Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/OtL1v9rpnUGjF7gEM22t45sF_CE.roa
File:                     OtL1v9rpnUGjF7gEM22t45sF_CE.roa (raw, json)
Hash identifier:          P5n2+7DIKYkeBGT2CekWzwJYLNi8IhwJIsr2zzBExF4=
Subject key identifier:   3A:D2:F5:BF:DA:E9:9D:41:A3:17:B8:04:33:6D:AD:E3:9B:05:FC:21
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649D063D5E4D6343732510E2B6BF4C0
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/OtL1v9rpnUGjF7gEM22t45sF_CE.roa
Signing time:             Mon 01 Jan 2024 18:29:35 +0000
ROA not before:           Mon 01 Jan 2024 18:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400810
IP address blocks:        109.72.114.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d0:63:d5:e4:d6:34:37:32:51:0e:2b:6b:f4:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ad2f5bfdae99d41a317b804336dade39b05fc21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c5:76:73:3a:d7:dc:fa:f2:49:7d:2e:a6:99:
                    eb:6d:20:52:11:0a:82:bb:b3:bc:4c:b1:a8:ce:b6:
                    58:39:46:58:46:19:8c:9b:2b:67:da:92:d5:f8:f7:
                    b2:5f:f6:8d:3c:82:3f:a8:4b:31:84:e8:da:c9:a4:
                    bc:b7:26:91:8c:01:59:ea:69:c5:d3:3f:a9:a2:55:
                    aa:ba:e8:35:50:60:ca:56:f5:48:49:38:20:1b:c2:
                    4e:59:03:0f:27:ab:4f:0f:0e:99:a4:f2:f0:e8:33:
                    c4:31:66:cf:f2:3c:5c:0b:dc:a5:df:db:f9:be:33:
                    4c:71:3e:a4:61:7b:0a:80:38:34:18:c6:64:32:65:
                    bd:e9:d9:bf:60:f2:3b:0d:a7:78:c4:1f:f2:d9:7f:
                    0d:b4:33:61:94:1d:75:06:58:7f:d6:64:6d:2e:d5:
                    5d:77:50:92:d6:80:cf:c3:3f:db:d3:b8:1c:f7:22:
                    9b:36:93:11:59:30:2c:c2:3c:de:78:a5:11:ce:40:
                    2c:32:52:45:58:b7:b6:cf:5a:3e:d8:7c:2a:6a:89:
                    dd:bb:72:a7:54:be:00:58:65:b0:9f:12:4f:a8:81:
                    74:be:9a:c8:3e:9f:1d:89:c2:fc:b6:b5:35:72:9b:
                    79:bc:6b:95:49:99:e8:12:4a:a6:6a:c6:cd:00:21:
                    86:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D2:F5:BF:DA:E9:9D:41:A3:17:B8:04:33:6D:AD:E3:9B:05:FC:21
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/OtL1v9rpnUGjF7gEM22t45sF_CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:d8:1f:26:58:67:6f:6a:63:9d:f2:59:fe:6e:ea:3f:57:08:
         42:00:c4:e1:62:11:e1:28:c3:68:9e:bb:9c:c5:5c:9e:71:4b:
         84:4c:38:85:68:40:50:a7:4c:fc:df:6e:b4:ae:c5:93:4f:de:
         03:da:b9:be:c9:a5:a1:bc:e1:6b:5d:e2:76:c9:cd:b9:8b:83:
         eb:1f:e1:43:f2:44:19:fc:f2:54:e7:2f:01:7a:2b:64:09:7f:
         03:bf:5d:3c:98:f8:30:c3:35:83:cf:ce:c9:22:c3:0f:9c:10:
         74:43:ea:7a:48:f4:b7:9d:96:5d:c9:c4:1e:62:b8:3f:7c:b8:
         9f:af:c8:7b:8f:9f:76:6d:36:57:f4:b8:f8:15:81:2e:c4:2e:
         83:54:d5:c1:59:d4:86:f0:27:4f:97:cb:43:65:4a:72:d8:b2:
         74:a3:9a:99:9f:2a:61:20:1c:fe:0b:54:e1:31:84:f5:96:68:
         7d:5f:0b:70:2c:99:67:9f:d5:f6:64:11:48:25:c1:46:54:7e:
         79:e4:62:19:0b:9d:48:ff:ba:3f:9b:ff:dc:f5:32:4b:cd:48:
         e6:3c:e0:d1:7c:49:06:f1:b1:61:d3:6a:c2:9b:4b:9f:99:7d:
         cf:d3:5a:2e:f3:ba:2e:b0:4d:f7:41:39:47:f7:2b:a1:f6:a8:
         a4:1f:69:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdBj1eTWNDcyUQ4ra/TAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWQyZjViZmRhZTk5ZDQxYTMxN2I4MDQzMzZkYWRlMzliMDVmYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcV2czrX3PrySX0uppnrbSBSEQqC
u7O8TLGozrZYOUZYRhmMmytn2pLV+PeyX/aNPII/qEsxhOjayaS8tyaRjAFZ6mnF
0z+polWquug1UGDKVvVISTggG8JOWQMPJ6tPDw6ZpPLw6DPEMWbP8jxcC9yl39v5
vjNMcT6kYXsKgDg0GMZkMmW96dm/YPI7Dad4xB/y2X8NtDNhlB11Blh/1mRtLtVd
d1CS1oDPwz/b07gc9yKbNpMRWTAswjzeeKURzkAsMlJFWLe2z1o+2Hwqaondu3Kn
VL4AWGWwnxJPqIF0vprIPp8dicL8trU1cpt5vGuVSZnoEkqmasbNACGGWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrS9b/a6Z1Boxe4BDNtreObBfwhMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvT3RMMXY5cnBuVUdqRjdnRU0yMnQ0NXNGX0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbUhyMA0G
CSqGSIb3DQEBCwUAA4IBAQBq2B8mWGdvamOd8ln+buo/VwhCAMThYhHhKMNonruc
xVyecUuETDiFaEBQp0z83260rsWTT94D2rm+yaWhvOFrXeJ2yc25i4PrH+FD8kQZ
/PJU5y8BeitkCX8Dv108mPgwwzWDz87JIsMPnBB0Q+p6SPS3nZZdycQeYrg/fLif
r8h7j592bTZX9Lj4FYEuxC6DVNXBWdSG8CdPl8tDZUpy2LJ0o5qZnyphIBz+C1Th
MYT1lmh9XwtwLJlnn9X2ZBFIJcFGVH555GIZC51I/7o/m//c9TJLzUjmPODRfEkG
8bFh02rCm0ufmX3P01ou87ousE33QTlH9yuh9qikH2nD
-----END CERTIFICATE-----