Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/0incFgop7NvSNqdaiXDOn58Xgpo.roa
File:                     0incFgop7NvSNqdaiXDOn58Xgpo.roa (raw, json)
Hash identifier:          O6K4qtzqb3/R6tbDZHku6vHRKb6jD4KVcBfmh4mv0B4=
Subject key identifier:   D2:29:DC:16:0A:29:EC:DB:D2:36:A7:5A:89:70:CE:9F:9F:17:82:9A
Certificate issuer:       /CN=7b5516af4b74a1142bef13c3fd707059e61a6b95
Certificate serial:       018CCA996351AE75968BDA1E8E6005966B4C
Authority key identifier: 7B:55:16:AF:4B:74:A1:14:2B:EF:13:C3:FD:70:70:59:E6:1A:6B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/0incFgop7NvSNqdaiXDOn58Xgpo.roa
Signing time:             Tue 02 Jan 2024 14:34:59 +0000
ROA not before:           Tue 02 Jan 2024 14:34:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        109.205.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 10:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:63:51:ae:75:96:8b:da:1e:8e:60:05:96:6b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5516af4b74a1142bef13c3fd707059e61a6b95
        Validity
            Not Before: Jan  2 14:34:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d229dc160a29ecdbd236a75a8970ce9f9f17829a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5c:da:6e:46:2e:26:a3:dc:19:8a:34:6e:48:
                    2a:6b:fa:35:f0:2e:ef:95:59:28:3c:77:3c:9e:a4:
                    4a:c4:48:2b:ee:36:57:ff:6a:48:03:b4:05:79:1c:
                    4e:12:59:a4:a1:d2:39:fe:cf:f1:95:b1:c3:d7:a3:
                    2e:31:5d:80:90:f2:14:f6:bb:17:58:f6:3c:28:15:
                    34:b5:f8:61:9e:e5:25:62:b2:39:a2:a0:31:cf:65:
                    9e:74:95:dc:11:13:d2:bb:65:12:60:b2:f4:5a:80:
                    b2:4c:c0:8b:66:c5:d7:f9:0d:57:b1:d4:1e:9a:a4:
                    84:95:61:e3:e9:39:42:b8:d1:8c:ac:fe:43:cc:b9:
                    f6:00:8c:f2:a6:a5:60:ec:c3:0b:b3:1b:85:6f:0e:
                    ad:b0:ea:30:26:dc:3a:3e:29:86:c0:f2:6d:97:c1:
                    e6:d8:a3:a1:a5:42:1e:38:de:34:8f:47:b4:bd:53:
                    ac:88:fd:71:72:cc:2a:99:39:c0:b5:c2:2a:b4:60:
                    63:b9:06:44:ae:fc:d7:1a:66:fb:1e:cc:cc:71:d1:
                    05:f1:14:83:05:00:f7:3b:3f:fc:5a:8a:cd:5a:b9:
                    4e:41:c4:d7:8c:3b:da:80:59:4c:4e:77:b5:ad:38:
                    e1:da:5e:0d:29:1e:90:e9:ec:67:b1:60:dd:b0:1b:
                    cd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:29:DC:16:0A:29:EC:DB:D2:36:A7:5A:89:70:CE:9F:9F:17:82:9A
            X509v3 Authority Key Identifier:
                keyid:7B:55:16:AF:4B:74:A1:14:2B:EF:13:C3:FD:70:70:59:E6:1A:6B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/0incFgop7NvSNqdaiXDOn58Xgpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:a0:f2:04:b2:37:97:59:01:11:f1:58:b4:20:7b:0f:89:d6:
         67:8e:19:12:e0:ef:ca:02:89:96:e5:4e:97:85:e1:01:70:2d:
         3e:72:11:bd:0e:00:22:2b:48:61:6d:87:5f:84:c0:ab:4d:8c:
         2a:fa:2c:bb:99:22:47:24:92:59:2d:16:cb:11:4e:55:ff:2b:
         eb:02:53:c6:f7:a0:e8:85:9e:7e:68:5c:90:93:f4:4c:66:d5:
         3b:8c:9d:93:d9:93:e3:d1:0b:19:78:47:96:e8:b3:e7:62:94:
         6d:b7:d7:e4:0d:c6:60:d7:82:eb:ad:85:3e:70:c3:36:94:71:
         51:dd:32:48:13:87:8e:dd:a1:77:84:e9:b2:0b:8e:c8:66:8b:
         0f:9a:ce:87:4e:c8:02:a1:95:aa:6c:6a:48:d8:36:15:e0:00:
         54:c9:9e:d9:3e:96:93:86:67:ec:ce:da:7e:8c:18:6d:1f:e2:
         1f:a8:b1:37:e6:4c:37:01:59:4a:79:e7:00:71:db:03:73:94:
         bf:37:8c:01:9a:47:74:38:8e:d3:b5:28:7f:69:d2:5b:5b:a4:
         ec:fa:ee:7e:ee:9c:64:24:dc:19:64:fa:0b:12:45:73:3f:9d:
         b6:fb:db:17:1f:d9:5a:e8:41:48:97:fe:ec:67:54:7b:d2:65:
         73:6d:23:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmWNRrnWWi9oejmAFlmtMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNTUxNmFmNGI3NGExMTQyYmVmMTNjM2ZkNzA3MDU5ZTYx
YTZiOTUwHhcNMjQwMTAyMTQzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjI5ZGMxNjBhMjllY2RiZDIzNmE3NWE4OTcwY2U5ZjlmMTc4MjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlzabkYuJqPcGYo0bkgqa/o18C7v
lVkoPHc8nqRKxEgr7jZX/2pIA7QFeRxOElmkodI5/s/xlbHD16MuMV2AkPIU9rsX
WPY8KBU0tfhhnuUlYrI5oqAxz2WedJXcERPSu2USYLL0WoCyTMCLZsXX+Q1XsdQe
mqSElWHj6TlCuNGMrP5DzLn2AIzypqVg7MMLsxuFbw6tsOowJtw6PimGwPJtl8Hm
2KOhpUIeON40j0e0vVOsiP1xcswqmTnAtcIqtGBjuQZErvzXGmb7HszMcdEF8RSD
BQD3Oz/8WorNWrlOQcTXjDvagFlMTne1rTjh2l4NKR6Q6exnsWDdsBvNlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIp3BYKKezb0janWolwzp+fF4KaMB8GA1UdIwQY
MBaAFHtVFq9LdKEUK+8Tw/1wcFnmGmuVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTFVV3IwdDBvUlFyN3hQRF9YQndXZVlhYTVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kYzhlMTMtNmRkMy00NGY5LTkwZjYt
N2NkMWY2NTJkOTI1LzEvMGluY0Znb3A3TnZTTnFkYWlYRE9uNThYZ3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kYzhlMTMtNmRkMy00NGY5LTkwZjYtN2NkMWY2NTJkOTI1
LzEvZTFVV3IwdDBvUlFyN3hQRF9YQndXZVlhYTVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc2eMA0G
CSqGSIb3DQEBCwUAA4IBAQANoPIEsjeXWQER8Vi0IHsPidZnjhkS4O/KAomW5U6X
heEBcC0+chG9DgAiK0hhbYdfhMCrTYwq+iy7mSJHJJJZLRbLEU5V/yvrAlPG96Do
hZ5+aFyQk/RMZtU7jJ2T2ZPj0QsZeEeW6LPnYpRtt9fkDcZg14LrrYU+cMM2lHFR
3TJIE4eO3aF3hOmyC47IZosPms6HTsgCoZWqbGpI2DYV4ABUyZ7ZPpaThmfsztp+
jBhtH+IfqLE35kw3AVlKeecAcdsDc5S/N4wBmkd0OI7TtSh/adJbW6Ts+u5+7pxk
JNwZZPoLEkVzP522+9sXH9la6EFIl/7sZ1R70mVzbSOG
-----END CERTIFICATE-----