Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/3iftpbFouPkTCy-roRpa7bzIU_A.roa
File:                     3iftpbFouPkTCy-roRpa7bzIU_A.roa (raw, json)
Hash identifier:          1fKqE2q/kjMgBHl0L9oRk2isnDl2CvvGpZivemhMMGg=
Subject key identifier:   DE:27:ED:A5:B1:68:B8:F9:13:0B:2F:AB:A1:1A:5A:ED:BC:C8:53:F0
Certificate issuer:       /CN=da6dc4192645c842a4fa2f88234f2e5a184c7664
Certificate serial:       018CC26D12465F006986F26E889E8307A1FD
Authority key identifier: DA:6D:C4:19:26:45:C8:42:A4:FA:2F:88:23:4F:2E:5A:18:4C:76:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/3iftpbFouPkTCy-roRpa7bzIU_A.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49065
IP address blocks:        5.252.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:12:46:5f:00:69:86:f2:6e:88:9e:83:07:a1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da6dc4192645c842a4fa2f88234f2e5a184c7664
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de27eda5b168b8f9130b2faba11a5aedbcc853f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:82:14:8c:85:77:b6:fa:8c:8f:52:62:83:35:
                    9e:df:1b:21:80:39:74:fb:1a:4f:e0:6a:a8:5e:69:
                    2c:c1:31:80:65:f5:3b:a4:b2:49:41:36:36:ca:61:
                    9d:58:61:93:8f:d9:81:98:d4:53:9c:b5:9f:ea:de:
                    3c:62:7b:b1:c6:3e:1c:d0:5c:3c:d7:79:41:a8:51:
                    19:b5:0c:43:83:8c:cb:09:41:15:b2:f9:91:e9:79:
                    8b:04:8b:81:e9:a4:f8:2b:52:31:05:d5:75:a5:03:
                    1e:20:3e:ba:f3:91:fa:08:2a:26:c1:de:fa:3e:61:
                    05:60:5c:f5:f6:e3:72:8f:79:12:e6:bb:39:09:a6:
                    d8:5a:34:68:e8:63:d8:5d:f8:96:78:b9:97:62:21:
                    57:5b:1c:12:bc:23:1d:77:27:53:89:ac:85:6b:1a:
                    a0:23:c5:e9:bb:b1:7c:56:6f:bd:b3:70:56:5e:09:
                    b5:c9:62:11:70:fd:f0:98:88:de:8b:cf:2f:b0:39:
                    b7:6f:0b:47:0a:28:29:ee:43:22:ef:f6:29:7a:63:
                    89:62:c9:bc:c2:13:2c:00:c7:4b:5b:83:de:b7:b0:
                    14:c3:7d:8a:9c:87:45:53:dd:9b:fe:ac:ca:86:de:
                    e8:f0:6c:1e:d5:df:7a:1f:dd:06:9e:c0:e2:db:31:
                    e2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:27:ED:A5:B1:68:B8:F9:13:0B:2F:AB:A1:1A:5A:ED:BC:C8:53:F0
            X509v3 Authority Key Identifier:
                keyid:DA:6D:C4:19:26:45:C8:42:A4:FA:2F:88:23:4F:2E:5A:18:4C:76:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2m3EGSZFyEKk-i-II08uWhhMdmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/3iftpbFouPkTCy-roRpa7bzIU_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/23c57c-b8a7-49a5-9c05-eef70aab035e/1/2m3EGSZFyEKk-i-II08uWhhMdmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e8:bd:50:80:1e:21:0b:52:82:98:1c:26:6f:f9:c7:b0:cb:
         97:8d:c3:1e:62:fa:2d:91:e8:7c:8e:fa:1b:3d:a0:a2:64:98:
         ce:3a:3d:5d:ca:5d:b2:06:0d:fd:8d:e5:02:bb:62:3e:34:57:
         d3:4d:40:84:5c:c1:64:70:62:bf:6a:c7:99:b1:18:6e:ca:c6:
         06:e2:b4:4c:e8:87:62:07:f4:6d:34:03:a1:c9:f9:59:68:e1:
         6b:49:5a:10:4f:8b:ca:29:a7:21:4b:6a:4a:c1:ad:c0:9c:f4:
         32:bf:8d:b1:ad:59:3c:75:60:bd:8b:e0:ce:90:11:83:fc:01:
         cc:30:28:13:88:d0:95:6b:40:3e:4c:e2:1a:c5:09:d1:03:7e:
         44:b7:b5:36:29:93:3d:08:70:9b:22:3f:5a:5a:79:ce:1b:df:
         fb:cd:ba:b8:84:4f:4e:d8:6b:17:74:d7:2b:89:2a:62:56:49:
         89:53:25:d9:9e:e9:3b:fc:16:20:80:39:8f:f3:a4:5f:e9:76:
         64:0c:ca:9e:07:fa:03:8c:f1:95:f4:af:55:b2:e2:da:dd:73:
         54:16:91:fb:a5:63:e2:92:25:cc:94:82:99:d7:40:ee:71:75:
         81:e2:7d:b6:0e:6e:85:f1:ac:16:3b:c6:76:8d:09:24:c3:e7:
         df:1a:6a:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRJGXwBphvJuiJ6DB6H9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNmRjNDE5MjY0NWM4NDJhNGZhMmY4ODIzNGYyZTVhMTg0
Yzc2NjQwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTI3ZWRhNWIxNjhiOGY5MTMwYjJmYWJhMTFhNWFlZGJjYzg1M2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4IUjIV3tvqMj1JigzWe3xshgDl0
+xpP4GqoXmkswTGAZfU7pLJJQTY2ymGdWGGTj9mBmNRTnLWf6t48Ynuxxj4c0Fw8
13lBqFEZtQxDg4zLCUEVsvmR6XmLBIuB6aT4K1IxBdV1pQMeID6685H6CComwd76
PmEFYFz19uNyj3kS5rs5CabYWjRo6GPYXfiWeLmXYiFXWxwSvCMddydTiayFaxqg
I8Xpu7F8Vm+9s3BWXgm1yWIRcP3wmIjei88vsDm3bwtHCigp7kMi7/YpemOJYsm8
whMsAMdLW4Pet7AUw32KnIdFU92b/qzKht7o8Gwe1d96H90GnsDi2zHiqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4n7aWxaLj5Ewsvq6EaWu28yFPwMB8GA1UdIwQY
MBaAFNptxBkmRchCpPoviCNPLloYTHZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm0zRUdTWkZ5RUtrLWktSUkwOHVXaGhNZG1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yM2M1N2MtYjhhNy00OWE1LTljMDUt
ZWVmNzBhYWIwMzVlLzEvM2lmdHBiRm91UGtUQ3ktcm9ScGE3YnpJVV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yM2M1N2MtYjhhNy00OWE1LTljMDUtZWVmNzBhYWIwMzVl
LzEvMm0zRUdTWkZ5RUtrLWktSUkwOHVXaGhNZG1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfyBMA0G
CSqGSIb3DQEBCwUAA4IBAQA86L1QgB4hC1KCmBwmb/nHsMuXjcMeYvotkeh8jvob
PaCiZJjOOj1dyl2yBg39jeUCu2I+NFfTTUCEXMFkcGK/aseZsRhuysYG4rRM6Idi
B/RtNAOhyflZaOFrSVoQT4vKKachS2pKwa3AnPQyv42xrVk8dWC9i+DOkBGD/AHM
MCgTiNCVa0A+TOIaxQnRA35Et7U2KZM9CHCbIj9aWnnOG9/7zbq4hE9O2GsXdNcr
iSpiVkmJUyXZnuk7/BYggDmP86Rf6XZkDMqeB/oDjPGV9K9VsuLa3XNUFpH7pWPi
kiXMlIKZ10DucXWB4n22Dm6F8awWO8Z2jQkkw+ffGmrH
-----END CERTIFICATE-----