Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/cpKXOzn76B-M7aAZhhP89m2AH5w.roa
File:                     cpKXOzn76B-M7aAZhhP89m2AH5w.roa (raw, json)
Hash identifier:          T8KXUzbWNdvirwpnZ02/qyJWwMzxkbhEHCPCe9SDuIU=
Subject key identifier:   72:92:97:3B:39:FB:E8:1F:8C:ED:A0:19:86:13:FC:F6:6D:80:1F:9C
Certificate issuer:       /CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Certificate serial:       018CC3B6D30026CA5BEFB1997DDBADA589B3
Authority key identifier: B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/cpKXOzn76B-M7aAZhhP89m2AH5w.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51561
IP address blocks:        185.168.132.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Apr 2024 08:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d3:00:26:ca:5b:ef:b1:99:7d:db:ad:a5:89:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7292973b39fbe81f8ceda0198613fcf66d801f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c8:c0:20:0b:cf:ae:32:77:26:65:16:f9:a7:
                    df:33:cd:67:e9:af:87:a9:61:9f:c8:8d:53:2e:88:
                    98:de:7f:16:76:1b:17:af:a7:bf:65:6b:8f:06:23:
                    34:ab:b6:f6:3f:91:47:b7:c1:f3:dc:ed:5b:14:f9:
                    74:f9:24:55:65:ca:00:20:ca:36:82:de:61:7f:16:
                    a8:33:7d:57:21:77:44:e9:a0:f2:31:e4:24:e7:fd:
                    97:37:a5:95:c9:5f:2a:71:f5:c7:50:77:a2:32:06:
                    17:ed:92:42:be:9f:35:8b:d7:eb:24:5a:5e:ed:97:
                    01:fe:1b:d8:f5:f6:49:38:af:d4:17:d8:1c:1f:ef:
                    a0:97:e3:38:ee:63:f6:f4:49:13:51:41:a6:32:36:
                    41:7b:c7:6d:9d:f3:bf:dd:14:1c:88:a7:00:3d:ab:
                    c7:53:5a:24:9b:30:1a:ad:1f:89:3a:5b:66:31:6d:
                    64:49:05:34:30:ef:91:1d:b3:76:73:c8:65:e7:36:
                    e7:a1:8d:0c:09:30:7a:2f:00:d1:87:d2:17:5f:92:
                    f4:6d:c0:33:6f:c4:e2:2b:56:8d:c7:fc:a3:18:ef:
                    b8:78:2a:d3:ff:02:05:a8:93:bc:fa:38:99:d4:8a:
                    d8:f0:24:86:e3:f2:e1:58:33:97:75:ab:bf:79:cb:
                    12:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:92:97:3B:39:FB:E8:1F:8C:ED:A0:19:86:13:FC:F6:6D:80:1F:9C
            X509v3 Authority Key Identifier:
                keyid:B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/cpKXOzn76B-M7aAZhhP89m2AH5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:5a:4e:3c:4c:f5:71:c8:a4:32:7e:19:83:c8:75:b4:97:66:
         e7:28:9e:70:07:84:e9:67:e9:78:be:e4:e4:b5:26:d6:4a:6f:
         6d:33:4d:53:ae:2e:c2:2d:3a:5e:25:d2:06:60:a2:d1:d7:41:
         80:59:54:9c:2a:56:3e:55:08:99:dc:40:68:8f:20:31:6c:d8:
         4d:41:01:7a:57:33:37:00:88:c9:2b:f3:80:92:21:f4:ca:04:
         cc:e5:3f:76:ac:ca:53:b0:cc:4c:71:1c:8f:ec:ff:76:a5:7d:
         26:7d:1e:eb:26:fc:1a:a7:81:5d:a9:eb:fa:ec:4c:83:fe:70:
         20:98:32:2c:6c:be:f6:d2:36:02:da:52:43:54:5f:8e:b9:2e:
         5a:74:87:09:20:7f:71:c5:af:f8:95:7c:88:37:6b:e0:6b:69:
         54:0b:57:62:a1:af:66:0f:a6:10:a5:bf:0c:ff:b4:f6:77:1a:
         33:71:cc:0b:80:78:25:8b:a1:9b:92:d5:e8:77:56:f4:62:80:
         9f:35:9f:3a:7a:c8:98:c8:c1:d1:2b:a9:c2:86:32:48:92:cd:
         ee:34:99:a4:0f:e7:d5:c0:51:fb:28:df:c6:da:54:1f:4a:1a:
         35:db:0e:e3:54:28:d6:59:5a:a0:b4:23:ca:34:a5:f3:cf:d4:
         b5:3b:e4:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttMAJspb77GZfdutpYmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NWEwNTY2ZDBiNjNhMWY4NjJkODM0NThlNGYyZWE2ZmQ4
ZjdkMjEwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjkyOTczYjM5ZmJlODFmOGNlZGEwMTk4NjEzZmNmNjZkODAxZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcjAIAvPrjJ3JmUW+affM81n6a+H
qWGfyI1TLoiY3n8WdhsXr6e/ZWuPBiM0q7b2P5FHt8Hz3O1bFPl0+SRVZcoAIMo2
gt5hfxaoM31XIXdE6aDyMeQk5/2XN6WVyV8qcfXHUHeiMgYX7ZJCvp81i9frJFpe
7ZcB/hvY9fZJOK/UF9gcH++gl+M47mP29EkTUUGmMjZBe8dtnfO/3RQciKcAPavH
U1okmzAarR+JOltmMW1kSQU0MO+RHbN2c8hl5zbnoY0MCTB6LwDRh9IXX5L0bcAz
b8TiK1aNx/yjGO+4eCrT/wIFqJO8+jiZ1IrY8CSG4/LhWDOXdau/ecsS7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKSlzs5++gfjO2gGYYT/PZtgB+cMB8GA1UdIwQY
MBaAFLdaBWbQtjofhi2DRY5PLqb9j30hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQt
ODNmNjAxYzNmYjU5LzEvY3BLWE96bjc2Qi1NN2FBWmhoUDg5bTJBSDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQtODNmNjAxYzNmYjU5
LzEvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaiEMA0G
CSqGSIb3DQEBCwUAA4IBAQCAWk48TPVxyKQyfhmDyHW0l2bnKJ5wB4TpZ+l4vuTk
tSbWSm9tM01Tri7CLTpeJdIGYKLR10GAWVScKlY+VQiZ3EBojyAxbNhNQQF6VzM3
AIjJK/OAkiH0ygTM5T92rMpTsMxMcRyP7P92pX0mfR7rJvwap4Fdqev67EyD/nAg
mDIsbL720jYC2lJDVF+OuS5adIcJIH9xxa/4lXyIN2vga2lUC1dioa9mD6YQpb8M
/7T2dxozccwLgHgli6GbktXod1b0YoCfNZ86esiYyMHRK6nChjJIks3uNJmkD+fV
wFH7KN/G2lQfSho12w7jVCjWWVqgtCPKNKXzz9S1O+R7
-----END CERTIFICATE-----