Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/dA80UlCqSzB9jfcKXUKlNR5yfqw.roa
File:                     dA80UlCqSzB9jfcKXUKlNR5yfqw.roa (raw, json)
Hash identifier:          udPpXo/9ENbaY9Cf9WPSZ+thCLJOIuj0SBYt/3cp3X4=
Subject key identifier:   74:0F:34:52:50:AA:4B:30:7D:8D:F7:0A:5D:42:A5:35:1E:72:7E:AC
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA61244D7569D5AD59B48E3EDED45
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/dA80UlCqSzB9jfcKXUKlNR5yfqw.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3918
IP address blocks:        145.30.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a6:12:44:d7:56:9d:5a:d5:9b:48:e3:ed:ed:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=740f345250aa4b307d8df70a5d42a5351e727eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6c:f7:7c:15:8c:6f:ab:22:bc:15:23:7e:24:
                    e9:27:6e:23:1d:a1:9e:99:89:e0:47:2d:10:db:41:
                    75:7c:e7:14:2e:6b:f6:12:31:c1:e4:34:fb:66:bd:
                    8c:b9:52:17:b6:3e:65:da:e4:85:4b:fd:83:ba:cc:
                    48:7a:dc:74:89:77:d4:70:55:4f:3e:1d:3b:44:17:
                    97:06:91:a7:39:d0:bb:80:d4:29:85:69:5e:6d:43:
                    11:51:74:7a:b7:49:cc:fd:41:3a:ae:3e:2a:a3:00:
                    46:d3:81:fa:4e:d7:8f:e0:f9:c5:0c:9d:ec:4f:27:
                    54:8b:c8:34:b9:74:55:97:e6:b6:e7:a7:ff:e0:c2:
                    4b:75:93:49:65:c3:6c:fb:e5:a5:9c:3a:2b:42:8d:
                    ff:12:b7:d7:cb:22:ff:20:cb:37:df:9f:fa:60:ac:
                    39:55:6d:01:9f:87:05:40:f3:18:d5:56:1c:78:60:
                    c2:94:7e:fc:95:c7:b4:ce:15:63:26:7f:4c:17:31:
                    aa:a9:e3:b7:bc:b1:b8:65:77:c2:a8:2f:5a:0f:43:
                    88:5d:86:00:00:71:64:5a:ac:7f:14:f9:ad:de:c8:
                    80:04:5c:c8:b7:e1:f6:b9:76:ec:e9:26:7c:2d:76:
                    49:9b:2a:bc:a7:a1:f8:11:2f:36:b1:b5:a6:40:33:
                    af:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:0F:34:52:50:AA:4B:30:7D:8D:F7:0A:5D:42:A5:35:1E:72:7E:AC
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/dA80UlCqSzB9jfcKXUKlNR5yfqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.30.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:6f:67:ae:df:08:3f:28:34:fd:93:5e:f5:d3:f5:37:25:f9:
         85:64:21:07:79:71:39:58:18:b1:35:5c:38:d9:30:d3:5a:b8:
         11:bb:25:9e:46:7e:a1:ec:d4:53:73:04:37:79:48:3f:59:de:
         b3:9a:db:53:d0:ac:fc:15:d6:2f:19:8c:9b:7d:56:0a:7c:9f:
         08:bb:42:06:44:ba:2f:65:3f:e1:c3:69:be:e2:02:f4:13:20:
         3e:8c:2b:53:da:77:1d:33:a4:39:10:bd:04:30:17:1d:48:28:
         24:ca:be:e0:80:49:04:1f:70:85:0f:61:96:96:84:6a:d4:c3:
         a5:22:a7:ba:e3:7e:55:6a:a3:55:28:43:c6:11:78:d6:a9:bf:
         29:83:bf:32:a4:83:4b:9d:0d:0e:3a:a0:4f:32:d8:26:a8:1e:
         de:c0:fb:29:74:43:fa:6b:d7:35:df:e4:17:78:27:28:50:a5:
         1a:41:68:85:ac:e8:51:de:14:ee:7c:fe:28:69:00:1b:d8:e1:
         6d:ee:57:ce:be:ab:f9:39:e3:05:0e:2d:68:c7:ca:99:a9:a3:
         54:21:dc:98:ac:e9:5d:19:2c:da:48:5d:32:b8:b0:9e:ea:c2:
         af:45:5e:17:57:c8:a6:44:a2:b3:8b:bd:6e:aa:23:84:71:0b:
         f9:1f:6d:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKYSRNdWnVrVm0jj7e1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDBmMzQ1MjUwYWE0YjMwN2Q4ZGY3MGE1ZDQyYTUzNTFlNzI3ZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWz3fBWMb6sivBUjfiTpJ24jHaGe
mYngRy0Q20F1fOcULmv2EjHB5DT7Zr2MuVIXtj5l2uSFS/2DusxIetx0iXfUcFVP
Ph07RBeXBpGnOdC7gNQphWlebUMRUXR6t0nM/UE6rj4qowBG04H6TteP4PnFDJ3s
TydUi8g0uXRVl+a256f/4MJLdZNJZcNs++WlnDorQo3/ErfXyyL/IMs335/6YKw5
VW0Bn4cFQPMY1VYceGDClH78lce0zhVjJn9MFzGqqeO3vLG4ZXfCqC9aD0OIXYYA
AHFkWqx/FPmt3siABFzIt+H2uXbs6SZ8LXZJmyq8p6H4ES82sbWmQDOvYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQPNFJQqkswfY33Cl1CpTUecn6sMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvZEE4MFVsQ3FTekI5amZjS1hVS2xOUjV5ZnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkR7jMA0G
CSqGSIb3DQEBCwUAA4IBAQAJb2eu3wg/KDT9k1710/U3JfmFZCEHeXE5WBixNVw4
2TDTWrgRuyWeRn6h7NRTcwQ3eUg/Wd6zmttT0Kz8FdYvGYybfVYKfJ8Iu0IGRLov
ZT/hw2m+4gL0EyA+jCtT2ncdM6Q5EL0EMBcdSCgkyr7ggEkEH3CFD2GWloRq1MOl
Iqe6435VaqNVKEPGEXjWqb8pg78ypINLnQ0OOqBPMtgmqB7ewPspdEP6a9c13+QX
eCcoUKUaQWiFrOhR3hTufP4oaQAb2OFt7lfOvqv5OeMFDi1ox8qZqaNUIdyYrOld
GSzaSF0yuLCe6sKvRV4XV8imRKKzi71uqiOEcQv5H22S
-----END CERTIFICATE-----