Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/mnDBJHgBGK2xoOebudPU1n9pjrQ.roa
File:                     mnDBJHgBGK2xoOebudPU1n9pjrQ.roa (raw, json)
Hash identifier:          YmEMJ6CQzNnD2LCiyMMohCTufsY46dda1mvz9fpUiqg=
Subject key identifier:   9A:70:C1:24:78:01:18:AD:B1:A0:E7:9B:B9:D3:D4:D6:7F:69:8E:B4
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC522DC26438C66D1750169A510AD7
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/mnDBJHgBGK2xoOebudPU1n9pjrQ.roa
Signing time:             Mon 01 Jan 2024 16:29:59 +0000
ROA not before:           Mon 01 Jan 2024 16:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211078
IP address blocks:        62.76.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:52:2d:c2:64:38:c6:6d:17:50:16:9a:51:0a:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a70c124780118adb1a0e79bb9d3d4d67f698eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:1d:df:7c:7b:cc:5e:10:8b:f2:c7:d9:f2:0a:
                    c6:2c:47:94:fd:6c:76:e8:24:f8:8d:7c:71:57:b2:
                    38:27:59:a6:0a:77:d1:60:3f:3d:15:2a:d3:98:19:
                    54:3e:d2:c7:bb:84:1a:73:c5:7e:fc:8f:d5:b0:b4:
                    cb:2b:fc:32:ee:a4:09:d5:0b:af:4b:3f:01:13:08:
                    c5:58:f5:7b:a4:fc:bb:2d:23:c2:f7:f3:04:73:0d:
                    27:fa:bf:49:ac:6e:f0:f4:df:66:7e:be:c8:62:0d:
                    33:51:23:62:d8:e5:7f:c8:f0:18:3b:82:e7:47:de:
                    d4:bc:b1:72:19:13:49:76:07:4c:f6:08:b1:08:a1:
                    29:05:9d:ef:ca:73:db:9b:7a:da:b6:2f:b3:fa:7a:
                    6a:7e:6b:76:fe:66:75:6f:a3:93:d2:d3:c2:5b:01:
                    c6:c4:7a:78:21:01:58:eb:ce:b3:95:87:98:a9:19:
                    6a:84:fe:7e:0c:86:87:4d:ab:6b:d5:fe:2d:49:86:
                    ba:32:ca:50:11:87:75:b0:8d:21:c8:a8:1c:d7:a9:
                    32:88:c6:02:50:de:1b:b2:35:1f:a1:e9:97:6b:2f:
                    fb:15:54:61:04:64:86:f8:a7:13:94:51:d9:dd:e7:
                    c6:3a:b9:2f:37:5b:0e:4f:83:46:bb:d3:87:f7:9a:
                    a6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:70:C1:24:78:01:18:AD:B1:A0:E7:9B:B9:D3:D4:D6:7F:69:8E:B4
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/mnDBJHgBGK2xoOebudPU1n9pjrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:dc:e3:55:ef:8c:6b:0b:b6:b1:55:18:61:5c:67:c3:c9:23:
         4e:5f:b1:1f:a2:f7:77:1f:3d:2d:88:86:79:54:96:a5:46:4d:
         11:39:a2:94:4e:cf:86:82:6a:d7:da:33:d8:2a:38:c9:56:e8:
         a7:79:0b:30:2f:90:cd:ad:bb:9f:41:9c:cb:7e:6b:9a:6e:a6:
         6b:de:83:70:33:6a:69:1a:26:f3:6d:a9:a0:f5:2b:28:34:90:
         5d:4d:2d:fa:ed:90:4d:54:9b:d6:fe:af:81:a8:10:50:ff:02:
         9a:52:45:6c:f3:d4:b2:22:94:6c:24:76:8d:22:58:40:09:5b:
         9a:4a:15:21:79:9f:15:a6:a6:84:04:aa:73:b1:36:6e:af:1f:
         2b:5a:a5:1c:26:b9:15:ae:ba:2b:21:15:83:2e:9e:48:be:df:
         ef:f4:cf:aa:15:c5:25:93:89:10:80:67:67:27:68:13:38:4c:
         ca:6b:d6:81:eb:10:d2:7f:d1:db:3a:27:65:5f:79:04:21:73:
         73:11:c3:90:f2:f2:96:e1:ca:0d:6f:5b:49:78:3a:c9:38:a4:
         1d:c7:f3:73:e1:ee:1d:07:d7:4a:9b:6f:da:ee:ba:4e:f3:b1:
         91:33:9c:48:75:cd:5c:be:2c:51:78:ef:4c:22:95:01:99:ff:
         87:a9:fe:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FItwmQ4xm0XUBaaUQrXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTcwYzEyNDc4MDExOGFkYjFhMGU3OWJiOWQzZDRkNjdmNjk4ZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx3ffHvMXhCL8sfZ8grGLEeU/Wx2
6CT4jXxxV7I4J1mmCnfRYD89FSrTmBlUPtLHu4Qac8V+/I/VsLTLK/wy7qQJ1Quv
Sz8BEwjFWPV7pPy7LSPC9/MEcw0n+r9JrG7w9N9mfr7IYg0zUSNi2OV/yPAYO4Ln
R97UvLFyGRNJdgdM9gixCKEpBZ3vynPbm3rati+z+npqfmt2/mZ1b6OT0tPCWwHG
xHp4IQFY686zlYeYqRlqhP5+DIaHTatr1f4tSYa6MspQEYd1sI0hyKgc16kyiMYC
UN4bsjUfoemXay/7FVRhBGSG+KcTlFHZ3efGOrkvN1sOT4NGu9OH95qmdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpwwSR4ARitsaDnm7nT1NZ/aY60MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvbW5EQkpIZ0JHSzJ4b09lYnVkUFUxbjlwanJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkwOMA0G
CSqGSIb3DQEBCwUAA4IBAQCg3ONV74xrC7axVRhhXGfDySNOX7Efovd3Hz0tiIZ5
VJalRk0ROaKUTs+GgmrX2jPYKjjJVuineQswL5DNrbufQZzLfmuabqZr3oNwM2pp
Gibzbamg9SsoNJBdTS367ZBNVJvW/q+BqBBQ/wKaUkVs89SyIpRsJHaNIlhACVua
ShUheZ8VpqaEBKpzsTZurx8rWqUcJrkVrrorIRWDLp5Ivt/v9M+qFcUlk4kQgGdn
J2gTOEzKa9aB6xDSf9HbOidlX3kEIXNzEcOQ8vKW4coNb1tJeDrJOKQdx/Nz4e4d
B9dKm2/a7rpO87GRM5xIdc1cvixReO9MIpUBmf+Hqf4T
-----END CERTIFICATE-----