Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/90d366-2fab-47e5-90b9-0265e5cd6966/1/dT2Pilj0cDxW8JNdaMPdYMP5_Lg.roa
File:                     dT2Pilj0cDxW8JNdaMPdYMP5_Lg.roa (raw, json)
Hash identifier:          nrTd0T6YOSJ9/FYjp6b/vFkHXSf6ITW+uPne+/v5smI=
Subject key identifier:   75:3D:8F:8A:58:F4:70:3C:56:F0:93:5D:68:C3:DD:60:C3:F9:FC:B8
Certificate issuer:       /CN=f324d0f47297680535eb2799189db888b4066782
Certificate serial:       018CC2DB0C85D20989E45B8916D4B4519681
Authority key identifier: F3:24:D0:F4:72:97:68:05:35:EB:27:99:18:9D:B8:88:B4:06:67:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yTQ9HKXaAU16yeZGJ24iLQGZ4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/90d366-2fab-47e5-90b9-0265e5cd6966/1/dT2Pilj0cDxW8JNdaMPdYMP5_Lg.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        185.90.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/90d366-2fab-47e5-90b9-0265e5cd6966/1/8yTQ9HKXaAU16yeZGJ24iLQGZ4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/90d366-2fab-47e5-90b9-0265e5cd6966/1/8yTQ9HKXaAU16yeZGJ24iLQGZ4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yTQ9HKXaAU16yeZGJ24iLQGZ4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0c:85:d2:09:89:e4:5b:89:16:d4:b4:51:96:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f324d0f47297680535eb2799189db888b4066782
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=753d8f8a58f4703c56f0935d68c3dd60c3f9fcb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6c:66:c1:a6:1f:42:8c:2e:c7:2c:6d:78:48:
                    ab:83:4c:8f:d7:b2:bc:07:90:2a:6d:fd:a9:4c:79:
                    19:91:fd:e9:65:1a:eb:29:18:cb:6e:26:cc:27:8a:
                    a6:92:73:cb:93:44:b1:15:87:22:ff:e8:7a:4b:97:
                    2f:d0:f0:43:6b:f7:d8:2c:2a:2d:44:fc:12:93:6e:
                    1e:de:90:9e:f4:be:bd:24:96:f9:18:9b:60:20:b3:
                    09:a0:21:03:3c:d5:85:5e:12:86:47:fe:51:08:1f:
                    92:fa:fc:a8:13:ad:99:9d:f9:4e:4f:50:41:95:58:
                    dc:2a:a0:f7:c7:3d:00:c5:07:36:63:96:fb:c5:6e:
                    67:87:3e:52:cd:ae:44:bd:54:e8:dd:53:95:40:2e:
                    ce:45:be:a2:ae:24:9e:3b:09:70:76:9e:80:e1:6d:
                    0d:be:e8:9f:a1:a0:8b:10:de:85:74:9f:4b:66:fd:
                    b1:6c:a8:36:48:fd:a6:99:e6:d8:ea:ba:e7:33:9b:
                    10:f7:af:4d:5d:9e:f3:f4:03:82:0b:d6:9d:2c:d6:
                    26:d6:74:b2:e9:50:ad:37:8d:79:01:bc:e3:12:57:
                    8f:f3:e5:d7:29:74:b3:41:84:af:05:ec:24:5f:f5:
                    3c:8d:f8:86:97:36:f1:3c:10:d2:0f:49:58:27:75:
                    23:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:3D:8F:8A:58:F4:70:3C:56:F0:93:5D:68:C3:DD:60:C3:F9:FC:B8
            X509v3 Authority Key Identifier:
                keyid:F3:24:D0:F4:72:97:68:05:35:EB:27:99:18:9D:B8:88:B4:06:67:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yTQ9HKXaAU16yeZGJ24iLQGZ4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/90d366-2fab-47e5-90b9-0265e5cd6966/1/dT2Pilj0cDxW8JNdaMPdYMP5_Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/90d366-2fab-47e5-90b9-0265e5cd6966/1/8yTQ9HKXaAU16yeZGJ24iLQGZ4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:7f:84:71:a4:43:15:84:dd:75:2c:24:e4:d8:82:44:21:0f:
         b4:a8:48:e8:d9:c1:38:d8:a0:53:4b:5b:2b:f2:a3:d5:b0:32:
         6e:35:b3:80:b6:80:fc:f1:78:90:85:fa:41:49:9c:0e:14:83:
         8d:08:14:20:e2:3d:4a:06:d7:bf:20:4c:fb:be:03:f9:33:60:
         b4:f1:76:3f:7f:71:5e:f8:d5:45:af:2f:61:23:50:2a:99:10:
         ef:e4:ba:c5:04:77:ab:31:56:c5:82:ab:6f:fa:a9:7d:ec:44:
         7c:b0:63:1f:6e:f5:97:85:b8:ca:c9:18:95:34:6d:5a:32:45:
         ef:fc:98:79:e5:7a:73:cc:83:19:66:e6:85:b1:b3:ca:2c:d0:
         df:fa:be:db:91:55:21:1e:f9:f7:0c:06:e7:dd:d6:21:f5:8b:
         b0:65:6e:8e:63:37:25:3c:d3:e3:26:0c:2c:ee:7a:d7:c7:2b:
         26:50:29:46:24:a8:65:b0:ca:73:55:aa:18:5d:ea:80:95:c3:
         64:7f:94:95:94:16:eb:99:ec:51:a5:b3:75:b9:7c:a1:bb:16:
         ba:ef:a1:b4:1a:3f:d5:db:4e:a3:4c:e9:24:5e:cf:ba:5e:41:
         b7:b3:71:ea:89:ba:f9:a8:99:59:f6:9c:d2:94:f7:fb:d1:10:
         9f:ea:f6:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wyF0gmJ5FuJFtS0UZaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMjRkMGY0NzI5NzY4MDUzNWViMjc5OTE4OWRiODg4YjQw
NjY3ODIwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTNkOGY4YTU4ZjQ3MDNjNTZmMDkzNWQ2OGMzZGQ2MGMzZjlmY2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmxmwaYfQowuxyxteEirg0yP17K8
B5Aqbf2pTHkZkf3pZRrrKRjLbibMJ4qmknPLk0SxFYci/+h6S5cv0PBDa/fYLCot
RPwSk24e3pCe9L69JJb5GJtgILMJoCEDPNWFXhKGR/5RCB+S+vyoE62ZnflOT1BB
lVjcKqD3xz0AxQc2Y5b7xW5nhz5Sza5EvVTo3VOVQC7ORb6iriSeOwlwdp6A4W0N
vuifoaCLEN6FdJ9LZv2xbKg2SP2mmebY6rrnM5sQ969NXZ7z9AOCC9adLNYm1nSy
6VCtN415AbzjEleP8+XXKXSzQYSvBewkX/U8jfiGlzbxPBDSD0lYJ3UjjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHU9j4pY9HA8VvCTXWjD3WDD+fy4MB8GA1UdIwQY
MBaAFPMk0PRyl2gFNesnmRiduIi0BmeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHlUUTlIS1hhQVUxNnllWkdKMjRpTFFHWjRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC85MGQzNjYtMmZhYi00N2U1LTkwYjkt
MDI2NWU1Y2Q2OTY2LzEvZFQyUGlsajBjRHhXOEpOZGFNUGRZTVA1X0xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC85MGQzNjYtMmZhYi00N2U1LTkwYjktMDI2NWU1Y2Q2OTY2
LzEvOHlUUTlIS1hhQVUxNnllWkdKMjRpTFFHWjRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVpEMA0G
CSqGSIb3DQEBCwUAA4IBAQA0f4RxpEMVhN11LCTk2IJEIQ+0qEjo2cE42KBTS1sr
8qPVsDJuNbOAtoD88XiQhfpBSZwOFIONCBQg4j1KBte/IEz7vgP5M2C08XY/f3Fe
+NVFry9hI1AqmRDv5LrFBHerMVbFgqtv+ql97ER8sGMfbvWXhbjKyRiVNG1aMkXv
/Jh55XpzzIMZZuaFsbPKLNDf+r7bkVUhHvn3DAbn3dYh9YuwZW6OYzclPNPjJgws
7nrXxysmUClGJKhlsMpzVaoYXeqAlcNkf5SVlBbrmexRpbN1uXyhuxa676G0Gj/V
206jTOkkXs+6XkG3s3Hqibr5qJlZ9pzSlPf70RCf6vZl
-----END CERTIFICATE-----