Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/PS7VcVrODfyWrueN840Oyaw0HB0.roa
File:                     PS7VcVrODfyWrueN840Oyaw0HB0.roa (raw, json)
Hash identifier:          FgcummYvwL5RgmjdMqcg2t6VABAPIqTVet7OTbF/cyU=
Subject key identifier:   3D:2E:D5:71:5A:CE:0D:FC:96:AE:E7:8D:F3:8D:0E:C9:AC:34:1C:1D
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018DB4999AC6141B54EA45B19A42CA58946F
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/PS7VcVrODfyWrueN840Oyaw0HB0.roa
Signing time:             Sat 17 Feb 2024 01:06:21 +0000
ROA not before:           Sat 17 Feb 2024 01:06:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        176.221.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b4:99:9a:c6:14:1b:54:ea:45:b1:9a:42:ca:58:94:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Feb 17 01:06:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d2ed5715ace0dfc96aee78df38d0ec9ac341c1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9c:98:1c:9a:0c:2e:71:7c:4f:69:21:f4:df:
                    66:14:75:99:ad:fc:20:38:a0:68:fc:b4:cd:ac:3e:
                    fb:d2:29:8b:3d:b8:ea:13:c4:c2:a3:f6:01:0a:7b:
                    ba:dd:92:4b:2a:0d:3b:e8:de:8f:92:3f:55:69:8b:
                    fd:ba:20:a6:3c:a9:d1:67:9a:4b:a6:ce:12:a4:c8:
                    63:16:31:18:14:42:b9:94:89:ff:a9:72:b1:4b:0d:
                    87:75:26:8a:6e:78:14:d3:3d:ab:19:3d:7f:00:64:
                    72:c6:ef:e8:b4:6a:fb:97:37:1a:1d:8c:ef:98:ea:
                    b2:df:ba:ee:ff:65:19:fb:9d:78:31:c2:75:22:92:
                    a7:0c:e0:23:b6:b4:41:c6:a2:29:3f:b3:7a:54:bb:
                    dd:25:86:d0:1e:e4:52:67:b9:27:11:96:5b:f0:f4:
                    3d:b4:64:30:d7:f2:e3:a4:c5:5b:1d:73:b5:c6:3d:
                    c6:ae:12:c2:99:c4:57:97:b9:bb:b0:ac:62:ca:ee:
                    4a:01:d9:e8:91:95:29:c7:1c:21:4d:fd:f9:7f:f8:
                    4b:57:94:6c:d5:3b:cf:0c:08:59:5a:4c:d8:c9:38:
                    fc:c1:60:07:cb:48:f8:8d:93:ed:f0:82:7d:5a:7c:
                    ff:8e:74:8d:79:13:a7:cb:2b:01:bd:70:a3:15:1c:
                    d5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:2E:D5:71:5A:CE:0D:FC:96:AE:E7:8D:F3:8D:0E:C9:AC:34:1C:1D
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/PS7VcVrODfyWrueN840Oyaw0HB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.221.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:6d:e9:20:06:e2:e5:f8:0f:00:fc:12:94:6c:6a:aa:42:6e:
         8a:7d:8d:a8:8b:4b:d3:87:77:65:15:21:70:1b:37:44:05:5b:
         c6:0a:b9:15:40:28:31:5c:80:bf:72:1d:ea:48:17:86:06:74:
         6a:6f:d8:8d:ca:a8:d3:dd:77:63:43:79:6d:6e:d5:1a:01:bf:
         91:1f:e1:a0:3d:1b:fb:1a:a3:9f:f6:c6:83:74:f3:da:a3:37:
         92:59:f1:5a:85:2b:d7:40:16:3f:76:26:65:12:c5:51:93:89:
         ce:70:7b:ef:0f:f4:f7:c7:12:59:14:33:de:d8:25:52:16:6c:
         d8:5a:dc:91:b4:bb:8a:cb:11:12:06:a1:20:6b:4e:6c:7e:3c:
         4d:17:4c:4e:ba:c0:88:fc:b5:ea:9d:ca:d5:bc:92:8b:48:6d:
         07:3c:70:fd:0e:e3:8f:8f:42:15:e9:09:ce:b5:82:14:d7:df:
         63:30:36:e0:7f:e6:82:37:26:a6:59:15:ff:c1:b2:f8:86:03:
         22:bd:63:3c:19:e9:71:92:ab:d7:20:35:fa:b9:00:09:a0:45:
         07:e1:f2:88:53:79:69:33:b2:53:e7:a6:82:6b:01:ad:7c:d7:
         cd:23:fe:51:00:96:6a:45:86:1e:ab:e6:b3:f0:2b:c9:b4:8c:
         b3:79:70:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY20mZrGFBtU6kWxmkLKWJRvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMjE3MDEwNjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJlZDU3MTVhY2UwZGZjOTZhZWU3OGRmMzhkMGVjOWFjMzQxYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05yYHJoMLnF8T2kh9N9mFHWZrfwg
OKBo/LTNrD770imLPbjqE8TCo/YBCnu63ZJLKg076N6Pkj9VaYv9uiCmPKnRZ5pL
ps4SpMhjFjEYFEK5lIn/qXKxSw2HdSaKbngU0z2rGT1/AGRyxu/otGr7lzcaHYzv
mOqy37ru/2UZ+514McJ1IpKnDOAjtrRBxqIpP7N6VLvdJYbQHuRSZ7knEZZb8PQ9
tGQw1/LjpMVbHXO1xj3GrhLCmcRXl7m7sKxiyu5KAdnokZUpxxwhTf35f/hLV5Rs
1TvPDAhZWkzYyTj8wWAHy0j4jZPt8IJ9Wnz/jnSNeROnyysBvXCjFRzVDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0u1XFazg38lq7njfONDsmsNBwdMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvUFM3VmNWck9EZnlXcnVlTjg0ME95YXcwSEIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsN0eMA0G
CSqGSIb3DQEBCwUAA4IBAQA8bekgBuLl+A8A/BKUbGqqQm6KfY2oi0vTh3dlFSFw
GzdEBVvGCrkVQCgxXIC/ch3qSBeGBnRqb9iNyqjT3XdjQ3ltbtUaAb+RH+GgPRv7
GqOf9saDdPPaozeSWfFahSvXQBY/diZlEsVRk4nOcHvvD/T3xxJZFDPe2CVSFmzY
WtyRtLuKyxESBqEga05sfjxNF0xOusCI/LXqncrVvJKLSG0HPHD9DuOPj0IV6QnO
tYIU199jMDbgf+aCNyamWRX/wbL4hgMivWM8GelxkqvXIDX6uQAJoEUH4fKIU3lp
M7JT56aCawGtfNfNI/5RAJZqRYYeq+az8CvJtIyzeXBE
-----END CERTIFICATE-----