Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/duWRZgHRFZC8jKa8QvHJJMJWxNA.roa
File:                     duWRZgHRFZC8jKa8QvHJJMJWxNA.roa (raw, json)
Hash identifier:          xdGoLARQcGdYJZ8S9ekYYuY8NLh3eNapokoT+9t8a2Q=
Subject key identifier:   76:E5:91:66:01:D1:15:90:BC:8C:A6:BC:42:F1:C9:24:C2:56:C4:D0
Certificate issuer:       /CN=d25622457a1be33a01258866a067e0447dfd8964
Certificate serial:       018CC7956FE56656D93006F7A526B2F8F69D
Authority key identifier: D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/duWRZgHRFZC8jKa8QvHJJMJWxNA.roa
Signing time:             Tue 02 Jan 2024 00:31:48 +0000
ROA not before:           Tue 02 Jan 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62005
IP address blocks:        83.97.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6f:e5:66:56:d9:30:06:f7:a5:26:b2:f8:f6:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25622457a1be33a01258866a067e0447dfd8964
        Validity
            Not Before: Jan  2 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76e5916601d11590bc8ca6bc42f1c924c256c4d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9b:6c:57:ad:42:8d:4f:16:30:5f:3e:49:9e:
                    eb:46:34:8c:e1:7b:15:47:9f:12:14:55:ae:29:4c:
                    75:d1:2e:8b:98:48:30:ce:1c:b6:a5:f6:59:fa:47:
                    cc:ff:9f:14:5f:4d:7e:31:ab:18:b7:ab:11:74:db:
                    17:d2:bc:cf:21:b1:6b:1b:29:8f:f3:b4:e9:56:d7:
                    2c:40:fb:86:0b:ae:32:47:4b:9e:7c:91:97:d9:70:
                    e1:b2:cd:10:70:60:15:9a:79:fb:56:c4:9d:cd:7f:
                    96:4a:69:d5:a9:c1:e0:93:d1:2e:4f:86:31:59:e4:
                    a3:6a:80:2a:35:1e:0e:8a:67:17:cb:eb:04:93:14:
                    49:c2:f4:18:e8:d3:35:f6:bf:e7:a3:34:3e:2a:26:
                    b5:91:62:f7:db:8c:de:fc:2d:79:0b:5e:d7:3c:62:
                    8a:43:7e:8e:ed:f0:a5:0a:8c:07:d6:69:e1:92:65:
                    4a:3d:1f:6d:f1:d8:d5:51:9b:f9:4a:2c:bc:5b:72:
                    e3:45:f3:cb:bf:2f:da:3e:13:ed:1e:63:e7:da:f9:
                    a8:d0:bb:22:0c:e8:70:99:a2:ec:50:18:bf:ad:e3:
                    db:20:e9:7d:1b:8f:72:43:7e:d3:81:f7:3f:5a:4f:
                    d1:c3:38:d2:19:d0:82:b9:e7:8b:2d:f7:c8:9d:ec:
                    2d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E5:91:66:01:D1:15:90:BC:8C:A6:BC:42:F1:C9:24:C2:56:C4:D0
            X509v3 Authority Key Identifier:
                keyid:D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/duWRZgHRFZC8jKa8QvHJJMJWxNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:3f:23:aa:b6:eb:61:0e:89:9d:c3:65:2f:b3:49:99:c6:60:
         5c:2a:fe:aa:e3:f5:fb:db:e6:20:aa:02:28:07:bc:20:96:f0:
         9d:47:02:4c:d9:b0:67:ea:69:64:74:12:c7:53:2c:36:9f:19:
         e9:c5:db:3c:5c:d5:0a:ab:19:a5:15:e3:89:1d:83:15:7e:c2:
         b6:fe:a2:b9:6d:5d:81:51:4c:00:87:de:24:f7:3c:30:17:63:
         7c:1d:08:20:73:e1:29:1c:dc:26:56:47:2d:94:5c:8d:14:4c:
         a1:86:3d:9e:ef:9a:5d:ce:b5:21:5c:da:0d:d6:42:e9:f1:c3:
         33:b9:1e:99:30:a3:08:e5:dc:eb:91:e3:d0:4c:cd:b4:03:4e:
         bc:7c:ba:4d:90:1f:15:cb:e5:17:f3:5d:7f:0d:03:f2:3c:c7:
         88:e5:3f:14:66:79:f9:a6:a4:08:5f:97:27:09:43:58:da:8a:
         7c:f0:a3:78:66:c5:f1:76:d5:dc:5f:4b:d3:11:7a:cf:25:2a:
         b5:0c:fd:c4:65:c9:53:89:4e:be:9a:08:1f:27:cb:bc:64:0a:
         02:ad:e8:ef:93:51:8f:67:86:62:b1:e4:c3:a3:0f:24:e5:3c:
         6c:21:b8:7b:9d:7b:43:d5:c1:67:a9:a9:0b:9c:c8:7c:49:72:
         d3:c3:f2:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlW/lZlbZMAb3pSay+PadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTYyMjQ1N2ExYmUzM2EwMTI1ODg2NmEwNjdlMDQ0N2Rm
ZDg5NjQwHhcNMjQwMTAyMDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmU1OTE2NjAxZDExNTkwYmM4Y2E2YmM0MmYxYzkyNGMyNTZjNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZtsV61CjU8WMF8+SZ7rRjSM4XsV
R58SFFWuKUx10S6LmEgwzhy2pfZZ+kfM/58UX01+MasYt6sRdNsX0rzPIbFrGymP
87TpVtcsQPuGC64yR0uefJGX2XDhss0QcGAVmnn7VsSdzX+WSmnVqcHgk9EuT4Yx
WeSjaoAqNR4OimcXy+sEkxRJwvQY6NM19r/nozQ+Kia1kWL324ze/C15C17XPGKK
Q36O7fClCowH1mnhkmVKPR9t8djVUZv5Siy8W3LjRfPLvy/aPhPtHmPn2vmo0Lsi
DOhwmaLsUBi/rePbIOl9G49yQ37Tgfc/Wk/RwzjSGdCCueeLLffInewtIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHblkWYB0RWQvIymvELxySTCVsTQMB8GA1UdIwQY
MBaAFNJWIkV6G+M6ASWIZqBn4ER9/YlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMt
NDU1NzllNDE4ZmY3LzEvZHVXUlpnSFJGWkM4akthOFF2SEpKTUpXeE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMtNDU1NzllNDE4ZmY3
LzEvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU2FPMA0G
CSqGSIb3DQEBCwUAA4IBAQAVPyOqtuthDomdw2Uvs0mZxmBcKv6q4/X72+YgqgIo
B7wglvCdRwJM2bBn6mlkdBLHUyw2nxnpxds8XNUKqxmlFeOJHYMVfsK2/qK5bV2B
UUwAh94k9zwwF2N8HQggc+EpHNwmVkctlFyNFEyhhj2e75pdzrUhXNoN1kLp8cMz
uR6ZMKMI5dzrkePQTM20A068fLpNkB8Vy+UX811/DQPyPMeI5T8UZnn5pqQIX5cn
CUNY2op88KN4ZsXxdtXcX0vTEXrPJSq1DP3EZclTiU6+mggfJ8u8ZAoCrejvk1GP
Z4ZiseTDow8k5TxsIbh7nXtD1cFnqakLnMh8SXLTw/Lr
-----END CERTIFICATE-----