Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ErZSmRcA-tJ2aDousSuutC0FT-0.roa
File:                     ErZSmRcA-tJ2aDousSuutC0FT-0.roa (raw, json)
Hash identifier:          B+XEtlW6n6WZOMH7DhgvwgOk/0CxZWeur3IVAcHiy6s=
Subject key identifier:   12:B6:52:99:17:00:FA:D2:76:68:3A:2E:B1:2B:AE:B4:2D:05:4F:ED
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DAC1D805F28CB88A991C80F61C0C6
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ErZSmRcA-tJ2aDousSuutC0FT-0.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44717
IP address blocks:        78.136.66.0/23 maxlen: 23
                          151.237.204.0/23 maxlen: 23
                          93.119.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ac:1d:80:5f:28:cb:88:a9:91:c8:0f:61:c0:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12b652991700fad276683a2eb12baeb42d054fed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8d:1d:25:e5:29:3f:0a:57:69:59:ec:29:1f:
                    e3:0d:d7:ea:34:69:9e:93:11:c8:85:8f:a3:63:13:
                    d8:f6:67:62:4d:41:2c:16:25:ad:7b:d2:2b:90:a3:
                    c2:10:b2:9b:ee:21:83:07:1c:0e:7e:6e:ea:1f:92:
                    46:97:ed:10:cb:91:42:38:10:74:23:de:52:c7:81:
                    be:29:2b:17:a9:b1:df:80:dd:66:a0:7a:76:45:f4:
                    83:c7:8d:27:76:d7:32:71:0d:fd:06:bd:61:6c:7a:
                    4e:88:99:11:0b:12:f0:ed:09:9b:7a:62:1a:4c:4f:
                    fd:1a:50:cc:93:40:cd:5a:e3:11:4b:fa:fa:f0:42:
                    93:d6:c5:af:df:ac:77:28:45:10:51:37:28:ad:ab:
                    7b:d3:ac:c5:1f:00:6f:6d:ae:82:91:36:b2:fc:84:
                    38:c0:8b:0d:ba:ba:98:55:ba:72:2f:3f:5b:c9:0e:
                    ff:73:7d:70:70:4f:2f:90:d6:14:34:8c:67:ab:76:
                    dc:18:a4:56:88:0a:c7:4c:a9:50:02:85:df:0c:de:
                    41:6a:f4:84:69:7c:44:8e:2a:df:83:f7:de:38:2a:
                    ee:43:92:16:07:11:60:b1:c5:3f:d8:fd:a8:bd:51:
                    54:17:da:cb:0d:10:86:7d:3d:65:69:48:1e:e2:32:
                    6c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:B6:52:99:17:00:FA:D2:76:68:3A:2E:B1:2B:AE:B4:2D:05:4F:ED
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/ErZSmRcA-tJ2aDousSuutC0FT-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.136.66.0/23
                  93.119.30.0/23
                  151.237.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:8c:70:a8:fc:79:25:51:f3:3f:44:0c:1a:39:29:66:f4:81:
         28:4b:d9:97:53:2b:02:8a:e1:43:a0:c4:83:f3:b9:02:87:1d:
         1b:0a:2f:02:01:89:72:1a:30:e8:0e:a6:e7:13:de:08:b7:14:
         98:c8:eb:15:55:49:6f:96:ae:c0:04:fa:38:b0:0c:22:c9:cc:
         fc:2a:70:3b:31:53:34:c6:54:a2:bf:08:6a:91:18:df:38:e3:
         bc:9f:d1:c1:21:c1:28:8f:00:74:3b:1e:e7:69:db:9b:c6:a0:
         36:38:e1:e8:36:78:4c:7d:50:93:0c:69:35:fa:a1:c6:7b:ad:
         c6:d9:0b:fe:0b:bc:e9:14:c0:c2:74:87:37:c7:f2:eb:a6:db:
         9c:74:2b:47:35:28:3a:b2:64:43:71:47:b9:97:54:dc:fe:cb:
         1c:7e:1d:57:e6:51:94:10:98:33:1b:0a:bf:d7:e9:18:f1:c6:
         b5:50:21:89:33:9a:d8:f3:4c:25:32:80:7a:af:cf:1e:66:8b:
         80:6f:65:f2:ef:aa:02:02:c7:b0:c0:a6:fc:48:87:40:03:d4:
         35:bf:12:fe:28:6a:99:b3:d1:74:22:ff:82:9e:7e:55:90:16:
         80:a6:c8:d0:f9:72:04:d6:d5:79:6d:23:a6:0e:8d:9e:98:69:
         62:5c:47:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTawdgF8oy4ipkcgPYcDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmI2NTI5OTE3MDBmYWQyNzY2ODNhMmViMTJiYWViNDJkMDU0ZmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Y0dJeUpPwpXaVnsKR/jDdfqNGme
kxHIhY+jYxPY9mdiTUEsFiWte9IrkKPCELKb7iGDBxwOfm7qH5JGl+0Qy5FCOBB0
I95Sx4G+KSsXqbHfgN1moHp2RfSDx40ndtcycQ39Br1hbHpOiJkRCxLw7QmbemIa
TE/9GlDMk0DNWuMRS/r68EKT1sWv36x3KEUQUTcorat706zFHwBvba6CkTay/IQ4
wIsNurqYVbpyLz9byQ7/c31wcE8vkNYUNIxnq3bcGKRWiArHTKlQAoXfDN5BavSE
aXxEjirfg/feOCruQ5IWBxFgscU/2P2ovVFUF9rLDRCGfT1laUge4jJs2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBK2UpkXAPrSdmg6LrErrrQtBU/tMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvRXJaU21SY0EtdEoyYURvdXNTdXV0QzBGVC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBTohCAwQB
XXceAwQBl+3MMA0GCSqGSIb3DQEBCwUAA4IBAQA0jHCo/HklUfM/RAwaOSlm9IEo
S9mXUysCiuFDoMSD87kChx0bCi8CAYlyGjDoDqbnE94ItxSYyOsVVUlvlq7ABPo4
sAwiycz8KnA7MVM0xlSivwhqkRjfOOO8n9HBIcEojwB0Ox7nadubxqA2OOHoNnhM
fVCTDGk1+qHGe63G2Qv+C7zpFMDCdIc3x/LrptucdCtHNSg6smRDcUe5l1Tc/ssc
fh1X5lGUEJgzGwq/1+kY8ca1UCGJM5rY80wlMoB6r88eZouAb2Xy76oCAsewwKb8
SIdAA9Q1vxL+KGqZs9F0Iv+Cnn5VkBaApsjQ+XIE1tV5bSOmDo2emGliXEfe
-----END CERTIFICATE-----