Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/6iUwUBKotw1cWN89o9bzUbhlzY0.roa
File:                     6iUwUBKotw1cWN89o9bzUbhlzY0.roa (raw, json)
Hash identifier:          clQKQpB47fBCiZARCtE5RbCSXJEbxT75yfaNrCq1ezo=
Subject key identifier:   EA:25:30:50:12:A8:B7:0D:5C:58:DF:3D:A3:D6:F3:51:B8:65:CD:8D
Certificate issuer:       /CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
Certificate serial:       018CC870457376E3CE8958CCEF73F75132AD
Authority key identifier: 17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/6iUwUBKotw1cWN89o9bzUbhlzY0.roa
Signing time:             Tue 02 Jan 2024 04:30:50 +0000
ROA not before:           Tue 02 Jan 2024 04:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13448
IP address blocks:        157.167.3.0/24 maxlen: 24
                          157.167.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:45:73:76:e3:ce:89:58:cc:ef:73:f7:51:32:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
        Validity
            Not Before: Jan  2 04:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea25305012a8b70d5c58df3da3d6f351b865cd8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:53:54:ac:a3:fa:b1:87:e1:a4:f9:df:af:d5:
                    84:02:4c:59:f6:e0:87:54:eb:27:6f:8c:45:e5:1b:
                    a8:ce:48:63:e4:c9:62:ca:20:27:9b:20:a6:00:09:
                    95:8b:4a:2e:32:54:5c:35:7c:6c:6e:93:1d:5d:8c:
                    22:70:46:24:a3:a6:db:db:06:0f:4d:e6:84:20:f7:
                    bf:08:92:23:f5:ec:30:ce:27:74:12:9a:20:97:59:
                    c1:f0:da:89:90:a1:7d:e1:64:fd:24:43:8e:a8:1f:
                    53:8a:9b:29:4b:e6:6c:16:cd:6e:2b:e5:3f:96:a2:
                    ca:28:d8:fd:f6:19:7b:87:21:f1:0f:9b:53:e1:8e:
                    22:29:2a:7d:34:e4:5d:2d:f0:c3:18:fb:9d:fd:7f:
                    62:99:2c:88:96:d5:fb:3d:d6:36:25:c2:83:6c:73:
                    7c:32:90:4d:bd:63:43:d9:3f:dd:19:82:5d:24:48:
                    ad:fb:08:e4:db:83:a7:46:62:54:89:c5:af:a6:a5:
                    3a:e6:dd:b1:ba:ec:ef:64:ca:29:50:6f:3a:a2:14:
                    8f:19:e6:a1:fb:5d:c1:be:94:fe:90:cc:a9:a7:a9:
                    f0:fa:7e:9e:fb:19:77:f0:01:f6:f4:73:43:61:bd:
                    dc:af:4d:90:de:1c:cf:a2:af:41:a1:76:bc:5c:a7:
                    23:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:25:30:50:12:A8:B7:0D:5C:58:DF:3D:A3:D6:F3:51:B8:65:CD:8D
            X509v3 Authority Key Identifier:
                keyid:17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/6iUwUBKotw1cWN89o9bzUbhlzY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.167.1.0/24
                  157.167.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:2a:27:c5:4a:91:c1:48:af:88:15:99:3f:27:73:8f:ad:70:
         9f:45:2e:2d:1c:d3:11:04:51:6b:fe:30:2f:27:06:72:19:53:
         9c:b1:f6:16:b5:3f:dc:30:2f:24:d1:ed:97:a7:9b:44:9b:53:
         31:e8:30:39:95:19:bf:21:12:94:24:fb:c9:d7:01:69:a7:f1:
         f2:1d:b5:58:bb:b3:ba:5a:c3:a6:3f:d9:96:2a:a1:13:73:f6:
         ed:f3:60:80:8b:79:80:87:6c:e3:cf:30:a8:03:05:01:1c:a2:
         88:ed:4f:86:e7:2c:d1:60:ba:37:98:d3:78:d7:9c:34:20:b4:
         64:3e:63:10:0f:76:38:ff:ea:b4:c6:9c:30:c5:92:0a:44:c6:
         82:db:de:fc:09:48:e8:94:b0:4a:2e:3f:d9:bb:b4:df:e1:79:
         e8:ce:7c:d3:df:08:0b:72:4c:d3:71:1e:7d:df:22:5a:fe:a6:
         8e:14:c7:1b:7e:21:9a:8c:55:90:25:ba:c1:44:27:45:e4:42:
         24:43:53:1b:d1:c0:40:8d:6d:7b:3c:77:7e:b7:fb:0f:58:3c:
         8e:c3:be:18:1b:c1:32:fc:47:a1:52:53:23:43:21:91:0b:d2:
         e0:90:f2:5b:0e:e1:cc:1a:cd:d8:27:a0:63:49:37:a6:d2:38:
         4c:2c:52:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcEVzduPOiVjM73P3UTKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZGQ5YzIzYWY2OWVjMmNkYjZmZTJiOTkzNmViNDk0Y2Zk
MTYyMWYwHhcNMjQwMTAyMDQzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTI1MzA1MDEyYThiNzBkNWM1OGRmM2RhM2Q2ZjM1MWI4NjVjZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolNUrKP6sYfhpPnfr9WEAkxZ9uCH
VOsnb4xF5Ruozkhj5MliyiAnmyCmAAmVi0ouMlRcNXxsbpMdXYwicEYko6bb2wYP
TeaEIPe/CJIj9ewwzid0Epogl1nB8NqJkKF94WT9JEOOqB9TipspS+ZsFs1uK+U/
lqLKKNj99hl7hyHxD5tT4Y4iKSp9NORdLfDDGPud/X9imSyIltX7PdY2JcKDbHN8
MpBNvWND2T/dGYJdJEit+wjk24OnRmJUicWvpqU65t2xuuzvZMopUG86ohSPGeah
+13BvpT+kMypp6nw+n6e+xl38AH29HNDYb3cr02Q3hzPoq9BoXa8XKcjUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOolMFASqLcNXFjfPaPW81G4Zc2NMB8GA1UdIwQY
MBaAFBfdnCOvaews22/iuZNutJTP0WIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYt
OGZhN2I0YzUzMDczLzEvNmlVd1VCS290dzFjV044OW85YnpVYmhselkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYtOGZhN2I0YzUzMDcz
LzEvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAnacBAwQA
nacDMA0GCSqGSIb3DQEBCwUAA4IBAQBUKifFSpHBSK+IFZk/J3OPrXCfRS4tHNMR
BFFr/jAvJwZyGVOcsfYWtT/cMC8k0e2Xp5tEm1Mx6DA5lRm/IRKUJPvJ1wFpp/Hy
HbVYu7O6WsOmP9mWKqETc/bt82CAi3mAh2zjzzCoAwUBHKKI7U+G5yzRYLo3mNN4
15w0ILRkPmMQD3Y4/+q0xpwwxZIKRMaC2978CUjolLBKLj/Zu7Tf4XnoznzT3wgL
ckzTcR593yJa/qaOFMcbfiGajFWQJbrBRCdF5EIkQ1Mb0cBAjW17PHd+t/sPWDyO
w74YG8Ey/EehUlMjQyGRC9LgkPJbDuHMGs3YJ6BjSTem0jhMLFJU
-----END CERTIFICATE-----