Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/hWrxupfwdXUZJMruo0G4LjOFgEE.roa
File:                     hWrxupfwdXUZJMruo0G4LjOFgEE.roa (raw, json)
Hash identifier:          ld+y1133BNUvA6cMHSB5+gXLUt56SrsKK1ElXKV/5Yc=
Subject key identifier:   85:6A:F1:BA:97:F0:75:75:19:24:CA:EE:A3:41:B8:2E:33:85:80:41
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCAA7DCDB45A1C89A032F422AEBA73
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/hWrxupfwdXUZJMruo0G4LjOFgEE.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211280
IP address blocks:        145.62.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:aa:7d:cd:b4:5a:1c:89:a0:32:f4:22:ae:ba:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=856af1ba97f075751924caeea341b82e33858041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5c:a5:b3:9d:3c:56:b9:20:31:18:91:27:3d:
                    07:4e:28:fc:90:fd:b1:13:47:9c:aa:fe:da:53:22:
                    33:f6:35:7a:85:8a:c7:9c:ba:97:3a:51:21:f2:ec:
                    44:00:90:83:5a:25:02:87:90:eb:7f:6a:26:0c:4a:
                    af:19:69:2e:5b:ab:c7:cd:dc:1a:2f:f2:b4:d1:44:
                    e3:92:c0:d3:e7:49:72:08:65:a7:f3:a1:97:bd:d7:
                    20:48:4c:33:7b:5d:1e:3f:a3:d9:bc:ce:f4:18:06:
                    34:49:69:96:5f:fb:50:18:c5:72:1e:34:e4:20:ba:
                    42:ef:5a:68:01:d1:41:8c:99:f5:92:4c:3e:89:90:
                    ea:56:f8:9c:10:40:7b:21:91:a6:3d:c4:d2:fa:67:
                    ee:68:0f:aa:5b:48:94:95:a3:8f:70:71:2a:ae:17:
                    74:dd:95:ed:95:b5:69:70:94:b6:7a:3d:d0:63:ca:
                    a2:b0:01:9e:46:e0:ea:33:2c:98:39:8c:66:10:29:
                    6f:c7:d8:0e:a1:d8:43:3b:e7:3e:03:f9:fe:a1:ca:
                    c9:a4:13:35:62:46:a6:88:68:d1:64:34:4a:8b:22:
                    26:f4:a1:90:20:c0:8b:ee:03:95:11:75:c3:8a:f6:
                    75:df:2b:17:a7:57:01:31:09:d6:97:bd:1e:d1:9a:
                    f9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:6A:F1:BA:97:F0:75:75:19:24:CA:EE:A3:41:B8:2E:33:85:80:41
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/hWrxupfwdXUZJMruo0G4LjOFgEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.62.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         62:a7:88:c5:7e:b0:b6:ba:e2:e9:3e:2f:60:5d:4f:c6:29:7a:
         ea:7c:65:13:c1:cd:d9:dd:73:e6:a1:e8:1e:41:09:fb:17:9c:
         37:82:aa:d3:84:d1:cc:a7:ea:7f:72:8b:99:a4:26:23:4a:99:
         67:96:e9:95:8b:0e:be:68:2b:97:84:7e:9e:1c:58:8f:28:2c:
         96:e7:84:4e:16:e5:eb:b4:39:5a:95:1f:7e:2f:9b:2b:ba:32:
         9d:da:bd:04:3e:75:51:57:d3:5d:04:a0:2b:90:7d:d6:a8:7f:
         11:c2:77:c1:4d:e3:0d:88:4d:f7:28:db:c6:6a:54:6e:8f:39:
         83:2f:48:9f:0d:fc:d5:c9:d9:89:f3:2d:d8:0d:17:aa:f6:83:
         11:70:c6:c6:bc:88:66:ae:79:85:f9:ce:5e:eb:fa:73:7b:ce:
         d4:09:41:f5:4b:46:b0:66:c8:50:6a:4d:61:d3:d4:ae:21:5f:
         9f:20:58:2b:c3:51:8e:6d:d0:c4:15:a3:1a:d8:5d:de:f7:56:
         ce:f5:fd:2a:b3:c0:02:0e:2c:4a:47:fd:44:61:01:ae:73:8a:
         42:ab:9c:5e:f8:a9:08:8e:f0:51:b6:fd:03:57:2f:b4:d2:5c:
         8d:a5:13:45:08:b5:48:0b:8e:7d:4d:eb:f6:11:aa:3b:5b:b8:
         4d:41:22:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKp9zbRaHImgMvQirrpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTZhZjFiYTk3ZjA3NTc1MTkyNGNhZWVhMzQxYjgyZTMzODU4MDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglyls508VrkgMRiRJz0HTij8kP2x
E0ecqv7aUyIz9jV6hYrHnLqXOlEh8uxEAJCDWiUCh5Drf2omDEqvGWkuW6vHzdwa
L/K00UTjksDT50lyCGWn86GXvdcgSEwze10eP6PZvM70GAY0SWmWX/tQGMVyHjTk
ILpC71poAdFBjJn1kkw+iZDqVvicEEB7IZGmPcTS+mfuaA+qW0iUlaOPcHEqrhd0
3ZXtlbVpcJS2ej3QY8qisAGeRuDqMyyYOYxmEClvx9gOodhDO+c+A/n+ocrJpBM1
YkamiGjRZDRKiyIm9KGQIMCL7gOVEXXDivZ13ysXp1cBMQnWl70e0Zr5KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVq8bqX8HV1GSTK7qNBuC4zhYBBMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvaFdyeHVwZndkWFVaSk1ydW8wRzRMak9GZ0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEkT5AMA0G
CSqGSIb3DQEBCwUAA4IBAQBip4jFfrC2uuLpPi9gXU/GKXrqfGUTwc3Z3XPmoege
QQn7F5w3gqrThNHMp+p/couZpCYjSplnlumViw6+aCuXhH6eHFiPKCyW54ROFuXr
tDlalR9+L5srujKd2r0EPnVRV9NdBKArkH3WqH8RwnfBTeMNiE33KNvGalRujzmD
L0ifDfzVydmJ8y3YDReq9oMRcMbGvIhmrnmF+c5e6/pze87UCUH1S0awZshQak1h
09SuIV+fIFgrw1GObdDEFaMa2F3e91bO9f0qs8ACDixKR/1EYQGuc4pCq5xe+KkI
jvBRtv0DVy+00lyNpRNFCLVIC459Tev2Eao7W7hNQSIC
-----END CERTIFICATE-----