Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/c98434-decc-404f-8049-4aa2eeb5267c/1/dHT8-R1bz3eDGWgJ6Ac9zd36ww8.roa
File:                     dHT8-R1bz3eDGWgJ6Ac9zd36ww8.roa (raw, json)
Hash identifier:          vIVB7GGBVgoJYK+8emfj0bVpN02LwuqX4kqWDiRFaBU=
Subject key identifier:   74:74:FC:F9:1D:5B:CF:77:83:19:68:09:E8:07:3D:CD:DD:FA:C3:0F
Certificate issuer:       /CN=72673058859cfd7012941d8963adccf6300a19ef
Certificate serial:       018CC4245FC546F589E35A2591E100E16EBA
Authority key identifier: 72:67:30:58:85:9C:FD:70:12:94:1D:89:63:AD:CC:F6:30:0A:19:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cmcwWIWc_XASlB2JY63M9jAKGe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/c98434-decc-404f-8049-4aa2eeb5267c/1/dHT8-R1bz3eDGWgJ6Ac9zd36ww8.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20805
IP address blocks:        213.167.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/c98434-decc-404f-8049-4aa2eeb5267c/1/cmcwWIWc_XASlB2JY63M9jAKGe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/c98434-decc-404f-8049-4aa2eeb5267c/1/cmcwWIWc_XASlB2JY63M9jAKGe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cmcwWIWc_XASlB2JY63M9jAKGe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5f:c5:46:f5:89:e3:5a:25:91:e1:00:e1:6e:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72673058859cfd7012941d8963adccf6300a19ef
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7474fcf91d5bcf7783196809e8073dcdddfac30f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:56:0e:50:f4:48:62:cd:bb:8e:af:3f:c2:eb:
                    69:57:c0:10:41:5e:fc:23:52:f1:21:8c:0c:f2:38:
                    9e:ca:3e:3b:86:da:dc:f3:72:26:f6:c4:ba:2c:b9:
                    54:96:72:92:7e:02:2a:b7:59:f0:27:1d:e0:0f:9b:
                    2b:bd:2e:a9:34:29:4f:1c:8b:a1:b1:24:0d:14:7b:
                    42:78:57:d7:6d:ea:a6:f2:c8:bd:cc:54:3c:45:ce:
                    2d:f8:f2:36:bb:18:bc:7d:b3:9d:bb:f7:0f:23:5c:
                    2d:79:02:f4:ee:65:2c:0d:9b:96:2d:94:db:f7:ca:
                    95:ee:0c:12:fc:6f:ae:c6:29:53:a3:f0:d4:5c:84:
                    6c:c7:5d:0b:94:73:f2:fb:c2:8f:bb:9b:a6:e8:84:
                    ee:f6:0d:5f:66:d0:b1:10:15:22:22:b0:f1:0e:c0:
                    b1:c6:95:de:b6:15:e9:55:ad:e8:a6:7d:32:4c:c1:
                    74:50:52:6b:96:96:6d:6a:46:d9:1b:62:d4:0a:ca:
                    82:d7:d9:ed:55:07:ed:38:a2:b9:ad:f0:8d:dd:c1:
                    23:df:6c:a6:92:09:7f:36:d7:bb:00:c8:30:4a:44:
                    ff:60:f5:4e:e9:6f:6c:3b:13:82:91:c9:bf:d7:41:
                    98:10:cf:4d:e0:7e:3f:9a:f6:25:f8:27:0d:0c:2d:
                    49:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:74:FC:F9:1D:5B:CF:77:83:19:68:09:E8:07:3D:CD:DD:FA:C3:0F
            X509v3 Authority Key Identifier:
                keyid:72:67:30:58:85:9C:FD:70:12:94:1D:89:63:AD:CC:F6:30:0A:19:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cmcwWIWc_XASlB2JY63M9jAKGe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c98434-decc-404f-8049-4aa2eeb5267c/1/dHT8-R1bz3eDGWgJ6Ac9zd36ww8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c98434-decc-404f-8049-4aa2eeb5267c/1/cmcwWIWc_XASlB2JY63M9jAKGe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.167.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         23:61:77:13:64:06:7a:d6:73:9d:de:b5:7e:3c:81:de:52:23:
         81:54:91:5f:e7:2d:28:5e:1a:3e:55:b6:68:eb:b8:02:35:ae:
         49:b2:39:dc:99:13:e4:b2:37:cf:bc:12:1d:64:b9:45:90:95:
         37:75:3e:59:e5:45:d4:a4:7d:cf:f8:47:f2:6e:c7:60:3c:81:
         25:68:33:0c:a3:db:0e:29:ed:7b:30:8b:f9:c5:2f:9d:ca:43:
         29:e8:7e:d6:c5:56:24:be:51:5c:69:d8:c4:f5:ef:dc:b5:93:
         90:c1:42:4c:dd:ba:19:92:b9:e4:8f:08:86:88:ee:e1:77:96:
         89:f9:2b:9c:23:a9:c2:42:5e:9c:35:87:58:9a:b3:b2:1e:76:
         61:c8:c1:c3:80:6b:a3:e0:a1:00:b2:2a:6d:6f:70:48:68:4b:
         ba:dd:09:b4:6b:1f:fd:e7:cc:68:b7:a7:ee:b6:1a:9a:28:40:
         96:5c:da:55:2f:1c:df:61:74:21:54:e9:7d:be:f8:3c:cf:6f:
         a7:72:18:d5:8d:97:5b:09:fc:e4:5d:97:6e:66:31:49:05:9b:
         21:3d:c7:6c:31:f9:67:52:40:46:ff:c7:24:1c:5c:d9:d3:28:
         59:68:9c:d0:bc:78:cb:5f:9a:ec:7b:ec:6a:4c:a4:7a:44:31:
         7d:ce:2e:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJF/FRvWJ41olkeEA4W66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNjczMDU4ODU5Y2ZkNzAxMjk0MWQ4OTYzYWRjY2Y2MzAw
YTE5ZWYwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDc0ZmNmOTFkNWJjZjc3ODMxOTY4MDllODA3M2RjZGRkZmFjMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lYOUPRIYs27jq8/wutpV8AQQV78
I1LxIYwM8jieyj47htrc83Im9sS6LLlUlnKSfgIqt1nwJx3gD5srvS6pNClPHIuh
sSQNFHtCeFfXbeqm8si9zFQ8Rc4t+PI2uxi8fbOdu/cPI1wteQL07mUsDZuWLZTb
98qV7gwS/G+uxilTo/DUXIRsx10LlHPy+8KPu5um6ITu9g1fZtCxEBUiIrDxDsCx
xpXethXpVa3opn0yTMF0UFJrlpZtakbZG2LUCsqC19ntVQftOKK5rfCN3cEj32ym
kgl/Nte7AMgwSkT/YPVO6W9sOxOCkcm/10GYEM9N4H4/mvYl+CcNDC1JtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHR0/PkdW893gxloCegHPc3d+sMPMB8GA1UdIwQY
MBaAFHJnMFiFnP1wEpQdiWOtzPYwChnvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY21jd1dJV2NfWEFTbEIySlk2M005akFLR2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9jOTg0MzQtZGVjYy00MDRmLTgwNDkt
NGFhMmVlYjUyNjdjLzEvZEhUOC1SMWJ6M2VER1dnSjZBYzl6ZDM2d3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9jOTg0MzQtZGVjYy00MDRmLTgwNDktNGFhMmVlYjUyNjdj
LzEvY21jd1dJV2NfWEFTbEIySlk2M005akFLR2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1aegMA0G
CSqGSIb3DQEBCwUAA4IBAQAjYXcTZAZ61nOd3rV+PIHeUiOBVJFf5y0oXho+VbZo
67gCNa5JsjncmRPksjfPvBIdZLlFkJU3dT5Z5UXUpH3P+EfybsdgPIElaDMMo9sO
Ke17MIv5xS+dykMp6H7WxVYkvlFcadjE9e/ctZOQwUJM3boZkrnkjwiGiO7hd5aJ
+SucI6nCQl6cNYdYmrOyHnZhyMHDgGuj4KEAsiptb3BIaEu63Qm0ax/958xot6fu
thqaKECWXNpVLxzfYXQhVOl9vvg8z2+nchjVjZdbCfzkXZduZjFJBZshPcdsMfln
UkBG/8ckHFzZ0yhZaJzQvHjLX5rse+xqTKR6RDF9zi75
-----END CERTIFICATE-----