Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/nKS9BS4UlTOyGY_fe5atnp1QWPg.roa
File:                     nKS9BS4UlTOyGY_fe5atnp1QWPg.roa (raw, json)
Hash identifier:          rqfVnzgJro3gPSz/AtBwV3vkNO5pZFh656+Ar/ihLuk=
Subject key identifier:   9C:A4:BD:05:2E:14:95:33:B2:19:8F:DF:7B:96:AD:9E:9D:50:58:F8
Certificate issuer:       /CN=69ca7c17232db063491cfa585203369ffbeb76ed
Certificate serial:       018CC492A5AED98577FC20672BA42C07A69D
Authority key identifier: 69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/nKS9BS4UlTOyGY_fe5atnp1QWPg.roa
Signing time:             Mon 01 Jan 2024 10:29:54 +0000
ROA not before:           Mon 01 Jan 2024 10:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51020
IP address blocks:        185.65.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 22:03:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:a5:ae:d9:85:77:fc:20:67:2b:a4:2c:07:a6:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69ca7c17232db063491cfa585203369ffbeb76ed
        Validity
            Not Before: Jan  1 10:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ca4bd052e149533b2198fdf7b96ad9e9d5058f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e9:45:e3:83:01:39:61:09:7e:bc:0e:c6:5c:
                    81:3d:ab:39:91:b0:17:6e:89:47:3d:a8:20:2f:e4:
                    a9:a1:3b:89:86:95:3d:23:c3:dc:af:1d:6b:7e:52:
                    cd:b7:f8:fd:b0:bb:8a:b3:6d:49:be:0e:79:e3:e8:
                    e6:c2:88:35:f2:2d:40:32:05:07:c3:a1:42:bf:35:
                    81:3a:d8:4a:23:e4:5d:bd:69:7b:21:a9:78:49:49:
                    9d:05:78:82:d9:1d:f8:3e:a6:63:5e:06:7a:28:5e:
                    b9:6e:51:fc:f6:ff:37:7b:49:2f:9d:aa:68:f6:ef:
                    ad:4d:79:12:e9:73:ef:a6:eb:a6:fa:52:5f:6a:cc:
                    4a:fd:6d:94:93:96:1a:b3:6f:3a:50:7f:78:c5:17:
                    2b:df:bd:bd:eb:69:d0:77:9b:4a:d6:9e:d0:20:02:
                    b7:41:f8:be:62:5d:f2:07:35:11:a9:6d:c1:4d:9c:
                    15:c1:d7:78:2a:b7:d3:b5:b6:c0:d4:28:c9:3a:ef:
                    b3:24:c6:2a:02:d6:71:dc:fa:36:b6:0b:7c:0a:73:
                    81:24:66:a7:5e:ee:bf:66:b2:84:e6:aa:58:82:b5:
                    1a:21:54:5c:39:7f:a2:4f:be:8e:0b:f3:99:5a:b7:
                    03:98:2e:86:f4:f7:a7:9b:0e:5e:1e:f5:cd:ba:05:
                    c8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A4:BD:05:2E:14:95:33:B2:19:8F:DF:7B:96:AD:9E:9D:50:58:F8
            X509v3 Authority Key Identifier:
                keyid:69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/nKS9BS4UlTOyGY_fe5atnp1QWPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:9b:a5:3a:76:f3:a3:39:10:34:da:cb:7c:6d:f2:3b:d3:71:
         c0:2a:c1:ac:cb:db:f1:55:90:34:2b:94:a2:7d:3c:75:2d:95:
         d9:8a:5c:37:83:d5:06:31:91:56:64:9d:58:c4:ed:b6:f2:82:
         f8:43:7b:f0:a3:fa:93:98:43:36:14:bb:1b:c6:d4:4a:75:83:
         9a:f7:c9:e2:e6:b8:bd:c9:92:8c:96:c9:29:f1:a5:67:4a:78:
         d6:1c:4e:c1:e1:57:49:4c:3e:64:d9:68:05:67:85:c1:4c:e8:
         94:12:a2:ec:60:2f:3d:fe:20:8e:49:09:7b:49:d7:b9:89:d9:
         39:fb:4c:ab:1e:c3:11:52:e3:63:30:5f:70:ca:ff:58:08:15:
         a1:b1:ef:75:1e:52:c7:df:6c:48:2b:27:4f:c7:44:c6:0d:f8:
         2b:8a:fb:e3:92:a4:e1:43:6b:b8:0a:25:c7:25:50:10:26:4e:
         b2:52:8a:ce:a2:e7:0a:2d:1e:06:95:08:d9:56:01:2b:af:67:
         07:6d:f6:62:31:6d:75:8d:68:f5:3f:ae:c3:0e:b9:3b:cd:c2:
         f8:40:6b:9b:a6:35:35:25:e8:31:2c:32:86:d9:b2:c2:6a:2a:
         ce:7f:11:e1:7b:14:c8:97:4f:cc:33:e8:61:2d:9e:82:b9:97:
         77:0c:c6:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkqWu2YV3/CBnK6QsB6adMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5Y2E3YzE3MjMyZGIwNjM0OTFjZmE1ODUyMDMzNjlmZmJl
Yjc2ZWQwHhcNMjQwMTAxMTAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E0YmQwNTJlMTQ5NTMzYjIxOThmZGY3Yjk2YWQ5ZTlkNTA1OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsulF44MBOWEJfrwOxlyBPas5kbAX
bolHPaggL+SpoTuJhpU9I8Pcrx1rflLNt/j9sLuKs21Jvg554+jmwog18i1AMgUH
w6FCvzWBOthKI+RdvWl7Ial4SUmdBXiC2R34PqZjXgZ6KF65blH89v83e0kvnapo
9u+tTXkS6XPvpuum+lJfasxK/W2Uk5Yas286UH94xRcr372962nQd5tK1p7QIAK3
Qfi+Yl3yBzURqW3BTZwVwdd4KrfTtbbA1CjJOu+zJMYqAtZx3Po2tgt8CnOBJGan
Xu6/ZrKE5qpYgrUaIVRcOX+iT76OC/OZWrcDmC6G9Penmw5eHvXNugXIbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJykvQUuFJUzshmP33uWrZ6dUFj4MB8GA1UdIwQY
MBaAFGnKfBcjLbBjSRz6WFIDNp/763btMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUt
ZjQ3YWU3ZGRhZWMwLzEvbktTOUJTNFVsVE95R1lfZmU1YXRucDFRV1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUtZjQ3YWU3ZGRhZWMw
LzEvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUH8MA0G
CSqGSIb3DQEBCwUAA4IBAQABm6U6dvOjORA02st8bfI703HAKsGsy9vxVZA0K5Si
fTx1LZXZilw3g9UGMZFWZJ1YxO228oL4Q3vwo/qTmEM2FLsbxtRKdYOa98ni5ri9
yZKMlskp8aVnSnjWHE7B4VdJTD5k2WgFZ4XBTOiUEqLsYC89/iCOSQl7Sde5idk5
+0yrHsMRUuNjMF9wyv9YCBWhse91HlLH32xIKydPx0TGDfgrivvjkqThQ2u4CiXH
JVAQJk6yUorOoucKLR4GlQjZVgErr2cHbfZiMW11jWj1P67DDrk7zcL4QGubpjU1
JegxLDKG2bLCairOfxHhexTIl0/MM+hhLZ6CuZd3DMbO
-----END CERTIFICATE-----