Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/dnDIZN1qu8kAMEAxwj2pxFxhcx4.roa
File:                     dnDIZN1qu8kAMEAxwj2pxFxhcx4.roa (raw, json)
Hash identifier:          B5cvurBiqDHcT5LNMt1Ytw4FR0UNKQ/Cxft8FXwz8z8=
Subject key identifier:   76:70:C8:64:DD:6A:BB:C9:00:30:40:31:C2:3D:A9:C4:5C:61:73:1E
Certificate issuer:       /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial:       018CC86F4ADA0902E7228A1C1E48B0705B56
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/dnDIZN1qu8kAMEAxwj2pxFxhcx4.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44821
IP address blocks:        85.118.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4a:da:09:02:e7:22:8a:1c:1e:48:b0:70:5b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7670c864dd6abbc900304031c23da9c45c61731e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:39:5f:4e:20:8a:f3:b3:20:0e:a8:ca:a5:be:
                    0b:c9:d0:d8:5d:59:05:fd:a9:68:b5:8c:00:e6:72:
                    1f:1b:48:b4:a1:9f:8d:eb:81:99:8d:4a:e5:b1:57:
                    06:6f:71:a1:ae:b9:90:fd:9e:05:b5:6c:fd:c0:0b:
                    3d:ae:bd:71:bc:fc:4d:bf:2a:63:b4:6e:c5:b2:6a:
                    bc:a6:af:c6:82:ab:9f:a0:5f:98:4d:ec:94:b2:92:
                    25:e1:37:c4:19:60:8a:22:10:36:e6:1b:78:c9:7f:
                    e0:f5:f8:5c:3e:a9:ba:ba:08:30:fa:ce:9c:cd:90:
                    8c:08:6e:cf:2d:99:83:5a:d3:b6:f3:e4:6c:f4:ae:
                    30:54:70:e7:e3:d1:e4:9d:d0:a5:51:76:09:25:5b:
                    77:f9:2b:55:e6:77:28:5b:37:70:0f:41:ef:ce:23:
                    28:77:16:c6:73:d8:8d:35:dc:c8:0a:60:e9:f8:ab:
                    9d:1e:de:41:00:99:51:bc:9f:5e:c5:a1:cb:ab:ce:
                    4b:e5:5b:03:d4:24:f5:18:df:4a:58:a9:db:74:99:
                    2f:87:5b:0b:06:d3:84:ab:24:fb:0b:b6:69:69:14:
                    b0:2a:64:19:7e:f4:b1:8f:61:84:55:1e:d1:76:5e:
                    fd:c3:28:fb:a9:0f:5e:c1:3f:74:65:bf:1f:53:c1:
                    2c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:70:C8:64:DD:6A:BB:C9:00:30:40:31:C2:3D:A9:C4:5C:61:73:1E
            X509v3 Authority Key Identifier:
                keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/dnDIZN1qu8kAMEAxwj2pxFxhcx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:20:c1:fb:24:85:b6:6a:d2:70:46:bb:9d:46:74:46:15:5a:
         84:d5:a7:6e:6c:b3:4b:26:d6:f8:57:6a:3e:c1:7b:28:3c:d4:
         7d:62:84:b0:91:3c:e1:7f:9b:16:40:2e:31:d0:1d:64:51:18:
         82:14:bc:f0:67:33:65:b6:50:bb:81:f5:27:07:0e:30:34:b1:
         ad:f1:7c:40:ba:91:e3:49:36:60:7d:66:69:95:81:9a:d1:35:
         2c:12:78:14:e9:d0:dc:d9:7f:ea:a3:72:fe:77:33:23:d1:d4:
         a6:69:7f:21:85:d1:b0:7d:95:f1:59:78:22:b4:65:f1:26:1c:
         e0:09:78:bc:ba:35:76:df:3f:f9:0d:67:d5:79:08:79:bc:36:
         49:bb:46:a7:cd:c5:55:2b:d1:2a:cb:26:2e:fe:26:5a:c2:a3:
         68:28:32:60:1c:0a:91:91:5f:e2:e8:2c:80:82:6d:47:dc:32:
         ca:37:8b:68:48:bd:c9:1a:ca:2f:aa:67:90:1e:32:0b:cf:be:
         68:02:63:1c:6d:f5:00:ae:70:27:84:4f:5f:a6:06:03:d1:c0:
         4d:7a:2e:45:3b:ba:46:6c:b1:78:e7:2b:4e:bc:59:e1:6b:ef:
         93:82:8b:49:72:c0:07:dc:64:88:79:ca:06:64:2c:e0:b7:48:
         94:ef:2e:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0raCQLnIoocHkiwcFtWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGUxZDlkY2RiMjVjMWU1MzJjNWM5YjY5ZGZhNzU3ZTMw
NjIxMGUwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjcwYzg2NGRkNmFiYmM5MDAzMDQwMzFjMjNkYTljNDVjNjE3MzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujlfTiCK87MgDqjKpb4LydDYXVkF
/alotYwA5nIfG0i0oZ+N64GZjUrlsVcGb3GhrrmQ/Z4FtWz9wAs9rr1xvPxNvypj
tG7Fsmq8pq/GgqufoF+YTeyUspIl4TfEGWCKIhA25ht4yX/g9fhcPqm6uggw+s6c
zZCMCG7PLZmDWtO28+Rs9K4wVHDn49HkndClUXYJJVt3+StV5ncoWzdwD0HvziMo
dxbGc9iNNdzICmDp+KudHt5BAJlRvJ9exaHLq85L5VsD1CT1GN9KWKnbdJkvh1sL
BtOEqyT7C7ZpaRSwKmQZfvSxj2GEVR7Rdl79wyj7qQ9ewT90Zb8fU8EsCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZwyGTdarvJADBAMcI9qcRcYXMeMB8GA1UdIwQY
MBaAFGbeHZ3NslweUyxcm2nfp1fjBiEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYt
NDA0Nzk4NzA5NzZlLzEvZG5ESVpOMXF1OGtBTUVBeHdqMnB4RnhoY3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYtNDA0Nzk4NzA5NzZl
LzEvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVXY0MA0G
CSqGSIb3DQEBCwUAA4IBAQBsIMH7JIW2atJwRrudRnRGFVqE1adubLNLJtb4V2o+
wXsoPNR9YoSwkTzhf5sWQC4x0B1kURiCFLzwZzNltlC7gfUnBw4wNLGt8XxAupHj
STZgfWZplYGa0TUsEngU6dDc2X/qo3L+dzMj0dSmaX8hhdGwfZXxWXgitGXxJhzg
CXi8ujV23z/5DWfVeQh5vDZJu0anzcVVK9EqyyYu/iZawqNoKDJgHAqRkV/i6CyA
gm1H3DLKN4toSL3JGsovqmeQHjILz75oAmMcbfUArnAnhE9fpgYD0cBNei5FO7pG
bLF45ytOvFnha++TgotJcsAH3GSIecoGZCzgt0iU7y6K
-----END CERTIFICATE-----