Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/W5o2NmkxjThqIV7FHBp36luPvlI.roa
File:                     W5o2NmkxjThqIV7FHBp36luPvlI.roa (raw, json)
Hash identifier:          17k/Gh9eFquFYJD5k6fJUJwFyKLrn6T+MVwzetoSeR0=
Subject key identifier:   5B:9A:36:36:69:31:8D:38:6A:21:5E:C5:1C:1A:77:EA:5B:8F:BE:52
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018CC5DC5A322D4CCC713C4489BFAF66DD85
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/W5o2NmkxjThqIV7FHBp36luPvlI.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4775
IP address blocks:        163.171.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5a:32:2d:4c:cc:71:3c:44:89:bf:af:66:dd:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b9a363669318d386a215ec51c1a77ea5b8fbe52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:51:dc:77:df:55:80:3a:9a:a3:bc:d2:33:3d:
                    16:cd:a7:17:48:7b:0d:ab:12:d9:0a:1a:9a:d2:b2:
                    23:e9:33:df:83:c3:94:bd:ba:ad:b5:dc:dc:bb:15:
                    25:a4:6f:95:a3:fb:92:e8:dc:8e:cd:84:fc:69:e9:
                    5b:90:52:8c:97:5c:79:cb:c5:88:12:57:dc:0d:de:
                    3d:29:5d:7b:57:9b:4b:57:1c:7d:78:87:27:9f:d2:
                    df:0d:5a:e5:0b:ae:0a:fd:69:57:9e:6e:24:c8:86:
                    15:c8:fc:bc:d7:71:6c:d8:9a:ad:4a:11:b7:25:8c:
                    42:4e:cd:87:29:46:cd:be:02:88:46:c8:bc:46:4f:
                    19:5c:72:2c:31:0a:8a:b8:16:36:93:f8:f2:f7:96:
                    51:ab:5f:6d:37:56:ce:06:44:1a:0c:10:dc:ff:e7:
                    44:c2:6a:17:a5:e9:96:a5:1a:b3:be:db:fc:59:46:
                    5b:b5:be:fa:3d:a2:38:98:1b:cf:f3:53:27:2c:75:
                    ca:82:5e:a9:8c:c3:1c:00:6e:f2:6b:89:b2:cb:1f:
                    98:b0:c5:66:d1:87:c4:fd:d0:aa:d5:0e:b4:fb:4a:
                    72:8c:06:62:c4:6d:2e:35:a3:04:6a:21:33:c1:a0:
                    10:7f:df:ac:7b:4a:19:36:0e:82:36:e6:6f:dc:ac:
                    61:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:9A:36:36:69:31:8D:38:6A:21:5E:C5:1C:1A:77:EA:5B:8F:BE:52
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/W5o2NmkxjThqIV7FHBp36luPvlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.171.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:cc:0c:75:87:80:e6:84:59:6a:10:5a:bb:92:84:f6:a1:5f:
         38:3b:bd:47:12:bc:f5:1a:6c:38:f8:7d:15:33:61:6b:b9:78:
         9b:fa:29:55:d1:d7:fc:2c:1d:c1:b9:23:28:19:02:3f:9d:8b:
         6d:48:90:d1:a2:b7:5e:e6:8e:be:47:99:64:ec:05:98:aa:5a:
         f2:b5:b1:be:d7:35:b4:d2:bb:65:2a:cd:ec:aa:5c:f5:b7:34:
         77:d1:c0:5e:8f:d7:af:4f:78:6c:99:20:c5:29:5a:28:b1:94:
         35:1c:7c:03:79:a2:06:f8:49:ad:8a:0c:17:ce:ca:29:33:a8:
         58:89:a6:20:37:f4:2b:d2:fa:65:a6:94:24:10:14:0b:68:ca:
         a6:71:ba:20:b3:7a:5e:da:2c:63:e9:29:69:44:26:74:fc:3a:
         ca:0b:81:f4:52:fb:e0:02:ee:a3:f5:34:85:e5:4d:41:e4:63:
         66:ed:3a:42:e8:86:d9:fb:6e:c3:80:6c:81:2d:7f:9b:b1:b2:
         82:d0:4d:52:6e:5b:f6:8b:47:33:de:cb:48:11:da:e8:f0:07:
         3b:65:7a:cd:45:9f:7c:b6:d5:16:22:6c:a3:33:be:f7:6d:af:
         c1:4b:14:58:7b:45:fc:ab:48:42:b1:27:79:e5:96:8b:75:3a:
         fd:46:c1:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FoyLUzMcTxEib+vZt2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjlhMzYzNjY5MzE4ZDM4NmEyMTVlYzUxYzFhNzdlYTViOGZiZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FHcd99VgDqao7zSMz0WzacXSHsN
qxLZChqa0rIj6TPfg8OUvbqttdzcuxUlpG+Vo/uS6NyOzYT8aelbkFKMl1x5y8WI
ElfcDd49KV17V5tLVxx9eIcnn9LfDVrlC64K/WlXnm4kyIYVyPy813Fs2JqtShG3
JYxCTs2HKUbNvgKIRsi8Rk8ZXHIsMQqKuBY2k/jy95ZRq19tN1bOBkQaDBDc/+dE
wmoXpemWpRqzvtv8WUZbtb76PaI4mBvP81MnLHXKgl6pjMMcAG7ya4myyx+YsMVm
0YfE/dCq1Q60+0pyjAZixG0uNaMEaiEzwaAQf9+se0oZNg6CNuZv3KxhUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuaNjZpMY04aiFexRwad+pbj75SMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvVzVvMk5ta3hqVGhxSVY3RkhCcDM2bHVQdmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo6tBMA0G
CSqGSIb3DQEBCwUAA4IBAQCBzAx1h4DmhFlqEFq7koT2oV84O71HErz1Gmw4+H0V
M2FruXib+ilV0df8LB3BuSMoGQI/nYttSJDRorde5o6+R5lk7AWYqlrytbG+1zW0
0rtlKs3sqlz1tzR30cBej9evT3hsmSDFKVoosZQ1HHwDeaIG+EmtigwXzsopM6hY
iaYgN/Qr0vplppQkEBQLaMqmcbogs3pe2ixj6SlpRCZ0/DrKC4H0UvvgAu6j9TSF
5U1B5GNm7TpC6IbZ+27DgGyBLX+bsbKC0E1Sblv2i0cz3stIEdro8Ac7ZXrNRZ98
ttUWImyjM773ba/BSxRYe0X8q0hCsSd55ZaLdTr9RsEf
-----END CERTIFICATE-----