Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/763d8e-2081-4cf8-b65b-1b1e78cbbb09/1/gYN_UuPlm_RnxUuuBs5c1JNHf5w.roa
File:                     gYN_UuPlm_RnxUuuBs5c1JNHf5w.roa (raw, json)
Hash identifier:          AQNNxyNkGmvuhw8Ikb3t9BYuaaifYt9V0MwwL+SbHfo=
Subject key identifier:   81:83:7F:52:E3:E5:9B:F4:67:C5:4B:AE:06:CE:5C:D4:93:47:7F:9C
Certificate issuer:       /CN=0d8cbee51990f1e05a9d1dc0c2f2f3a8a3470c13
Certificate serial:       018CC26D4B2F7CC19DACEE3C8171F96C0409
Authority key identifier: 0D:8C:BE:E5:19:90:F1:E0:5A:9D:1D:C0:C2:F2:F3:A8:A3:47:0C:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYy-5RmQ8eBanR3AwvLzqKNHDBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/763d8e-2081-4cf8-b65b-1b1e78cbbb09/1/gYN_UuPlm_RnxUuuBs5c1JNHf5w.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204512
IP address blocks:        157.97.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/763d8e-2081-4cf8-b65b-1b1e78cbbb09/1/DYy-5RmQ8eBanR3AwvLzqKNHDBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/763d8e-2081-4cf8-b65b-1b1e78cbbb09/1/DYy-5RmQ8eBanR3AwvLzqKNHDBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYy-5RmQ8eBanR3AwvLzqKNHDBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4b:2f:7c:c1:9d:ac:ee:3c:81:71:f9:6c:04:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d8cbee51990f1e05a9d1dc0c2f2f3a8a3470c13
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81837f52e3e59bf467c54bae06ce5cd493477f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:47:6b:3b:a6:03:07:b4:17:0a:19:04:f3:4c:
                    c1:7a:3d:04:16:1b:2e:78:d9:9e:e9:f4:05:66:b1:
                    f7:bd:a1:a6:65:c6:f8:1a:cd:86:39:4c:88:4f:4e:
                    78:4d:89:ce:66:f8:b8:83:d0:ee:93:1a:47:ba:05:
                    d9:25:ce:7a:43:cd:bf:9e:0d:8c:a3:41:48:ce:d1:
                    84:f9:32:67:a8:f8:d7:50:70:ae:49:41:33:87:6b:
                    5d:17:a6:52:12:50:e2:c3:01:ab:45:32:c2:49:03:
                    a3:4f:4f:af:b1:4e:4b:c2:91:fc:4d:76:ab:13:c8:
                    aa:c8:65:59:0a:a2:f7:90:35:e1:b4:42:30:26:a9:
                    a4:a3:38:2c:ec:75:87:4f:db:6c:bf:5b:57:37:41:
                    e0:a7:0b:4a:ce:45:69:53:be:a8:7b:9a:67:6b:4d:
                    7a:e2:5d:86:ab:a3:ad:33:b4:d0:f8:96:c5:27:85:
                    cc:9b:aa:a6:2b:db:96:8b:9d:63:10:42:2f:81:d6:
                    94:e7:a5:5d:ef:c8:34:3b:56:0a:52:e5:1f:6b:b5:
                    7c:f9:e7:65:c9:ed:00:9b:21:72:62:f7:39:58:bb:
                    db:eb:bd:ac:19:62:be:76:d7:c0:2d:57:61:8d:9a:
                    6d:cd:48:dd:32:f5:bc:97:ae:1e:2c:b5:07:1b:2f:
                    8e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:83:7F:52:E3:E5:9B:F4:67:C5:4B:AE:06:CE:5C:D4:93:47:7F:9C
            X509v3 Authority Key Identifier:
                keyid:0D:8C:BE:E5:19:90:F1:E0:5A:9D:1D:C0:C2:F2:F3:A8:A3:47:0C:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYy-5RmQ8eBanR3AwvLzqKNHDBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/763d8e-2081-4cf8-b65b-1b1e78cbbb09/1/gYN_UuPlm_RnxUuuBs5c1JNHf5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/763d8e-2081-4cf8-b65b-1b1e78cbbb09/1/DYy-5RmQ8eBanR3AwvLzqKNHDBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:50:b4:3e:0d:87:a4:04:32:6b:9e:a5:d8:a9:8d:9e:09:33:
         ad:e9:78:ef:da:2f:5c:f1:63:17:9a:a4:59:b1:b3:b8:19:22:
         81:08:8f:a6:86:8e:f2:99:2c:5f:f9:d1:f7:62:d0:91:da:0c:
         75:13:4e:7a:47:cd:d9:00:ad:f5:fe:b8:39:86:cc:41:8f:4a:
         9f:c0:3b:e2:c8:dd:1e:b8:28:0e:9f:99:e3:8b:44:ad:38:e8:
         02:af:9a:47:f5:64:1d:70:04:12:bd:5e:e1:98:f3:69:5b:90:
         97:94:0d:d5:a5:1c:7e:65:e7:a1:8b:05:09:d0:dd:99:a9:66:
         3f:13:9a:80:c0:22:1d:5b:2b:70:db:d4:f2:78:52:4f:39:17:
         19:76:40:67:f2:5e:b8:36:41:41:ac:7f:d7:c1:a8:2e:81:de:
         ea:89:4e:88:95:54:dd:09:2c:73:0c:de:15:72:78:9c:60:c1:
         d6:98:31:11:9b:9e:e1:c7:b3:ca:90:0c:72:06:2d:ee:4e:77:
         19:96:10:f2:77:7c:22:04:11:73:17:60:d9:28:ff:6a:90:c2:
         4e:8b:52:3f:c6:67:d8:3b:b8:54:33:97:85:4f:fb:5a:01:89:
         3b:3e:c5:45:61:b2:be:cc:a3:b6:7c:48:05:10:8e:13:f5:79:
         f0:f4:25:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbUsvfMGdrO48gXH5bAQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOGNiZWU1MTk5MGYxZTA1YTlkMWRjMGMyZjJmM2E4YTM0
NzBjMTMwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTgzN2Y1MmUzZTU5YmY0NjdjNTRiYWUwNmNlNWNkNDkzNDc3ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEdrO6YDB7QXChkE80zBej0EFhsu
eNme6fQFZrH3vaGmZcb4Gs2GOUyIT054TYnOZvi4g9DukxpHugXZJc56Q82/ng2M
o0FIztGE+TJnqPjXUHCuSUEzh2tdF6ZSElDiwwGrRTLCSQOjT0+vsU5LwpH8TXar
E8iqyGVZCqL3kDXhtEIwJqmkozgs7HWHT9tsv1tXN0HgpwtKzkVpU76oe5pna016
4l2Gq6OtM7TQ+JbFJ4XMm6qmK9uWi51jEEIvgdaU56Vd78g0O1YKUuUfa7V8+edl
ye0AmyFyYvc5WLvb672sGWK+dtfALVdhjZptzUjdMvW8l64eLLUHGy+OhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGDf1Lj5Zv0Z8VLrgbOXNSTR3+cMB8GA1UdIwQY
MBaAFA2MvuUZkPHgWp0dwMLy86ijRwwTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFl5LTVSbVE4ZUJhblIzQXd2THpxS05IREJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83NjNkOGUtMjA4MS00Y2Y4LWI2NWIt
MWIxZTc4Y2JiYjA5LzEvZ1lOX1V1UGxtX1JueFV1dUJzNWMxSk5IZjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83NjNkOGUtMjA4MS00Y2Y4LWI2NWItMWIxZTc4Y2JiYjA5
LzEvRFl5LTVSbVE4ZUJhblIzQXd2THpxS05IREJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnWFLMA0G
CSqGSIb3DQEBCwUAA4IBAQAiULQ+DYekBDJrnqXYqY2eCTOt6Xjv2i9c8WMXmqRZ
sbO4GSKBCI+mho7ymSxf+dH3YtCR2gx1E056R83ZAK31/rg5hsxBj0qfwDviyN0e
uCgOn5nji0StOOgCr5pH9WQdcAQSvV7hmPNpW5CXlA3VpRx+ZeehiwUJ0N2ZqWY/
E5qAwCIdWytw29TyeFJPORcZdkBn8l64NkFBrH/Xwagugd7qiU6IlVTdCSxzDN4V
cnicYMHWmDERm57hx7PKkAxyBi3uTncZlhDyd3wiBBFzF2DZKP9qkMJOi1I/xmfY
O7hUM5eFT/taAYk7PsVFYbK+zKO2fEgFEI4T9Xnw9CV4
-----END CERTIFICATE-----