Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ducPRG6GapVRfrO8oLeRwBhC2_k.roa
File:                     ducPRG6GapVRfrO8oLeRwBhC2_k.roa (raw, json)
Hash identifier:          mkxsdHX45oX5qIeXqIbfQ0vc4gmQd67hO/VlzAFIaVE=
Subject key identifier:   76:E7:0F:44:6E:86:6A:95:51:7E:B3:BC:A0:B7:91:C0:18:42:DB:F9
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29F4A02FE338219FAAE745E432BC4B
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ducPRG6GapVRfrO8oLeRwBhC2_k.roa
Signing time:             Tue 02 Jan 2024 12:33:16 +0000
ROA not before:           Tue 02 Jan 2024 12:33:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43875
IP address blocks:        185.67.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f4:a0:2f:e3:38:21:9f:aa:e7:45:e4:32:bc:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76e70f446e866a95517eb3bca0b791c01842dbf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0d:96:5a:73:47:eb:28:5a:56:e4:f0:1a:95:
                    f8:1c:b1:a1:9e:d5:85:0e:dd:f0:a8:9f:59:e3:77:
                    8f:ca:5c:fb:b2:d4:e4:86:62:d2:3c:62:de:1f:1e:
                    ff:24:91:2c:ce:3b:4b:10:22:5f:06:4f:bb:35:27:
                    49:79:d5:b2:e0:1e:ad:87:8d:73:69:c8:76:08:52:
                    dc:a3:80:6d:df:72:4e:1e:fd:e8:0a:8e:17:c6:29:
                    bd:e8:4e:db:64:ad:2c:07:b4:0f:ac:af:11:20:81:
                    fc:5f:28:34:ac:69:9c:59:50:76:0f:50:fd:3c:11:
                    9a:d5:50:2a:0f:41:51:d1:6f:6d:2d:58:22:79:19:
                    f8:10:3f:5f:5b:42:be:ac:a3:5d:4a:32:44:20:af:
                    50:f0:2a:68:6c:22:00:2d:b4:c7:b1:c9:86:f9:6c:
                    55:2c:ff:46:27:34:05:c1:35:31:8f:c1:e4:19:50:
                    ea:f1:fa:02:03:87:f0:9d:92:f6:95:60:5a:4c:d0:
                    a5:3e:8d:92:4e:16:52:44:08:4f:6c:4a:d2:1a:67:
                    e9:9e:0c:14:2c:76:0f:18:54:a6:3c:36:93:6a:57:
                    68:6c:20:11:5b:10:83:3c:cb:47:f8:cf:3a:0f:3c:
                    74:9a:29:bb:fe:ea:e7:e6:fb:3d:78:0d:0c:80:f2:
                    bd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E7:0F:44:6E:86:6A:95:51:7E:B3:BC:A0:B7:91:C0:18:42:DB:F9
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ducPRG6GapVRfrO8oLeRwBhC2_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:86:91:3d:7a:2c:84:2c:df:d9:65:de:6a:c3:3e:45:dc:bb:
         e2:de:42:17:9d:19:21:e5:9b:01:bf:6d:d3:e8:d4:f8:e6:f6:
         0b:31:7f:b7:87:57:a7:25:57:5f:77:f1:3f:00:b7:7e:cf:1b:
         4b:8d:ba:6f:c9:ea:28:c8:87:21:f9:21:de:07:f1:95:5b:25:
         9f:d6:99:7a:fd:05:ad:8e:c8:d0:75:db:65:67:c5:fa:16:f1:
         bb:9b:da:60:cf:ba:db:6e:5a:69:07:37:45:fa:ba:f8:81:80:
         04:5d:73:01:7e:00:bd:bc:8b:9b:f6:6b:f6:0b:84:e8:4c:28:
         eb:5c:0a:a8:ac:7e:48:ff:b5:29:5b:2e:96:f2:b1:a3:09:f5:
         16:d6:c9:fe:3c:13:70:ba:15:d3:eb:c8:b1:28:8e:28:7d:d1:
         3c:06:60:ea:3b:61:87:83:d7:65:00:b2:e0:ab:bc:be:af:ec:
         5c:67:dd:92:ef:8e:fc:70:9f:5e:07:1d:c8:c5:d3:d9:c8:12:
         f7:bc:10:af:e7:9d:6c:d3:f1:bf:12:8f:9f:79:9a:2e:9f:f1:
         0c:6b:12:ff:3e:c6:a5:00:f7:c5:f9:2e:fa:9b:b4:8e:ad:f2:
         2f:9a:4b:fc:b8:91:68:e1:d2:c4:3b:f2:bf:0a:0c:57:80:fe:
         b0:1b:c4:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfSgL+M4IZ+q50XkMrxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmU3MGY0NDZlODY2YTk1NTE3ZWIzYmNhMGI3OTFjMDE4NDJkYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQ2WWnNH6yhaVuTwGpX4HLGhntWF
Dt3wqJ9Z43ePylz7stTkhmLSPGLeHx7/JJEszjtLECJfBk+7NSdJedWy4B6th41z
ach2CFLco4Bt33JOHv3oCo4Xxim96E7bZK0sB7QPrK8RIIH8Xyg0rGmcWVB2D1D9
PBGa1VAqD0FR0W9tLVgieRn4ED9fW0K+rKNdSjJEIK9Q8CpobCIALbTHscmG+WxV
LP9GJzQFwTUxj8HkGVDq8foCA4fwnZL2lWBaTNClPo2SThZSRAhPbErSGmfpngwU
LHYPGFSmPDaTaldobCARWxCDPMtH+M86Dzx0mim7/urn5vs9eA0MgPK9gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbnD0RuhmqVUX6zvKC3kcAYQtv5MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZHVjUFJHNkdhcFZSZnJPOG9MZVJ3QmhDMl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUP8MA0G
CSqGSIb3DQEBCwUAA4IBAQBNhpE9eiyELN/ZZd5qwz5F3Lvi3kIXnRkh5ZsBv23T
6NT45vYLMX+3h1enJVdfd/E/ALd+zxtLjbpvyeooyIch+SHeB/GVWyWf1pl6/QWt
jsjQddtlZ8X6FvG7m9pgz7rbblppBzdF+rr4gYAEXXMBfgC9vIub9mv2C4ToTCjr
XAqorH5I/7UpWy6W8rGjCfUW1sn+PBNwuhXT68ixKI4ofdE8BmDqO2GHg9dlALLg
q7y+r+xcZ92S7478cJ9eBx3IxdPZyBL3vBCv551s0/G/Eo+feZoun/EMaxL/Psal
APfF+S76m7SOrfIvmkv8uJFo4dLEO/K/CgxXgP6wG8S/
-----END CERTIFICATE-----