Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dCKBmba7pFEPBG2cMN4KUGbywCA.roa
File:                     dCKBmba7pFEPBG2cMN4KUGbywCA.roa (raw, json)
Hash identifier:          OoJsZpMLvBD51OjLgWR5+kubBBpHZtN+bQP9fHEOdII=
Subject key identifier:   74:22:81:99:B6:BB:A4:51:0F:04:6D:9C:30:DE:0A:50:66:F2:C0:20
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       018CC9BC2C2AB0FC4C66BB059E40AFCF9B24
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dCKBmba7pFEPBG2cMN4KUGbywCA.roa
Signing time:             Tue 02 Jan 2024 10:33:21 +0000
ROA not before:           Tue 02 Jan 2024 10:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397630
IP address blocks:        45.128.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2c:2a:b0:fc:4c:66:bb:05:9e:40:af:cf:9b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 10:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74228199b6bba4510f046d9c30de0a5066f2c020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:79:27:6e:5c:ae:eb:34:9d:49:c0:0d:3d:94:
                    9e:3b:7a:b9:ee:f4:c5:73:0a:42:35:3c:c7:ef:8a:
                    45:c9:0d:0a:31:c8:6d:db:65:a4:d8:ad:cf:ca:41:
                    7f:48:94:ad:7d:fa:81:5f:0f:68:0d:68:60:a5:4a:
                    e1:f4:1e:da:e8:90:62:a6:54:c3:d3:fe:bc:92:08:
                    7e:e7:61:a7:d9:13:00:b8:8b:95:4a:35:10:74:b4:
                    41:97:ab:20:91:18:f4:25:f9:2a:f6:7b:24:6b:00:
                    27:b9:f7:5a:7e:99:e9:dd:eb:6d:af:a9:c5:47:2a:
                    45:8c:94:a0:f6:aa:fd:ce:c1:6d:5c:8e:dd:34:4b:
                    8b:24:42:f4:81:78:41:08:d6:c5:ce:1d:0b:c2:a4:
                    0c:98:0c:fa:54:58:5d:72:69:bb:f0:e9:29:8b:47:
                    41:2a:cd:d3:35:eb:2b:a4:fa:86:1e:e4:e5:07:eb:
                    dc:2a:03:9c:1c:7e:b6:00:fd:91:53:08:56:6d:8b:
                    91:87:79:0c:ea:e4:09:e0:19:16:e9:df:48:97:11:
                    13:54:5b:ca:f3:47:e9:01:c9:44:94:28:6d:c0:79:
                    21:f9:48:46:80:8d:63:13:99:75:24:4c:5a:3c:ae:
                    90:10:16:a0:5f:5d:94:51:3a:cc:4f:97:95:25:b3:
                    dd:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:22:81:99:B6:BB:A4:51:0F:04:6D:9C:30:DE:0A:50:66:F2:C0:20
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/dCKBmba7pFEPBG2cMN4KUGbywCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:36:ae:29:18:bd:78:d1:11:e5:48:56:08:bd:7c:fe:ea:0c:
         69:3a:53:77:ea:b3:43:1c:3e:94:f5:7f:e5:5f:e7:4a:65:a4:
         d1:72:fd:f8:f7:83:e3:ab:62:62:10:d8:c5:c3:38:3c:08:af:
         c2:62:c0:39:46:a1:24:a6:4b:f3:12:f4:c1:a5:11:a7:c3:e3:
         f0:cc:d3:76:3b:57:6f:1d:4c:e3:a0:60:67:d2:75:e4:a9:66:
         f1:a4:23:76:5d:6c:f9:e4:c0:1f:06:8e:cd:ce:e3:33:ee:e8:
         97:d9:67:c3:98:32:44:27:90:d5:c0:56:3b:df:75:6f:94:ab:
         b3:c3:51:dd:fb:45:b1:0b:19:75:91:b9:f8:40:3a:89:e8:6a:
         01:55:50:3c:ae:d3:e1:ca:8d:d7:fa:4e:99:9e:54:ad:7b:a7:
         1a:99:85:70:f4:3b:54:71:b7:f3:11:92:41:4b:b5:cb:9e:8c:
         6b:9d:91:52:a1:ef:17:b3:b8:25:6e:6a:9c:e0:9e:27:b1:f0:
         27:db:88:dd:1b:b5:51:15:c8:70:76:14:fb:81:1d:f1:bb:cc:
         16:2a:3d:97:ae:b7:8b:5e:39:0b:22:02:f9:21:ba:b1:48:16:
         9b:3f:7c:c9:11:29:4a:2b:df:a5:a7:2d:f1:72:f1:4f:3a:3c:
         8a:de:e2:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCwqsPxMZrsFnkCvz5skMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDIyODE5OWI2YmJhNDUxMGYwNDZkOWMzMGRlMGE1MDY2ZjJjMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3knblyu6zSdScANPZSeO3q57vTF
cwpCNTzH74pFyQ0KMcht22Wk2K3PykF/SJStffqBXw9oDWhgpUrh9B7a6JBiplTD
0/68kgh+52Gn2RMAuIuVSjUQdLRBl6sgkRj0Jfkq9nskawAnufdafpnp3ettr6nF
RypFjJSg9qr9zsFtXI7dNEuLJEL0gXhBCNbFzh0LwqQMmAz6VFhdcmm78Okpi0dB
Ks3TNesrpPqGHuTlB+vcKgOcHH62AP2RUwhWbYuRh3kM6uQJ4BkW6d9IlxETVFvK
80fpAclElChtwHkh+UhGgI1jE5l1JExaPK6QEBagX12UUTrMT5eVJbPdUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQigZm2u6RRDwRtnDDeClBm8sAgMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZENLQm1iYTdwRkVQQkcyY01ONEtVR2J5d0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBOMA0G
CSqGSIb3DQEBCwUAA4IBAQAqNq4pGL140RHlSFYIvXz+6gxpOlN36rNDHD6U9X/l
X+dKZaTRcv3494Pjq2JiENjFwzg8CK/CYsA5RqEkpkvzEvTBpRGnw+PwzNN2O1dv
HUzjoGBn0nXkqWbxpCN2XWz55MAfBo7NzuMz7uiX2WfDmDJEJ5DVwFY733VvlKuz
w1Hd+0WxCxl1kbn4QDqJ6GoBVVA8rtPhyo3X+k6ZnlSte6camYVw9DtUcbfzEZJB
S7XLnoxrnZFSoe8Xs7glbmqc4J4nsfAn24jdG7VRFchwdhT7gR3xu8wWKj2XrreL
XjkLIgL5IbqxSBabP3zJESlKK9+lpy3xcvFPOjyK3uIs
-----END CERTIFICATE-----