Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/DvQhNj5cfTC9gGZcAkKYytR52oc.roa
File:                     DvQhNj5cfTC9gGZcAkKYytR52oc.roa (raw, json)
Hash identifier:          yaj34dQ1iIzF+jF5JB34NKAeiRxr6MqE1n2qk7Zi8ck=
Subject key identifier:   0E:F4:21:36:3E:5C:7D:30:BD:80:66:5C:02:42:98:CA:D4:79:DA:87
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018CC500773D215C8FECA79FB05994A46E64
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/DvQhNj5cfTC9gGZcAkKYytR52oc.roa
Signing time:             Mon 01 Jan 2024 12:29:51 +0000
ROA not before:           Mon 01 Jan 2024 12:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64399
IP address blocks:        212.16.70.0/24 maxlen: 24
                          212.16.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:77:3d:21:5c:8f:ec:a7:9f:b0:59:94:a4:6e:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 12:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ef421363e5c7d30bd80665c024298cad479da87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fc:ce:b6:bd:ae:38:b7:78:cb:1d:a9:60:cf:
                    ff:38:63:ef:2e:24:f6:8e:3c:b0:be:ad:ae:59:24:
                    54:21:d3:30:e8:75:38:6c:17:a2:83:6b:09:29:09:
                    96:6a:84:74:d2:12:06:a6:e1:86:25:26:29:93:fb:
                    8f:62:77:ca:54:f9:fc:85:86:6e:4c:ef:44:51:a8:
                    64:75:22:3f:60:87:f5:bb:7f:d4:35:ff:27:b8:eb:
                    0e:74:94:6d:08:41:f7:32:ee:06:d6:bd:e2:22:bb:
                    dc:1c:c2:53:f3:30:c5:26:92:48:b5:a8:80:59:a0:
                    cb:79:b9:18:3c:ad:32:32:91:6c:25:4d:4c:d7:0e:
                    ec:f0:68:13:89:0b:9c:72:ee:02:a4:11:8e:43:90:
                    2a:ac:b3:99:6b:6e:a1:07:30:c5:f7:4a:e8:0f:7e:
                    9c:3d:98:39:fc:b9:01:d1:de:03:6c:4a:26:56:56:
                    f8:04:32:b2:c2:5e:e6:79:ec:6b:03:06:77:4e:95:
                    4f:0c:d2:bc:ea:9c:6b:7a:9e:a0:cf:19:99:1d:69:
                    24:04:39:54:6b:6b:e5:53:56:23:2b:54:40:94:55:
                    10:ce:09:58:d8:01:cf:00:06:16:86:58:1d:30:2e:
                    70:2a:77:4b:18:9e:73:e9:2d:7a:0b:c8:99:65:d0:
                    a9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:F4:21:36:3E:5C:7D:30:BD:80:66:5C:02:42:98:CA:D4:79:DA:87
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/DvQhNj5cfTC9gGZcAkKYytR52oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.70.0/24
                  212.16.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:1c:7e:a3:69:ad:b4:80:d4:aa:bd:bb:70:8e:da:22:2b:34:
         db:01:e4:f4:a2:c4:fd:33:e8:ac:9a:78:b5:d4:63:76:47:d9:
         66:2b:49:72:a6:cb:e2:99:31:f6:36:7e:46:59:f5:be:8c:c2:
         47:53:7e:43:04:3b:0a:33:9f:43:9d:1e:72:e9:22:58:e0:81:
         3b:d0:d3:3e:28:ed:ad:70:8e:3d:b3:88:e8:c8:81:3c:be:2d:
         88:93:b2:84:d3:24:55:6d:ec:4a:78:54:70:33:e8:cd:00:49:
         ba:4e:14:9b:97:e2:90:c9:71:da:90:8e:14:1d:9e:84:73:b1:
         8f:86:76:89:a2:5a:71:85:09:dc:2e:61:c4:26:07:f6:31:f5:
         96:2e:78:02:ee:03:f4:1e:9b:be:59:db:5a:c9:92:73:35:56:
         10:a4:60:af:c4:ab:bb:66:a7:e6:03:7a:cd:3d:8f:56:f4:e6:
         09:e3:e5:42:0c:ce:6a:67:08:57:2b:f0:56:7a:3d:e2:a3:27:
         56:67:cd:db:38:ae:53:1d:7a:95:dd:05:8d:d3:e3:d0:2e:51:
         1f:c1:42:82:ec:24:e6:ed:b5:ef:cc:89:f1:bf:4b:c5:b2:49:
         9e:ec:7e:0b:2f:af:b3:74:f7:a1:ee:de:bc:8b:b6:93:a5:5a:
         bd:02:9d:c9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAHc9IVyP7KefsFmUpG5kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMTAxMTIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWY0MjEzNjNlNWM3ZDMwYmQ4MDY2NWMwMjQyOThjYWQ0NzlkYTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfzOtr2uOLd4yx2pYM//OGPvLiT2
jjywvq2uWSRUIdMw6HU4bBeig2sJKQmWaoR00hIGpuGGJSYpk/uPYnfKVPn8hYZu
TO9EUahkdSI/YIf1u3/UNf8nuOsOdJRtCEH3Mu4G1r3iIrvcHMJT8zDFJpJItaiA
WaDLebkYPK0yMpFsJU1M1w7s8GgTiQuccu4CpBGOQ5AqrLOZa26hBzDF90roD36c
PZg5/LkB0d4DbEomVlb4BDKywl7meexrAwZ3TpVPDNK86pxrep6gzxmZHWkkBDlU
a2vlU1YjK1RAlFUQzglY2AHPAAYWhlgdMC5wKndLGJ5z6S16C8iZZdCp9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA70ITY+XH0wvYBmXAJCmMrUedqHMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvRHZRaE5qNWNmVEM5Z0daY0FrS1l5dFI1Mm9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1BBGAwQA
1BBJMA0GCSqGSIb3DQEBCwUAA4IBAQB1HH6jaa20gNSqvbtwjtoiKzTbAeT0osT9
M+ismni11GN2R9lmK0lypsvimTH2Nn5GWfW+jMJHU35DBDsKM59DnR5y6SJY4IE7
0NM+KO2tcI49s4joyIE8vi2Ik7KE0yRVbexKeFRwM+jNAEm6ThSbl+KQyXHakI4U
HZ6Ec7GPhnaJolpxhQncLmHEJgf2MfWWLngC7gP0Hpu+WdtayZJzNVYQpGCvxKu7
ZqfmA3rNPY9W9OYJ4+VCDM5qZwhXK/BWej3ioydWZ83bOK5THXqV3QWN0+PQLlEf
wUKC7CTm7bXvzInxv0vFskme7H4LL6+zdPeh7t68i7aTpVq9Ap3J
-----END CERTIFICATE-----