Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/755c55-c4f5-4cb7-871d-69c68e2ef27d/1/ZxMj6yPUzCdGjZ7O07Q0Jxdj1kA.roa
File:                     ZxMj6yPUzCdGjZ7O07Q0Jxdj1kA.roa (raw, json)
Hash identifier:          IlT5kb6jZqjFn/bVCOu+rm8A+W7BQh4hgxlAHufRFfA=
Subject key identifier:   67:13:23:EB:23:D4:CC:27:46:8D:9E:CE:D3:B4:34:27:17:63:D6:40
Certificate issuer:       /CN=da9c6729e1e8989984dd802d1a90e89ce2fe373c
Certificate serial:       018CC26D40DCFA61529EC006EAB65201F701
Authority key identifier: DA:9C:67:29:E1:E8:98:99:84:DD:80:2D:1A:90:E8:9C:E2:FE:37:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2pxnKeHomJmE3YAtGpDonOL-Nzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/755c55-c4f5-4cb7-871d-69c68e2ef27d/1/ZxMj6yPUzCdGjZ7O07Q0Jxdj1kA.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60132
IP address blocks:        185.56.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/755c55-c4f5-4cb7-871d-69c68e2ef27d/1/2pxnKeHomJmE3YAtGpDonOL-Nzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/755c55-c4f5-4cb7-871d-69c68e2ef27d/1/2pxnKeHomJmE3YAtGpDonOL-Nzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2pxnKeHomJmE3YAtGpDonOL-Nzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 19:02:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:40:dc:fa:61:52:9e:c0:06:ea:b6:52:01:f7:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da9c6729e1e8989984dd802d1a90e89ce2fe373c
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=671323eb23d4cc27468d9eced3b434271763d640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2e:01:46:48:f1:9c:3f:77:42:1d:5d:fe:72:
                    b5:ac:34:90:fc:65:b6:a1:c2:6e:49:7e:80:e6:59:
                    7b:72:2e:e7:7c:78:32:dd:6c:d6:37:6a:0b:28:4f:
                    76:88:02:f4:59:d8:03:bc:4a:43:b9:ac:22:a4:47:
                    c8:c0:ff:70:5e:3e:9e:74:0e:a7:47:91:61:30:e2:
                    4f:7b:15:01:79:eb:d0:81:f0:4d:90:48:76:f4:4b:
                    30:e8:17:3a:70:61:cb:f6:a4:69:6b:ea:90:84:69:
                    09:87:9c:18:14:40:4b:a1:9f:d9:02:25:52:54:26:
                    e4:5b:7a:b6:60:0b:4e:05:f2:93:61:55:96:29:61:
                    52:31:3c:f8:fd:73:33:b4:9a:83:a6:59:cb:f1:a5:
                    e6:06:9d:7c:c7:60:9b:9a:8b:0e:12:cd:ef:98:c6:
                    bf:f8:62:c2:ab:6e:cc:d7:c2:0d:4c:4e:b4:ce:fa:
                    22:28:05:28:a1:ab:8b:b5:5c:95:b0:a2:b8:4a:a1:
                    b6:cb:ef:b1:b3:9d:5a:fb:a4:eb:e6:00:45:56:df:
                    36:b9:94:c3:12:d3:73:eb:bf:c8:f8:96:94:8f:ec:
                    6a:94:57:5e:87:7f:d7:2b:f5:c7:83:86:27:d1:25:
                    0b:f0:a5:33:88:2f:5c:7a:f0:59:39:fa:d6:5e:a4:
                    6d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:13:23:EB:23:D4:CC:27:46:8D:9E:CE:D3:B4:34:27:17:63:D6:40
            X509v3 Authority Key Identifier:
                keyid:DA:9C:67:29:E1:E8:98:99:84:DD:80:2D:1A:90:E8:9C:E2:FE:37:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2pxnKeHomJmE3YAtGpDonOL-Nzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/755c55-c4f5-4cb7-871d-69c68e2ef27d/1/ZxMj6yPUzCdGjZ7O07Q0Jxdj1kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/755c55-c4f5-4cb7-871d-69c68e2ef27d/1/2pxnKeHomJmE3YAtGpDonOL-Nzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a9:66:05:05:35:32:19:3a:f6:7e:bf:35:1d:b5:e6:22:fd:
         87:de:10:6a:e9:b7:75:d5:b6:e8:0b:9e:7d:a3:38:a9:29:37:
         2e:3f:cf:91:c2:c0:db:64:4c:15:7c:fe:fd:04:29:d9:73:95:
         c4:37:18:4a:5f:5b:7e:34:7a:67:10:3a:f4:70:ea:8b:84:06:
         10:f7:d9:c3:68:5c:30:fe:bd:25:7d:65:df:24:b0:6b:20:31:
         fc:68:56:41:34:3d:aa:67:93:48:0a:e8:eb:ce:85:73:f3:10:
         1e:b3:43:4e:4c:e1:55:35:40:7c:05:a5:57:ec:e2:6b:40:6d:
         18:20:85:4b:65:36:df:63:af:97:7a:df:ba:5b:1e:d2:5c:d2:
         cf:d3:79:53:eb:48:6e:8e:21:6d:ee:83:e2:75:8e:8c:7c:0e:
         23:76:55:8e:1b:af:04:b5:20:b6:de:37:37:c1:c4:95:c6:84:
         4e:e4:4e:d0:ff:b2:f0:30:96:db:a4:4d:f8:aa:ad:1a:71:7b:
         04:15:ab:e2:16:51:6c:7d:1c:2f:62:9a:9b:e5:7b:38:4c:83:
         d6:8f:0a:75:93:c4:64:3d:df:13:0b:12:60:e5:79:63:c0:22:
         97:f2:ad:b7:6f:ea:c9:81:86:c7:e3:6e:23:a0:5a:6c:86:5c:
         24:8c:79:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUDc+mFSnsAG6rZSAfcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOWM2NzI5ZTFlODk4OTk4NGRkODAyZDFhOTBlODljZTJm
ZTM3M2MwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzEzMjNlYjIzZDRjYzI3NDY4ZDllY2VkM2I0MzQyNzE3NjNkNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyy4BRkjxnD93Qh1d/nK1rDSQ/GW2
ocJuSX6A5ll7ci7nfHgy3WzWN2oLKE92iAL0WdgDvEpDuawipEfIwP9wXj6edA6n
R5FhMOJPexUBeevQgfBNkEh29Esw6Bc6cGHL9qRpa+qQhGkJh5wYFEBLoZ/ZAiVS
VCbkW3q2YAtOBfKTYVWWKWFSMTz4/XMztJqDplnL8aXmBp18x2CbmosOEs3vmMa/
+GLCq27M18INTE60zvoiKAUooauLtVyVsKK4SqG2y++xs51a+6Tr5gBFVt82uZTD
EtNz67/I+JaUj+xqlFdeh3/XK/XHg4Yn0SUL8KUziC9cevBZOfrWXqRtAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcTI+sj1MwnRo2eztO0NCcXY9ZAMB8GA1UdIwQY
MBaAFNqcZynh6JiZhN2ALRqQ6Jzi/jc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnB4bktlSG9tSm1FM1lBdEdwRG9uT0wtTnp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC83NTVjNTUtYzRmNS00Y2I3LTg3MWQt
NjljNjhlMmVmMjdkLzEvWnhNajZ5UFV6Q2RHalo3TzA3UTBKeGRqMWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC83NTVjNTUtYzRmNS00Y2I3LTg3MWQtNjljNjhlMmVmMjdk
LzEvMnB4bktlSG9tSm1FM1lBdEdwRG9uT0wtTnp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTiZMA0G
CSqGSIb3DQEBCwUAA4IBAQAQqWYFBTUyGTr2fr81HbXmIv2H3hBq6bd11bboC559
ozipKTcuP8+RwsDbZEwVfP79BCnZc5XENxhKX1t+NHpnEDr0cOqLhAYQ99nDaFww
/r0lfWXfJLBrIDH8aFZBND2qZ5NICujrzoVz8xAes0NOTOFVNUB8BaVX7OJrQG0Y
IIVLZTbfY6+Xet+6Wx7SXNLP03lT60hujiFt7oPidY6MfA4jdlWOG68EtSC23jc3
wcSVxoRO5E7Q/7LwMJbbpE34qq0acXsEFaviFlFsfRwvYpqb5Xs4TIPWjwp1k8Rk
Pd8TCxJg5XljwCKX8q23b+rJgYbH424joFpshlwkjHnH
-----END CERTIFICATE-----