Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/d3uh017qDyAAyNNd0izDcaTO3Ik.roa
File:                     d3uh017qDyAAyNNd0izDcaTO3Ik.roa (raw, json)
Hash identifier:          cXKW2Wg1TxUTQTsFgtMCtpDlFspW0JMuN3BT1HYedMw=
Subject key identifier:   77:7B:A1:D3:5E:EA:0F:20:00:C8:D3:5D:D2:2C:C3:71:A4:CE:DC:89
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA803D8E6178277BDA3F2A6B27DB6
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/d3uh017qDyAAyNNd0izDcaTO3Ik.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25182
IP address blocks:        145.58.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a8:03:d8:e6:17:82:77:bd:a3:f2:a6:b2:7d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=777ba1d35eea0f2000c8d35dd22cc371a4cedc89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0b:69:74:df:79:82:e7:e6:e1:0d:5e:38:7a:
                    a1:f6:6f:4e:29:b2:3c:91:16:eb:b6:b8:d4:00:cd:
                    b8:93:34:3d:a1:28:b7:7d:eb:a3:3a:f0:54:d7:28:
                    74:a0:7f:41:d3:cf:d0:3b:b3:a3:de:67:6b:7d:50:
                    65:12:17:74:fc:05:1d:59:ee:31:bb:6a:77:25:9b:
                    5d:cd:01:b1:e8:55:5a:93:64:c0:26:61:e9:fd:d8:
                    4c:0a:2d:f7:e8:11:3c:9d:95:72:75:c6:9a:23:34:
                    9a:e3:49:c2:5a:82:91:3f:cf:f8:45:8b:bc:13:74:
                    2b:a6:7a:01:ff:80:14:69:ab:57:63:b1:43:c1:4f:
                    f1:56:e2:c3:98:7c:92:64:d4:b0:72:6d:3a:66:d9:
                    e9:5e:fc:47:b0:58:17:79:8f:43:fd:c0:cd:10:cc:
                    47:ee:7f:9b:f3:a4:a6:3f:7b:c0:98:f3:8d:20:bc:
                    ad:bd:ab:58:c3:cf:59:86:01:14:47:82:4d:27:e7:
                    2a:12:ab:1d:22:1a:97:af:ae:30:9a:0d:f9:f8:32:
                    b5:74:a5:bc:50:53:1e:33:f5:e9:64:c9:7d:18:3f:
                    82:1a:11:b1:23:1d:71:07:3a:44:c0:4f:fc:e6:ba:
                    e1:34:a8:b6:3a:99:bb:c6:0c:83:b0:10:09:3b:b7:
                    59:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:7B:A1:D3:5E:EA:0F:20:00:C8:D3:5D:D2:2C:C3:71:A4:CE:DC:89
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/d3uh017qDyAAyNNd0izDcaTO3Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.58.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2c:8d:18:1c:b6:90:d8:19:fc:d0:fa:96:58:13:1a:bb:6f:65:
         e5:05:73:e0:ec:0b:46:8f:43:a2:53:90:5f:70:d3:1e:32:4b:
         45:42:00:7c:0f:3d:a2:f4:96:9f:8b:d9:51:71:3a:4c:a7:3b:
         86:3c:0f:b3:da:e2:8b:ff:ce:7e:8e:9f:44:33:f2:c3:64:ab:
         32:d9:04:fa:55:3f:29:23:13:0c:bb:09:bd:3b:1f:0a:90:84:
         16:5d:0f:96:21:32:5f:d0:8a:a9:e4:1b:82:6e:b3:37:97:eb:
         97:45:8a:d8:22:3a:7a:13:cf:2e:67:4c:58:9a:57:f7:41:c7:
         ac:af:4e:d4:73:c3:3f:08:d5:2b:1b:3f:ef:3b:32:a2:44:45:
         35:f5:9b:8e:bc:64:cb:07:9d:21:48:af:0b:aa:33:f2:2d:24:
         1f:36:a2:b1:33:f8:5d:b8:30:f3:98:6e:9a:20:49:3d:13:24:
         08:59:9e:21:c6:00:46:02:23:ca:31:bc:ec:83:64:d6:4e:aa:
         52:9b:39:bc:34:12:bd:69:29:62:8b:bc:31:a8:e6:9e:fc:e7:
         b6:a1:93:e0:90:45:96:a6:a1:e5:fb:70:c6:41:34:df:20:98:
         e3:d2:a5:2e:4c:0a:3d:04:c8:c1:0f:08:53:20:86:5f:32:fa:
         92:ee:aa:22
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJvKgD2OYXgne9o/Kmsn22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzdiYTFkMzVlZWEwZjIwMDBjOGQzNWRkMjJjYzM3MWE0Y2VkYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAtpdN95gufm4Q1eOHqh9m9OKbI8
kRbrtrjUAM24kzQ9oSi3feujOvBU1yh0oH9B08/QO7Oj3mdrfVBlEhd0/AUdWe4x
u2p3JZtdzQGx6FVak2TAJmHp/dhMCi336BE8nZVydcaaIzSa40nCWoKRP8/4RYu8
E3QrpnoB/4AUaatXY7FDwU/xVuLDmHySZNSwcm06ZtnpXvxHsFgXeY9D/cDNEMxH
7n+b86SmP3vAmPONILytvatYw89ZhgEUR4JNJ+cqEqsdIhqXr64wmg35+DK1dKW8
UFMeM/XpZMl9GD+CGhGxIx1xBzpEwE/85rrhNKi2Opm7xgyDsBAJO7dZoQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHd7odNe6g8gAMjTXdIsw3GkztyJMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvZDN1aDAxN3FEeUFBeU5OZDBpekRjYVRPM0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkTowDQYJ
KoZIhvcNAQELBQADggEBACyNGBy2kNgZ/ND6llgTGrtvZeUFc+DsC0aPQ6JTkF9w
0x4yS0VCAHwPPaL0lp+L2VFxOkynO4Y8D7Pa4ov/zn6On0Qz8sNkqzLZBPpVPykj
Ewy7Cb07HwqQhBZdD5YhMl/QiqnkG4JuszeX65dFitgiOnoTzy5nTFiaV/dBx6yv
TtRzwz8I1SsbP+87MqJERTX1m468ZMsHnSFIrwuqM/ItJB82orEz+F24MPOYbpog
ST0TJAhZniHGAEYCI8oxvOyDZNZOqlKbObw0Er1pKWKLvDGo5p7857ahk+CQRZam
oeX7cMZBNN8gmOPSpS5MCj0EyMEPCFMghl8y+pLuqiI=
-----END CERTIFICATE-----