Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/csxmFsHOWOPGOst-CWkvbJTOw_U.roa
File:                     csxmFsHOWOPGOst-CWkvbJTOw_U.roa (raw, json)
Hash identifier:          OClUXCZlQtd8yCuxFXJ8SrBTQRfW/iHSn4YTFcnJ+yw=
Subject key identifier:   72:CC:66:16:C1:CE:58:E3:C6:3A:CB:7E:09:69:2F:6C:94:CE:C3:F5
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018CC5DC5951B5F60763098902BE7937BB05
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/csxmFsHOWOPGOst-CWkvbJTOw_U.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        163.171.89.0/24 maxlen: 24
                          148.253.245.0/24 maxlen: 24
                          148.253.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:59:51:b5:f6:07:63:09:89:02:be:79:37:bb:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72cc6616c1ce58e3c63acb7e09692f6c94cec3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:29:80:c9:37:f5:c1:d6:c4:e6:60:e9:23:e0:
                    9d:29:d3:86:ea:5f:1b:75:d9:66:ae:a7:62:6f:eb:
                    6d:51:cb:0b:b9:30:55:74:9c:36:b5:32:fd:35:df:
                    c7:dd:26:ce:43:35:a9:07:8a:a6:7a:cf:16:49:24:
                    21:a5:dc:28:58:d5:53:ea:80:c7:ce:89:b0:4e:85:
                    9d:eb:8c:14:88:2d:06:86:bf:06:bf:b5:7d:d8:62:
                    c1:e0:90:67:a2:bf:40:45:71:f0:75:ad:5f:d7:ff:
                    9a:99:05:c5:9f:2c:00:0b:5a:69:9f:da:dc:3c:c4:
                    5f:49:3d:3e:28:a9:53:2e:32:d3:1b:a7:08:41:ed:
                    43:93:a1:c9:ba:3b:63:ba:8b:25:5f:34:bb:1c:7f:
                    c4:ed:bc:fa:ba:38:4b:83:ea:0f:6c:ac:68:41:45:
                    d8:a8:27:4d:28:9d:97:e9:99:e5:ac:f7:3d:22:98:
                    48:27:48:a5:80:5a:ae:80:ce:9a:90:73:0c:00:bd:
                    f8:d2:37:ae:d9:d1:fd:bc:40:1c:f2:77:e3:d8:7a:
                    76:c1:8c:32:6a:5a:34:b7:e7:2a:96:3b:71:50:ea:
                    4b:2b:9b:f3:97:0f:a5:29:b8:31:aa:0f:22:41:8b:
                    c0:e9:75:4b:bc:cb:e6:32:33:26:76:ad:bc:c5:05:
                    8f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:CC:66:16:C1:CE:58:E3:C6:3A:CB:7E:09:69:2F:6C:94:CE:C3:F5
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/csxmFsHOWOPGOst-CWkvbJTOw_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.253.244.0/23
                  163.171.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:a4:e2:6e:e1:22:00:fe:21:55:4e:f6:86:c8:9a:6b:b6:75:
         c0:62:62:51:84:26:ed:60:0b:d6:06:60:87:53:d7:25:8c:bf:
         5a:59:ae:ca:7d:8b:0c:e9:10:6c:bd:3e:67:ca:46:3e:1f:b2:
         56:35:9c:a9:d8:ea:c2:c4:1f:81:ce:82:7b:4c:7f:07:01:63:
         41:2f:5f:11:02:3b:88:3f:9e:2b:56:82:5e:e8:b0:07:68:53:
         d0:01:09:66:a0:04:d7:e3:76:c8:ca:b4:5b:1b:27:43:02:c5:
         4c:7f:a5:6e:67:1c:1e:28:2e:d0:47:97:aa:09:1d:55:9c:bc:
         92:e7:75:ea:c8:6b:c8:85:b2:4a:6c:95:83:6d:13:43:94:23:
         ad:f9:98:3e:da:a7:a4:42:09:d8:88:23:eb:59:48:a7:87:a2:
         d8:75:6b:d0:d2:eb:1a:a2:00:68:c3:b9:a8:13:41:17:5d:1d:
         48:91:76:89:52:6f:8a:e2:8e:23:64:06:1e:c7:4f:c1:08:bb:
         38:d7:64:2e:b1:b0:9c:18:6e:9f:5d:d5:9f:c6:86:20:9e:6f:
         4f:3f:0a:1e:25:93:08:73:ea:66:27:ab:98:3f:f2:a6:82:4d:
         bf:b2:e0:37:3a:28:82:3b:7b:2b:1f:c2:c7:ae:f2:69:04:c1:
         1d:41:5b:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3FlRtfYHYwmJAr55N7sFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmNjNjYxNmMxY2U1OGUzYzYzYWNiN2UwOTY5MmY2Yzk0Y2VjM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCmAyTf1wdbE5mDpI+CdKdOG6l8b
ddlmrqdib+ttUcsLuTBVdJw2tTL9Nd/H3SbOQzWpB4qmes8WSSQhpdwoWNVT6oDH
zomwToWd64wUiC0Ghr8Gv7V92GLB4JBnor9ARXHwda1f1/+amQXFnywAC1ppn9rc
PMRfST0+KKlTLjLTG6cIQe1Dk6HJujtjuoslXzS7HH/E7bz6ujhLg+oPbKxoQUXY
qCdNKJ2X6ZnlrPc9IphIJ0ilgFqugM6akHMMAL340jeu2dH9vEAc8nfj2Hp2wYwy
alo0t+cqljtxUOpLK5vzlw+lKbgxqg8iQYvA6XVLvMvmMjMmdq28xQWPYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHLMZhbBzljjxjrLfglpL2yUzsP1MB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvY3N4bUZzSE9XT1BHT3N0LUNXa3ZiSlRPd19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBlP30AwQA
o6tZMA0GCSqGSIb3DQEBCwUAA4IBAQAvpOJu4SIA/iFVTvaGyJprtnXAYmJRhCbt
YAvWBmCHU9cljL9aWa7KfYsM6RBsvT5nykY+H7JWNZyp2OrCxB+BzoJ7TH8HAWNB
L18RAjuIP54rVoJe6LAHaFPQAQlmoATX43bIyrRbGydDAsVMf6VuZxweKC7QR5eq
CR1VnLyS53XqyGvIhbJKbJWDbRNDlCOt+Zg+2qekQgnYiCPrWUinh6LYdWvQ0usa
ogBow7moE0EXXR1IkXaJUm+K4o4jZAYex0/BCLs412QusbCcGG6fXdWfxoYgnm9P
PwoeJZMIc+pmJ6uYP/Kmgk2/suA3OiiCO3srH8LHrvJpBMEdQVuZ
-----END CERTIFICATE-----