Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/dczK3LkZ423_-xPnxhLxsqXVloU.roa
File:                     dczK3LkZ423_-xPnxhLxsqXVloU.roa (raw, json)
Hash identifier:          e2Nx0oR+wJe8AP+nJiMOyGuSPQiBN5PQAolmq86MDps=
Subject key identifier:   75:CC:CA:DC:B9:19:E3:6D:FF:FB:13:E7:C6:12:F1:B2:A5:D5:96:85
Certificate issuer:       /CN=89554780db25b243c0a2d361979b130a7f13c60d
Certificate serial:       018CC349481331F777B7C643D6523A94F4D4
Authority key identifier: 89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/dczK3LkZ423_-xPnxhLxsqXVloU.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28878
IP address blocks:        185.75.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:48:13:31:f7:77:b7:c6:43:d6:52:3a:94:f4:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89554780db25b243c0a2d361979b130a7f13c60d
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75cccadcb919e36dfffb13e7c612f1b2a5d59685
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3b:e7:a3:c3:24:da:23:ee:5e:c1:87:16:72:
                    9a:56:77:0d:a6:e7:11:8e:3f:b6:1f:16:f0:27:7d:
                    56:c1:4e:c9:0d:8d:ae:b1:e6:81:8f:6f:a3:da:16:
                    94:bb:e6:33:aa:c0:a1:0d:0a:17:35:9f:eb:72:96:
                    8c:08:1a:12:a8:88:0e:f8:f5:d4:f5:e2:52:cb:1c:
                    d3:e2:9c:1b:3f:25:d2:93:1a:fc:cd:05:f8:93:53:
                    78:2c:cd:c4:68:dd:2f:03:b5:21:fe:cd:27:44:5e:
                    19:df:df:f1:f6:bd:5e:07:ca:42:f0:df:96:1f:d0:
                    7a:26:10:81:90:4f:d5:65:19:19:78:84:92:a9:6b:
                    be:1a:2e:4f:fe:4e:a9:92:ed:08:38:ee:2c:68:40:
                    c0:6d:25:a9:bb:98:e7:48:ac:d8:79:8d:b1:47:3c:
                    b5:43:fc:64:dd:42:6f:97:72:8e:e7:80:0c:d2:f9:
                    2f:9e:f5:d9:af:0c:a0:81:3d:15:d4:7e:a4:53:5e:
                    b6:49:e3:37:8b:cc:87:5b:f5:9a:4b:27:6e:8d:f5:
                    44:68:21:51:0b:86:b6:47:7a:af:ac:08:28:c7:4e:
                    41:a9:cd:4c:00:38:53:17:73:5d:6f:97:f3:11:38:
                    61:20:49:96:7d:31:7a:ba:80:43:12:96:64:08:46:
                    47:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:CC:CA:DC:B9:19:E3:6D:FF:FB:13:E7:C6:12:F1:B2:A5:D5:96:85
            X509v3 Authority Key Identifier:
                keyid:89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/dczK3LkZ423_-xPnxhLxsqXVloU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:dc:53:5f:da:fc:42:c8:ba:37:49:2e:5a:2e:1f:8f:d3:ed:
         d8:b0:6a:b4:76:51:cb:88:f7:5f:0d:6c:49:db:fa:00:c2:a1:
         59:01:4b:67:3c:56:70:49:80:95:0e:55:34:c0:55:6d:78:81:
         f7:4b:37:a5:8e:e8:13:a5:0a:f7:9a:46:d8:24:ed:76:9f:f3:
         81:4b:6f:fc:58:a8:91:64:16:f8:31:51:8e:59:26:a0:c3:26:
         4d:02:d0:a7:a1:8d:3a:c1:5c:13:a8:05:d0:ad:a7:70:60:b3:
         c5:bd:e8:15:7c:7d:04:52:c7:01:3b:99:24:b3:00:a7:0c:9a:
         a3:f0:e1:0b:2c:bd:4f:17:7f:3d:b4:80:3f:68:4a:29:b3:88:
         e5:83:a9:4c:ed:62:0b:60:f2:03:2c:aa:65:8f:b1:9d:7e:68:
         a3:f3:0c:26:0b:08:61:e7:2e:6d:fd:53:40:57:08:ed:30:a5:
         7e:9d:89:b1:b1:b8:27:85:d9:83:85:68:e5:6e:5c:31:ec:8f:
         32:8a:c1:32:a2:f1:f4:8b:69:77:0b:30:ad:b5:6e:00:a0:e6:
         f3:39:ee:7e:a5:78:d0:fc:97:93:9b:40:16:76:ab:f4:e6:ed:
         6e:3e:b9:50:c9:00:13:a6:9e:70:e8:80:73:db:4e:28:a9:20:
         22:c0:22:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUgTMfd3t8ZD1lI6lPTUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NTU0NzgwZGIyNWIyNDNjMGEyZDM2MTk3OWIxMzBhN2Yx
M2M2MGQwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWNjY2FkY2I5MTllMzZkZmZmYjEzZTdjNjEyZjFiMmE1ZDU5Njg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTvno8Mk2iPuXsGHFnKaVncNpucR
jj+2HxbwJ31WwU7JDY2useaBj2+j2haUu+YzqsChDQoXNZ/rcpaMCBoSqIgO+PXU
9eJSyxzT4pwbPyXSkxr8zQX4k1N4LM3EaN0vA7Uh/s0nRF4Z39/x9r1eB8pC8N+W
H9B6JhCBkE/VZRkZeISSqWu+Gi5P/k6pku0IOO4saEDAbSWpu5jnSKzYeY2xRzy1
Q/xk3UJvl3KO54AM0vkvnvXZrwyggT0V1H6kU162SeM3i8yHW/WaSydujfVEaCFR
C4a2R3qvrAgox05Bqc1MADhTF3Ndb5fzEThhIEmWfTF6uoBDEpZkCEZHkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXMyty5GeNt//sT58YS8bKl1ZaFMB8GA1UdIwQY
MBaAFIlVR4DbJbJDwKLTYZebEwp/E8YNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGIt
ZGJhNGM5Yjg3MDZiLzEvZGN6SzNMa1o0MjNfLXhQbnhoTHhzcVhWbG9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGItZGJhNGM5Yjg3MDZi
LzEvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUucMA0G
CSqGSIb3DQEBCwUAA4IBAQCM3FNf2vxCyLo3SS5aLh+P0+3YsGq0dlHLiPdfDWxJ
2/oAwqFZAUtnPFZwSYCVDlU0wFVteIH3SzeljugTpQr3mkbYJO12n/OBS2/8WKiR
ZBb4MVGOWSagwyZNAtCnoY06wVwTqAXQradwYLPFvegVfH0EUscBO5kkswCnDJqj
8OELLL1PF389tIA/aEops4jlg6lM7WILYPIDLKplj7Gdfmij8wwmCwhh5y5t/VNA
VwjtMKV+nYmxsbgnhdmDhWjlblwx7I8yisEyovH0i2l3CzCttW4AoObzOe5+pXjQ
/JeTm0AWdqv05u1uPrlQyQATpp5w6IBz204oqSAiwCLj
-----END CERTIFICATE-----