Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/4b99b8-0657-4162-ab04-f572a0fce0ee/1/EcF8Qs5P0UwlhY2rDG9DuG432A4.roa
File:                     EcF8Qs5P0UwlhY2rDG9DuG432A4.roa (raw, json)
Hash identifier:          sMWLiM0rqOnqBoiICQ00NwMYFRL4XsmE8FVjgEJT85w=
Subject key identifier:   11:C1:7C:42:CE:4F:D1:4C:25:85:8D:AB:0C:6F:43:B8:6E:37:D8:0E
Certificate issuer:       /CN=83c966da5eead50905091c3b599c9a44074739d0
Certificate serial:       018CC34933094A67E0073E74AD0195019019
Authority key identifier: 83:C9:66:DA:5E:EA:D5:09:05:09:1C:3B:59:9C:9A:44:07:47:39:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g8lm2l7q1QkFCRw7WZyaRAdHOdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/4b99b8-0657-4162-ab04-f572a0fce0ee/1/EcF8Qs5P0UwlhY2rDG9DuG432A4.roa
Signing time:             Mon 01 Jan 2024 04:30:03 +0000
ROA not before:           Mon 01 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        216.120.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/4b99b8-0657-4162-ab04-f572a0fce0ee/1/g8lm2l7q1QkFCRw7WZyaRAdHOdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/4b99b8-0657-4162-ab04-f572a0fce0ee/1/g8lm2l7q1QkFCRw7WZyaRAdHOdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g8lm2l7q1QkFCRw7WZyaRAdHOdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:33:09:4a:67:e0:07:3e:74:ad:01:95:01:90:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83c966da5eead50905091c3b599c9a44074739d0
        Validity
            Not Before: Jan  1 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11c17c42ce4fd14c25858dab0c6f43b86e37d80e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f8:5d:ea:df:03:ee:e3:34:97:ec:3d:da:b0:
                    aa:59:af:4e:a2:0c:3d:4e:7f:fc:29:57:de:84:48:
                    b4:1b:78:50:0b:18:f1:91:49:71:9a:00:e8:db:97:
                    ec:0a:fb:98:c9:7f:96:b9:14:e3:ea:31:ba:40:e2:
                    59:40:d0:4c:ab:9c:ff:64:76:d5:ef:d8:3e:05:a2:
                    91:ff:31:67:30:1c:68:c5:e0:cd:91:f4:57:e2:1d:
                    dd:c8:44:af:04:f5:95:63:7f:58:81:ec:e7:f3:b4:
                    8c:59:28:d5:0b:ef:9e:93:23:db:aa:30:4e:fe:fb:
                    ec:61:6c:b5:eb:9f:23:1d:17:c5:6e:19:3f:90:2d:
                    0f:b2:9c:91:db:a0:51:c9:f4:4d:0d:51:7a:3c:69:
                    f8:19:a7:2e:40:82:92:5e:77:5a:e9:91:15:fb:3d:
                    93:0a:55:d3:c9:e5:19:c3:0d:df:4f:30:07:ab:d7:
                    dc:5f:55:e7:58:53:87:81:63:c2:ce:39:43:45:fc:
                    39:4d:d5:9c:a6:9a:ce:7f:de:c6:cf:11:d2:a8:65:
                    b9:f2:0b:be:5d:86:51:a7:9b:d2:ce:d2:34:6f:f4:
                    78:e0:e5:db:64:94:d5:74:12:19:3c:ad:bd:4b:34:
                    ab:12:c7:47:8f:ee:f2:d1:ea:ae:3f:16:bd:c3:0b:
                    2a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C1:7C:42:CE:4F:D1:4C:25:85:8D:AB:0C:6F:43:B8:6E:37:D8:0E
            X509v3 Authority Key Identifier:
                keyid:83:C9:66:DA:5E:EA:D5:09:05:09:1C:3B:59:9C:9A:44:07:47:39:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g8lm2l7q1QkFCRw7WZyaRAdHOdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4b99b8-0657-4162-ab04-f572a0fce0ee/1/EcF8Qs5P0UwlhY2rDG9DuG432A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4b99b8-0657-4162-ab04-f572a0fce0ee/1/g8lm2l7q1QkFCRw7WZyaRAdHOdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.120.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:1e:c5:c8:78:f4:8f:ef:e8:61:0a:dc:ff:b0:11:04:15:2e:
         0b:aa:e2:49:ca:b6:f7:76:ee:1a:c8:f2:68:29:cb:a7:0b:0f:
         37:cf:e8:61:6b:52:8e:34:d2:31:38:a4:c8:bb:7f:64:b8:32:
         4a:42:dd:53:87:d3:9b:82:aa:4a:10:6b:21:93:3c:79:59:7d:
         8c:91:44:d2:f3:22:4f:a7:ed:3a:fd:36:32:54:37:7a:c0:61:
         d8:96:ad:1d:46:74:45:46:e8:b4:62:8c:f4:ce:dd:c8:dd:6b:
         6f:47:4a:47:9a:31:51:e3:fb:76:fa:2d:6a:80:01:aa:26:66:
         66:ec:f2:97:57:dd:37:c5:62:f5:11:97:aa:88:3e:e1:79:0d:
         fb:57:94:c7:10:24:de:c5:03:b9:5e:c7:f4:1f:e3:6d:80:d7:
         9f:ac:93:a4:a8:17:62:18:20:8f:bb:ba:d5:42:bb:a4:55:20:
         ce:01:69:99:b3:1d:1c:04:e6:12:6d:b3:bd:13:96:5d:2d:1c:
         00:35:03:a9:7d:20:ec:46:f3:73:a7:12:a8:eb:44:f6:23:87:
         8b:0e:ed:b6:c4:45:9f:7c:46:65:17:80:09:82:c3:da:7b:21:
         aa:9e:ff:4c:35:19:b9:55:b7:d6:51:78:2f:8e:c0:75:85:36:
         e9:bd:30:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTMJSmfgBz50rQGVAZAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYzk2NmRhNWVlYWQ1MDkwNTA5MWMzYjU5OWM5YTQ0MDc0
NzM5ZDAwHhcNMjQwMTAxMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWMxN2M0MmNlNGZkMTRjMjU4NThkYWIwYzZmNDNiODZlMzdkODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPhd6t8D7uM0l+w92rCqWa9Oogw9
Tn/8KVfehEi0G3hQCxjxkUlxmgDo25fsCvuYyX+WuRTj6jG6QOJZQNBMq5z/ZHbV
79g+BaKR/zFnMBxoxeDNkfRX4h3dyESvBPWVY39Ygezn87SMWSjVC++ekyPbqjBO
/vvsYWy1658jHRfFbhk/kC0PspyR26BRyfRNDVF6PGn4GacuQIKSXnda6ZEV+z2T
ClXTyeUZww3fTzAHq9fcX1XnWFOHgWPCzjlDRfw5TdWcpprOf97GzxHSqGW58gu+
XYZRp5vSztI0b/R44OXbZJTVdBIZPK29SzSrEsdHj+7y0equPxa9wwsqHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHBfELOT9FMJYWNqwxvQ7huN9gOMB8GA1UdIwQY
MBaAFIPJZtpe6tUJBQkcO1mcmkQHRznQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzhsbTJsN3ExUWtGQ1J3N1daeWFSQWRIT2RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80Yjk5YjgtMDY1Ny00MTYyLWFiMDQt
ZjU3MmEwZmNlMGVlLzEvRWNGOFFzNVAwVXdsaFkyckRHOUR1RzQzMkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80Yjk5YjgtMDY1Ny00MTYyLWFiMDQtZjU3MmEwZmNlMGVl
LzEvZzhsbTJsN3ExUWtGQ1J3N1daeWFSQWRIT2RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2Hi0MA0G
CSqGSIb3DQEBCwUAA4IBAQCOHsXIePSP7+hhCtz/sBEEFS4LquJJyrb3du4ayPJo
KcunCw83z+hha1KONNIxOKTIu39kuDJKQt1Th9ObgqpKEGshkzx5WX2MkUTS8yJP
p+06/TYyVDd6wGHYlq0dRnRFRui0Yoz0zt3I3WtvR0pHmjFR4/t2+i1qgAGqJmZm
7PKXV903xWL1EZeqiD7heQ37V5THECTexQO5Xsf0H+NtgNefrJOkqBdiGCCPu7rV
QrukVSDOAWmZsx0cBOYSbbO9E5ZdLRwANQOpfSDsRvNzpxKo60T2I4eLDu22xEWf
fEZlF4AJgsPaeyGqnv9MNRm5VbfWUXgvjsB1hTbpvTCv
-----END CERTIFICATE-----