Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/0rST11UDfNPuqphhK0XhQn7fm0A.roa
File:                     0rST11UDfNPuqphhK0XhQn7fm0A.roa (raw, json)
Hash identifier:          zakHaOhsamNeECLiEFX4MYgM9pRB+9eI5Zbk3OS8O8o=
Subject key identifier:   D2:B4:93:D7:55:03:7C:D3:EE:AA:98:61:2B:45:E1:42:7E:DF:9B:40
Certificate issuer:       /CN=607548c37abebc58b928ed285433d69e95df9c3b
Certificate serial:       018CC2DAE53FFE2C51FFC672FA4F612CE93D
Authority key identifier: 60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/0rST11UDfNPuqphhK0XhQn7fm0A.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61980
IP address blocks:        83.220.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e5:3f:fe:2c:51:ff:c6:72:fa:4f:61:2c:e9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=607548c37abebc58b928ed285433d69e95df9c3b
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2b493d755037cd3eeaa98612b45e1427edf9b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e1:96:d8:3d:ce:bb:97:15:a2:f6:1b:c0:d2:
                    79:b9:2b:43:00:f5:4b:a3:a2:f2:c4:5d:ae:42:29:
                    51:fc:39:86:0e:bf:76:77:db:77:54:67:0c:77:48:
                    6a:c5:d5:d0:51:ab:5a:7d:98:87:1f:d1:4d:10:6f:
                    1f:66:ba:0e:b2:8b:da:dc:09:50:22:f0:42:00:b8:
                    47:cb:76:b2:96:48:f5:b7:c5:33:b2:c0:50:5c:98:
                    0d:10:8a:54:48:3b:93:89:b1:e5:f4:9a:bb:a0:4c:
                    2f:de:d0:86:70:29:4e:46:8b:87:89:c6:e5:59:a7:
                    19:10:23:0b:c6:c2:b8:3f:b5:00:02:94:15:08:67:
                    0f:71:91:cf:2f:ad:7b:1c:29:6a:55:47:68:8a:59:
                    1a:c7:56:45:0d:d7:83:1f:50:6b:66:0f:1b:d3:92:
                    0d:1c:16:c0:ea:41:be:f4:80:06:23:42:10:33:4a:
                    3f:69:b7:bf:ca:ef:e1:92:f0:ea:9d:ce:10:1d:0f:
                    48:2f:47:02:5b:db:b6:e6:31:25:7e:67:b3:0d:a5:
                    44:64:6e:36:93:e5:be:0e:dd:32:4d:62:23:e8:ab:
                    24:de:97:b9:cc:af:96:f1:39:34:17:21:23:95:d6:
                    bc:cc:0d:8d:0c:33:81:e7:ef:08:f8:5d:24:95:70:
                    4a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:B4:93:D7:55:03:7C:D3:EE:AA:98:61:2B:45:E1:42:7E:DF:9B:40
            X509v3 Authority Key Identifier:
                keyid:60:75:48:C3:7A:BE:BC:58:B9:28:ED:28:54:33:D6:9E:95:DF:9C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YHVIw3q-vFi5KO0oVDPWnpXfnDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/0rST11UDfNPuqphhK0XhQn7fm0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/52b634-6148-4e2e-b8f3-0c98c570a6e0/1/YHVIw3q-vFi5KO0oVDPWnpXfnDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:4d:86:5b:28:e4:f3:7d:3f:a1:ab:4c:3b:be:72:c3:ad:0a:
         7b:65:61:99:bd:19:c8:8f:af:99:d5:6f:59:58:aa:4b:74:00:
         dc:72:25:c0:83:4f:d0:af:ac:87:92:a7:8e:23:3e:b7:d3:4b:
         29:7c:03:95:3f:96:c9:f4:6c:fb:e3:59:dd:16:0d:4e:c8:28:
         5c:3f:93:67:5b:39:8b:c0:9f:a5:00:08:01:b9:dc:83:17:8b:
         b7:13:5d:49:dc:6a:22:75:d8:d1:49:f7:20:3a:ed:15:11:c3:
         dc:de:68:0f:35:6e:49:25:18:97:39:e6:c9:99:e3:3b:d6:93:
         54:cd:d3:ae:5d:3c:55:79:18:13:b7:cd:27:1f:5d:9c:63:b5:
         02:f6:59:57:c4:ba:a2:40:0b:34:a9:c2:26:0e:4f:f1:3c:2d:
         c8:f8:1e:fc:29:96:3e:de:41:ec:25:01:ee:66:be:0f:ef:15:
         d0:ee:1a:f4:e1:69:3a:c7:bc:75:ad:b0:48:ca:70:2c:21:0b:
         3a:af:a7:ca:0b:85:63:0f:3e:aa:08:a3:51:1c:e1:3c:e6:c7:
         7a:e8:ea:a1:4c:8a:c3:fa:19:22:81:da:fe:ae:ca:9f:53:8a:
         19:a9:02:71:cc:6b:d4:8f:a7:8b:20:9e:62:0e:f5:fc:70:df:
         6c:c4:30:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uU//ixR/8Zy+k9hLOk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNzU0OGMzN2FiZWJjNThiOTI4ZWQyODU0MzNkNjllOTVk
ZjljM2IwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmI0OTNkNzU1MDM3Y2QzZWVhYTk4NjEyYjQ1ZTE0MjdlZGY5YjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eGW2D3Ou5cVovYbwNJ5uStDAPVL
o6LyxF2uQilR/DmGDr92d9t3VGcMd0hqxdXQUatafZiHH9FNEG8fZroOsova3AlQ
IvBCALhHy3aylkj1t8UzssBQXJgNEIpUSDuTibHl9Jq7oEwv3tCGcClORouHicbl
WacZECMLxsK4P7UAApQVCGcPcZHPL617HClqVUdoilkax1ZFDdeDH1BrZg8b05IN
HBbA6kG+9IAGI0IQM0o/abe/yu/hkvDqnc4QHQ9IL0cCW9u25jElfmezDaVEZG42
k+W+Dt0yTWIj6Ksk3pe5zK+W8Tk0FyEjlda8zA2NDDOB5+8I+F0klXBKXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNK0k9dVA3zT7qqYYStF4UJ+35tAMB8GA1UdIwQY
MBaAFGB1SMN6vrxYuSjtKFQz1p6V35w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMt
MGM5OGM1NzBhNmUwLzEvMHJTVDExVURmTlB1cXBoaEswWGhRbjdmbTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi81MmI2MzQtNjE0OC00ZTJlLWI4ZjMtMGM5OGM1NzBhNmUw
LzEvWUhWSXczcS12Rmk1S08wb1ZEUFducFhmbkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU9ymMA0G
CSqGSIb3DQEBCwUAA4IBAQAGTYZbKOTzfT+hq0w7vnLDrQp7ZWGZvRnIj6+Z1W9Z
WKpLdADcciXAg0/Qr6yHkqeOIz6300spfAOVP5bJ9Gz741ndFg1OyChcP5NnWzmL
wJ+lAAgBudyDF4u3E11J3GoiddjRSfcgOu0VEcPc3mgPNW5JJRiXOebJmeM71pNU
zdOuXTxVeRgTt80nH12cY7UC9llXxLqiQAs0qcImDk/xPC3I+B78KZY+3kHsJQHu
Zr4P7xXQ7hr04Wk6x7x1rbBIynAsIQs6r6fKC4VjDz6qCKNRHOE85sd66OqhTIrD
+hkigdr+rsqfU4oZqQJxzGvUj6eLIJ5iDvX8cN9sxDBI
-----END CERTIFICATE-----