Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/tZ7cwaBW3Nmyyql2FgAQfPONQWY.roa
File:                     tZ7cwaBW3Nmyyql2FgAQfPONQWY.roa (raw, json)
Hash identifier:          9O+PfO1jbimIfcLHAH5zk6nty08xw8fP0UhlX7zCkbc=
Subject key identifier:   B5:9E:DC:C1:A0:56:DC:D9:B2:CA:A9:76:16:00:10:7C:F3:8D:41:66
Certificate issuer:       /CN=764928a97be955377013d382c62940e950dd212b
Certificate serial:       018CC2DB2A492DBEE22A855B0D871AC43C6D
Authority key identifier: 76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/tZ7cwaBW3Nmyyql2FgAQfPONQWY.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206813
IP address blocks:        87.253.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2a:49:2d:be:e2:2a:85:5b:0d:87:1a:c4:3c:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=764928a97be955377013d382c62940e950dd212b
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b59edcc1a056dcd9b2caa9761600107cf38d4166
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8d:22:f2:33:77:c4:0b:f3:f3:74:0d:57:96:
                    72:e0:f6:8b:91:37:2c:5f:0a:65:90:da:47:a5:a2:
                    9c:69:3a:e2:3c:00:fa:bf:1e:c5:62:7b:7c:94:71:
                    1b:a4:e3:77:04:2b:6c:a5:aa:1a:c5:d5:fe:fa:63:
                    12:a5:55:8a:e4:97:b4:30:c5:0c:ad:6d:51:b8:9c:
                    5c:16:81:52:68:db:c5:bc:9b:10:ae:b1:23:a6:82:
                    06:7b:64:d8:dc:c5:2f:e2:21:ff:6b:16:96:35:26:
                    fb:e0:65:a0:07:79:e8:92:1c:3a:72:cf:c3:c5:16:
                    36:fc:26:f5:11:f5:61:31:5f:c6:18:d3:47:92:ce:
                    72:15:c9:20:01:c9:a0:38:49:c9:02:7b:dd:66:f4:
                    5f:c9:a1:f5:07:67:ac:0a:6f:23:f4:ae:31:e5:51:
                    05:ab:b5:8f:f9:7e:3d:59:b5:9e:3e:23:86:f7:d5:
                    57:5b:05:18:7a:a7:73:16:a3:55:fe:bc:14:39:fa:
                    35:38:27:5d:4c:2e:56:73:41:c8:84:ea:cc:11:e0:
                    e4:90:f8:ca:2e:99:f3:c1:ba:f9:61:53:62:9f:e7:
                    64:7f:2f:1b:09:15:57:36:44:74:2b:b7:c4:d2:90:
                    eb:af:32:d9:5b:64:41:f4:8b:ef:d0:e6:50:31:1f:
                    ff:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:9E:DC:C1:A0:56:DC:D9:B2:CA:A9:76:16:00:10:7C:F3:8D:41:66
            X509v3 Authority Key Identifier:
                keyid:76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/tZ7cwaBW3Nmyyql2FgAQfPONQWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.253.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:db:59:5a:3d:cc:32:2a:bc:97:54:8b:62:8b:65:e5:e7:54:
         4a:62:64:dd:cd:58:2c:64:d0:4c:6e:89:d3:fc:af:17:bb:cb:
         f8:03:4b:c7:3b:df:fe:92:a5:cf:20:2b:ef:98:9a:b6:ad:c8:
         68:23:20:cd:1f:d3:b7:42:3c:b0:a4:5a:ab:c4:22:e4:c7:de:
         b6:24:9d:c1:09:6d:d4:40:a2:b1:0c:98:dd:42:79:46:c7:3f:
         61:ac:47:c8:6b:29:9a:bc:31:12:04:c0:44:32:bb:b7:34:c1:
         fb:8e:d8:6d:8b:57:ba:58:00:b9:d6:4c:07:e0:b6:80:9e:67:
         6f:79:15:67:4b:6a:d2:9a:40:90:e1:5d:ee:21:9b:b2:b8:a7:
         ae:4c:46:57:4b:e1:e5:73:39:48:b9:1b:08:0a:3b:d5:d3:c5:
         1d:70:ac:f2:4f:69:1b:8d:7d:63:d4:a7:58:80:d0:51:35:5a:
         aa:59:92:e2:46:3f:c7:06:f0:b5:cc:f6:65:43:10:38:a9:a2:
         f7:95:10:b6:c7:37:7b:a9:67:e8:70:69:ed:c9:79:9e:c1:28:
         38:fe:45:01:ef:23:d8:d0:36:3d:c5:43:03:05:64:b4:4c:3b:
         7a:e8:6c:8d:d4:a4:99:53:3b:a4:0e:ea:ae:8f:19:52:57:d4:
         2f:c6:0d:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ypJLb7iKoVbDYcaxDxtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDkyOGE5N2JlOTU1Mzc3MDEzZDM4MmM2Mjk0MGU5NTBk
ZDIxMmIwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTllZGNjMWEwNTZkY2Q5YjJjYWE5NzYxNjAwMTA3Y2YzOGQ0MTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro0i8jN3xAvz83QNV5Zy4PaLkTcs
XwplkNpHpaKcaTriPAD6vx7FYnt8lHEbpON3BCtspaoaxdX++mMSpVWK5Je0MMUM
rW1RuJxcFoFSaNvFvJsQrrEjpoIGe2TY3MUv4iH/axaWNSb74GWgB3nokhw6cs/D
xRY2/Cb1EfVhMV/GGNNHks5yFckgAcmgOEnJAnvdZvRfyaH1B2esCm8j9K4x5VEF
q7WP+X49WbWePiOG99VXWwUYeqdzFqNV/rwUOfo1OCddTC5Wc0HIhOrMEeDkkPjK
Lpnzwbr5YVNin+dkfy8bCRVXNkR0K7fE0pDrrzLZW2RB9Ivv0OZQMR//4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWe3MGgVtzZssqpdhYAEHzzjUFmMB8GA1UdIwQY
MBaAFHZJKKl76VU3cBPTgsYpQOlQ3SErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDkt
YmMxNTIyNzg5ZDNiLzEvdFo3Y3dhQlczTm15eXFsMkZnQVFmUE9OUVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDktYmMxNTIyNzg5ZDNi
LzEvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/28MA0G
CSqGSIb3DQEBCwUAA4IBAQAU21laPcwyKryXVItii2Xl51RKYmTdzVgsZNBMbonT
/K8Xu8v4A0vHO9/+kqXPICvvmJq2rchoIyDNH9O3QjywpFqrxCLkx962JJ3BCW3U
QKKxDJjdQnlGxz9hrEfIaymavDESBMBEMru3NMH7jthti1e6WAC51kwH4LaAnmdv
eRVnS2rSmkCQ4V3uIZuyuKeuTEZXS+HlczlIuRsICjvV08UdcKzyT2kbjX1j1KdY
gNBRNVqqWZLiRj/HBvC1zPZlQxA4qaL3lRC2xzd7qWfocGntyXmewSg4/kUB7yPY
0DY9xUMDBWS0TDt66GyN1KSZUzukDuqujxlSV9Qvxg04
-----END CERTIFICATE-----