Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/_DL0HmnT9m_SEQxVLnEWxe4mGd4.roa
File:                     _DL0HmnT9m_SEQxVLnEWxe4mGd4.roa (raw, json)
Hash identifier:          0mvIqpr8dTb2jLMm94cIJZ+qGtjDhS4PvdLfxdW8krU=
Subject key identifier:   FC:32:F4:1E:69:D3:F6:6F:D2:11:0C:55:2E:71:16:C5:EE:26:19:DE
Certificate issuer:       /CN=90f25e6a6893f466d2695e90670c047443643701
Certificate serial:       018CC8DD0FD4768155AB856C6D160EF874AA
Authority key identifier: 90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/_DL0HmnT9m_SEQxVLnEWxe4mGd4.roa
Signing time:             Tue 02 Jan 2024 06:29:39 +0000
ROA not before:           Tue 02 Jan 2024 06:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24643
IP address blocks:        185.72.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:0f:d4:76:81:55:ab:85:6c:6d:16:0e:f8:74:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f25e6a6893f466d2695e90670c047443643701
        Validity
            Not Before: Jan  2 06:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc32f41e69d3f66fd2110c552e7116c5ee2619de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a5:1f:ad:01:e5:87:f2:c8:af:b5:04:58:5b:
                    8e:85:0d:7d:1f:a5:08:a3:50:89:4b:70:37:e0:62:
                    43:61:85:e9:79:1c:ae:c3:c1:1f:67:62:aa:c0:da:
                    fb:c5:01:de:53:7a:a9:3d:66:e9:7d:e8:75:25:a9:
                    42:48:54:1b:4a:0e:4b:e5:86:9c:17:cd:90:0b:02:
                    f7:eb:a0:99:51:da:e6:b5:bf:00:93:6d:1a:14:e7:
                    50:05:4c:25:89:e4:02:df:2f:72:15:18:64:0f:f3:
                    4d:4d:74:02:9f:87:44:9b:df:f9:e5:e0:1c:75:70:
                    9e:b5:a6:73:73:8b:d3:59:30:cc:6f:31:b0:dd:06:
                    3b:a4:b6:90:c7:3d:df:6a:17:e6:e3:a9:0c:7a:56:
                    a0:68:67:70:fa:1c:25:fb:89:ea:ee:a8:e3:f3:71:
                    02:89:5e:eb:15:22:c9:de:4e:ee:bf:29:51:ee:41:
                    be:e2:74:af:c9:e7:e7:25:94:57:ec:0c:a6:79:8b:
                    1a:99:10:7f:3c:44:08:35:39:d4:0a:89:a6:57:fd:
                    a7:f5:b0:46:18:3c:cf:29:58:1b:29:d8:b2:8c:62:
                    34:51:38:a6:90:6a:9e:b8:70:37:de:60:ca:f8:ae:
                    a1:40:ac:bc:34:56:35:f4:4f:4e:35:40:b5:d4:96:
                    72:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:32:F4:1E:69:D3:F6:6F:D2:11:0C:55:2E:71:16:C5:EE:26:19:DE
            X509v3 Authority Key Identifier:
                keyid:90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/_DL0HmnT9m_SEQxVLnEWxe4mGd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:1e:82:d3:65:8a:60:2d:10:88:d9:bd:62:87:0b:fa:b8:72:
         f0:cd:ed:08:ab:86:f5:7c:6a:0a:07:51:62:da:75:f2:2d:9f:
         15:40:83:5f:87:b0:ce:2a:de:df:cd:a4:2a:ad:30:0b:53:9a:
         63:87:b4:83:67:57:ef:c7:8d:67:7f:2f:36:c0:ed:44:4e:ef:
         22:f8:c1:2d:41:1d:00:01:1a:0c:f0:6c:50:75:84:07:40:42:
         20:5d:6e:96:37:1b:e8:b1:aa:90:4a:c7:78:0b:3a:bb:ca:ab:
         56:01:b8:d9:69:30:2f:22:7e:0d:16:e3:31:a0:a1:e6:92:c7:
         4e:bc:81:6a:d4:c3:48:bf:90:7c:f6:a3:a8:72:a1:dd:6b:61:
         47:52:32:74:0f:5b:f0:e8:2f:ee:dc:ff:5f:f2:13:93:eb:29:
         3f:7f:6b:90:29:ae:d7:d5:07:40:78:41:6e:63:cf:63:67:4b:
         ab:25:79:15:5a:03:66:f4:de:27:24:b3:14:c1:5b:70:c9:38:
         78:a6:1d:94:c1:fe:cc:56:41:88:2c:5c:66:83:1a:36:22:b0:
         46:04:86:df:15:20:22:6c:12:6c:b7:fd:1a:86:ac:17:5c:c1:
         d0:0d:f9:f7:e1:62:a1:81:33:a7:70:ae:cc:0d:6a:c8:76:83:
         99:0e:34:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Q/UdoFVq4VsbRYO+HSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI1ZTZhNjg5M2Y0NjZkMjY5NWU5MDY3MGMwNDc0NDM2
NDM3MDEwHhcNMjQwMTAyMDYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMyZjQxZTY5ZDNmNjZmZDIxMTBjNTUyZTcxMTZjNWVlMjYxOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6UfrQHlh/LIr7UEWFuOhQ19H6UI
o1CJS3A34GJDYYXpeRyuw8EfZ2KqwNr7xQHeU3qpPWbpfeh1JalCSFQbSg5L5Yac
F82QCwL366CZUdrmtb8Ak20aFOdQBUwlieQC3y9yFRhkD/NNTXQCn4dEm9/55eAc
dXCetaZzc4vTWTDMbzGw3QY7pLaQxz3fahfm46kMelagaGdw+hwl+4nq7qjj83EC
iV7rFSLJ3k7uvylR7kG+4nSvyefnJZRX7AymeYsamRB/PEQINTnUCommV/2n9bBG
GDzPKVgbKdiyjGI0UTimkGqeuHA33mDK+K6hQKy8NFY19E9ONUC11JZyeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwy9B5p0/Zv0hEMVS5xFsXuJhneMB8GA1UdIwQY
MBaAFJDyXmpok/Rm0mlekGcMBHRDZDcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEt
M2IwYjRiOGEyOTgzLzEvX0RMMEhtblQ5bV9TRVF4VkxuRVd4ZTRtR2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEtM2IwYjRiOGEyOTgz
LzEva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUh6MA0G
CSqGSIb3DQEBCwUAA4IBAQAhHoLTZYpgLRCI2b1ihwv6uHLwze0Iq4b1fGoKB1Fi
2nXyLZ8VQINfh7DOKt7fzaQqrTALU5pjh7SDZ1fvx41nfy82wO1ETu8i+MEtQR0A
ARoM8GxQdYQHQEIgXW6WNxvosaqQSsd4Czq7yqtWAbjZaTAvIn4NFuMxoKHmksdO
vIFq1MNIv5B89qOocqHda2FHUjJ0D1vw6C/u3P9f8hOT6yk/f2uQKa7X1QdAeEFu
Y89jZ0urJXkVWgNm9N4nJLMUwVtwyTh4ph2Uwf7MVkGILFxmgxo2IrBGBIbfFSAi
bBJst/0ahqwXXMHQDfn34WKhgTOncK7MDWrIdoOZDjQy
-----END CERTIFICATE-----