Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/EsDeqW63uy870Kbhiw1ptWRbiz4.roa
File:                     EsDeqW63uy870Kbhiw1ptWRbiz4.roa (raw, json)
Hash identifier:          UcaZjRZwhSeGPRpIxM4IGOI+hPhI/qqqOO1u7Pe9PUk=
Subject key identifier:   12:C0:DE:A9:6E:B7:BB:2F:3B:D0:A6:E1:8B:0D:69:B5:64:5B:8B:3E
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1EE31466FA5B99289EAE502AB76F
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/EsDeqW63uy870Kbhiw1ptWRbiz4.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272827
IP address blocks:        171.22.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1e:e3:14:66:fa:5b:99:28:9e:ae:50:2a:b7:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12c0dea96eb7bb2f3bd0a6e18b0d69b5645b8b3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:75:06:68:ad:fa:ab:c9:95:b7:b1:cf:4a:83:
                    c2:98:85:7b:50:c3:1d:90:65:5e:5f:47:72:4c:91:
                    bb:34:d2:23:aa:dc:9e:91:33:f2:cb:c0:e6:05:bc:
                    df:5d:5e:bc:73:1b:7a:c6:61:11:88:15:bd:53:5b:
                    76:a9:08:a7:4d:b3:87:55:06:01:52:b4:c4:a4:92:
                    47:07:ca:8f:31:ad:51:c8:d4:31:9d:11:f5:57:51:
                    9f:6b:66:28:97:7e:21:21:22:73:4f:3a:70:b3:5a:
                    ca:20:89:53:73:4b:57:23:11:79:b7:19:36:1d:c5:
                    86:ce:06:f8:04:50:61:6c:de:8c:2a:43:6e:92:bd:
                    a4:5e:1a:bd:dd:00:23:36:2f:60:c6:c1:28:b5:f3:
                    b0:3a:1b:85:1b:73:e3:71:31:cc:7f:c7:af:84:ab:
                    ee:1d:bf:e6:ee:e2:5b:15:54:6d:1e:5b:0b:85:b7:
                    cf:46:5f:fc:83:03:48:26:6f:ca:af:c2:7c:69:ee:
                    5f:72:53:29:3c:56:95:cf:04:a9:f6:49:62:15:51:
                    da:18:7e:7d:62:71:f5:8d:38:10:32:79:e0:8a:c0:
                    e8:f9:55:12:8f:f2:14:22:f7:e5:6a:f3:0f:4f:7f:
                    cc:42:3a:ce:eb:a1:9c:a1:1a:a7:49:95:af:07:07:
                    4f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C0:DE:A9:6E:B7:BB:2F:3B:D0:A6:E1:8B:0D:69:B5:64:5B:8B:3E
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/EsDeqW63uy870Kbhiw1ptWRbiz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f4:4e:15:a5:61:e3:62:93:3d:6d:7a:ee:c4:32:0b:48:74:
         40:1a:b2:60:84:72:dd:56:a8:aa:dd:03:e1:ef:7a:11:5b:04:
         db:91:da:b3:15:c1:08:05:e3:af:a2:73:5e:3a:b3:58:2b:e1:
         f9:ac:97:d3:21:80:f9:af:12:0b:07:42:03:5b:fc:77:21:89:
         dc:70:dd:09:4c:8d:95:40:cd:ee:b9:2c:50:69:78:55:9f:eb:
         9d:98:f4:66:4a:a8:43:ae:6b:7a:0b:ef:cb:89:78:11:aa:30:
         12:b3:b7:6b:50:48:02:84:95:6a:03:4b:b5:af:52:54:e3:27:
         c5:a7:6e:e2:35:81:75:e9:48:e1:9b:8c:17:b1:7a:bc:2e:f3:
         5b:9e:fe:e0:76:ce:4c:4e:72:22:d8:15:3d:64:c6:45:e4:87:
         bd:e2:47:8f:59:a1:01:8b:d5:56:1b:40:33:e3:56:eb:d2:70:
         c2:1c:17:c1:18:25:ac:8a:75:27:8d:12:b0:2c:15:b0:25:7c:
         28:da:3c:5a:a1:b9:39:da:4a:80:ea:85:1e:f8:a9:e2:2b:26:
         c7:0d:c8:c5:5d:eb:dd:28:4f:18:89:2d:f3:49:58:41:91:4d:
         07:94:0a:8b:8e:ac:0b:de:dd:77:d6:de:02:4e:67:b5:19:77:
         4b:75:a0:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh7jFGb6W5konq5QKrdvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmMwZGVhOTZlYjdiYjJmM2JkMGE2ZTE4YjBkNjliNTY0NWI4YjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnUGaK36q8mVt7HPSoPCmIV7UMMd
kGVeX0dyTJG7NNIjqtyekTPyy8DmBbzfXV68cxt6xmERiBW9U1t2qQinTbOHVQYB
UrTEpJJHB8qPMa1RyNQxnRH1V1Gfa2Yol34hISJzTzpws1rKIIlTc0tXIxF5txk2
HcWGzgb4BFBhbN6MKkNukr2kXhq93QAjNi9gxsEotfOwOhuFG3PjcTHMf8evhKvu
Hb/m7uJbFVRtHlsLhbfPRl/8gwNIJm/Kr8J8ae5fclMpPFaVzwSp9kliFVHaGH59
YnH1jTgQMnngisDo+VUSj/IUIvflavMPT3/MQjrO66GcoRqnSZWvBwdPNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLA3qlut7svO9Cm4YsNabVkW4s+MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvRXNEZXFXNjN1eTg3MEtiaGl3MXB0V1JiaXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxalMA0G
CSqGSIb3DQEBCwUAA4IBAQBP9E4VpWHjYpM9bXruxDILSHRAGrJghHLdVqiq3QPh
73oRWwTbkdqzFcEIBeOvonNeOrNYK+H5rJfTIYD5rxILB0IDW/x3IYnccN0JTI2V
QM3uuSxQaXhVn+udmPRmSqhDrmt6C+/LiXgRqjASs7drUEgChJVqA0u1r1JU4yfF
p27iNYF16Ujhm4wXsXq8LvNbnv7gds5MTnIi2BU9ZMZF5Ie94kePWaEBi9VWG0Az
41br0nDCHBfBGCWsinUnjRKwLBWwJXwo2jxaobk52kqA6oUe+KniKybHDcjFXevd
KE8YiS3zSVhBkU0HlAqLjqwL3t131t4CTme1GXdLdaA9
-----END CERTIFICATE-----