Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/386185-5acc-4fe1-9784-6b4afa40678d/1/ctoNQ8w9W9JuJXzy-zgS_9hB1LQ.roa
File:                     ctoNQ8w9W9JuJXzy-zgS_9hB1LQ.roa (raw, json)
Hash identifier:          EOdrfia49f/GOXMG7rHC6osPnIABSIFMl9JkkaiVVDY=
Subject key identifier:   72:DA:0D:43:CC:3D:5B:D2:6E:25:7C:F2:FB:38:12:FF:D8:41:D4:B4
Certificate issuer:       /CN=107f7d0b64c98c99e8d08683505264d6b08bfd86
Certificate serial:       018CC493935D7D9DD809A00FFEFC5FEB9F88
Authority key identifier: 10:7F:7D:0B:64:C9:8C:99:E8:D0:86:83:50:52:64:D6:B0:8B:FD:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EH99C2TJjJno0IaDUFJk1rCL_YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/386185-5acc-4fe1-9784-6b4afa40678d/1/ctoNQ8w9W9JuJXzy-zgS_9hB1LQ.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57707
IP address blocks:        171.25.220.0/23 maxlen: 23
                          171.25.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/386185-5acc-4fe1-9784-6b4afa40678d/1/EH99C2TJjJno0IaDUFJk1rCL_YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/386185-5acc-4fe1-9784-6b4afa40678d/1/EH99C2TJjJno0IaDUFJk1rCL_YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EH99C2TJjJno0IaDUFJk1rCL_YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 07:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:93:5d:7d:9d:d8:09:a0:0f:fe:fc:5f:eb:9f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107f7d0b64c98c99e8d08683505264d6b08bfd86
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72da0d43cc3d5bd26e257cf2fb3812ffd841d4b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d0:e3:27:0c:6a:58:02:1e:82:d0:de:0e:07:
                    e8:5b:c3:1c:e0:11:e7:7e:53:2c:a9:40:31:f7:c6:
                    8a:a7:cc:a8:4c:12:ff:cb:ac:de:d5:f3:9c:66:7b:
                    50:fa:cb:6d:69:4a:25:72:c6:1b:3a:f2:0a:a8:43:
                    a7:50:6c:1a:80:ed:fc:66:31:22:d2:4b:e8:62:4f:
                    e2:51:64:df:d0:d6:ab:52:86:72:a0:49:61:50:00:
                    9d:fb:69:50:c3:52:d8:de:d9:54:09:3b:8f:4c:48:
                    03:3c:7d:af:9d:67:ef:0c:0d:04:0a:4c:b4:dd:87:
                    99:6c:ad:bf:d3:92:c6:99:9d:f8:db:7f:7a:17:f5:
                    8f:a8:12:96:2c:65:e6:d7:f2:37:9b:52:d4:3a:64:
                    d5:cd:59:96:24:74:52:af:32:4c:b0:67:64:8e:f5:
                    90:a1:c7:1c:9f:3f:16:75:ea:f7:c0:87:1c:42:3c:
                    bc:6f:0a:32:eb:e1:30:9d:aa:af:bf:46:9e:18:1d:
                    bc:4d:5b:f9:74:18:be:44:56:98:e7:9e:2f:d0:01:
                    5c:3a:36:83:61:89:45:87:ac:42:06:29:0d:cd:de:
                    86:0a:aa:1e:af:a5:51:1a:68:53:60:03:e0:84:ab:
                    30:4b:ec:0f:95:3f:29:50:de:10:1e:26:a3:9c:7e:
                    03:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:DA:0D:43:CC:3D:5B:D2:6E:25:7C:F2:FB:38:12:FF:D8:41:D4:B4
            X509v3 Authority Key Identifier:
                keyid:10:7F:7D:0B:64:C9:8C:99:E8:D0:86:83:50:52:64:D6:B0:8B:FD:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EH99C2TJjJno0IaDUFJk1rCL_YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/386185-5acc-4fe1-9784-6b4afa40678d/1/ctoNQ8w9W9JuJXzy-zgS_9hB1LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/386185-5acc-4fe1-9784-6b4afa40678d/1/EH99C2TJjJno0IaDUFJk1rCL_YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.25.220.0-171.25.222.255

    Signature Algorithm: sha256WithRSAEncryption
         05:0e:5c:80:a6:8b:44:02:06:92:f2:98:7a:99:6e:25:61:bc:
         dd:27:3d:f8:1e:6a:75:42:7e:52:e2:4a:d8:a1:e1:d8:82:2d:
         52:e2:ea:ef:c4:e5:26:ff:74:7d:46:51:21:c1:33:fd:c7:50:
         0d:d9:29:4b:27:d8:64:64:97:ce:2d:c6:d4:96:b3:19:2d:15:
         56:8b:10:ec:6d:2b:72:78:8b:1d:2f:96:3d:5c:ed:f2:b1:e8:
         77:1f:28:8c:ff:1c:87:a5:a0:b0:ab:4b:2c:ec:59:d0:a1:f7:
         e2:71:90:29:19:3e:67:6a:f4:1e:06:c0:d9:f2:6c:2b:ca:f8:
         d3:bf:b9:d6:b9:ca:63:d3:55:f0:37:26:04:74:e1:34:fa:eb:
         7b:18:28:af:4c:e5:2e:0e:ff:c5:52:2d:82:9a:a3:de:f3:38:
         b7:ba:d3:02:5f:d7:d7:c7:65:83:e9:28:0d:6f:41:f8:f3:97:
         e1:3f:ec:bd:43:ea:68:8c:ce:90:29:94:4b:69:64:31:e7:64:
         25:f9:e2:32:23:39:64:9b:a7:8f:3d:3c:50:78:f3:98:6e:25:
         16:37:de:15:0a:71:c8:55:8c:e1:bf:d7:5c:7d:9d:4b:d2:e5:
         fa:8b:2f:02:60:02:73:f1:b7:5a:14:f4:4e:c0:fb:a3:fc:d2:
         67:36:3e:ae
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEk5NdfZ3YCaAP/vxf65+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwN2Y3ZDBiNjRjOThjOTllOGQwODY4MzUwNTI2NGQ2YjA4
YmZkODYwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmRhMGQ0M2NjM2Q1YmQyNmUyNTdjZjJmYjM4MTJmZmQ4NDFkNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9DjJwxqWAIegtDeDgfoW8Mc4BHn
flMsqUAx98aKp8yoTBL/y6ze1fOcZntQ+sttaUolcsYbOvIKqEOnUGwagO38ZjEi
0kvoYk/iUWTf0NarUoZyoElhUACd+2lQw1LY3tlUCTuPTEgDPH2vnWfvDA0ECky0
3YeZbK2/05LGmZ342396F/WPqBKWLGXm1/I3m1LUOmTVzVmWJHRSrzJMsGdkjvWQ
occcnz8Wder3wIccQjy8bwoy6+Ewnaqvv0aeGB28TVv5dBi+RFaY554v0AFcOjaD
YYlFh6xCBikNzd6GCqoer6VRGmhTYAPghKswS+wPlT8pUN4QHiajnH4DlwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHLaDUPMPVvSbiV88vs4Ev/YQdS0MB8GA1UdIwQY
MBaAFBB/fQtkyYyZ6NCGg1BSZNawi/2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUg5OUMyVEpqSm5vMElhRFVGSmsxckNMX1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8zODYxODUtNWFjYy00ZmUxLTk3ODQt
NmI0YWZhNDA2NzhkLzEvY3RvTlE4dzlXOUp1Slh6eS16Z1NfOWhCMUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8zODYxODUtNWFjYy00ZmUxLTk3ODQtNmI0YWZhNDA2Nzhk
LzEvRUg5OUMyVEpqSm5vMElhRFVGSmsxckNMX1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKrGdwD
BACrGd4wDQYJKoZIhvcNAQELBQADggEBAAUOXICmi0QCBpLymHqZbiVhvN0nPfge
anVCflLiStih4diCLVLi6u/E5Sb/dH1GUSHBM/3HUA3ZKUsn2GRkl84txtSWsxkt
FVaLEOxtK3J4ix0vlj1c7fKx6HcfKIz/HIeloLCrSyzsWdCh9+JxkCkZPmdq9B4G
wNnybCvK+NO/uda5ymPTVfA3JgR04TT663sYKK9M5S4O/8VSLYKao97zOLe60wJf
19fHZYPpKA1vQfjzl+E/7L1D6miMzpAplEtpZDHnZCX54jIjOWSbp489PFB485hu
JRY33hUKcchVjOG/11x9nUvS5fqLLwJgAnPxt1oU9E7A+6P80mc2Pq4=
-----END CERTIFICATE-----