Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/5jUdHwD5HxSaYAXYDO2WP8oyt-Q.roa
File:                     5jUdHwD5HxSaYAXYDO2WP8oyt-Q.roa (raw, json)
Hash identifier:          gsf+vE6uJZyqci/1280/vOGJAEW5popBr+oVPf/8B20=
Subject key identifier:   E6:35:1D:1F:00:F9:1F:14:9A:60:05:D8:0C:ED:96:3F:CA:32:B7:E4
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA33F1B098228FBC58920642FF82F
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/5jUdHwD5HxSaYAXYDO2WP8oyt-Q.roa
Signing time:             Tue 02 Jan 2024 10:33:51 +0000
ROA not before:           Tue 02 Jan 2024 10:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1161
IP address blocks:        145.116.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a3:3f:1b:09:82:28:fb:c5:89:20:64:2f:f8:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6351d1f00f91f149a6005d80ced963fca32b7e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:37:c4:28:51:2d:86:2f:fd:26:69:7d:42:36:
                    d7:0e:94:3b:63:1f:cc:04:29:8b:0b:07:0e:49:d4:
                    b1:d4:cc:b8:d6:d6:df:91:7b:de:97:0f:84:6b:05:
                    33:26:2f:7d:37:25:18:55:60:13:2a:bf:da:19:88:
                    23:5a:73:3b:ca:27:f3:39:dc:6b:cc:45:65:ae:8e:
                    ab:7e:72:b1:79:72:9b:2f:35:c8:6f:d7:8d:dc:e5:
                    34:1f:f0:57:f5:72:08:a0:3e:14:ae:f9:86:5a:8e:
                    23:72:e5:87:84:70:8c:b6:64:66:78:82:90:2e:f2:
                    0b:0d:ed:a0:94:b7:bf:a9:96:df:c8:21:8e:ce:e4:
                    5f:57:fa:3e:ea:65:3a:6e:fd:b7:1e:ce:8d:d8:31:
                    d4:2e:1b:f7:15:f9:57:c6:26:5d:af:01:10:f5:8f:
                    48:01:ee:d3:32:80:43:df:39:ab:a3:02:ef:06:92:
                    5a:b3:12:b5:f2:7d:62:2d:66:45:78:17:09:ef:bc:
                    ac:cc:95:4c:83:d2:40:a1:ee:a9:23:46:b9:77:46:
                    71:2b:2b:99:f7:e3:c7:89:25:04:4d:b9:5b:a0:fb:
                    ca:e0:bf:ed:69:4b:6b:9d:6e:82:d6:9d:d9:9c:61:
                    03:d7:77:e2:f2:40:ac:83:22:1f:d4:07:ba:ec:1c:
                    4a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:35:1D:1F:00:F9:1F:14:9A:60:05:D8:0C:ED:96:3F:CA:32:B7:E4
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/5jUdHwD5HxSaYAXYDO2WP8oyt-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.116.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         27:79:65:44:69:01:58:94:41:65:c1:8b:3e:be:50:85:1f:c8:
         1f:31:6c:e7:75:98:a9:ca:bc:a4:8a:e2:86:c1:32:68:4c:43:
         2f:8d:d6:b0:96:14:58:db:6e:51:a9:e1:5e:2d:a5:78:49:34:
         3f:5f:16:35:83:d5:90:48:b5:8e:d6:fb:bb:a3:83:51:df:01:
         6f:fe:aa:c1:36:9c:e8:aa:2d:c7:2b:e0:0d:18:82:80:b1:fa:
         47:9c:61:80:b2:7d:24:6e:c3:a9:24:62:86:9f:36:d4:00:64:
         97:82:d0:74:b6:98:47:ec:da:3e:c9:be:01:4b:f3:9a:b3:8c:
         e0:f0:18:b4:6a:be:e0:6b:8c:c0:af:eb:71:fa:83:46:07:83:
         2b:1e:44:41:9f:fa:18:94:2e:6e:45:d0:4f:fd:f8:65:14:82:
         3d:88:38:3a:dc:11:94:55:96:7f:0d:95:df:60:c6:f4:d7:17:
         9e:76:f4:84:e2:e7:62:43:84:92:6e:ff:12:5e:7c:a1:c7:73:
         04:16:ee:c7:12:a3:fb:82:17:25:db:ac:c2:14:54:a8:98:c4:
         4d:03:3e:28:ef:da:47:34:3c:80:f2:2e:92:39:91:aa:be:bc:
         82:a5:6a:f4:29:bd:f6:b8:56:ce:62:50:fc:93:4a:d1:f0:58:
         11:de:63:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKM/GwmCKPvFiSBkL/gvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjM1MWQxZjAwZjkxZjE0OWE2MDA1ZDgwY2VkOTYzZmNhMzJiN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzfEKFEthi/9Jml9QjbXDpQ7Yx/M
BCmLCwcOSdSx1My41tbfkXvelw+EawUzJi99NyUYVWATKr/aGYgjWnM7yifzOdxr
zEVlro6rfnKxeXKbLzXIb9eN3OU0H/BX9XIIoD4UrvmGWo4jcuWHhHCMtmRmeIKQ
LvILDe2glLe/qZbfyCGOzuRfV/o+6mU6bv23Hs6N2DHULhv3FflXxiZdrwEQ9Y9I
Ae7TMoBD3zmrowLvBpJasxK18n1iLWZFeBcJ77yszJVMg9JAoe6pI0a5d0ZxKyuZ
9+PHiSUETblboPvK4L/taUtrnW6C1p3ZnGED13fi8kCsgyIf1Ae67BxK+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOY1HR8A+R8UmmAF2Aztlj/KMrfkMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvNWpVZEh3RDVIeFNhWUFYWURPMldQOG95dC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEkXQgMA0G
CSqGSIb3DQEBCwUAA4IBAQAneWVEaQFYlEFlwYs+vlCFH8gfMWzndZipyrykiuKG
wTJoTEMvjdawlhRY225RqeFeLaV4STQ/XxY1g9WQSLWO1vu7o4NR3wFv/qrBNpzo
qi3HK+ANGIKAsfpHnGGAsn0kbsOpJGKGnzbUAGSXgtB0tphH7No+yb4BS/Oas4zg
8Bi0ar7ga4zAr+tx+oNGB4MrHkRBn/oYlC5uRdBP/fhlFII9iDg63BGUVZZ/DZXf
YMb01xeedvSE4udiQ4SSbv8SXnyhx3MEFu7HEqP7ghcl26zCFFSomMRNAz4o79pH
NDyA8i6SOZGqvryCpWr0Kb32uFbOYlD8k0rR8FgR3mMh
-----END CERTIFICATE-----