Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/CgXpJ3jzPCdeHoez0wbFMWohF0U.roa
File:                     CgXpJ3jzPCdeHoez0wbFMWohF0U.roa (raw, json)
Hash identifier:          yKapqIKOCXo9TPMN+hsZsYMcdhNnI59VwS6e6xy111M=
Subject key identifier:   0A:05:E9:27:78:F3:3C:27:5E:1E:87:B3:D3:06:C5:31:6A:21:17:45
Certificate issuer:       /CN=f3d85c47d0b7d6dc5ddda08572b6454c1059512c
Certificate serial:       018CC86EEE7FE5A7B3BF155E9557D135EBFA
Authority key identifier: F3:D8:5C:47:D0:B7:D6:DC:5D:DD:A0:85:72:B6:45:4C:10:59:51:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/CgXpJ3jzPCdeHoez0wbFMWohF0U.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203153
IP address blocks:        212.73.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ee:7f:e5:a7:b3:bf:15:5e:95:57:d1:35:eb:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3d85c47d0b7d6dc5ddda08572b6454c1059512c
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a05e92778f33c275e1e87b3d306c5316a211745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:6e:0c:9a:f4:72:d0:76:cd:72:63:39:00:43:
                    e9:1f:bd:99:bf:7d:54:b1:61:cc:e2:e3:6c:8d:37:
                    9d:38:56:31:6b:df:13:02:28:35:90:5a:b9:fa:b4:
                    4b:95:3d:a8:15:bd:80:dc:38:1b:5a:0b:36:00:7d:
                    ce:56:0d:d2:eb:81:02:72:28:1a:a7:16:0a:cd:3b:
                    2d:2e:a1:a3:9d:65:a6:e3:95:e8:8b:ee:76:53:a8:
                    ef:73:1b:d2:7c:b5:76:b6:79:2b:96:48:b5:e9:07:
                    dd:1d:ce:e7:5f:e8:d1:de:29:65:e0:64:55:d7:6f:
                    70:83:ee:97:67:36:43:85:2c:aa:05:8e:76:74:b9:
                    e0:12:de:36:d8:17:65:bb:d9:62:a2:d8:9d:18:2c:
                    2a:eb:e4:ce:4c:da:94:ba:77:cd:35:2f:b8:20:b6:
                    30:5b:6a:e4:78:70:19:46:42:a0:2d:f9:ae:e0:70:
                    fa:47:a6:6e:b8:3c:eb:03:98:fb:7c:85:85:c4:4e:
                    33:80:a7:09:ab:9c:1d:de:87:d1:90:63:ef:04:a3:
                    c2:6a:fd:74:c6:c4:a7:da:46:03:e6:99:35:de:ad:
                    52:71:c3:b0:82:ca:2f:a3:20:7f:4b:f2:93:86:f9:
                    1b:9a:b9:77:f0:b2:6f:44:2d:99:a9:25:7a:2f:d7:
                    bc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:05:E9:27:78:F3:3C:27:5E:1E:87:B3:D3:06:C5:31:6A:21:17:45
            X509v3 Authority Key Identifier:
                keyid:F3:D8:5C:47:D0:B7:D6:DC:5D:DD:A0:85:72:B6:45:4C:10:59:51:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/CgXpJ3jzPCdeHoez0wbFMWohF0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.73.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:f9:1f:6a:54:97:83:88:1a:9b:e8:cf:c1:20:e3:2e:f8:3a:
         81:c4:dd:94:31:14:1a:22:8e:75:11:05:b2:b4:29:96:ce:8d:
         ff:47:5c:f1:c3:28:e7:8d:6d:bd:d7:35:f4:12:74:71:19:15:
         67:7d:72:01:d1:c9:b9:56:53:78:5e:31:f6:94:2f:0e:06:6d:
         cf:f6:50:78:f7:50:01:5f:01:c1:0a:51:9b:51:a0:4a:6e:62:
         8d:99:b7:bd:de:79:94:a1:3a:88:7c:b0:f0:a8:87:8d:18:61:
         c4:3a:9d:ba:20:c2:d1:dd:a7:dc:e5:33:5b:70:09:14:0a:c1:
         6a:24:52:3a:23:0d:f0:d2:33:6c:f7:02:fb:56:da:38:2e:f8:
         51:71:10:48:61:22:be:c5:5b:78:6a:62:55:d6:52:b4:bf:e8:
         10:03:85:05:8d:23:21:29:0a:4b:72:4b:fd:e1:b4:22:c8:b6:
         73:3b:f7:b5:fb:b6:af:93:1d:7b:99:25:d0:5c:f6:aa:10:63:
         d9:31:5c:ce:42:ee:ae:bf:3e:e0:a1:1b:0e:e0:7f:3e:22:bf:
         f9:f9:38:6d:b9:bd:63:98:9d:5c:e6:59:fc:c6:c8:ca:f0:d0:
         51:15:8c:b7:b4:2a:c3:36:68:64:d9:7c:7d:d1:6a:40:9e:a5:
         85:c0:0d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbu5/5aezvxVelVfRNev6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZDg1YzQ3ZDBiN2Q2ZGM1ZGRkYTA4NTcyYjY0NTRjMTA1
OTUxMmMwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTA1ZTkyNzc4ZjMzYzI3NWUxZTg3YjNkMzA2YzUzMTZhMjExNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkG4MmvRy0HbNcmM5AEPpH72Zv31U
sWHM4uNsjTedOFYxa98TAig1kFq5+rRLlT2oFb2A3DgbWgs2AH3OVg3S64ECciga
pxYKzTstLqGjnWWm45Xoi+52U6jvcxvSfLV2tnkrlki16QfdHc7nX+jR3ill4GRV
129wg+6XZzZDhSyqBY52dLngEt422Bdlu9liotidGCwq6+TOTNqUunfNNS+4ILYw
W2rkeHAZRkKgLfmu4HD6R6ZuuDzrA5j7fIWFxE4zgKcJq5wd3ofRkGPvBKPCav10
xsSn2kYD5pk13q1SccOwgsovoyB/S/KThvkbmrl38LJvRC2ZqSV6L9e8YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoF6Sd48zwnXh6Hs9MGxTFqIRdFMB8GA1UdIwQY
MBaAFPPYXEfQt9bcXd2ghXK2RUwQWVEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODloY1I5QzMxdHhkM2FDRmNyWkZUQkJaVVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNmZiMTEtMmQwMC00ZTdiLWIyOTct
NTIxMmRiOTc1NGY0LzEvQ2dYcEozanpQQ2RlSG9lejB3YkZNV29oRjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNmZiMTEtMmQwMC00ZTdiLWIyOTctNTIxMmRiOTc1NGY0
LzEvODloY1I5QzMxdHhkM2FDRmNyWkZUQkJaVVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EmaMA0G
CSqGSIb3DQEBCwUAA4IBAQA6+R9qVJeDiBqb6M/BIOMu+DqBxN2UMRQaIo51EQWy
tCmWzo3/R1zxwyjnjW291zX0EnRxGRVnfXIB0cm5VlN4XjH2lC8OBm3P9lB491AB
XwHBClGbUaBKbmKNmbe93nmUoTqIfLDwqIeNGGHEOp26IMLR3afc5TNbcAkUCsFq
JFI6Iw3w0jNs9wL7Vto4LvhRcRBIYSK+xVt4amJV1lK0v+gQA4UFjSMhKQpLckv9
4bQiyLZzO/e1+7avkx17mSXQXPaqEGPZMVzOQu6uvz7goRsO4H8+Ir/5+Thtub1j
mJ1c5ln8xsjK8NBRFYy3tCrDNmhk2Xx90WpAnqWFwA1u
-----END CERTIFICATE-----