Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/pX9VssUu1cEMqY00fgi0Eg94gPY.roa
File:                     pX9VssUu1cEMqY00fgi0Eg94gPY.roa (raw, json)
Hash identifier:          EjTxD+f6o16NKRn/fBc1xacFcc4tuOM1nf/GnQ3UzI4=
Subject key identifier:   A5:7F:55:B2:C5:2E:D5:C1:0C:A9:8D:34:7E:08:B4:12:0F:78:80:F6
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       018CC802D31F52AD8F58ADA5F58DD83C5697
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/pX9VssUu1cEMqY00fgi0Eg94gPY.roa
Signing time:             Tue 02 Jan 2024 02:31:17 +0000
ROA not before:           Tue 02 Jan 2024 02:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        192.53.136.0/21 maxlen: 21
                          192.53.64.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d3:1f:52:ad:8f:58:ad:a5:f5:8d:d8:3c:56:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Jan  2 02:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a57f55b2c52ed5c10ca98d347e08b4120f7880f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:13:e6:77:e8:73:cf:c2:20:94:6f:57:c9:d5:
                    41:dc:15:9d:7a:fc:63:ee:51:e1:8c:c1:eb:1e:2e:
                    35:50:1c:ca:1a:cd:10:23:ca:3b:c9:19:a1:22:6e:
                    3c:1b:28:9d:97:85:7e:13:e8:84:b3:eb:1a:da:e8:
                    54:0b:cd:fd:e6:84:b1:2f:0b:c6:f4:d2:c6:2f:a5:
                    85:23:d0:3c:ac:16:97:68:54:e8:97:f7:0e:59:70:
                    df:7a:aa:49:cb:fc:a7:75:8c:d9:dc:c8:e7:e2:5a:
                    f4:1c:a8:af:84:7b:fc:14:3c:59:a8:e7:bb:c3:87:
                    b2:4a:9f:2d:e2:69:48:70:5d:ff:6e:1f:b2:da:f3:
                    f9:f8:f2:92:2e:85:b2:f4:ba:7a:aa:c1:ed:a0:f6:
                    9c:a6:a5:44:7c:5c:b2:d4:1d:6e:fb:fa:be:e5:b6:
                    1a:1c:24:06:ec:88:92:16:6a:6e:20:b5:34:94:e2:
                    5b:2f:ae:5c:be:fa:2e:b6:4d:66:e0:ce:75:88:cb:
                    0c:6b:fb:b5:75:cf:de:1d:3d:8e:ef:fb:aa:dc:a0:
                    c5:9d:05:b4:b2:89:0c:16:05:ec:34:62:d3:4e:dd:
                    0a:d5:33:c9:4c:d7:3a:df:8d:50:24:d9:c7:d0:1b:
                    8e:6c:f2:4f:31:b8:b2:59:dc:da:64:f5:1f:3c:1a:
                    66:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:7F:55:B2:C5:2E:D5:C1:0C:A9:8D:34:7E:08:B4:12:0F:78:80:F6
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/pX9VssUu1cEMqY00fgi0Eg94gPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.53.64.0/21
                  192.53.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7e:f5:42:a0:8a:4c:82:ff:2a:74:7f:a7:c8:5a:f7:4e:7a:0a:
         5c:e0:d1:55:42:d8:38:7f:4b:a9:73:08:ac:c9:bc:9f:86:e1:
         0f:bd:49:8a:15:a9:68:8c:4d:e6:ae:9f:76:77:f5:76:ca:19:
         1a:1f:0a:01:06:bc:d5:0f:77:63:ff:1f:86:38:b8:70:c8:7a:
         a9:2a:4c:b5:49:ab:8e:db:95:3f:13:95:b5:e6:93:b7:c1:aa:
         5f:3e:ef:6d:d0:df:dd:de:92:ee:9b:d6:e8:f5:ca:62:5a:d6:
         e7:0a:32:2e:17:32:b9:32:49:76:34:03:4d:75:2d:7b:37:fe:
         6b:2c:55:eb:fc:e5:10:d9:72:14:cb:e9:bc:8b:9a:dc:b6:e4:
         ee:21:2c:ca:fb:07:49:6e:cb:24:ce:98:89:0f:5a:7a:89:58:
         1a:c0:2f:35:a4:4c:78:66:e3:42:f0:71:db:c8:65:9f:19:e2:
         b8:2c:09:da:15:6b:2e:90:5a:60:5d:ea:3d:0e:d6:a3:c7:7c:
         41:df:c5:0e:36:1d:b6:0a:74:3f:ea:fd:a9:dc:53:01:ce:8c:
         08:70:36:98:8b:34:65:90:30:5a:64:9c:84:ae:d5:c7:a8:60:
         8e:fe:6a:a9:b0:c6:fe:c8:9f:d5:87:7f:e4:36:cd:0d:ab:d9:
         7d:4e:1f:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAtMfUq2PWK2l9Y3YPFaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjQwMTAyMDIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTdmNTViMmM1MmVkNWMxMGNhOThkMzQ3ZTA4YjQxMjBmNzg4MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxPmd+hzz8IglG9XydVB3BWdevxj
7lHhjMHrHi41UBzKGs0QI8o7yRmhIm48Gyidl4V+E+iEs+sa2uhUC8395oSxLwvG
9NLGL6WFI9A8rBaXaFTol/cOWXDfeqpJy/yndYzZ3Mjn4lr0HKivhHv8FDxZqOe7
w4eySp8t4mlIcF3/bh+y2vP5+PKSLoWy9Lp6qsHtoPacpqVEfFyy1B1u+/q+5bYa
HCQG7IiSFmpuILU0lOJbL65cvvoutk1m4M51iMsMa/u1dc/eHT2O7/uq3KDFnQW0
sokMFgXsNGLTTt0K1TPJTNc6341QJNnH0BuObPJPMbiyWdzaZPUfPBpm6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKV/VbLFLtXBDKmNNH4ItBIPeID2MB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvcFg5VnNzVXUxY0VNcVkwMGZnaTBFZzk0Z1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDwDVAAwQD
wDWIMA0GCSqGSIb3DQEBCwUAA4IBAQB+9UKgikyC/yp0f6fIWvdOegpc4NFVQtg4
f0upcwisybyfhuEPvUmKFalojE3mrp92d/V2yhkaHwoBBrzVD3dj/x+GOLhwyHqp
Kky1SauO25U/E5W15pO3wapfPu9t0N/d3pLum9bo9cpiWtbnCjIuFzK5Mkl2NANN
dS17N/5rLFXr/OUQ2XIUy+m8i5rctuTuISzK+wdJbsskzpiJD1p6iVgawC81pEx4
ZuNC8HHbyGWfGeK4LAnaFWsukFpgXeo9Dtajx3xB38UONh22CnQ/6v2p3FMBzowI
cDaYizRlkDBaZJyErtXHqGCO/mqpsMb+yJ/Vh3/kNs0Nq9l9Th9H
-----END CERTIFICATE-----