Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/V7pp8Gh4tAR1EnQIX2RMIBH80zs.roa
File:                     V7pp8Gh4tAR1EnQIX2RMIBH80zs.roa (raw, json)
Hash identifier:          pOfnotl+HZAtktgmnnc8wrHF9Qip86R8lOnBLPqM25c=
Subject key identifier:   57:BA:69:F0:68:78:B4:04:75:12:74:08:5F:64:4C:20:11:FC:D3:3B
Certificate issuer:       /CN=1d10e38ed55e3185aed6f079f8bb9bf12d4448db
Certificate serial:       018CC64B0B506BC1800D9E8DE225AAB3FD03
Authority key identifier: 1D:10:E3:8E:D5:5E:31:85:AE:D6:F0:79:F8:BB:9B:F1:2D:44:48:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/V7pp8Gh4tAR1EnQIX2RMIBH80zs.roa
Signing time:             Mon 01 Jan 2024 18:30:55 +0000
ROA not before:           Mon 01 Jan 2024 18:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57256
IP address blocks:        185.164.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0b:50:6b:c1:80:0d:9e:8d:e2:25:aa:b3:fd:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d10e38ed55e3185aed6f079f8bb9bf12d4448db
        Validity
            Not Before: Jan  1 18:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57ba69f06878b404751274085f644c2011fcd33b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:56:a5:a6:f4:22:40:19:09:c2:59:5d:82:f6:
                    7e:59:0e:a7:65:c2:cd:86:2c:20:32:e0:67:0a:f6:
                    06:fb:91:6f:ba:59:7e:ec:81:8d:1d:33:a6:45:a9:
                    c9:34:0d:8e:aa:06:29:19:a2:4d:39:1c:a2:7a:5b:
                    23:16:39:4a:58:0b:04:32:96:f0:a9:ff:73:0b:b6:
                    25:ff:c6:07:cc:36:18:87:4e:0c:0a:38:48:e2:be:
                    6b:c2:f4:67:84:42:8b:7f:64:e0:4a:4c:a4:ec:2a:
                    fa:d0:4c:5a:2f:9a:e3:c4:c3:41:0c:df:15:9e:12:
                    e7:92:01:3a:ba:8a:9a:da:83:89:89:18:ee:cf:92:
                    60:07:0b:7b:ce:18:3a:1a:71:5b:4d:d8:97:f9:9f:
                    68:00:e4:7c:da:d1:a8:c5:05:c3:b0:5f:44:a5:59:
                    17:7f:ab:ba:0e:93:09:90:68:e1:7e:d5:98:9c:28:
                    16:35:51:7f:7b:47:9f:3a:64:04:9b:1c:d6:65:c6:
                    e1:3b:94:3d:53:2b:56:45:75:0a:86:26:d0:b2:2b:
                    84:03:49:67:f1:79:3e:17:6c:f4:de:8d:5a:16:6b:
                    96:49:89:64:fd:d0:65:9a:d1:e1:46:10:76:6d:2f:
                    07:c8:0a:2b:07:11:81:2d:50:35:ad:11:30:cd:5c:
                    48:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:BA:69:F0:68:78:B4:04:75:12:74:08:5F:64:4C:20:11:FC:D3:3B
            X509v3 Authority Key Identifier:
                keyid:1D:10:E3:8E:D5:5E:31:85:AE:D6:F0:79:F8:BB:9B:F1:2D:44:48:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/V7pp8Gh4tAR1EnQIX2RMIBH80zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:b6:ba:cc:c5:f0:4f:46:d2:59:32:0c:f7:a4:47:08:6c:28:
         9e:1b:ca:c5:3e:42:19:11:73:a7:77:99:b2:c2:74:59:9a:be:
         63:e4:af:8e:55:a1:dc:ea:16:d4:d4:12:4c:c5:ef:fb:c2:2d:
         b3:cf:58:40:89:2a:79:00:36:d2:08:57:b1:25:76:24:92:87:
         06:35:d6:7e:5a:dc:52:e8:7f:1c:e4:06:10:e5:06:de:52:8b:
         b3:12:00:95:04:23:ad:09:50:01:b5:9a:2b:00:5e:3f:fd:35:
         c6:1b:6b:3a:87:75:52:9d:25:18:b8:dd:07:d1:78:4d:03:00:
         3d:0f:7b:a6:06:3d:e5:da:26:fa:92:7f:2c:23:1d:68:ed:af:
         e6:13:ee:1e:db:c6:e4:31:27:01:55:f6:38:20:72:01:bf:95:
         ef:bc:54:9e:ca:77:06:1e:e6:de:d2:21:ab:7e:3d:48:cd:f7:
         ab:67:85:6e:a9:88:71:23:54:d7:74:d3:c3:6f:41:32:65:a7:
         57:7d:40:e0:3b:48:d5:de:28:cc:3a:f3:85:0b:2a:41:30:ca:
         bf:3e:6d:6f:ca:7a:f0:fc:d4:e2:6f:e4:ee:b2:44:6e:2d:99:
         69:cf:e1:6f:b0:65:ce:7d:b1:e6:e0:93:90:1c:f3:24:e8:69:
         2a:4a:c9:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSwtQa8GADZ6N4iWqs/0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTBlMzhlZDU1ZTMxODVhZWQ2ZjA3OWY4YmI5YmYxMmQ0
NDQ4ZGIwHhcNMjQwMTAxMTgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2JhNjlmMDY4NzhiNDA0NzUxMjc0MDg1ZjY0NGMyMDExZmNkMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllalpvQiQBkJwlldgvZ+WQ6nZcLN
hiwgMuBnCvYG+5Fvull+7IGNHTOmRanJNA2OqgYpGaJNORyielsjFjlKWAsEMpbw
qf9zC7Yl/8YHzDYYh04MCjhI4r5rwvRnhEKLf2TgSkyk7Cr60ExaL5rjxMNBDN8V
nhLnkgE6uoqa2oOJiRjuz5JgBwt7zhg6GnFbTdiX+Z9oAOR82tGoxQXDsF9EpVkX
f6u6DpMJkGjhftWYnCgWNVF/e0efOmQEmxzWZcbhO5Q9UytWRXUKhibQsiuEA0ln
8Xk+F2z03o1aFmuWSYlk/dBlmtHhRhB2bS8HyAorBxGBLVA1rREwzVxIjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFe6afBoeLQEdRJ0CF9kTCAR/NM7MB8GA1UdIwQY
MBaAFB0Q447VXjGFrtbwefi7m/EtREjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJEamp0VmVNWVd1MXZCNS1MdWI4UzFFU05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMjM5NjktZmZiMC00ZTU3LWEzNmEt
NzYwZjZiNmFhYmMxLzEvVjdwcDhHaDR0QVIxRW5RSVgyUk1JQkg4MHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMjM5NjktZmZiMC00ZTU3LWEzNmEtNzYwZjZiNmFhYmMx
LzEvSFJEamp0VmVNWVd1MXZCNS1MdWI4UzFFU05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaRoMA0G
CSqGSIb3DQEBCwUAA4IBAQADtrrMxfBPRtJZMgz3pEcIbCieG8rFPkIZEXOnd5my
wnRZmr5j5K+OVaHc6hbU1BJMxe/7wi2zz1hAiSp5ADbSCFexJXYkkocGNdZ+WtxS
6H8c5AYQ5QbeUouzEgCVBCOtCVABtZorAF4//TXGG2s6h3VSnSUYuN0H0XhNAwA9
D3umBj3l2ib6kn8sIx1o7a/mE+4e28bkMScBVfY4IHIBv5XvvFSeyncGHube0iGr
fj1IzferZ4VuqYhxI1TXdNPDb0EyZadXfUDgO0jV3ijMOvOFCypBMMq/Pm1vynrw
/NTib+TuskRuLZlpz+FvsGXOfbHm4JOQHPMk6GkqSsl/
-----END CERTIFICATE-----