Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/cxsP7pSe5PfizmR0nfg9cH9gjbc.roa
File:                     cxsP7pSe5PfizmR0nfg9cH9gjbc.roa (raw, json)
Hash identifier:          Q9mh3CX1NH4NAYVGTB8F/JklfT4cutOjdzxU1pYeJmI=
Subject key identifier:   73:1B:0F:EE:94:9E:E4:F7:E2:CE:64:74:9D:F8:3D:70:7F:60:8D:B7
Certificate issuer:       /CN=68d24addcc3d5b77a099a907122252a47c8f6310
Certificate serial:       018CC793344D38980A0B308C859686BB28F7
Authority key identifier: 68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/cxsP7pSe5PfizmR0nfg9cH9gjbc.roa
Signing time:             Tue 02 Jan 2024 00:29:22 +0000
ROA not before:           Tue 02 Jan 2024 00:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200504
IP address blocks:        178.183.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:34:4d:38:98:0a:0b:30:8c:85:96:86:bb:28:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68d24addcc3d5b77a099a907122252a47c8f6310
        Validity
            Not Before: Jan  2 00:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=731b0fee949ee4f7e2ce64749df83d707f608db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:20:fd:24:60:32:52:32:03:cc:e6:8d:dd:61:
                    14:49:14:83:1e:bb:6f:37:2d:e8:a6:9e:0e:d5:53:
                    2d:32:a1:98:5c:88:28:66:8e:94:06:0b:8c:91:8d:
                    08:ed:e9:79:36:34:83:51:9b:7f:5b:d8:84:7d:e4:
                    b6:db:d5:18:22:72:3b:11:56:39:2c:aa:02:85:d6:
                    90:2c:74:98:01:c0:e5:e2:ff:0b:53:51:6e:64:8d:
                    39:0f:2f:d6:26:62:93:0f:16:2a:dc:a2:06:b8:c9:
                    f2:c9:9f:36:38:b2:94:d0:9f:e6:ea:b0:16:54:34:
                    29:a5:1c:d2:27:2a:db:01:a6:b4:21:44:c5:1a:1c:
                    70:e8:3d:b7:90:32:58:18:bf:74:5d:ec:df:94:94:
                    95:7f:75:49:1f:6c:37:8f:16:a6:00:4a:fa:88:41:
                    0d:10:e8:6d:0d:6c:88:5b:65:c7:f7:e9:ba:2e:b9:
                    b7:12:cc:1b:1b:a3:06:f0:24:b4:3c:a5:97:9f:99:
                    01:13:50:29:37:4a:ba:c4:bf:c4:27:20:74:f8:a1:
                    a7:ce:67:78:8f:02:28:e7:03:77:f0:91:87:8c:f1:
                    63:82:89:78:69:2d:2e:67:74:1d:a3:27:d9:a1:0d:
                    ce:81:e0:5a:12:97:ef:22:ec:8c:86:9c:f7:37:74:
                    b1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:1B:0F:EE:94:9E:E4:F7:E2:CE:64:74:9D:F8:3D:70:7F:60:8D:B7
            X509v3 Authority Key Identifier:
                keyid:68:D2:4A:DD:CC:3D:5B:77:A0:99:A9:07:12:22:52:A4:7C:8F:63:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNJK3cw9W3egmakHEiJSpHyPYxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/cxsP7pSe5PfizmR0nfg9cH9gjbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/51a655-2735-49ef-80df-b316db5938ff/1/aNJK3cw9W3egmakHEiJSpHyPYxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.183.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:45:50:96:89:20:20:90:95:55:23:aa:c9:df:a6:47:6e:5f:
         e3:48:20:b9:b2:ac:39:14:2b:22:51:f9:3c:ca:36:40:fc:5c:
         24:15:2a:9f:09:c0:7c:88:eb:4c:38:62:f9:d2:1b:21:fe:f2:
         3b:e1:d6:17:90:ab:57:07:43:3d:3c:1e:5c:58:e4:31:d6:5a:
         ff:d0:7d:3f:e2:20:4d:7d:8e:99:ad:98:ff:9a:86:79:21:4f:
         95:8e:a7:19:1c:35:1f:44:11:eb:f4:99:7d:13:bb:ea:4c:31:
         c7:bf:55:32:73:66:00:27:87:95:20:bd:93:86:e5:a2:9c:0d:
         0e:a7:b2:7e:ab:a9:5e:90:08:77:4c:fb:e1:5f:69:fb:10:0b:
         ba:d0:89:ad:6d:fd:45:42:8a:7e:79:fa:d9:6f:eb:46:b4:06:
         24:17:93:d4:85:74:c6:25:0b:ba:c9:b7:b9:b8:3f:0c:c1:c8:
         e2:a8:35:9c:9f:0f:68:85:86:4e:f0:6b:a4:77:cd:2c:a6:aa:
         28:20:a3:0a:9e:96:f4:cd:54:17:dc:87:cf:42:d4:c7:23:b4:
         62:3d:10:52:c5:40:2a:99:96:e3:31:9c:62:c8:90:91:81:e3:
         84:72:ee:bc:92:69:82:86:dd:53:ed:32:d6:d2:7f:ea:c7:bd:
         56:ef:69:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzRNOJgKCzCMhZaGuyj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDI0YWRkY2MzZDViNzdhMDk5YTkwNzEyMjI1MmE0N2M4
ZjYzMTAwHhcNMjQwMTAyMDAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzFiMGZlZTk0OWVlNGY3ZTJjZTY0NzQ5ZGY4M2Q3MDdmNjA4ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSD9JGAyUjIDzOaN3WEUSRSDHrtv
Ny3opp4O1VMtMqGYXIgoZo6UBguMkY0I7el5NjSDUZt/W9iEfeS229UYInI7EVY5
LKoChdaQLHSYAcDl4v8LU1FuZI05Dy/WJmKTDxYq3KIGuMnyyZ82OLKU0J/m6rAW
VDQppRzSJyrbAaa0IUTFGhxw6D23kDJYGL90XezflJSVf3VJH2w3jxamAEr6iEEN
EOhtDWyIW2XH9+m6Lrm3EswbG6MG8CS0PKWXn5kBE1ApN0q6xL/EJyB0+KGnzmd4
jwIo5wN38JGHjPFjgol4aS0uZ3QdoyfZoQ3OgeBaEpfvIuyMhpz3N3SxdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMbD+6UnuT34s5kdJ34PXB/YI23MB8GA1UdIwQY
MBaAFGjSSt3MPVt3oJmpBxIiUqR8j2MQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYt
YjMxNmRiNTkzOGZmLzEvY3hzUDdwU2U1UGZpem1SMG5mZzljSDlnamJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi81MWE2NTUtMjczNS00OWVmLTgwZGYtYjMxNmRiNTkzOGZm
LzEvYU5KSzNjdzlXM2VnbWFrSEVpSlNwSHlQWXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsrcVMA0G
CSqGSIb3DQEBCwUAA4IBAQCHRVCWiSAgkJVVI6rJ36ZHbl/jSCC5sqw5FCsiUfk8
yjZA/FwkFSqfCcB8iOtMOGL50hsh/vI74dYXkKtXB0M9PB5cWOQx1lr/0H0/4iBN
fY6ZrZj/moZ5IU+VjqcZHDUfRBHr9Jl9E7vqTDHHv1Uyc2YAJ4eVIL2ThuWinA0O
p7J+q6lekAh3TPvhX2n7EAu60Imtbf1FQop+efrZb+tGtAYkF5PUhXTGJQu6ybe5
uD8MwcjiqDWcnw9ohYZO8Gukd80spqooIKMKnpb0zVQX3IfPQtTHI7RiPRBSxUAq
mZbjMZxiyJCRgeOEcu68kmmCht1T7TLW0n/qx71W72kb
-----END CERTIFICATE-----