Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/RdI1nr5LSTwOtAYfdhDm-P1rDXE.roa
File:                     RdI1nr5LSTwOtAYfdhDm-P1rDXE.roa (raw, json)
Hash identifier:          pkYY2DUFmPTtzL9kvIikM/4ZU2xslotfNQ/p7n4gcVY=
Subject key identifier:   45:D2:35:9E:BE:4B:49:3C:0E:B4:06:1F:76:10:E6:F8:FD:6B:0D:71
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       018F767FEB8370216D8279AB5710D4868FEA
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/RdI1nr5LSTwOtAYfdhDm-P1rDXE.roa
Signing time:             Tue 14 May 2024 09:47:25 +0000
ROA not before:           Tue 14 May 2024 09:47:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        5.22.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:7f:eb:83:70:21:6d:82:79:ab:57:10:d4:86:8f:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: May 14 09:47:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45d2359ebe4b493c0eb4061f7610e6f8fd6b0d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e6:11:25:e7:ed:62:f9:a8:21:b8:57:ce:11:
                    e1:68:6b:e9:82:63:e3:b7:f2:70:ae:6b:9d:78:18:
                    4a:20:6a:af:32:36:66:7d:c4:7c:88:a1:c6:6a:bb:
                    25:f2:11:8b:ed:be:75:39:d6:35:8b:61:8f:b8:fc:
                    e7:48:44:59:40:85:50:bc:e6:29:ce:c0:2c:85:11:
                    15:7d:63:fc:08:bd:84:0f:e4:f3:3c:36:ca:ce:85:
                    6d:48:5d:56:9e:34:aa:48:22:cd:a3:54:60:f9:82:
                    95:fa:33:8c:c2:66:83:a2:b7:a1:8d:15:e2:73:f7:
                    8a:8b:85:85:b9:87:01:b7:c6:c8:ed:16:26:88:82:
                    95:47:dd:78:61:f8:d2:97:66:06:ff:b0:0e:aa:8c:
                    77:27:8a:60:c9:24:b1:1b:7f:96:12:df:8c:cb:51:
                    37:cb:b0:e1:3e:8c:5a:e0:61:32:dc:a1:2f:b0:60:
                    39:cc:5b:9e:66:81:ea:33:63:4c:81:53:b8:10:71:
                    e8:c0:20:fd:33:ca:be:e0:09:09:ca:24:aa:b2:12:
                    53:b4:04:70:13:85:10:38:d9:14:a0:dc:5b:c1:94:
                    2f:c0:62:b4:cf:c1:79:b2:6b:db:47:2c:bd:cf:2d:
                    59:cb:ed:a7:c7:b7:20:e5:33:67:8f:21:79:69:d1:
                    2f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D2:35:9E:BE:4B:49:3C:0E:B4:06:1F:76:10:E6:F8:FD:6B:0D:71
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/RdI1nr5LSTwOtAYfdhDm-P1rDXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:c8:41:18:23:34:e4:fb:25:21:48:18:71:93:c9:f7:01:27:
         bc:2b:07:f0:46:cb:f6:dd:fd:d7:b7:18:48:8b:96:21:d0:c3:
         a8:b3:4b:36:4b:aa:d9:ea:fc:a4:20:a4:52:84:88:26:d2:c4:
         8a:67:93:02:86:c9:e2:5d:2a:fe:db:22:b1:2c:d0:d3:8c:11:
         f3:56:75:80:03:39:27:3f:00:90:81:b5:c1:cf:19:14:54:ab:
         e0:cd:6c:b0:bd:11:f6:3f:dc:9f:71:8a:af:8f:62:23:5c:22:
         a6:7a:24:a4:45:86:0f:9c:49:d3:21:69:e3:aa:c8:24:89:a8:
         96:fe:4e:a7:34:d4:53:88:5e:f5:85:fa:e6:86:52:2e:9b:d7:
         a4:07:dc:f9:1e:a2:65:da:95:61:2f:b3:9c:b1:e9:95:c1:ec:
         04:0e:ae:a2:b5:a7:b7:87:2f:f1:94:dc:2a:9d:c3:2d:13:5b:
         e7:8b:1d:f7:e8:68:d2:9b:d4:d2:2f:ad:e1:74:1b:20:f5:45:
         dc:02:c8:bd:9e:63:fe:10:14:8c:ab:e5:e5:37:19:cc:64:db:
         04:5d:a4:47:64:3c:b8:95:ac:8b:ca:82:4e:3e:5e:b1:51:65:
         c3:30:74:db:1f:c3:ab:bd:13:bc:dd:51:c4:92:2f:b1:47:62:
         05:bc:ef:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY92f+uDcCFtgnmrVxDUho/qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjQwNTE0MDk0NzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWQyMzU5ZWJlNGI0OTNjMGViNDA2MWY3NjEwZTZmOGZkNmIwZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+YRJeftYvmoIbhXzhHhaGvpgmPj
t/JwrmudeBhKIGqvMjZmfcR8iKHGarsl8hGL7b51OdY1i2GPuPznSERZQIVQvOYp
zsAshREVfWP8CL2ED+TzPDbKzoVtSF1WnjSqSCLNo1Rg+YKV+jOMwmaDorehjRXi
c/eKi4WFuYcBt8bI7RYmiIKVR914YfjSl2YG/7AOqox3J4pgySSxG3+WEt+My1E3
y7DhPoxa4GEy3KEvsGA5zFueZoHqM2NMgVO4EHHowCD9M8q+4AkJyiSqshJTtARw
E4UQONkUoNxbwZQvwGK0z8F5smvbRyy9zy1Zy+2nx7cg5TNnjyF5adEvDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXSNZ6+S0k8DrQGH3YQ5vj9aw1xMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvUmRJMW5yNUxTVHdPdEFZZmRoRG0tUDFyRFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBRbMMA0G
CSqGSIb3DQEBCwUAA4IBAQCHyEEYIzTk+yUhSBhxk8n3ASe8KwfwRsv23f3XtxhI
i5Yh0MOos0s2S6rZ6vykIKRShIgm0sSKZ5MChsniXSr+2yKxLNDTjBHzVnWAAzkn
PwCQgbXBzxkUVKvgzWywvRH2P9yfcYqvj2IjXCKmeiSkRYYPnEnTIWnjqsgkiaiW
/k6nNNRTiF71hfrmhlIum9ekB9z5HqJl2pVhL7OcsemVwewEDq6itae3hy/xlNwq
ncMtE1vnix336GjSm9TSL63hdBsg9UXcAsi9nmP+EBSMq+XlNxnMZNsEXaRHZDy4
layLyoJOPl6xUWXDMHTbH8OrvRO83VHEki+xR2IFvO9o
-----END CERTIFICATE-----