Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/RXTtArR93Rerlpri9PWjeI-8kis.roa
File:                     RXTtArR93Rerlpri9PWjeI-8kis.roa (raw, json)
Hash identifier:          axDvwSJYg/G/W+09aQOKGsgNkaSO2gx0YVarpLt7F74=
Subject key identifier:   45:74:ED:02:B4:7D:DD:17:AB:96:9A:E2:F4:F5:A3:78:8F:BC:92:2B
Certificate issuer:       /CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
Certificate serial:       018CC94D7C025E2EEC59E1EB7C488CF101B6
Authority key identifier: 23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/RXTtArR93Rerlpri9PWjeI-8kis.roa
Signing time:             Tue 02 Jan 2024 08:32:27 +0000
ROA not before:           Tue 02 Jan 2024 08:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203477
IP address blocks:        212.1.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 11:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7c:02:5e:2e:ec:59:e1:eb:7c:48:8c:f1:01:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
        Validity
            Not Before: Jan  2 08:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4574ed02b47ddd17ab969ae2f4f5a3788fbc922b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e6:4f:47:e9:4d:8e:d1:82:cb:bd:64:8a:84:
                    b5:c4:42:72:fa:7f:52:19:df:0c:e1:e4:b8:40:f1:
                    c2:ba:92:2a:f0:a9:14:7b:e2:00:4f:12:8c:e1:6e:
                    59:70:80:fc:a8:03:36:ab:6f:a7:dd:6a:90:b0:ae:
                    b8:d9:b5:3d:e0:ed:a2:ab:bf:1f:b9:2e:fa:70:0b:
                    8c:b6:d5:f1:63:3b:34:21:42:1d:1c:9b:26:16:0f:
                    38:94:65:87:59:0f:17:7f:39:97:6a:62:88:2b:2c:
                    d5:13:2f:b9:59:7b:f6:22:d7:a9:7a:ce:e1:58:c4:
                    d3:8a:c6:04:b3:e7:e7:5e:db:79:95:6e:46:aa:78:
                    94:22:9c:40:03:5d:ee:61:98:ef:52:18:e4:ee:3c:
                    c7:26:05:60:c4:9b:c9:6a:86:9e:f5:50:98:f4:82:
                    1c:28:c1:69:78:85:f8:1f:9f:22:a6:0f:2f:88:e7:
                    33:87:53:c6:74:e0:99:e0:cb:a1:ee:71:f4:44:ef:
                    aa:03:35:11:a5:81:fd:ba:a5:76:a2:6c:4b:a0:6f:
                    a3:06:9d:8f:65:de:47:1e:4b:56:56:f4:eb:62:cf:
                    c4:7d:03:6c:3f:53:97:a5:5d:bf:80:ac:36:12:63:
                    22:01:f5:c4:e8:20:d8:eb:a8:c9:07:0d:45:05:2f:
                    00:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:74:ED:02:B4:7D:DD:17:AB:96:9A:E2:F4:F5:A3:78:8F:BC:92:2B
            X509v3 Authority Key Identifier:
                keyid:23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/RXTtArR93Rerlpri9PWjeI-8kis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.1.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:ff:7c:52:6e:ba:b2:c6:9e:7d:d7:89:1a:3f:6c:b1:f6:f5:
         7d:36:85:79:2c:8d:8a:48:f0:95:95:5c:2b:34:aa:e3:d0:3c:
         90:80:1a:ac:a8:6b:2a:20:4a:19:e5:fb:94:b7:55:00:b1:85:
         8d:6b:cd:13:28:0a:70:e5:9a:fb:35:2b:62:2d:d9:28:40:95:
         e1:02:98:fc:46:e7:49:de:ce:30:11:8d:31:ce:27:ba:c3:af:
         6e:28:ae:b1:db:45:45:7e:87:26:27:bb:cf:c0:39:f4:a0:a4:
         78:8a:aa:34:fa:6c:f1:89:8b:46:e7:a3:88:9c:8b:a8:0a:92:
         2d:f7:d9:23:f8:17:8a:3f:4d:17:47:5e:b7:d0:11:fb:16:1d:
         d5:35:8f:66:44:d1:75:f9:29:77:31:43:85:26:05:58:5d:25:
         6a:28:72:75:cf:17:1f:70:6f:2a:2e:9c:16:2d:05:1a:eb:f6:
         62:50:4e:fb:a3:90:86:c0:2f:31:f4:e6:73:bc:f7:e1:c7:09:
         e6:15:2c:34:b2:f6:37:3b:cb:97:fd:3e:23:91:d9:2a:b8:96:
         3e:f3:69:b0:55:86:7e:0e:38:18:77:01:eb:c7:98:ad:38:e2:
         63:f8:d6:ce:85:4e:c6:c5:aa:ca:55:b9:98:3a:f9:eb:53:29:
         78:04:74:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXwCXi7sWeHrfEiM8QG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNzhhNGE5YzUyMzI1YTg1OTIwODA5YmExYTRkODllMjFj
MDJmMTcwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTc0ZWQwMmI0N2RkZDE3YWI5NjlhZTJmNGY1YTM3ODhmYmM5MjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheZPR+lNjtGCy71kioS1xEJy+n9S
Gd8M4eS4QPHCupIq8KkUe+IATxKM4W5ZcID8qAM2q2+n3WqQsK642bU94O2iq78f
uS76cAuMttXxYzs0IUIdHJsmFg84lGWHWQ8XfzmXamKIKyzVEy+5WXv2Itepes7h
WMTTisYEs+fnXtt5lW5GqniUIpxAA13uYZjvUhjk7jzHJgVgxJvJaoae9VCY9IIc
KMFpeIX4H58ipg8viOczh1PGdOCZ4Muh7nH0RO+qAzURpYH9uqV2omxLoG+jBp2P
Zd5HHktWVvTrYs/EfQNsP1OXpV2/gKw2EmMiAfXE6CDY66jJBw1FBS8ABwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEV07QK0fd0Xq5aa4vT1o3iPvJIrMB8GA1UdIwQY
MBaAFCN4pKnFIyWoWSCAm6Gk2J4hwC8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmIt
OTM3ZTI3ZWUxYjViLzEvUlhUdEFyUjkzUmVybHByaTlQV2plSS04a2lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmItOTM3ZTI3ZWUxYjVi
LzEvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AFBMA0G
CSqGSIb3DQEBCwUAA4IBAQDB/3xSbrqyxp5914kaP2yx9vV9NoV5LI2KSPCVlVwr
NKrj0DyQgBqsqGsqIEoZ5fuUt1UAsYWNa80TKApw5Zr7NStiLdkoQJXhApj8RudJ
3s4wEY0xzie6w69uKK6x20VFfocmJ7vPwDn0oKR4iqo0+mzxiYtG56OInIuoCpIt
99kj+BeKP00XR1630BH7Fh3VNY9mRNF1+Sl3MUOFJgVYXSVqKHJ1zxcfcG8qLpwW
LQUa6/ZiUE77o5CGwC8x9OZzvPfhxwnmFSw0svY3O8uX/T4jkdkquJY+82mwVYZ+
DjgYdwHrx5itOOJj+NbOhU7GxarKVbmYOvnrUyl4BHTY
-----END CERTIFICATE-----