Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/dtlk-_ARiPBiQMJAS1IpGYFXUTA.roa
File:                     dtlk-_ARiPBiQMJAS1IpGYFXUTA.roa (raw, json)
Hash identifier:          JAHUiyJYxqaRgU56TOKpXCfYZYjhYIwTc6HRpdjOLMk=
Subject key identifier:   76:D9:64:FB:F0:11:88:F0:62:40:C2:40:4B:52:29:19:81:57:51:30
Certificate issuer:       /CN=a7f62916197f7796cec578ea4352fae4ef89aec2
Certificate serial:       018CC500137120CE962AA9962FB101727DC1
Authority key identifier: A7:F6:29:16:19:7F:77:96:CE:C5:78:EA:43:52:FA:E4:EF:89:AE:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_YpFhl_d5bOxXjqQ1L65O-JrsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/dtlk-_ARiPBiQMJAS1IpGYFXUTA.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47220
IP address blocks:        194.152.42.0/24 maxlen: 24
                          194.152.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/p_YpFhl_d5bOxXjqQ1L65O-JrsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/p_YpFhl_d5bOxXjqQ1L65O-JrsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_YpFhl_d5bOxXjqQ1L65O-JrsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:13:71:20:ce:96:2a:a9:96:2f:b1:01:72:7d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f62916197f7796cec578ea4352fae4ef89aec2
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76d964fbf01188f06240c2404b52291981575130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:bb:49:4a:21:be:0d:92:5e:6c:ad:80:a4:e1:
                    22:e2:d6:f4:7f:08:d6:a3:95:4c:d7:4b:13:b8:2c:
                    d7:d4:b3:3e:a7:08:b0:34:2b:ba:aa:06:03:14:4d:
                    f2:58:c7:4f:79:6e:76:9b:ca:45:cf:d9:6b:53:32:
                    60:40:38:db:13:2a:3e:90:4b:94:c7:cc:22:24:7e:
                    21:1f:d3:dc:48:b7:95:e8:67:db:a8:20:ae:49:79:
                    d5:cc:7e:29:ea:c1:70:05:6b:c9:77:88:96:d0:b4:
                    09:17:d7:2d:1e:2c:ca:88:96:58:b0:e7:4c:1a:d7:
                    b1:15:ba:eb:7d:09:70:f2:f5:38:83:af:cd:c8:46:
                    03:1f:66:39:4b:c5:43:0f:b8:ca:a6:a6:5e:52:9b:
                    59:3a:87:57:24:10:6d:51:0f:86:08:33:64:80:0a:
                    93:bf:7a:87:10:bb:03:ba:bc:71:51:91:ea:b3:d7:
                    16:31:e9:3e:de:78:b0:46:c1:7c:18:ef:5e:17:ce:
                    2d:fa:06:2e:c6:3a:85:db:af:94:3c:d1:3e:13:a6:
                    ea:6e:28:ab:00:8b:26:17:cb:fe:12:2e:e8:a9:1e:
                    69:f1:46:11:71:62:a1:4b:d8:17:ff:c7:ef:0b:3b:
                    7d:2d:f5:59:d5:68:ba:81:de:60:3c:fd:6b:55:2c:
                    83:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D9:64:FB:F0:11:88:F0:62:40:C2:40:4B:52:29:19:81:57:51:30
            X509v3 Authority Key Identifier:
                keyid:A7:F6:29:16:19:7F:77:96:CE:C5:78:EA:43:52:FA:E4:EF:89:AE:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_YpFhl_d5bOxXjqQ1L65O-JrsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/dtlk-_ARiPBiQMJAS1IpGYFXUTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/p_YpFhl_d5bOxXjqQ1L65O-JrsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:ff:2d:7b:d9:c5:06:76:c7:73:51:a6:05:18:08:01:ce:7a:
         f4:8a:99:82:5a:68:e6:18:0a:14:58:be:60:70:3c:97:cd:d1:
         7b:56:ec:cf:8c:e8:7e:99:c4:25:06:97:54:f0:6c:8f:6b:2f:
         e9:68:c2:88:4c:57:cf:a8:65:c3:ea:51:32:5e:b2:a5:f8:9b:
         a8:1c:74:10:74:f0:cd:26:b9:ed:c6:b6:21:0e:18:3a:07:ea:
         dc:13:4f:dc:63:30:41:84:35:ae:19:a1:f4:4d:5f:ad:eb:36:
         83:88:77:81:05:1e:45:09:84:c4:a3:50:f8:3e:5a:42:49:10:
         36:06:ee:d8:04:e3:93:68:5c:0e:dc:0d:99:77:7e:8c:5a:cc:
         bc:c7:b7:80:a1:09:27:73:8f:c9:52:48:99:96:b5:b9:76:18:
         c2:8d:4b:9e:07:72:bd:50:44:69:2a:29:8d:8e:e0:56:f9:da:
         05:10:01:28:c4:48:da:6f:49:3c:c3:be:da:1d:41:b8:b1:46:
         91:dc:2b:ac:8f:59:20:4a:74:b1:cd:6a:b3:e7:e2:23:35:25:
         d0:bb:7b:0b:a6:f0:4f:31:a0:f0:c8:3c:dc:a1:ef:50:53:0f:
         ef:6c:7e:11:96:11:9f:63:a9:0d:d3:92:23:aa:45:0c:72:3b:
         e6:32:7c:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABNxIM6WKqmWL7EBcn3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZjYyOTE2MTk3Zjc3OTZjZWM1NzhlYTQzNTJmYWU0ZWY4
OWFlYzIwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQ5NjRmYmYwMTE4OGYwNjI0MGMyNDA0YjUyMjkxOTgxNTc1MTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbtJSiG+DZJebK2ApOEi4tb0fwjW
o5VM10sTuCzX1LM+pwiwNCu6qgYDFE3yWMdPeW52m8pFz9lrUzJgQDjbEyo+kEuU
x8wiJH4hH9PcSLeV6GfbqCCuSXnVzH4p6sFwBWvJd4iW0LQJF9ctHizKiJZYsOdM
GtexFbrrfQlw8vU4g6/NyEYDH2Y5S8VDD7jKpqZeUptZOodXJBBtUQ+GCDNkgAqT
v3qHELsDurxxUZHqs9cWMek+3niwRsF8GO9eF84t+gYuxjqF26+UPNE+E6bqbiir
AIsmF8v+Ei7oqR5p8UYRcWKhS9gX/8fvCzt9LfVZ1Wi6gd5gPP1rVSyDYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbZZPvwEYjwYkDCQEtSKRmBV1EwMB8GA1UdIwQY
MBaAFKf2KRYZf3eWzsV46kNS+uTvia7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9ZcEZobF9kNWJPeFhqcVExTDY1Ty1KcnNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNzFjYTctNTA3MC00YmNjLWEwMGQt
ZWM5N2YxOGE3OTRhLzEvZHRsay1fQVJpUEJpUU1KQVMxSXBHWUZYVVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNzFjYTctNTA3MC00YmNjLWEwMGQtZWM5N2YxOGE3OTRh
LzEvcF9ZcEZobF9kNWJPeFhqcVExTDY1Ty1KcnNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpgqMA0G
CSqGSIb3DQEBCwUAA4IBAQBY/y172cUGdsdzUaYFGAgBznr0ipmCWmjmGAoUWL5g
cDyXzdF7VuzPjOh+mcQlBpdU8GyPay/paMKITFfPqGXD6lEyXrKl+JuoHHQQdPDN
JrntxrYhDhg6B+rcE0/cYzBBhDWuGaH0TV+t6zaDiHeBBR5FCYTEo1D4PlpCSRA2
Bu7YBOOTaFwO3A2Zd36MWsy8x7eAoQknc4/JUkiZlrW5dhjCjUueB3K9UERpKimN
juBW+doFEAEoxEjab0k8w77aHUG4sUaR3Cusj1kgSnSxzWqz5+IjNSXQu3sLpvBP
MaDwyDzcoe9QUw/vbH4RlhGfY6kN05IjqkUMcjvmMnxZ
-----END CERTIFICATE-----