Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/Jb5m0jFng8_L7aGBE-v0zwbZfzo.roa
File:                     Jb5m0jFng8_L7aGBE-v0zwbZfzo.roa (raw, json)
Hash identifier:          d1i4Vfj7w6xWaAEe4OwPzqncJvbpmkuu5nFZE6UDatg=
Subject key identifier:   25:BE:66:D2:31:67:83:CF:CB:ED:A1:81:13:EB:F4:CF:06:D9:7F:3A
Certificate issuer:       /CN=597a01de87e011803f890ae17749020f995f140c
Certificate serial:       018CC6B934C426F251585071F7B4214E87D2
Authority key identifier: 59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/Jb5m0jFng8_L7aGBE-v0zwbZfzo.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6878
IP address blocks:        164.30.0.0/17 maxlen: 24
                          2a07:b980:4000::/39 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:34:c4:26:f2:51:58:50:71:f7:b4:21:4e:87:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=597a01de87e011803f890ae17749020f995f140c
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25be66d2316783cfcbeda18113ebf4cf06d97f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c6:b3:01:16:c4:f9:00:8b:e0:dc:2c:4f:13:
                    25:bd:98:00:05:01:f4:3e:ba:1b:16:30:23:8b:c1:
                    ed:36:1c:e0:49:b1:26:1e:08:6f:fd:40:e1:26:20:
                    54:95:ec:d4:04:a7:92:35:9a:1e:f9:cf:36:da:b5:
                    30:cf:8f:37:4a:5a:e6:00:9c:ca:50:a1:d0:5c:5b:
                    71:3b:14:35:c0:b8:88:b9:eb:6f:9f:16:3a:4b:23:
                    2a:d9:61:48:53:29:c2:d7:35:38:cb:2c:1d:67:78:
                    9d:d2:c1:ab:67:d3:c5:d6:1c:68:d1:52:1f:25:11:
                    c7:6f:17:ed:56:5e:a3:4f:07:20:ec:23:0b:10:38:
                    03:82:8c:fe:f3:fb:5f:b1:b0:7d:76:7e:f9:29:25:
                    a5:33:8e:f3:4d:4e:08:15:5b:e0:56:cb:8a:85:49:
                    61:4e:d4:68:87:a1:43:9a:7b:f8:6f:6a:83:7e:ed:
                    13:31:86:13:fd:36:24:43:b0:e0:a1:b7:1d:7f:10:
                    a6:b5:33:24:87:67:7b:ec:eb:07:5f:3c:af:a2:e6:
                    88:ff:33:61:9f:fd:b7:34:99:81:04:09:b3:ec:70:
                    83:c0:83:80:af:9d:5a:65:db:af:1b:cb:8d:95:4d:
                    99:15:12:0c:95:7e:75:8b:e7:b3:03:5f:c8:c8:ce:
                    c3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BE:66:D2:31:67:83:CF:CB:ED:A1:81:13:EB:F4:CF:06:D9:7F:3A
            X509v3 Authority Key Identifier:
                keyid:59:7A:01:DE:87:E0:11:80:3F:89:0A:E1:77:49:02:0F:99:5F:14:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WXoB3ofgEYA_iQrhd0kCD5lfFAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/Jb5m0jFng8_L7aGBE-v0zwbZfzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/23ed9a-1ca5-45ea-9b8c-73533de099c3/1/WXoB3ofgEYA_iQrhd0kCD5lfFAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.30.0.0/17
                IPv6:
                  2a07:b980:4000::/39

    Signature Algorithm: sha256WithRSAEncryption
         6b:67:14:5a:b6:1d:85:6f:4e:a2:ba:ed:57:c3:29:ad:fd:73:
         e6:5c:e0:44:75:b4:7b:45:6f:a1:3c:93:4c:f5:d3:16:68:a1:
         57:0a:8b:3b:a7:ca:45:c2:bf:5b:d8:5d:7f:e8:07:0c:27:11:
         2b:7c:89:38:32:bd:0d:32:39:f8:b2:99:67:64:45:23:a8:49:
         c1:70:2c:d5:3b:b4:cd:e6:2b:75:3d:32:95:77:51:71:ab:f4:
         13:6b:b2:16:27:b5:01:ea:6a:20:5c:95:a3:af:04:0c:70:fd:
         fd:c4:63:b9:45:87:17:5f:f6:ae:46:51:12:93:85:0d:35:54:
         11:06:6a:84:59:6f:14:d3:01:87:c0:0c:a9:c2:00:5e:7c:a1:
         cd:5d:47:41:48:3a:bd:fd:56:19:04:ce:df:6d:70:22:44:ae:
         24:30:c1:5e:cf:90:5b:dc:0b:34:50:42:c9:8a:38:52:42:e5:
         84:0c:69:74:1d:f2:77:7a:57:e4:e2:c4:d2:3e:d0:8d:37:c5:
         d4:89:6e:d7:de:26:ff:ba:a0:16:e4:51:8b:ed:b0:e9:6c:8f:
         a9:f2:8e:58:c2:9c:11:77:49:50:14:6d:6b:df:d3:05:07:24:
         5d:0d:6d:89:60:b5:8b:96:2a:3c:c2:ab:24:c2:d7:2e:d7:d4:
         d0:69:fa:48
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzGuTTEJvJRWFBx97QhTofSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5N2EwMWRlODdlMDExODAzZjg5MGFlMTc3NDkwMjBmOTk1
ZjE0MGMwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWJlNjZkMjMxNjc4M2NmY2JlZGExODExM2ViZjRjZjA2ZDk3ZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58azARbE+QCL4NwsTxMlvZgABQH0
ProbFjAji8HtNhzgSbEmHghv/UDhJiBUlezUBKeSNZoe+c822rUwz483SlrmAJzK
UKHQXFtxOxQ1wLiIuetvnxY6SyMq2WFIUynC1zU4yywdZ3id0sGrZ9PF1hxo0VIf
JRHHbxftVl6jTwcg7CMLEDgDgoz+8/tfsbB9dn75KSWlM47zTU4IFVvgVsuKhUlh
TtRoh6FDmnv4b2qDfu0TMYYT/TYkQ7DgobcdfxCmtTMkh2d77OsHXzyvouaI/zNh
n/23NJmBBAmz7HCDwIOAr51aZduvG8uNlU2ZFRIMlX51i+ezA1/IyM7DzwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCW+ZtIxZ4PPy+2hgRPr9M8G2X86MB8GA1UdIwQY
MBaAFFl6Ad6H4BGAP4kK4XdJAg+ZXxQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMt
NzM1MzNkZTA5OWMzLzEvSmI1bTBqRm5nOF9MN2FHQkUtdjB6d2JaZnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8yM2VkOWEtMWNhNS00NWVhLTliOGMtNzM1MzNkZTA5OWMz
LzEvV1hvQjNvZmdFWUFfaVFyaGQwa0NENWxmRkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQHpB4AMA4E
AgACMAgDBgEqB7mAQDANBgkqhkiG9w0BAQsFAAOCAQEAa2cUWrYdhW9OorrtV8Mp
rf1z5lzgRHW0e0VvoTyTTPXTFmihVwqLO6fKRcK/W9hdf+gHDCcRK3yJODK9DTI5
+LKZZ2RFI6hJwXAs1Tu0zeYrdT0ylXdRcav0E2uyFie1AepqIFyVo68EDHD9/cRj
uUWHF1/2rkZREpOFDTVUEQZqhFlvFNMBh8AMqcIAXnyhzV1HQUg6vf1WGQTO321w
IkSuJDDBXs+QW9wLNFBCyYo4UkLlhAxpdB3yd3pX5OLE0j7QjTfF1Ilu194m/7qg
FuRRi+2w6WyPqfKOWMKcEXdJUBRta9/TBQckXQ1tiWC1i5YqPMKrJMLXLtfU0Gn6
SA==
-----END CERTIFICATE-----