Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/dpPghb2be9ew0uImaXN1pElidSw.roa
File:                     dpPghb2be9ew0uImaXN1pElidSw.roa (raw, json)
Hash identifier:          M1gktY8Nq7BGHfrmClJcq6cWM8Q6BRiJ38MxwKZFoag=
Subject key identifier:   76:93:E0:85:BD:9B:7B:D7:B0:D2:E2:26:69:73:75:A4:49:62:75:2C
Certificate issuer:       /CN=cddd902a1271270027e4577778ea35883b4515f6
Certificate serial:       018DAA4EB78A966EF9243B4B2BB18F28D524
Authority key identifier: CD:DD:90:2A:12:71:27:00:27:E4:57:77:78:EA:35:88:3B:45:15:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/dpPghb2be9ew0uImaXN1pElidSw.roa
Signing time:             Thu 15 Feb 2024 01:08:21 +0000
ROA not before:           Thu 15 Feb 2024 01:08:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48577
IP address blocks:        2.59.4.0/24 maxlen: 24
                          2.59.5.0/24 maxlen: 24
                          2.59.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:aa:4e:b7:8a:96:6e:f9:24:3b:4b:2b:b1:8f:28:d5:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddd902a1271270027e4577778ea35883b4515f6
        Validity
            Not Before: Feb 15 01:08:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7693e085bd9b7bd7b0d2e226697375a44962752c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:eb:e9:27:ae:1d:78:7d:e3:a6:4a:b3:fe:7d:
                    12:50:4b:51:fe:c6:42:63:42:25:1f:58:24:01:dc:
                    81:bc:4a:e7:07:27:b8:3c:d1:84:ce:8b:1e:ad:fc:
                    88:d2:cf:c7:ff:13:7b:fe:51:6d:e8:5f:a9:d9:cf:
                    b8:1c:ca:46:ec:f7:2d:26:5a:bd:46:9f:cd:71:9f:
                    95:8c:49:a0:b7:39:06:ac:c3:db:c0:d1:6a:ca:ce:
                    ec:2d:58:7c:39:03:fe:5a:25:35:b1:f8:d0:2f:d5:
                    a0:9d:bc:3a:ba:d3:2a:7d:0e:94:22:9b:ee:67:26:
                    94:c0:65:ba:48:e6:51:f1:dd:41:3c:08:81:c1:58:
                    f9:5f:d7:8f:49:c9:a2:e5:1f:75:78:09:60:69:c6:
                    6c:c2:ce:3d:49:20:70:f9:b7:9e:7d:93:6d:61:90:
                    c9:23:11:e6:39:26:1a:ab:f3:66:9d:ef:c7:fa:a1:
                    ac:9b:9b:27:60:e6:0a:8b:c7:5c:91:34:1d:92:51:
                    26:e4:db:9f:68:c6:a9:24:72:32:09:82:67:e9:1b:
                    ad:ea:0c:63:dd:ce:00:ee:75:29:5f:7f:46:af:ec:
                    95:d0:65:b1:d8:3e:70:8f:d9:d3:1b:c5:8c:43:89:
                    58:3a:66:34:e3:e0:a9:e6:51:33:14:0b:5d:75:5a:
                    b5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:93:E0:85:BD:9B:7B:D7:B0:D2:E2:26:69:73:75:A4:49:62:75:2C
            X509v3 Authority Key Identifier:
                keyid:CD:DD:90:2A:12:71:27:00:27:E4:57:77:78:EA:35:88:3B:45:15:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/dpPghb2be9ew0uImaXN1pElidSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7a1eb4-290a-4686-8bba-dc7542138952/1/zd2QKhJxJwAn5Fd3eOo1iDtFFfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.4.0/23
                  2.59.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:e6:63:05:a8:28:87:c4:07:66:31:a1:be:83:1e:e3:c8:de:
         30:d1:75:74:82:a2:28:d1:46:00:16:3c:25:bb:af:85:73:20:
         17:16:be:c3:0f:95:f5:80:38:0e:be:ca:d4:c6:1a:4a:83:36:
         c2:1e:ea:f5:04:dd:07:d8:82:01:9c:f8:9a:6a:47:5d:c7:20:
         74:d2:b1:32:66:d5:3f:8c:40:d4:0d:b6:08:9a:6c:04:10:5e:
         20:62:2b:1f:5d:0e:1d:09:be:23:0b:c4:df:2f:ea:3f:b5:60:
         cf:dc:bb:76:34:9d:c8:f7:54:78:af:15:c1:96:b2:64:2f:a7:
         2f:8a:e0:21:08:48:6c:c1:ba:9e:f8:78:0f:39:a4:07:e9:14:
         46:bd:e2:01:d7:64:1c:03:d8:45:b1:3b:38:2d:cf:65:7d:45:
         21:b2:96:25:43:bb:13:d3:f1:3a:9e:c8:2f:f2:1e:78:21:09:
         f6:a8:5f:d2:02:d0:96:9c:e4:0c:0d:4c:f5:ad:0a:cf:4f:20:
         c2:35:c1:24:4c:2b:eb:eb:87:cd:f3:91:2b:c5:65:09:b5:0f:
         b0:17:d0:ca:cc:6a:2e:f3:94:7d:bb:f5:ff:64:30:28:79:55:
         61:da:eb:1d:96:e5:a1:eb:98:86:d5:01:fa:54:3c:87:26:03:
         52:90:40:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2qTreKlm75JDtLK7GPKNUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGQ5MDJhMTI3MTI3MDAyN2U0NTc3Nzc4ZWEzNTg4M2I0
NTE1ZjYwHhcNMjQwMjE1MDEwODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjkzZTA4NWJkOWI3YmQ3YjBkMmUyMjY2OTczNzVhNDQ5NjI3NTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+vpJ64deH3jpkqz/n0SUEtR/sZC
Y0IlH1gkAdyBvErnBye4PNGEzoserfyI0s/H/xN7/lFt6F+p2c+4HMpG7PctJlq9
Rp/NcZ+VjEmgtzkGrMPbwNFqys7sLVh8OQP+WiU1sfjQL9Wgnbw6utMqfQ6UIpvu
ZyaUwGW6SOZR8d1BPAiBwVj5X9ePScmi5R91eAlgacZsws49SSBw+beefZNtYZDJ
IxHmOSYaq/Nmne/H+qGsm5snYOYKi8dckTQdklEm5NufaMapJHIyCYJn6Rut6gxj
3c4A7nUpX39Gr+yV0GWx2D5wj9nTG8WMQ4lYOmY04+Cp5lEzFAtddVq16QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHaT4IW9m3vXsNLiJmlzdaRJYnUsMB8GA1UdIwQY
MBaAFM3dkCoScScAJ+RXd3jqNYg7RRX2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemQyUUtoSnhKd0FuNUZkM2VPbzFpRHRGRmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83YTFlYjQtMjkwYS00Njg2LThiYmEt
ZGM3NTQyMTM4OTUyLzEvZHBQZ2hiMmJlOWV3MHVJbWFYTjFwRWxpZFN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83YTFlYjQtMjkwYS00Njg2LThiYmEtZGM3NTQyMTM4OTUy
LzEvemQyUUtoSnhKd0FuNUZkM2VPbzFpRHRGRmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBAjsEAwQA
AjsHMA0GCSqGSIb3DQEBCwUAA4IBAQCK5mMFqCiHxAdmMaG+gx7jyN4w0XV0gqIo
0UYAFjwlu6+FcyAXFr7DD5X1gDgOvsrUxhpKgzbCHur1BN0H2IIBnPiaakddxyB0
0rEyZtU/jEDUDbYImmwEEF4gYisfXQ4dCb4jC8TfL+o/tWDP3Lt2NJ3I91R4rxXB
lrJkL6cviuAhCEhswbqe+HgPOaQH6RRGveIB12QcA9hFsTs4Lc9lfUUhspYlQ7sT
0/E6nsgv8h54IQn2qF/SAtCWnOQMDUz1rQrPTyDCNcEkTCvr64fN85ErxWUJtQ+w
F9DKzGou85R9u/X/ZDAoeVVh2usdluWh65iG1QH6VDyHJgNSkEDS
-----END CERTIFICATE-----