Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/dvMKLrYFLe_opLs27-tHnSS5uMY.roa
File:                     dvMKLrYFLe_opLs27-tHnSS5uMY.roa (raw, json)
Hash identifier:          yciWulMPckuHZ2r7UNAHsTqgZgh8uZ4N9nsz1o4DNOQ=
Subject key identifier:   76:F3:0A:2E:B6:05:2D:EF:E8:A4:BB:36:EF:EB:47:9D:24:B9:B8:C6
Certificate issuer:       /CN=74eba0122f643adca0cbc6f6a4681b6d77e93620
Certificate serial:       018CC64B214B64ED72B09496AB7884B7F914
Authority key identifier: 74:EB:A0:12:2F:64:3A:DC:A0:CB:C6:F6:A4:68:1B:6D:77:E9:36:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOugEi9kOtygy8b2pGgbbXfpNiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/dvMKLrYFLe_opLs27-tHnSS5uMY.roa
Signing time:             Mon 01 Jan 2024 18:31:01 +0000
ROA not before:           Mon 01 Jan 2024 18:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51011
IP address blocks:        178.217.24.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/dOugEi9kOtygy8b2pGgbbXfpNiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/dOugEi9kOtygy8b2pGgbbXfpNiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOugEi9kOtygy8b2pGgbbXfpNiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:21:4b:64:ed:72:b0:94:96:ab:78:84:b7:f9:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74eba0122f643adca0cbc6f6a4681b6d77e93620
        Validity
            Not Before: Jan  1 18:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76f30a2eb6052defe8a4bb36efeb479d24b9b8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e0:7b:e7:7a:08:a4:d2:14:45:cb:90:a7:62:
                    7e:81:5e:7b:e5:e8:17:d9:b8:b8:6f:1e:38:6c:a3:
                    19:df:77:bc:04:f1:1b:b7:79:fa:46:98:3e:74:fb:
                    5d:1f:11:a5:56:0c:6a:cc:86:cc:1c:54:29:46:96:
                    b7:8d:7a:94:8a:11:18:48:a0:aa:4b:2b:5d:bc:ba:
                    60:ba:0b:47:7c:39:1f:d8:8e:58:6f:14:26:24:a9:
                    e4:70:7b:7e:99:00:a0:f8:5b:80:94:9a:61:6b:3e:
                    60:79:08:00:b5:d4:0b:65:a5:fa:00:b5:f5:1d:88:
                    22:9c:32:af:48:73:7e:31:5e:60:0a:26:96:8b:aa:
                    bf:9d:d6:50:96:98:45:98:e5:fc:f5:c6:ff:b9:ce:
                    21:6c:bd:d0:7e:9f:4c:9f:1c:ae:f2:5a:09:dd:12:
                    e8:d8:38:cc:61:de:20:74:0d:ca:ea:e7:3a:5f:c7:
                    37:95:0a:c8:23:92:58:44:fe:f4:23:44:48:dc:9d:
                    50:2d:83:50:ff:02:69:bb:42:69:bd:0e:70:ec:39:
                    6c:89:26:a9:8d:32:8b:86:29:18:6a:0e:c4:66:c8:
                    76:33:6c:b5:b1:b5:61:50:33:4d:b6:68:57:fc:da:
                    fc:d1:3e:8a:91:30:88:4e:53:92:fb:4a:46:61:3d:
                    21:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:F3:0A:2E:B6:05:2D:EF:E8:A4:BB:36:EF:EB:47:9D:24:B9:B8:C6
            X509v3 Authority Key Identifier:
                keyid:74:EB:A0:12:2F:64:3A:DC:A0:CB:C6:F6:A4:68:1B:6D:77:E9:36:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOugEi9kOtygy8b2pGgbbXfpNiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/dvMKLrYFLe_opLs27-tHnSS5uMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b97693-1d02-40dc-9af7-a015168c3323/1/dOugEi9kOtygy8b2pGgbbXfpNiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.217.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6a:26:a1:16:da:b7:e8:55:8a:e8:32:f1:ad:5c:c5:e4:ad:52:
         c5:95:9a:15:44:47:9b:43:e4:ca:4a:e0:6d:8a:e2:f4:f9:53:
         66:42:a1:94:16:a4:1b:2b:fa:1c:e0:c3:ca:52:4b:91:87:23:
         6c:aa:7f:19:96:ea:ab:78:b3:9a:51:54:57:4e:f9:28:e2:f8:
         81:2d:07:cb:59:22:55:95:2b:8b:15:f4:70:f6:9a:78:e8:06:
         dc:ea:e7:0b:ca:3b:98:94:f0:9d:c3:3d:1d:a0:b1:7d:a4:d4:
         cc:0e:db:e5:71:4c:00:b1:42:2f:91:b8:f5:4e:8c:55:74:d4:
         6b:32:4d:8f:79:f0:28:03:f7:96:4f:76:79:c1:9b:03:41:d9:
         7a:7d:cc:e5:45:63:ba:5e:5e:a1:b8:78:2c:9f:f3:eb:19:69:
         67:70:fb:c0:55:2e:76:63:82:4b:63:a5:1a:d9:f9:10:30:7e:
         6b:6d:ca:0e:ed:01:d0:65:6a:8d:df:98:68:e8:21:fc:ee:1f:
         b8:4c:6c:c2:6e:ef:a9:c7:f0:63:02:27:2f:74:43:06:6d:67:
         88:31:69:cd:a2:99:43:89:c5:60:50:a3:42:f1:64:89:2e:73:
         de:84:62:50:90:87:c1:04:c7:fc:07:67:d4:21:bc:71:1a:6f:
         ad:4a:1f:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyFLZO1ysJSWq3iEt/kUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZWJhMDEyMmY2NDNhZGNhMGNiYzZmNmE0NjgxYjZkNzdl
OTM2MjAwHhcNMjQwMTAxMTgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmYzMGEyZWI2MDUyZGVmZThhNGJiMzZlZmViNDc5ZDI0YjliOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuB753oIpNIURcuQp2J+gV575egX
2bi4bx44bKMZ33e8BPEbt3n6Rpg+dPtdHxGlVgxqzIbMHFQpRpa3jXqUihEYSKCq
SytdvLpgugtHfDkf2I5YbxQmJKnkcHt+mQCg+FuAlJphaz5geQgAtdQLZaX6ALX1
HYginDKvSHN+MV5gCiaWi6q/ndZQlphFmOX89cb/uc4hbL3Qfp9Mnxyu8loJ3RLo
2DjMYd4gdA3K6uc6X8c3lQrII5JYRP70I0RI3J1QLYNQ/wJpu0JpvQ5w7DlsiSap
jTKLhikYag7EZsh2M2y1sbVhUDNNtmhX/Nr80T6KkTCITlOS+0pGYT0hiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbzCi62BS3v6KS7Nu/rR50kubjGMB8GA1UdIwQY
MBaAFHTroBIvZDrcoMvG9qRoG2136TYgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE91Z0VpOWtPdHlneThiMnBHZ2JiWGZwTmlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9iOTc2OTMtMWQwMi00MGRjLTlhZjct
YTAxNTE2OGMzMzIzLzEvZHZNS0xyWUZMZV9vcExzMjctdEhuU1M1dU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9iOTc2OTMtMWQwMi00MGRjLTlhZjctYTAxNTE2OGMzMzIz
LzEvZE91Z0VpOWtPdHlneThiMnBHZ2JiWGZwTmlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstkYMA0G
CSqGSIb3DQEBCwUAA4IBAQBqJqEW2rfoVYroMvGtXMXkrVLFlZoVREebQ+TKSuBt
iuL0+VNmQqGUFqQbK/oc4MPKUkuRhyNsqn8ZluqreLOaUVRXTvko4viBLQfLWSJV
lSuLFfRw9pp46Abc6ucLyjuYlPCdwz0doLF9pNTMDtvlcUwAsUIvkbj1ToxVdNRr
Mk2PefAoA/eWT3Z5wZsDQdl6fczlRWO6Xl6huHgsn/PrGWlncPvAVS52Y4JLY6Ua
2fkQMH5rbcoO7QHQZWqN35ho6CH87h+4TGzCbu+px/BjAicvdEMGbWeIMWnNoplD
icVgUKNC8WSJLnPehGJQkIfBBMf8B2fUIbxxGm+tSh/x
-----END CERTIFICATE-----