Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4a3caf-f84c-4c76-8065-962206b1686b/1/tDKQGjqf7_FRM1ZO7V7iDORifIU.roa
File:                     tDKQGjqf7_FRM1ZO7V7iDORifIU.roa (raw, json)
Hash identifier:          iUeTvtJwb1mADr8CMFsRu5f9yTi+KL9GdCWZtzz1Zcs=
Subject key identifier:   B4:32:90:1A:3A:9F:EF:F1:51:33:56:4E:ED:5E:E2:0C:E4:62:7C:85
Certificate issuer:       /CN=806757de8ffcdd1fd9af78b645536bda7c76c30e
Certificate serial:       018EA3DE6685EFE26CE0524043FBDCB6677B
Authority key identifier: 80:67:57:DE:8F:FC:DD:1F:D9:AF:78:B6:45:53:6B:DA:7C:76:C3:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gGdX3o_83R_Zr3i2RVNr2nx2ww4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4a3caf-f84c-4c76-8065-962206b1686b/1/tDKQGjqf7_FRM1ZO7V7iDORifIU.roa
Signing time:             Wed 03 Apr 2024 12:10:44 +0000
ROA not before:           Wed 03 Apr 2024 12:10:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        156.67.62.0/24 maxlen: 24
                          156.67.63.0/24 maxlen: 24
                          195.162.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4a3caf-f84c-4c76-8065-962206b1686b/1/gGdX3o_83R_Zr3i2RVNr2nx2ww4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4a3caf-f84c-4c76-8065-962206b1686b/1/gGdX3o_83R_Zr3i2RVNr2nx2ww4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gGdX3o_83R_Zr3i2RVNr2nx2ww4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:de:66:85:ef:e2:6c:e0:52:40:43:fb:dc:b6:67:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=806757de8ffcdd1fd9af78b645536bda7c76c30e
        Validity
            Not Before: Apr  3 12:10:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b432901a3a9feff15133564eed5ee20ce4627c85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:52:36:21:83:2a:50:8b:43:f6:3c:8c:7a:df:
                    cb:d1:45:41:36:a5:d3:ff:06:1e:79:80:eb:76:11:
                    14:4d:38:a7:fd:49:15:7d:d0:f2:4f:d6:cd:4a:40:
                    32:68:33:4f:11:ca:9a:68:7d:aa:9e:fe:df:94:1e:
                    e4:02:99:13:92:15:a2:44:9a:5d:6f:88:ba:5d:b4:
                    4c:3a:7e:33:f8:d5:a7:58:55:c3:0b:bb:4f:25:91:
                    fe:07:aa:b3:ff:b5:60:0d:e7:7f:09:a2:75:6f:aa:
                    44:c8:fa:6b:ec:fa:32:b9:1e:d7:42:d7:65:80:70:
                    eb:40:fa:5b:7a:b3:af:0d:d4:f6:89:5c:66:35:fa:
                    d9:be:7d:9d:f2:99:05:30:2d:9d:cd:3d:00:18:52:
                    76:0d:41:ce:82:31:49:92:7f:27:34:fe:05:a2:eb:
                    15:51:d9:6d:35:28:50:b4:58:46:c0:a7:16:c5:e7:
                    5d:59:8d:1b:b6:07:37:a3:41:7b:9b:6a:96:83:35:
                    0d:ad:a4:85:f7:26:8c:74:76:25:2d:d3:0f:44:eb:
                    e6:be:44:8b:90:76:93:13:22:e9:c4:be:aa:53:2b:
                    34:9f:17:d4:3d:3e:c9:80:99:9d:46:06:ac:d0:c5:
                    ca:97:51:d6:01:4e:e7:07:d0:07:c8:d5:36:77:0b:
                    23:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:32:90:1A:3A:9F:EF:F1:51:33:56:4E:ED:5E:E2:0C:E4:62:7C:85
            X509v3 Authority Key Identifier:
                keyid:80:67:57:DE:8F:FC:DD:1F:D9:AF:78:B6:45:53:6B:DA:7C:76:C3:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gGdX3o_83R_Zr3i2RVNr2nx2ww4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4a3caf-f84c-4c76-8065-962206b1686b/1/tDKQGjqf7_FRM1ZO7V7iDORifIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4a3caf-f84c-4c76-8065-962206b1686b/1/gGdX3o_83R_Zr3i2RVNr2nx2ww4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.67.62.0/23
                  195.162.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c2:f1:03:36:35:e6:d3:fd:5d:33:8b:12:b0:4e:93:f9:cf:
         91:64:88:ff:9b:6d:29:8c:70:41:e3:3c:7d:5b:05:82:7b:db:
         47:8d:8c:45:28:07:e3:e4:8f:fe:e5:b5:d6:bb:69:a2:e8:5c:
         61:f3:c1:6b:ef:45:72:eb:3e:4b:7d:86:ee:1d:9f:a5:1a:64:
         66:bb:16:2b:8d:67:fe:5a:7f:f9:57:87:3a:d1:8a:28:1b:72:
         f8:19:96:db:34:f5:46:a5:6d:ac:50:54:b5:01:94:3c:ed:54:
         63:c9:5a:68:64:94:08:8e:24:48:f7:6e:e6:f9:f5:8f:87:08:
         3a:23:10:cf:4f:b3:da:f4:32:6e:95:28:85:d0:9c:83:29:95:
         66:60:9e:14:9c:60:c2:46:60:a4:0c:cd:79:bb:61:36:39:c3:
         7f:23:63:38:b9:7c:f0:18:3f:7f:44:62:36:65:4b:68:cb:43:
         f7:ba:35:37:87:3e:50:04:3d:7b:82:d3:25:34:7d:ee:fa:ce:
         85:bd:9a:30:c6:18:de:ce:f5:66:6f:04:6a:97:32:52:a7:cc:
         8f:b4:be:69:9c:a4:1c:26:5c:32:1c:15:cb:94:d5:15:90:41:
         27:99:bd:1f:8a:a6:f1:b2:3e:4d:bd:6b:db:5e:ea:bd:11:3d:
         f8:ee:26:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6j3maF7+Js4FJAQ/vctmd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNjc1N2RlOGZmY2RkMWZkOWFmNzhiNjQ1NTM2YmRhN2M3
NmMzMGUwHhcNMjQwNDAzMTIxMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDMyOTAxYTNhOWZlZmYxNTEzMzU2NGVlZDVlZTIwY2U0NjI3Yzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1I2IYMqUItD9jyMet/L0UVBNqXT
/wYeeYDrdhEUTTin/UkVfdDyT9bNSkAyaDNPEcqaaH2qnv7flB7kApkTkhWiRJpd
b4i6XbRMOn4z+NWnWFXDC7tPJZH+B6qz/7VgDed/CaJ1b6pEyPpr7PoyuR7XQtdl
gHDrQPpberOvDdT2iVxmNfrZvn2d8pkFMC2dzT0AGFJ2DUHOgjFJkn8nNP4FousV
UdltNShQtFhGwKcWxeddWY0btgc3o0F7m2qWgzUNraSF9yaMdHYlLdMPROvmvkSL
kHaTEyLpxL6qUys0nxfUPT7JgJmdRgas0MXKl1HWAU7nB9AHyNU2dwsj8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLQykBo6n+/xUTNWTu1e4gzkYnyFMB8GA1UdIwQY
MBaAFIBnV96P/N0f2a94tkVTa9p8dsMOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0dkWDNvXzgzUl9acjNpMlJWTnIybngyd3c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80YTNjYWYtZjg0Yy00Yzc2LTgwNjUt
OTYyMjA2YjE2ODZiLzEvdERLUUdqcWY3X0ZSTTFaTzdWN2lET1JpZklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80YTNjYWYtZjg0Yy00Yzc2LTgwNjUtOTYyMjA2YjE2ODZi
LzEvZ0dkWDNvXzgzUl9acjNpMlJWTnIybngyd3c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnEM+AwQA
w6JFMA0GCSqGSIb3DQEBCwUAA4IBAQAawvEDNjXm0/1dM4sSsE6T+c+RZIj/m20p
jHBB4zx9WwWCe9tHjYxFKAfj5I/+5bXWu2mi6Fxh88Fr70Vy6z5LfYbuHZ+lGmRm
uxYrjWf+Wn/5V4c60YooG3L4GZbbNPVGpW2sUFS1AZQ87VRjyVpoZJQIjiRI927m
+fWPhwg6IxDPT7Pa9DJulSiF0JyDKZVmYJ4UnGDCRmCkDM15u2E2OcN/I2M4uXzw
GD9/RGI2ZUtoy0P3ujU3hz5QBD17gtMlNH3u+s6FvZowxhjezvVmbwRqlzJSp8yP
tL5pnKQcJlwyHBXLlNUVkEEnmb0fiqbxsj5NvWvbXuq9ET347iZ+
-----END CERTIFICATE-----