Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/dSkU8UgUYIcAiurqyEdjgAeP_Zk.roa
File:                     dSkU8UgUYIcAiurqyEdjgAeP_Zk.roa (raw, json)
Hash identifier:          Sz+Cni+PL1msW6vgK7D6V0uS+dHMLcyQMdV/n3hR2lM=
Subject key identifier:   75:29:14:F1:48:14:60:87:00:8A:EA:EA:C8:47:63:80:07:8F:FD:99
Certificate issuer:       /CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
Certificate serial:       018CC94AD4BD74E1D4D2A13F33FC8FC85579
Authority key identifier: 55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/dSkU8UgUYIcAiurqyEdjgAeP_Zk.roa
Signing time:             Tue 02 Jan 2024 08:29:33 +0000
ROA not before:           Tue 02 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39519
IP address blocks:        217.18.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d4:bd:74:e1:d4:d2:a1:3f:33:fc:8f:c8:55:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=554adb72b82ecfafc5705e25febcab5c82d76ee6
        Validity
            Not Before: Jan  2 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=752914f148146087008aeaeac8476380078ffd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ad:d1:61:1c:4a:38:bc:e6:46:cd:1c:08:08:
                    84:bb:bd:67:91:be:ae:86:25:6e:58:c7:19:c7:da:
                    c2:46:a6:84:e8:50:43:ff:d0:f8:6a:f8:eb:b5:ee:
                    1f:87:bf:ae:ca:d3:99:e5:8c:d1:61:a5:ef:8e:c9:
                    16:06:3a:b7:e5:ed:7b:91:27:d7:25:27:63:b1:1a:
                    45:1c:c7:f8:09:eb:e9:5b:3c:16:83:28:f7:53:be:
                    8a:87:89:2a:8e:99:55:c7:2d:c7:09:f0:23:bc:f0:
                    04:b5:d3:02:58:18:f7:b4:67:17:8b:fa:fa:da:db:
                    53:39:21:f7:0d:2e:7d:e0:3f:b4:94:a2:34:5a:fa:
                    6a:9d:ca:17:7f:a3:ad:e5:d9:ad:e5:c2:f9:41:e8:
                    8c:51:1c:5d:9f:eb:b3:db:41:0a:12:e2:5f:eb:96:
                    34:32:52:3e:79:5c:2e:c1:6d:b0:06:c2:88:56:19:
                    8a:b8:8a:1c:5d:a4:e1:7a:33:f2:9e:18:5e:1a:da:
                    a8:39:84:07:19:e2:d7:c9:c7:71:19:39:e1:46:c8:
                    2a:5f:1f:f1:12:d7:b0:e6:ae:48:68:6f:d4:94:fe:
                    a2:ea:34:7d:de:f3:b0:0f:f9:34:7d:7e:e7:75:a1:
                    12:0f:64:bc:8c:17:ac:57:b1:6f:f5:7f:54:b8:1e:
                    32:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:29:14:F1:48:14:60:87:00:8A:EA:EA:C8:47:63:80:07:8F:FD:99
            X509v3 Authority Key Identifier:
                keyid:55:4A:DB:72:B8:2E:CF:AF:C5:70:5E:25:FE:BC:AB:5C:82:D7:6E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VUrbcrguz6_FcF4l_ryrXILXbuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/dSkU8UgUYIcAiurqyEdjgAeP_Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/5e3895-ae95-43e2-b7a1-75863f43476a/1/VUrbcrguz6_FcF4l_ryrXILXbuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:b2:11:4d:5f:ae:a6:b9:71:d9:cf:c0:82:7f:89:95:ab:33:
         ae:2d:01:47:51:59:d6:15:f2:04:38:72:32:93:3e:27:8b:5a:
         9a:d9:e9:d2:51:93:27:ba:5b:81:ff:d4:8e:47:71:dc:61:76:
         52:b1:17:a6:5c:d8:87:8a:a3:3d:7c:6c:e2:cf:31:b7:19:35:
         a0:89:f7:64:6e:76:b1:48:b6:e3:11:a1:40:9d:f7:35:69:2d:
         dd:f5:53:fb:ed:a4:99:d8:11:bf:fa:31:4a:20:0d:97:4b:0c:
         7d:95:67:3a:b6:8d:b0:db:23:95:65:2e:d5:3e:7c:20:a7:61:
         89:dd:1b:e7:68:d7:5f:53:0e:c7:73:5a:aa:5f:79:c2:1a:24:
         f3:51:b8:15:7b:f1:68:ed:51:ba:34:41:50:0e:59:3f:4b:7e:
         70:75:01:6c:ac:d3:c5:c7:d3:ee:3f:05:00:96:a7:e9:97:47:
         4e:2e:ec:e6:5b:32:39:c6:fb:5d:49:37:99:4e:26:95:19:eb:
         7c:4a:34:29:ab:d3:34:41:94:41:b3:18:48:83:54:fc:92:e7:
         fe:08:c5:f1:b9:8d:7e:6e:97:ea:d2:2a:ca:16:d4:14:06:27:
         af:43:f1:1f:f9:00:d0:ad:a5:6d:e4:3f:1f:bc:78:9e:68:bf:
         0d:b4:90:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJStS9dOHU0qE/M/yPyFV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NGFkYjcyYjgyZWNmYWZjNTcwNWUyNWZlYmNhYjVjODJk
NzZlZTYwHhcNMjQwMTAyMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTI5MTRmMTQ4MTQ2MDg3MDA4YWVhZWFjODQ3NjM4MDA3OGZmZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3a3RYRxKOLzmRs0cCAiEu71nkb6u
hiVuWMcZx9rCRqaE6FBD/9D4avjrte4fh7+uytOZ5YzRYaXvjskWBjq35e17kSfX
JSdjsRpFHMf4CevpWzwWgyj3U76Kh4kqjplVxy3HCfAjvPAEtdMCWBj3tGcXi/r6
2ttTOSH3DS594D+0lKI0WvpqncoXf6Ot5dmt5cL5QeiMURxdn+uz20EKEuJf65Y0
MlI+eVwuwW2wBsKIVhmKuIocXaThejPynhheGtqoOYQHGeLXycdxGTnhRsgqXx/x
Etew5q5IaG/UlP6i6jR93vOwD/k0fX7ndaESD2S8jBesV7Fv9X9UuB4ycQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUpFPFIFGCHAIrq6shHY4AHj/2ZMB8GA1UdIwQY
MBaAFFVK23K4Ls+vxXBeJf68q1yC127mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEt
NzU4NjNmNDM0NzZhLzEvZFNrVThVZ1VZSWNBaXVycXlFZGpnQWVQX1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi81ZTM4OTUtYWU5NS00M2UyLWI3YTEtNzU4NjNmNDM0NzZh
LzEvVlVyYmNyZ3V6Nl9GY0Y0bF9yeXJYSUxYYnVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2RJwMA0G
CSqGSIb3DQEBCwUAA4IBAQCushFNX66muXHZz8CCf4mVqzOuLQFHUVnWFfIEOHIy
kz4ni1qa2enSUZMnuluB/9SOR3HcYXZSsRemXNiHiqM9fGzizzG3GTWgifdkbnax
SLbjEaFAnfc1aS3d9VP77aSZ2BG/+jFKIA2XSwx9lWc6to2w2yOVZS7VPnwgp2GJ
3RvnaNdfUw7Hc1qqX3nCGiTzUbgVe/Fo7VG6NEFQDlk/S35wdQFsrNPFx9PuPwUA
lqfpl0dOLuzmWzI5xvtdSTeZTiaVGet8SjQpq9M0QZRBsxhIg1T8kuf+CMXxuY1+
bpfq0irKFtQUBievQ/Ef+QDQraVt5D8fvHieaL8NtJBW
-----END CERTIFICATE-----