Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/dflsI3HmsO72JTCoopziGqfz-XM.roa
File:                     dflsI3HmsO72JTCoopziGqfz-XM.roa (raw, json)
Hash identifier:          1UAPn2WAYLEMOXKbNtVotnaz5u12wG6tiSjNpCpXUQY=
Subject key identifier:   75:F9:6C:23:71:E6:B0:EE:F6:25:30:A8:A2:9C:E2:1A:A7:F3:F9:73
Certificate issuer:       /CN=d0e84d6d6a9eede682ef1b5c78f1b3f0a3313911
Certificate serial:       018CC5DCD9BE8CE517CE835C1E788125B6AF
Authority key identifier: D0:E8:4D:6D:6A:9E:ED:E6:82:EF:1B:5C:78:F1:B3:F0:A3:31:39:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0OhNbWqe7eaC7xtcePGz8KMxORE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/dflsI3HmsO72JTCoopziGqfz-XM.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13154
IP address blocks:        193.105.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/0OhNbWqe7eaC7xtcePGz8KMxORE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/0OhNbWqe7eaC7xtcePGz8KMxORE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0OhNbWqe7eaC7xtcePGz8KMxORE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d9:be:8c:e5:17:ce:83:5c:1e:78:81:25:b6:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0e84d6d6a9eede682ef1b5c78f1b3f0a3313911
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75f96c2371e6b0eef62530a8a29ce21aa7f3f973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5d:0a:3d:17:4e:f1:dc:75:50:f0:4b:cb:c8:
                    29:f5:2a:ec:05:3b:50:1d:87:77:f5:54:f6:0d:bf:
                    61:ab:9a:d0:ae:72:6a:e6:01:60:e0:1c:23:64:a7:
                    25:32:19:c8:c0:c8:05:3b:2a:f9:45:0d:10:03:c7:
                    8c:35:f6:81:5d:ee:97:67:33:e8:c3:0a:41:27:c1:
                    22:2e:14:db:78:84:8a:cd:45:ba:84:8b:7d:fa:0f:
                    67:e7:36:92:1e:e7:a5:e3:85:17:f4:dc:57:2e:e6:
                    9f:ae:20:9a:26:16:20:e5:df:1e:c7:13:f1:f6:1f:
                    5e:fa:e3:90:0b:ff:66:c5:62:97:c4:c1:d8:bf:ee:
                    a1:30:23:ee:82:96:3e:65:d5:7a:36:31:c3:9c:0d:
                    ac:b7:bc:38:2e:61:26:27:37:35:c7:b6:41:3e:d5:
                    89:06:b3:31:70:0e:6a:a8:ac:d5:50:8a:e0:83:9c:
                    3d:ed:40:9c:fd:8f:ae:ca:2d:c4:ea:bc:fa:d2:50:
                    eb:ca:74:d9:ae:e8:f3:6a:a8:94:48:12:7c:2e:60:
                    06:b4:1f:03:a7:60:65:52:d0:d8:d7:6d:c6:91:c1:
                    2e:f8:30:5c:be:ba:2e:fe:ee:3b:4d:56:49:4b:b8:
                    3f:2b:01:af:67:04:c7:c4:70:19:b0:e1:08:d9:41:
                    be:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F9:6C:23:71:E6:B0:EE:F6:25:30:A8:A2:9C:E2:1A:A7:F3:F9:73
            X509v3 Authority Key Identifier:
                keyid:D0:E8:4D:6D:6A:9E:ED:E6:82:EF:1B:5C:78:F1:B3:F0:A3:31:39:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0OhNbWqe7eaC7xtcePGz8KMxORE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/dflsI3HmsO72JTCoopziGqfz-XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/62b775-7841-4a61-b78c-b7ba28165a77/1/0OhNbWqe7eaC7xtcePGz8KMxORE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:59:fa:19:2f:d0:81:5c:85:f3:9d:48:07:fe:f5:a3:63:cd:
         28:c0:b1:a1:a4:c2:a0:3c:ba:d8:8c:00:6a:02:d9:bf:b3:70:
         28:fb:81:06:ba:ec:43:a5:50:40:73:1c:0a:ef:ee:af:5e:f7:
         1c:9c:57:2b:4c:6e:b7:98:6f:0b:66:1d:27:b0:9d:5b:33:16:
         03:8a:33:93:49:d1:96:d4:d0:20:0f:d3:74:36:e4:ae:da:71:
         82:25:1b:09:fa:b9:03:5b:5c:5f:f6:38:dc:e4:82:06:16:80:
         03:0d:ed:f9:60:39:9a:c8:10:92:eb:64:82:b9:dd:da:26:46:
         8c:33:08:17:d0:18:f6:e1:97:a3:19:7b:80:da:41:67:b1:6a:
         73:38:bc:6a:ef:a1:57:43:95:73:c8:8b:8d:47:9d:2d:0d:b5:
         06:df:ec:5d:5e:0e:47:e9:49:54:44:c2:92:e6:19:74:f2:3e:
         5a:15:04:df:d3:83:fe:5c:3a:b9:5a:49:5c:21:40:b6:1e:d9:
         2d:d6:09:57:13:c8:23:76:44:02:db:a9:4e:e3:06:d6:c1:ca:
         c0:a7:d7:18:e2:7f:35:ed:1c:c8:35:4f:56:9c:71:a5:6d:8a:
         31:41:80:9f:27:f6:97:06:1a:6e:f2:08:1d:9d:f7:e5:24:ec:
         ee:0b:f2:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Nm+jOUXzoNcHniBJbavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZTg0ZDZkNmE5ZWVkZTY4MmVmMWI1Yzc4ZjFiM2YwYTMz
MTM5MTEwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWY5NmMyMzcxZTZiMGVlZjYyNTMwYThhMjljZTIxYWE3ZjNmOTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV0KPRdO8dx1UPBLy8gp9SrsBTtQ
HYd39VT2Db9hq5rQrnJq5gFg4BwjZKclMhnIwMgFOyr5RQ0QA8eMNfaBXe6XZzPo
wwpBJ8EiLhTbeISKzUW6hIt9+g9n5zaSHuel44UX9NxXLuafriCaJhYg5d8exxPx
9h9e+uOQC/9mxWKXxMHYv+6hMCPugpY+ZdV6NjHDnA2st7w4LmEmJzc1x7ZBPtWJ
BrMxcA5qqKzVUIrgg5w97UCc/Y+uyi3E6rz60lDrynTZrujzaqiUSBJ8LmAGtB8D
p2BlUtDY123GkcEu+DBcvrou/u47TVZJS7g/KwGvZwTHxHAZsOEI2UG+cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX5bCNx5rDu9iUwqKKc4hqn8/lzMB8GA1UdIwQY
MBaAFNDoTW1qnu3mgu8bXHjxs/CjMTkRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME9oTmJXcWU3ZWFDN3h0Y2VQR3o4S014T1JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS82MmI3NzUtNzg0MS00YTYxLWI3OGMt
YjdiYTI4MTY1YTc3LzEvZGZsc0kzSG1zTzcySlRDb29wemlHcWZ6LVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS82MmI3NzUtNzg0MS00YTYxLWI3OGMtYjdiYTI4MTY1YTc3
LzEvME9oTmJXcWU3ZWFDN3h0Y2VQR3o4S014T1JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWmhMA0G
CSqGSIb3DQEBCwUAA4IBAQAIWfoZL9CBXIXznUgH/vWjY80owLGhpMKgPLrYjABq
Atm/s3Ao+4EGuuxDpVBAcxwK7+6vXvccnFcrTG63mG8LZh0nsJ1bMxYDijOTSdGW
1NAgD9N0NuSu2nGCJRsJ+rkDW1xf9jjc5IIGFoADDe35YDmayBCS62SCud3aJkaM
MwgX0Bj24ZejGXuA2kFnsWpzOLxq76FXQ5VzyIuNR50tDbUG3+xdXg5H6UlURMKS
5hl08j5aFQTf04P+XDq5WklcIUC2Htkt1glXE8gjdkQC26lO4wbWwcrAp9cY4n81
7RzINU9WnHGlbYoxQYCfJ/aXBhpu8ggdnfflJOzuC/Ji
-----END CERTIFICATE-----