Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/dMLmP5p8qQVsC2NYuRy-tsoH_HQ.roa
File:                     dMLmP5p8qQVsC2NYuRy-tsoH_HQ.roa (raw, json)
Hash identifier:          AqqdYFXQD4WQCY/7G5NH8EzV20q4F7IuRDuvaMs3HfM=
Subject key identifier:   74:C2:E6:3F:9A:7C:A9:05:6C:0B:63:58:B9:1C:BE:B6:CA:07:FC:74
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       018CC9BC506B32BA0B15803C005B47310A3E
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/dMLmP5p8qQVsC2NYuRy-tsoH_HQ.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205087
IP address blocks:        37.143.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:50:6b:32:ba:0b:15:80:3c:00:5b:47:31:0a:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74c2e63f9a7ca9056c0b6358b91cbeb6ca07fc74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:02:6f:a1:f1:26:c6:dd:ae:9b:96:2d:25:05:
                    85:73:73:c0:50:81:32:90:50:15:d1:eb:31:e4:f9:
                    b9:53:8b:b3:21:11:93:71:ee:1c:84:ac:4a:c7:4e:
                    32:fb:eb:e3:48:d3:1f:a7:17:b2:dd:43:f5:3c:11:
                    45:86:ab:ff:3a:24:d7:41:40:90:a3:40:cd:61:23:
                    77:4c:31:b2:bf:2f:9b:53:8c:c4:14:d1:a6:12:03:
                    ed:c3:57:0a:53:84:12:2d:42:df:72:f6:66:68:6e:
                    bb:0b:5d:b4:80:96:4f:65:89:1d:e3:6c:ad:6e:04:
                    da:a6:c2:93:a6:0b:4d:93:37:42:0d:5c:d5:9a:b8:
                    57:6e:b2:5d:22:67:69:0b:06:cd:29:05:f9:96:dc:
                    fd:68:19:df:0a:87:9d:51:3a:74:d2:ae:12:96:9e:
                    42:0a:27:ee:be:ac:b1:f4:16:c7:2b:50:e3:a5:f8:
                    4e:b2:40:de:ce:46:03:5e:33:80:3d:1a:1b:ef:88:
                    51:8a:6e:35:85:74:03:d3:68:2f:a4:27:e0:0a:ca:
                    95:c2:23:b9:be:aa:61:ad:de:f5:43:05:4b:08:df:
                    f1:0e:2e:dd:84:10:01:e8:4c:31:6c:3d:f1:34:01:
                    ea:b3:85:88:01:09:16:03:5f:f6:3e:a8:7b:3b:7b:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C2:E6:3F:9A:7C:A9:05:6C:0B:63:58:B9:1C:BE:B6:CA:07:FC:74
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/dMLmP5p8qQVsC2NYuRy-tsoH_HQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:0b:84:30:9f:2f:2b:bd:a4:b1:e8:e6:30:21:c7:63:2e:24:
         b6:90:e3:9d:39:07:ce:6c:34:b2:4a:48:bb:81:86:da:c6:29:
         6c:be:64:32:2e:78:f1:03:e6:eb:c8:72:7f:84:42:aa:72:8f:
         64:eb:11:d3:8f:60:16:11:75:a5:40:3f:d6:8b:de:9d:d1:88:
         9d:2a:ce:ed:ae:f1:a8:8f:50:9f:64:c2:57:29:63:e1:c2:c3:
         ac:fb:7d:bd:08:46:f7:d4:24:d2:e3:ab:58:fb:03:69:f1:d2:
         90:d7:32:aa:6d:63:db:30:3d:18:d6:2e:3a:f9:c0:19:af:49:
         6e:22:f3:a7:24:ce:bf:34:79:78:d6:7c:bd:e9:fb:2a:d3:bf:
         b8:54:f5:e9:d3:a7:77:54:55:b0:b9:b0:f7:21:c2:76:36:30:
         d8:87:7d:02:84:08:92:27:e6:23:67:8a:72:f1:98:02:c0:4b:
         f1:6e:99:16:96:98:92:4e:81:80:30:2f:e9:53:f2:ed:7a:86:
         df:4e:b1:7d:ca:5d:ea:4b:8b:fd:d0:e8:b9:96:12:08:8a:76:
         33:00:8b:42:79:b9:75:a1:a6:ab:02:85:87:ac:22:c4:be:ca:
         a0:d2:a0:a0:0b:91:47:62:86:c3:0e:ed:22:fe:70:ca:31:41:
         76:6e:bd:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFBrMroLFYA8AFtHMQo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGMyZTYzZjlhN2NhOTA1NmMwYjYzNThiOTFjYmViNmNhMDdmYzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwJvofEmxt2um5YtJQWFc3PAUIEy
kFAV0esx5Pm5U4uzIRGTce4chKxKx04y++vjSNMfpxey3UP1PBFFhqv/OiTXQUCQ
o0DNYSN3TDGyvy+bU4zEFNGmEgPtw1cKU4QSLULfcvZmaG67C120gJZPZYkd42yt
bgTapsKTpgtNkzdCDVzVmrhXbrJdImdpCwbNKQX5ltz9aBnfCoedUTp00q4Slp5C
Cifuvqyx9BbHK1DjpfhOskDezkYDXjOAPRob74hRim41hXQD02gvpCfgCsqVwiO5
vqphrd71QwVLCN/xDi7dhBAB6EwxbD3xNAHqs4WIAQkWA1/2Pqh7O3tEzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTC5j+afKkFbAtjWLkcvrbKB/x0MB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvZE1MbVA1cDhxUVZzQzJOWXVSeS10c29IX0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJY+pMA0G
CSqGSIb3DQEBCwUAA4IBAQCuC4Qwny8rvaSx6OYwIcdjLiS2kOOdOQfObDSySki7
gYbaxilsvmQyLnjxA+bryHJ/hEKqco9k6xHTj2AWEXWlQD/Wi96d0YidKs7trvGo
j1CfZMJXKWPhwsOs+329CEb31CTS46tY+wNp8dKQ1zKqbWPbMD0Y1i46+cAZr0lu
IvOnJM6/NHl41ny96fsq07+4VPXp06d3VFWwubD3IcJ2NjDYh30ChAiSJ+YjZ4py
8ZgCwEvxbpkWlpiSToGAMC/pU/LteobfTrF9yl3qS4v90Oi5lhIIinYzAItCebl1
oaarAoWHrCLEvsqg0qCgC5FHYobDDu0i/nDKMUF2br23
-----END CERTIFICATE-----