Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/DHALUAN5tK6vdZdATqkw-W3Rehs.roa
File:                     DHALUAN5tK6vdZdATqkw-W3Rehs.roa (raw, json)
Hash identifier:          7l9RAeo7N/jmnp2dP2Muv9E6xCL1r9O+gLOg/k2Fq2s=
Subject key identifier:   0C:70:0B:50:03:79:B4:AE:AF:75:97:40:4E:A9:30:F9:6D:D1:7A:1B
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       01942220125BC42FFC3B4BB691E9185DC320
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/DHALUAN5tK6vdZdATqkw-W3Rehs.roa
Signing time:             Wed 01 Jan 2025 13:48:34 +0000
ROA not before:           Wed 01 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7470
IP address blocks:        163.171.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:12:5b:c4:2f:fc:3b:4b:b6:91:e9:18:5d:c3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c700b500379b4aeaf7597404ea930f96dd17a1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:5d:fb:c5:67:28:30:49:67:1f:25:a1:04:e1:
                    96:9b:a9:26:68:bc:e9:dc:69:44:5d:16:ed:d2:74:
                    e8:06:9c:80:0a:0a:00:a5:79:e4:c0:67:ec:1b:28:
                    99:26:0c:4f:b1:6d:1b:8b:c3:79:3a:26:6d:7c:a3:
                    d6:1e:09:86:67:e0:47:c3:af:36:04:8a:69:52:ae:
                    61:79:01:ae:b8:4a:dc:37:be:17:2d:2e:b4:94:fb:
                    d9:f8:2c:53:89:9f:13:95:56:50:76:bb:df:59:12:
                    77:99:b4:2a:4a:93:dc:6e:9d:bb:48:d6:4e:dd:e0:
                    ac:66:63:5c:f3:98:31:8b:7c:5c:ca:e6:a0:fb:5f:
                    3d:97:73:e5:15:fc:1f:4c:bd:b9:d0:6a:47:30:c2:
                    48:0f:22:19:ea:f8:59:5f:dc:6a:81:fc:b2:47:89:
                    c6:bf:ea:22:7d:c6:92:03:01:d8:3e:df:50:86:6d:
                    e9:34:6b:11:26:9e:5b:f2:4f:b8:92:d2:75:d3:c3:
                    cc:e0:51:b3:e7:00:63:8f:05:df:46:77:dc:0b:14:
                    1b:d6:84:79:4d:2a:67:ec:45:03:cd:0e:41:3b:e1:
                    b4:c3:ad:a7:56:6b:27:d9:23:ca:90:7a:59:40:16:
                    43:ae:74:5f:84:67:97:70:ef:b8:6a:63:69:07:4c:
                    4f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:70:0B:50:03:79:B4:AE:AF:75:97:40:4E:A9:30:F9:6D:D1:7A:1B
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/DHALUAN5tK6vdZdATqkw-W3Rehs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.171.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:59:74:eb:7f:b8:11:b6:ce:d5:da:13:af:15:1e:3a:15:f3:
         00:16:39:d1:2f:d3:d7:6f:01:b4:88:b8:1e:0f:5f:46:32:38:
         7f:51:06:b9:f5:ad:b5:3f:c8:87:c6:cf:65:95:c7:7f:c0:cd:
         ed:0f:cb:13:e2:e6:ad:bb:72:ad:3a:14:4e:47:24:3b:c4:ba:
         37:f1:ed:91:73:60:db:72:d1:51:59:1f:c9:5e:8c:05:07:5c:
         e9:66:2d:46:f4:ae:a1:21:fd:67:f1:eb:19:1f:bd:84:4f:09:
         cd:15:3f:f7:ba:66:7d:7e:a7:70:0c:2e:76:d3:58:9d:ae:a7:
         f3:b3:15:18:77:15:4b:03:5e:a6:20:13:a7:1d:4f:18:0c:24:
         19:14:cd:4b:0c:a8:a3:92:b8:c0:b7:ff:fc:47:ee:c3:fb:a7:
         be:51:50:ad:65:f4:f4:7a:4c:22:2e:85:31:af:88:09:ab:75:
         58:b4:cf:e3:ec:bd:2c:16:4f:63:19:40:5e:bd:6f:b9:2f:0b:
         9c:80:21:50:5a:d7:8d:20:bf:73:bb:d5:1f:e4:70:a5:8a:f7:
         59:cd:0b:8c:33:1c:e7:d1:7e:c4:f0:f0:e5:61:24:55:c8:e5:
         33:96:28:8e:91:3a:03:4d:43:cd:4a:f9:13:31:53:2a:2e:cd:
         83:85:7b:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBJbxC/8O0u2kekYXcMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzcwMGI1MDAzNzliNGFlYWY3NTk3NDA0ZWE5MzBmOTZkZDE3YTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo137xWcoMElnHyWhBOGWm6kmaLzp
3GlEXRbt0nToBpyACgoApXnkwGfsGyiZJgxPsW0bi8N5OiZtfKPWHgmGZ+BHw682
BIppUq5heQGuuErcN74XLS60lPvZ+CxTiZ8TlVZQdrvfWRJ3mbQqSpPcbp27SNZO
3eCsZmNc85gxi3xcyuag+189l3PlFfwfTL250GpHMMJIDyIZ6vhZX9xqgfyyR4nG
v+oifcaSAwHYPt9Qhm3pNGsRJp5b8k+4ktJ108PM4FGz5wBjjwXfRnfcCxQb1oR5
TSpn7EUDzQ5BO+G0w62nVmsn2SPKkHpZQBZDrnRfhGeXcO+4amNpB0xPjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxwC1ADebSur3WXQE6pMPlt0XobMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvREhBTFVBTjV0SzZ2ZFpkQVRxa3ctVzNSZWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo6tEMA0G
CSqGSIb3DQEBCwUAA4IBAQCCWXTrf7gRts7V2hOvFR46FfMAFjnRL9PXbwG0iLge
D19GMjh/UQa59a21P8iHxs9llcd/wM3tD8sT4uatu3KtOhRORyQ7xLo38e2Rc2Db
ctFRWR/JXowFB1zpZi1G9K6hIf1n8esZH72ETwnNFT/3umZ9fqdwDC5201idrqfz
sxUYdxVLA16mIBOnHU8YDCQZFM1LDKijkrjAt//8R+7D+6e+UVCtZfT0ekwiLoUx
r4gJq3VYtM/j7L0sFk9jGUBevW+5LwucgCFQWteNIL9zu9Uf5HClivdZzQuMMxzn
0X7E8PDlYSRVyOUzliiOkToDTUPNSvkTMVMqLs2DhXsH
-----END CERTIFICATE-----