Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/V4nQnWpv7TEmYCd2YZC6VSiwBDw.roa
File:                     V4nQnWpv7TEmYCd2YZC6VSiwBDw.roa (raw, json)
Hash identifier:          4ZBTxeYN0Gz6vzGybBTPap8wm+PkHtlNTvNUhbk89oI=
Subject key identifier:   57:89:D0:9D:6A:6F:ED:31:26:60:27:76:61:90:BA:55:28:B0:04:3C
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       01927B01DAAD6865C3ADC3ED7220A4707728
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/V4nQnWpv7TEmYCd2YZC6VSiwBDw.roa
Signing time:             Fri 11 Oct 2024 09:56:11 +0000
ROA not before:           Fri 11 Oct 2024 09:56:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19750
IP address blocks:        152.53.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:01:da:ad:68:65:c3:ad:c3:ed:72:20:a4:70:77:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Oct 11 09:56:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5789d09d6a6fed31266027766190ba5528b0043c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:68:c7:ce:4e:99:f2:2d:b2:37:f6:90:e5:12:
                    3b:f3:d9:ae:d9:44:7d:55:2b:3d:d3:56:e6:ef:88:
                    80:4a:f2:79:ea:91:94:53:91:0d:a3:30:8d:1b:fc:
                    ae:5a:ce:f9:45:6d:28:d7:58:99:82:b3:ec:d3:06:
                    a6:28:20:c6:fc:bb:83:9a:cc:52:b9:3f:f4:64:4e:
                    e8:4f:fa:6d:28:db:c0:8b:90:6b:dc:89:09:54:22:
                    64:d1:ea:f4:16:e8:5a:9b:7c:a0:4f:b3:85:34:54:
                    08:5d:89:0b:90:0d:a7:b7:9f:d6:d8:2d:83:f0:0c:
                    f4:f6:86:13:46:a6:e8:29:7c:63:c5:8b:15:cd:f5:
                    b7:99:3f:2e:02:5a:a3:77:27:27:c8:54:ed:40:0f:
                    49:24:c1:72:80:3a:05:1b:f9:62:54:6a:e4:fd:e0:
                    c7:b2:e0:06:df:bb:65:65:dd:37:db:3b:0a:70:11:
                    92:e1:7c:96:b9:fd:85:4f:17:c7:64:24:8a:d2:82:
                    2b:c5:15:bb:43:1e:2d:2d:ca:f4:1e:45:96:13:12:
                    8b:7e:48:34:c9:16:c8:5a:75:0f:d1:6d:7c:f6:01:
                    50:14:8f:56:b2:27:56:88:14:27:76:e7:08:83:22:
                    4a:ee:ba:29:af:d9:11:8b:59:b4:24:6b:b6:4b:53:
                    75:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:89:D0:9D:6A:6F:ED:31:26:60:27:76:61:90:BA:55:28:B0:04:3C
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/V4nQnWpv7TEmYCd2YZC6VSiwBDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:6a:98:40:57:24:7d:e8:45:5b:8e:44:5e:85:c8:2f:8b:7a:
         20:58:96:5d:91:11:7b:a1:5d:dc:b8:18:45:b8:53:7d:f3:94:
         9c:27:18:ce:ab:7e:7d:66:e4:fa:33:60:2f:3f:88:92:fc:c1:
         60:61:08:2c:fe:2b:60:28:c3:9c:ce:c2:d6:0a:f8:de:67:e7:
         bd:85:3b:f6:ee:51:95:2c:6b:41:0e:f3:8e:e3:af:a9:2b:97:
         de:9c:e3:7b:46:8b:7f:b1:86:c6:b7:c8:97:b4:f3:d4:81:e8:
         14:35:9b:82:68:5f:b9:bc:94:63:66:e6:29:e1:e7:72:92:93:
         27:3e:3b:5b:6e:16:c7:37:d4:f3:1a:43:ac:03:8b:c4:f4:58:
         38:1f:b4:46:bf:49:d4:f6:40:f2:e5:4a:95:98:ca:39:2d:e2:
         12:6d:49:4e:32:d0:27:70:b2:70:7d:89:d9:5e:56:eb:2e:4d:
         28:2c:d2:fa:46:d0:71:7e:75:f7:46:40:bd:d2:e8:41:e4:c8:
         44:a5:8c:c1:6a:1d:38:3f:bf:fe:cb:70:07:8a:14:56:b2:f1:
         52:2e:f6:f6:9e:aa:da:ec:00:f4:61:52:90:46:e3:1c:90:48:
         9f:e8:ca:b3:5a:1c:97:0d:79:e7:22:04:af:a2:7c:93:43:56:
         3d:21:bf:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ7AdqtaGXDrcPtciCkcHcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjQxMDExMDk1NjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Nzg5ZDA5ZDZhNmZlZDMxMjY2MDI3NzY2MTkwYmE1NTI4YjAwNDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2jHzk6Z8i2yN/aQ5RI789mu2UR9
VSs901bm74iASvJ56pGUU5ENozCNG/yuWs75RW0o11iZgrPs0wamKCDG/LuDmsxS
uT/0ZE7oT/ptKNvAi5Br3IkJVCJk0er0Fuham3ygT7OFNFQIXYkLkA2nt5/W2C2D
8Az09oYTRqboKXxjxYsVzfW3mT8uAlqjdycnyFTtQA9JJMFygDoFG/liVGrk/eDH
suAG37tlZd032zsKcBGS4XyWuf2FTxfHZCSK0oIrxRW7Qx4tLcr0HkWWExKLfkg0
yRbIWnUP0W189gFQFI9WsidWiBQnducIgyJK7ropr9kRi1m0JGu2S1N1uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFeJ0J1qb+0xJmAndmGQulUosAQ8MB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvVjRuUW5XcHY3VEVtWUNkMllaQzZWU2l3QkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmDVEMA0G
CSqGSIb3DQEBCwUAA4IBAQCnaphAVyR96EVbjkRehcgvi3ogWJZdkRF7oV3cuBhF
uFN985ScJxjOq359ZuT6M2AvP4iS/MFgYQgs/itgKMOczsLWCvjeZ+e9hTv27lGV
LGtBDvOO46+pK5fenON7Rot/sYbGt8iXtPPUgegUNZuCaF+5vJRjZuYp4edykpMn
PjtbbhbHN9TzGkOsA4vE9Fg4H7RGv0nU9kDy5UqVmMo5LeISbUlOMtAncLJwfYnZ
XlbrLk0oLNL6RtBxfnX3RkC90uhB5MhEpYzBah04P7/+y3AHihRWsvFSLvb2nqra
7AD0YVKQRuMckEif6MqzWhyXDXnnIgSvonyTQ1Y9Ib8f
-----END CERTIFICATE-----