Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/DXXrsXsExvRo9JUI0G0ZzeIo7G4.roa
File:                     DXXrsXsExvRo9JUI0G0ZzeIo7G4.roa (raw, json)
Hash identifier:          wlVA56F4GwBVjV6jWhjg43AqYkYvECWUQlRiyPa97Y0=
Subject key identifier:   0D:75:EB:B1:7B:04:C6:F4:68:F4:95:08:D0:6D:19:CD:E2:28:EC:6E
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       018CC5DC787EB1F824F25FCFF72DA684AB1E
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/DXXrsXsExvRo9JUI0G0ZzeIo7G4.roa
Signing time:             Mon 01 Jan 2024 16:30:09 +0000
ROA not before:           Mon 01 Jan 2024 16:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52468
IP address blocks:        185.213.220.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:78:7e:b1:f8:24:f2:5f:cf:f7:2d:a6:84:ab:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 16:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d75ebb17b04c6f468f49508d06d19cde228ec6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:73:56:1c:fc:23:15:ef:fe:67:ee:62:66:39:
                    f6:b8:3a:5d:dc:4b:c8:5e:a2:a6:46:73:56:7a:df:
                    45:d4:fa:e7:03:2c:74:d9:43:30:23:ad:65:0e:fd:
                    02:f1:b8:5c:de:52:43:7b:2d:51:e0:6a:fc:73:5b:
                    1e:6e:bf:e8:69:b2:b5:42:e8:bc:4a:b8:07:9b:d3:
                    ee:ca:b3:ac:6c:6b:02:35:5f:18:c8:39:4f:1f:44:
                    06:fd:af:bd:60:3f:bb:00:eb:1f:f3:b7:83:43:18:
                    7b:22:16:f2:d3:8f:30:f1:ab:57:b1:bb:69:4a:39:
                    3c:50:96:39:3e:79:11:2e:66:e6:ef:ed:00:c1:1e:
                    b2:7e:ee:ad:1d:9d:55:49:35:d2:1d:54:f0:aa:55:
                    ea:61:79:5b:5a:21:ee:99:00:ba:5f:72:5a:3b:b3:
                    03:8a:e4:a9:45:ae:89:84:cd:d6:20:11:d5:96:68:
                    16:4f:6a:dc:92:80:94:5e:fb:88:6e:c1:74:06:77:
                    c0:43:e2:72:e2:a5:56:31:3d:8d:31:ca:ba:2e:c6:
                    66:ea:c1:fc:9f:31:8d:bd:5a:de:28:b5:ae:52:53:
                    d4:19:dc:a1:fc:0c:24:2a:3b:e1:06:0b:42:0a:50:
                    0a:4e:71:1b:b7:0a:f5:ba:e6:9d:86:32:f8:72:3b:
                    33:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:75:EB:B1:7B:04:C6:F4:68:F4:95:08:D0:6D:19:CD:E2:28:EC:6E
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/DXXrsXsExvRo9JUI0G0ZzeIo7G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:c3:e5:d9:35:29:5f:97:71:c2:06:4f:57:a2:5f:36:0a:bf:
         8e:09:50:80:ca:1a:32:48:76:b7:4c:98:ed:b3:f8:28:8a:fb:
         cb:90:81:87:5d:df:b7:5c:1a:a2:89:b1:7f:1f:20:48:78:22:
         b0:cc:88:ae:b7:cb:72:fd:be:8c:92:2a:d3:33:bb:d6:8d:cf:
         8c:35:e8:56:0f:df:52:41:e8:81:4f:e6:21:c5:74:36:62:79:
         f8:13:7a:64:6f:01:66:93:3c:69:e6:c4:4b:af:ca:e2:84:7a:
         51:95:da:a9:69:23:96:56:17:58:c7:83:d1:58:07:0c:8d:a8:
         97:f8:59:d3:75:15:fa:66:2a:b6:7d:c0:ab:ed:ec:8e:f0:7d:
         05:30:3e:d9:c9:36:88:35:0e:3a:27:89:28:ed:c2:4d:40:95:
         09:6e:c5:1f:b8:20:a2:24:8e:4e:5b:5c:d2:44:8a:c5:4d:4f:
         eb:92:8b:e5:75:71:20:dd:25:0c:0c:8a:dd:e5:0a:f5:0c:10:
         96:eb:bc:86:26:e1:2f:2f:25:ff:13:05:1d:5c:5f:cb:63:88:
         a5:b9:43:77:63:67:88:17:81:06:ce:29:12:1b:41:70:2f:1b:
         0e:64:d2:e9:82:c1:45:be:31:dc:df:9b:8e:45:97:1d:c4:b1:
         6f:48:1e:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Hh+sfgk8l/P9y2mhKseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjQwMTAxMTYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDc1ZWJiMTdiMDRjNmY0NjhmNDk1MDhkMDZkMTljZGUyMjhlYzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXNWHPwjFe/+Z+5iZjn2uDpd3EvI
XqKmRnNWet9F1PrnAyx02UMwI61lDv0C8bhc3lJDey1R4Gr8c1sebr/oabK1Qui8
SrgHm9PuyrOsbGsCNV8YyDlPH0QG/a+9YD+7AOsf87eDQxh7Ihby048w8atXsbtp
Sjk8UJY5PnkRLmbm7+0AwR6yfu6tHZ1VSTXSHVTwqlXqYXlbWiHumQC6X3JaO7MD
iuSpRa6JhM3WIBHVlmgWT2rckoCUXvuIbsF0BnfAQ+Jy4qVWMT2NMcq6LsZm6sH8
nzGNvVreKLWuUlPUGdyh/AwkKjvhBgtCClAKTnEbtwr1uuadhjL4cjszKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1167F7BMb0aPSVCNBtGc3iKOxuMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvRFhYcnNYc0V4dlJvOUpVSTBHMFp6ZUlvN0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudXcMA0G
CSqGSIb3DQEBCwUAA4IBAQAnw+XZNSlfl3HCBk9Xol82Cr+OCVCAyhoySHa3TJjt
s/goivvLkIGHXd+3XBqiibF/HyBIeCKwzIiut8ty/b6MkirTM7vWjc+MNehWD99S
QeiBT+YhxXQ2Ynn4E3pkbwFmkzxp5sRLr8rihHpRldqpaSOWVhdYx4PRWAcMjaiX
+FnTdRX6Ziq2fcCr7eyO8H0FMD7ZyTaINQ46J4ko7cJNQJUJbsUfuCCiJI5OW1zS
RIrFTU/rkovldXEg3SUMDIrd5Qr1DBCW67yGJuEvLyX/EwUdXF/LY4iluUN3Y2eI
F4EGzikSG0FwLxsOZNLpgsFFvjHc35uORZcdxLFvSB68
-----END CERTIFICATE-----