Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/rDM520aTTlf7RtdU9N1mL3iav9w.roa
File:                     rDM520aTTlf7RtdU9N1mL3iav9w.roa (raw, json)
Hash identifier:          zbpBBtgx4yndLzOS4TZX/Es285c+OAH1HuwRS/InNLQ=
Subject key identifier:   AC:33:39:DB:46:93:4E:57:FB:46:D7:54:F4:DD:66:2F:78:9A:BF:DC
Certificate issuer:       /CN=68d425cc7b1b7880a875f76beda80fe3109319ed
Certificate serial:       018CC5DC1931A94A0CC40E425E30D00BF300
Authority key identifier: 68:D4:25:CC:7B:1B:78:80:A8:75:F7:6B:ED:A8:0F:E3:10:93:19:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/rDM520aTTlf7RtdU9N1mL3iav9w.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        185.181.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/aNQlzHsbeICodfdr7agP4xCTGe0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/aNQlzHsbeICodfdr7agP4xCTGe0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:19:31:a9:4a:0c:c4:0e:42:5e:30:d0:0b:f3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68d425cc7b1b7880a875f76beda80fe3109319ed
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac3339db46934e57fb46d754f4dd662f789abfdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5e:3e:a5:af:7c:91:27:f5:ab:0a:a4:d1:db:
                    6d:03:fb:2d:c7:80:a7:22:55:32:51:db:a0:e9:a4:
                    e2:a1:b8:26:44:76:85:6b:b3:3e:30:0f:d5:f6:c6:
                    44:f4:3a:39:95:da:73:f8:81:13:55:56:06:b8:e2:
                    46:37:60:97:f4:82:7a:a7:32:e4:d5:15:25:30:13:
                    21:f0:13:e8:a7:08:78:a1:49:20:b1:87:2e:2e:67:
                    3f:82:42:16:fc:f2:a6:78:b7:5c:62:1b:8b:f4:6f:
                    c4:24:06:f0:6d:d0:6e:7e:1e:13:90:6e:00:38:ee:
                    64:17:10:ab:20:c6:3f:f8:ba:91:7b:aa:b5:18:ce:
                    f5:de:08:30:e8:eb:a9:78:35:53:3f:31:81:dd:e5:
                    d2:23:ea:30:98:66:13:ec:52:e1:11:1b:bd:37:4c:
                    01:bc:0e:fc:6d:29:10:61:e6:61:90:66:39:fb:81:
                    73:97:ff:f7:0b:64:fe:a0:d3:7f:5e:c0:1d:3c:7a:
                    07:79:48:fc:85:76:67:be:1c:2a:f3:6c:ea:a6:d5:
                    35:a8:29:3d:e3:3c:c5:37:7b:c3:a7:e7:ee:1a:4c:
                    29:fa:15:bf:98:6e:0f:9d:a5:dc:87:87:b4:d7:ed:
                    3e:6b:40:57:c6:1b:ae:07:91:c8:6f:a3:ef:d1:0c:
                    0b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:33:39:DB:46:93:4E:57:FB:46:D7:54:F4:DD:66:2F:78:9A:BF:DC
            X509v3 Authority Key Identifier:
                keyid:68:D4:25:CC:7B:1B:78:80:A8:75:F7:6B:ED:A8:0F:E3:10:93:19:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/rDM520aTTlf7RtdU9N1mL3iav9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/aNQlzHsbeICodfdr7agP4xCTGe0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:0e:11:46:2f:c0:51:d3:ef:6b:71:4f:fb:65:82:2a:0f:0f:
         b3:51:ae:76:4f:ea:94:c4:49:40:61:10:3d:95:c2:df:a1:1f:
         aa:b0:ff:36:d6:6b:d2:dd:61:a4:79:97:60:86:0c:40:7d:ab:
         f4:eb:c2:c9:a5:6c:dd:6d:63:62:d9:bb:9d:ce:19:65:f0:c3:
         f2:c1:57:cb:02:a9:54:d3:37:59:a2:ac:60:19:b7:ff:f4:b5:
         43:03:ec:cc:10:d1:9d:90:7f:84:c7:13:b1:ab:6f:5b:a0:ba:
         80:2e:19:ca:0c:71:60:6f:8e:c0:d5:7d:11:cd:e7:e9:6d:2e:
         9d:c4:04:63:88:e5:0e:96:91:02:cd:e3:a6:d6:94:1a:61:87:
         fd:db:ea:3d:9c:59:0a:7c:d4:3b:00:88:aa:fa:06:b2:d2:65:
         da:40:f7:04:e1:43:f4:a3:46:bd:d8:58:19:92:cb:2c:50:1a:
         ac:70:f9:aa:b2:90:66:2a:1c:09:ce:2d:03:fa:f8:61:56:fe:
         29:b2:1a:20:e7:78:22:b5:76:25:e0:6d:55:b4:f0:ae:99:e4:
         ea:f1:a3:af:fb:de:f1:3c:25:df:c3:9c:1e:0b:e1:63:4c:5c:
         ae:27:ad:fc:3e:5e:dd:58:91:31:ab:24:d5:da:14:ff:1b:36:
         76:ea:ee:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BkxqUoMxA5CXjDQC/MAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDQyNWNjN2IxYjc4ODBhODc1Zjc2YmVkYTgwZmUzMTA5
MzE5ZWQwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzMzMzlkYjQ2OTM0ZTU3ZmI0NmQ3NTRmNGRkNjYyZjc4OWFiZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV4+pa98kSf1qwqk0dttA/stx4Cn
IlUyUdug6aTiobgmRHaFa7M+MA/V9sZE9Do5ldpz+IETVVYGuOJGN2CX9IJ6pzLk
1RUlMBMh8BPopwh4oUkgsYcuLmc/gkIW/PKmeLdcYhuL9G/EJAbwbdBufh4TkG4A
OO5kFxCrIMY/+LqRe6q1GM713ggw6OupeDVTPzGB3eXSI+owmGYT7FLhERu9N0wB
vA78bSkQYeZhkGY5+4Fzl//3C2T+oNN/XsAdPHoHeUj8hXZnvhwq82zqptU1qCk9
4zzFN3vDp+fuGkwp+hW/mG4PnaXch4e01+0+a0BXxhuuB5HIb6Pv0QwLaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwzOdtGk05X+0bXVPTdZi94mr/cMB8GA1UdIwQY
MBaAFGjUJcx7G3iAqHX3a+2oD+MQkxntMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5RbHpIc2JlSUNvZGZkcjdhZ1A0eENUR2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jMGY3ZTMtNjNiOS00YTVmLTk2Y2Et
NWM0NWI2MThmOTkwLzEvckRNNTIwYVRUbGY3UnRkVTlOMW1MM2lhdjl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jMGY3ZTMtNjNiOS00YTVmLTk2Y2EtNWM0NWI2MThmOTkw
LzEvYU5RbHpIc2JlSUNvZGZkcjdhZ1A0eENUR2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubVUMA0G
CSqGSIb3DQEBCwUAA4IBAQBkDhFGL8BR0+9rcU/7ZYIqDw+zUa52T+qUxElAYRA9
lcLfoR+qsP821mvS3WGkeZdghgxAfav068LJpWzdbWNi2budzhll8MPywVfLAqlU
0zdZoqxgGbf/9LVDA+zMENGdkH+ExxOxq29boLqALhnKDHFgb47A1X0RzefpbS6d
xARjiOUOlpECzeOm1pQaYYf92+o9nFkKfNQ7AIiq+gay0mXaQPcE4UP0o0a92FgZ
ksssUBqscPmqspBmKhwJzi0D+vhhVv4pshog53gitXYl4G1VtPCumeTq8aOv+97x
PCXfw5weC+FjTFyuJ638Pl7dWJExqyTV2hT/GzZ26u6H
-----END CERTIFICATE-----