Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Ho22FqmKeqgBqRa86GMWEBfDTRM.roa
File:                     Ho22FqmKeqgBqRa86GMWEBfDTRM.roa (raw, json)
Hash identifier:          P6tsf7VPKtSxqhp0DLYaFAtyyZsNNudxoi4AZxii8L4=
Subject key identifier:   1E:8D:B6:16:A9:8A:7A:A8:01:A9:16:BC:E8:63:16:10:17:C3:4D:13
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018CC5DC5AE96B16A2CAC6FF801C3AB1E048
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Ho22FqmKeqgBqRa86GMWEBfDTRM.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7470
IP address blocks:        163.171.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 19:03:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5a:e9:6b:16:a2:ca:c6:ff:80:1c:3a:b1:e0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e8db616a98a7aa801a916bce863161017c34d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e3:59:2b:55:b8:1a:f6:4a:66:27:45:40:02:
                    4e:93:92:de:9d:d5:20:0f:c2:b5:bd:04:cc:a0:88:
                    8e:d3:b1:24:5c:0e:ea:b3:63:77:9c:b1:8d:e3:47:
                    c4:ef:85:a8:d7:da:b0:a8:fc:f1:64:01:c9:1a:70:
                    01:86:89:84:53:9f:cc:83:0d:a3:c8:8f:6d:b5:96:
                    35:3a:87:20:18:16:fd:9a:cc:2b:18:f5:29:9f:c4:
                    ba:a5:99:51:55:ca:e4:d6:af:74:be:7e:d6:07:c0:
                    e9:b3:7d:ef:d6:66:13:70:05:f9:78:dd:d4:0c:ed:
                    e6:e0:4f:21:ac:29:98:a8:94:ce:87:2a:15:f8:a8:
                    05:e8:35:d3:69:bd:11:8e:f8:68:31:46:06:99:e8:
                    8d:8d:0f:9e:a3:52:84:6d:22:d0:87:1c:3d:55:ee:
                    d0:5a:a0:d5:14:7f:0f:f3:d7:5f:ed:99:92:53:1e:
                    5e:86:9c:09:8c:bf:e5:fa:f5:e7:2e:ce:d8:e7:6c:
                    eb:16:57:76:c1:da:01:3d:8d:3e:21:1d:95:f8:27:
                    24:f1:78:cf:63:9f:f8:a0:97:a7:f2:9a:ca:93:99:
                    42:e6:5a:4e:81:a0:b1:58:7b:a4:6a:30:eb:0a:79:
                    7e:1f:eb:0f:1d:0c:60:aa:40:9f:36:35:f2:34:4f:
                    5a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:8D:B6:16:A9:8A:7A:A8:01:A9:16:BC:E8:63:16:10:17:C3:4D:13
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Ho22FqmKeqgBqRa86GMWEBfDTRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.171.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:1a:c9:8e:32:ae:93:74:54:c5:45:b4:85:52:05:83:20:20:
         f8:8b:6f:92:90:79:bc:44:33:1b:09:a6:1a:46:7c:5e:11:7a:
         3a:c8:70:e3:f7:75:a1:55:e8:dd:7a:19:7d:8a:00:b1:ef:14:
         78:da:bd:77:f1:5b:9a:84:a7:70:d7:0e:ee:01:68:b2:41:9d:
         2f:27:e2:63:70:e1:03:b4:eb:e2:51:f8:c1:7a:9f:a7:07:5a:
         63:21:16:5b:2e:41:c3:a2:55:f0:8e:79:5a:21:fd:4f:32:9f:
         10:2f:15:84:26:03:13:95:23:8c:80:54:ce:23:20:2d:7c:20:
         52:c8:c2:03:bf:90:4c:79:79:39:03:bf:c3:f1:50:21:93:92:
         0d:3d:a0:0a:dc:e5:be:64:77:9a:25:e6:22:6e:5a:81:1c:61:
         65:15:4e:23:15:72:3c:a1:e8:16:a2:6e:b3:3a:fb:57:24:7c:
         6c:f7:83:46:27:53:76:09:26:ca:f7:51:3e:11:ad:df:af:47:
         a3:dc:30:31:01:f9:28:74:ee:e3:31:8b:f2:73:e8:1f:c0:eb:
         e8:b4:21:60:77:ae:bc:ba:67:4b:a9:b6:44:98:1b:dd:cf:93:
         b4:5b:ac:1c:2f:ff:ef:10:f0:1b:b5:34:8d:5b:1b:d1:ee:67:
         62:a8:7e:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Frpaxaiysb/gBw6seBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZThkYjYxNmE5OGE3YWE4MDFhOTE2YmNlODYzMTYxMDE3YzM0ZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreNZK1W4GvZKZidFQAJOk5LendUg
D8K1vQTMoIiO07EkXA7qs2N3nLGN40fE74Wo19qwqPzxZAHJGnABhomEU5/Mgw2j
yI9ttZY1OocgGBb9mswrGPUpn8S6pZlRVcrk1q90vn7WB8Dps33v1mYTcAX5eN3U
DO3m4E8hrCmYqJTOhyoV+KgF6DXTab0RjvhoMUYGmeiNjQ+eo1KEbSLQhxw9Ve7Q
WqDVFH8P89df7ZmSUx5ehpwJjL/l+vXnLs7Y52zrFld2wdoBPY0+IR2V+Cck8XjP
Y5/4oJen8prKk5lC5lpOgaCxWHukajDrCnl+H+sPHQxgqkCfNjXyNE9ahwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6NthapinqoAakWvOhjFhAXw00TMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvSG8yMkZxbUtlcWdCcVJhODZHTVdFQmZEVFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo6tEMA0G
CSqGSIb3DQEBCwUAA4IBAQASGsmOMq6TdFTFRbSFUgWDICD4i2+SkHm8RDMbCaYa
RnxeEXo6yHDj93WhVejdehl9igCx7xR42r138VuahKdw1w7uAWiyQZ0vJ+JjcOED
tOviUfjBep+nB1pjIRZbLkHDolXwjnlaIf1PMp8QLxWEJgMTlSOMgFTOIyAtfCBS
yMIDv5BMeXk5A7/D8VAhk5INPaAK3OW+ZHeaJeYiblqBHGFlFU4jFXI8oegWom6z
OvtXJHxs94NGJ1N2CSbK91E+Ea3fr0ej3DAxAfkodO7jMYvyc+gfwOvotCFgd668
umdLqbZEmBvdz5O0W6wcL//vEPAbtTSNWxvR7mdiqH4q
-----END CERTIFICATE-----