:5f:97:c9:42:47:0a:
         5d:ec:2a:e8:1a:92:b5:4e:4a:b7:bf:28:44:10:99:6a:08:65:
         09:52:c5:b2:6b:df:d5:9e:7f:08:e3:0f:77:9a:aa:58:f9:61:
         64:ef:15:e8:48:d9:73:f9:46:a1:3a:3a:64:8a:de:10:4f:d1:
         33:38:7a:52
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlWK5B1HB6TAIv2ExW9svMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjlkZDM5YjYzMjdhZTZmNzNkYzg3OWE0YWJjYmIzM2Y1MmMwYTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3huMVnBdDJqrWLy78ASNG47d1qe
xBu0xd/SvoGTD2g9CG6KekQ+ynF6iQfaM+mIf8vnWjZOe9ElR7Un0A5WKXakbagq
ahfo7mkR1TOs8Btk+QvxKZzvfSVwUd1BNFSt0xcQuj6lYdRaRivWmTYKuAIv/DEa
jRVMAPN55oRa93dXdQ9SrjJ3GtJs9y7kfbPV3Y+ztu04x4qclSFDSFndzWDzswBQ
zLLmK+Zwxm4RxiGabW5TfSok4Q8oL42qWv0N56obpo/QLJE9Ype/QpDWvpwnkC3S
EU51l9pHYXbK6Jn0X3yAD/KZBHju7CKvr38whS3K20VLsw8zmjw6lF5lPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC+d05tjJ65vc9yHmkq8uzP1LAo3MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0w1M1RtMk1ucm05ejNJZWFTcnk3TV9Vc0NqYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC81nsw
DQYJKoZIhvcNAQELBQADggEBAHHN8KOxV7F1rYm1zbL26A2iStOlu4lqRY9hP+u2
wb0cxVcc/ppLfmcHz3HDj6j7kXVDhD5RwiZ1DYAYd0gDljCOH6vkjt3GVE4DWZFP
WSZEC0UeLAMwVXh1UU4LMmqTkX481rueHZ4wm8elNIWrDRkgk5YNmeAxPIb3ekpv
qR7hfQsO1OKbOvj+bFUGwPGld+fFciDiBbnBqu70PG18lV+H5MGT5Jmc4BdQm3hS
PXBcOPeFgajJjnJGVv1jWWC6iV+XyUJHCl3sKugakrVOSre/KEQQmWoIZQlSxbJr
39WefwjjD3eaqlj5YWTvFehI2XP5RqE6OmSK3hBP0TM4elI=
-----END CERTIFICATE-----