Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/Doig4v0YQyUfVWdxp1DgZ9gSTTs.roa
File:                     Doig4v0YQyUfVWdxp1DgZ9gSTTs.roa (raw, json)
Hash identifier:          4xuJKXb6vzGegjMw8Xw+4+4TiS1oxsHqda1u1Q4bY3g=
Subject key identifier:   0E:88:A0:E2:FD:18:43:25:1F:55:67:71:A7:50:E0:67:D8:12:4D:3B
Certificate issuer:       /CN=7c673daad6d9317f0101d41a042a61e57689453a
Certificate serial:       018CC86F1D0C3F677B69507827A6B36AB3C3
Authority key identifier: 7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/Doig4v0YQyUfVWdxp1DgZ9gSTTs.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        203.12.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1d:0c:3f:67:7b:69:50:78:27:a6:b3:6a:b3:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c673daad6d9317f0101d41a042a61e57689453a
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e88a0e2fd1843251f556771a750e067d8124d3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7f:ca:d6:54:4c:8d:a7:af:0d:8d:54:51:64:
                    b7:11:d7:7a:36:fb:17:91:fb:d2:82:b2:25:2b:94:
                    df:55:72:e1:ab:0e:b2:b0:a9:30:23:6d:e8:ba:17:
                    a3:69:59:25:47:ca:80:82:0b:47:d4:ca:12:5c:30:
                    74:8e:07:fa:60:8b:d8:9d:05:72:73:d0:89:c0:f3:
                    2f:60:48:c6:c0:79:f8:34:35:61:c8:fd:4d:88:f3:
                    d1:dd:39:46:a7:4c:07:58:0e:37:84:25:5d:7c:63:
                    69:6e:71:b2:1f:a3:7e:eb:52:d0:ad:86:47:b7:76:
                    c1:8e:26:85:0c:cd:dc:7c:18:5c:81:aa:6c:f1:7a:
                    53:75:b6:68:65:6c:e4:15:6d:54:fa:68:be:7b:7f:
                    b0:0f:a1:8a:56:44:f7:81:2f:af:da:94:4a:59:55:
                    27:65:5b:a8:7c:50:53:ae:82:78:d5:a6:02:4f:5e:
                    3f:9d:bb:c0:84:9b:1e:bb:0e:72:df:20:05:f2:dd:
                    bf:80:71:2f:49:52:44:36:15:4c:ea:c6:21:77:9f:
                    57:7c:b6:0e:65:d0:40:99:02:62:79:88:8a:45:ea:
                    3c:2e:ce:5d:3a:be:d3:15:d7:a5:c1:95:a8:e4:2d:
                    d9:e4:3c:aa:94:94:d7:26:a5:30:ec:05:cb:ef:b4:
                    4e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:88:A0:E2:FD:18:43:25:1F:55:67:71:A7:50:E0:67:D8:12:4D:3B
            X509v3 Authority Key Identifier:
                keyid:7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/Doig4v0YQyUfVWdxp1DgZ9gSTTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.12.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:ec:91:a3:fa:15:d0:4b:c4:be:b1:01:61:c5:1d:37:ca:1f:
         66:ce:75:51:be:81:d5:4b:ef:7a:6e:7a:36:1f:e0:bc:2f:c5:
         e1:c7:db:12:d4:90:12:49:d0:ca:3d:0f:09:1c:ed:31:21:c7:
         ad:11:fc:58:a6:56:d4:4e:57:c3:37:77:f9:a7:95:7e:44:c7:
         50:0a:aa:2e:fe:aa:e7:9f:f1:37:4b:00:e2:97:71:0f:2e:39:
         6b:96:41:46:f8:45:cc:2a:d4:9e:8d:be:6b:2c:e7:e9:f1:d6:
         ab:eb:7b:a0:37:25:0d:3e:ae:65:d7:d6:33:b2:4b:08:fe:8a:
         db:e5:95:15:88:b1:8f:05:1a:e4:27:9d:e1:b6:4f:09:07:1b:
         89:d9:a9:f0:bd:e9:f2:1a:78:ed:ba:3f:57:96:f8:30:7b:9b:
         81:e4:ac:01:67:ec:6b:67:60:0b:c2:2f:c2:69:ca:72:06:b3:
         4b:83:99:a9:55:48:36:cd:c7:31:61:6d:35:8a:b1:38:91:8b:
         01:8d:4d:ef:0b:92:16:7d:fe:08:99:ba:6a:19:aa:6e:54:ef:
         40:c2:de:f2:11:cc:ca:f9:91:86:e1:3a:a2:f5:21:50:40:28:
         6c:84:07:f5:2c:02:05:da:31:62:c7:5a:4e:34:02:5a:a1:4a:
         6e:6a:3c:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbx0MP2d7aVB4J6azarPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNjczZGFhZDZkOTMxN2YwMTAxZDQxYTA0MmE2MWU1NzY4
OTQ1M2EwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTg4YTBlMmZkMTg0MzI1MWY1NTY3NzFhNzUwZTA2N2Q4MTI0ZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX/K1lRMjaevDY1UUWS3Edd6NvsX
kfvSgrIlK5TfVXLhqw6ysKkwI23ouhejaVklR8qAggtH1MoSXDB0jgf6YIvYnQVy
c9CJwPMvYEjGwHn4NDVhyP1NiPPR3TlGp0wHWA43hCVdfGNpbnGyH6N+61LQrYZH
t3bBjiaFDM3cfBhcgaps8XpTdbZoZWzkFW1U+mi+e3+wD6GKVkT3gS+v2pRKWVUn
ZVuofFBTroJ41aYCT14/nbvAhJseuw5y3yAF8t2/gHEvSVJENhVM6sYhd59XfLYO
ZdBAmQJieYiKReo8Ls5dOr7TFdelwZWo5C3Z5DyqlJTXJqUw7AXL77ROIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6IoOL9GEMlH1VncadQ4GfYEk07MB8GA1UdIwQY
MBaAFHxnParW2TF/AQHUGgQqYeV2iUU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEt
MDRlNDZlZjBjZDIxLzEvRG9pZzR2MFlReVVmVldkeHAxRGdaOWdTVFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEtMDRlNDZlZjBjZDIx
LzEvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAywzaMA0G
CSqGSIb3DQEBCwUAA4IBAQAx7JGj+hXQS8S+sQFhxR03yh9mznVRvoHVS+96bno2
H+C8L8Xhx9sS1JASSdDKPQ8JHO0xIcetEfxYplbUTlfDN3f5p5V+RMdQCqou/qrn
n/E3SwDil3EPLjlrlkFG+EXMKtSejb5rLOfp8dar63ugNyUNPq5l19YzsksI/orb
5ZUViLGPBRrkJ53htk8JBxuJ2anwvenyGnjtuj9Xlvgwe5uB5KwBZ+xrZ2ALwi/C
acpyBrNLg5mpVUg2zccxYW01irE4kYsBjU3vC5IWff4ImbpqGapuVO9Awt7yEczK
+ZGG4Tqi9SFQQChshAf1LAIF2jFix1pONAJaoUpuajyn
-----END CERTIFICATE-----