Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/dXXJ6mnIWEWJtg-BUQDxFWkIgTk.roa
File:                     dXXJ6mnIWEWJtg-BUQDxFWkIgTk.roa (raw, json)
Hash identifier:          ROqLEc6El4HvEo3h8b4C7uWrpKnjm9fYAljpd3e6JBQ=
Subject key identifier:   75:75:C9:EA:69:C8:58:45:89:B6:0F:81:51:00:F1:15:69:08:81:39
Certificate issuer:       /CN=67edadc765fa8f2fa19eb20963cf5bd235d01b43
Certificate serial:       018CC348F8FB7723742D08C14A6A0ACDE3F1
Authority key identifier: 67:ED:AD:C7:65:FA:8F:2F:A1:9E:B2:09:63:CF:5B:D2:35:D0:1B:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-2tx2X6jy-hnrIJY89b0jXQG0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/dXXJ6mnIWEWJtg-BUQDxFWkIgTk.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20974
IP address blocks:        178.251.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/Z-2tx2X6jy-hnrIJY89b0jXQG0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/Z-2tx2X6jy-hnrIJY89b0jXQG0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-2tx2X6jy-hnrIJY89b0jXQG0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f8:fb:77:23:74:2d:08:c1:4a:6a:0a:cd:e3:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67edadc765fa8f2fa19eb20963cf5bd235d01b43
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7575c9ea69c8584589b60f815100f11569088139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:95:ca:d1:33:9b:f1:ca:07:ee:e2:f4:80:cb:
                    09:84:da:a6:82:89:5f:e5:6a:d3:5b:59:00:b2:6f:
                    0b:8b:a5:4c:d1:fe:d2:db:87:f9:47:8d:22:47:bd:
                    91:13:f5:15:80:17:6d:dd:68:8a:2d:e6:f4:c6:3e:
                    19:39:78:5f:32:8b:42:53:11:56:b7:8a:b8:24:d3:
                    f4:9f:86:de:3e:6a:eb:43:ff:a2:2d:3e:34:fa:1b:
                    17:14:b8:ea:4d:72:82:41:a4:fa:37:ed:89:3c:84:
                    2a:d0:f5:cf:26:e4:8f:98:18:d8:1c:36:99:d9:0e:
                    40:1f:02:bf:e5:c9:73:29:3c:6e:24:4e:42:51:25:
                    1a:d5:b7:12:01:bf:70:42:e1:f8:01:ef:c0:7a:29:
                    b7:4a:c7:08:3f:65:10:0c:3e:a1:2f:e7:a3:44:98:
                    f1:59:13:76:29:0d:95:04:6c:8a:aa:d2:25:98:79:
                    21:81:05:cb:b6:df:b4:d6:99:b1:5f:7d:42:bb:b3:
                    d2:8c:42:d3:4b:28:db:1c:9f:45:77:c1:f5:09:df:
                    81:66:99:6b:3a:d3:61:4a:f5:bd:17:fd:af:fb:62:
                    6d:b4:87:20:6a:93:44:ac:9f:d1:52:f9:39:47:98:
                    29:10:37:83:66:a7:c7:64:da:a0:51:e3:fd:0e:bd:
                    55:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:75:C9:EA:69:C8:58:45:89:B6:0F:81:51:00:F1:15:69:08:81:39
            X509v3 Authority Key Identifier:
                keyid:67:ED:AD:C7:65:FA:8F:2F:A1:9E:B2:09:63:CF:5B:D2:35:D0:1B:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-2tx2X6jy-hnrIJY89b0jXQG0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/dXXJ6mnIWEWJtg-BUQDxFWkIgTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/663c6c-13bf-4400-8482-21e0a66d5444/1/Z-2tx2X6jy-hnrIJY89b0jXQG0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:97:07:2c:25:49:f9:16:76:72:67:3d:9f:51:21:b3:c0:f5:
         42:20:31:48:7b:e6:85:7e:1c:98:e3:96:b7:59:a3:fc:8e:38:
         0d:d4:5e:c3:39:25:ca:11:19:a5:66:4c:23:b0:11:40:21:b0:
         69:7a:ff:91:5c:99:7e:a8:7b:0b:41:bb:9c:28:13:dd:3a:c3:
         88:8c:73:1e:b1:ea:a5:a8:40:92:dd:d3:6d:a8:15:e5:93:58:
         3e:2f:c2:a0:33:de:58:00:4a:f8:7a:ae:fc:c6:b4:19:95:2b:
         72:76:97:9e:da:39:45:a2:ef:08:03:09:42:f5:b7:3d:d9:e3:
         e8:42:e2:fa:54:9b:de:95:bf:66:fc:ef:db:e7:3a:34:87:77:
         9c:fc:6a:11:7a:bd:83:8e:f4:a1:f6:e4:a6:35:74:3d:db:21:
         47:3c:7f:37:43:40:25:ab:60:1f:f5:9d:de:92:a4:3e:6a:19:
         eb:48:e4:09:c9:34:86:1f:4f:80:6f:ee:07:ab:50:de:36:92:
         3d:9e:53:91:01:de:2f:38:4c:4e:4b:22:aa:3a:1e:dc:dc:3f:
         8c:2d:0c:d8:d8:98:f2:f4:41:c3:cc:cf:cf:60:ac:86:e6:58:
         31:19:d2:5b:4b:99:8e:17:f3:d9:cd:65:e0:90:ec:f9:91:c1:
         79:f9:45:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPj7dyN0LQjBSmoKzePxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZWRhZGM3NjVmYThmMmZhMTllYjIwOTYzY2Y1YmQyMzVk
MDFiNDMwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTc1YzllYTY5Yzg1ODQ1ODliNjBmODE1MTAwZjExNTY5MDg4MTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5XK0TOb8coH7uL0gMsJhNqmgolf
5WrTW1kAsm8Li6VM0f7S24f5R40iR72RE/UVgBdt3WiKLeb0xj4ZOXhfMotCUxFW
t4q4JNP0n4bePmrrQ/+iLT40+hsXFLjqTXKCQaT6N+2JPIQq0PXPJuSPmBjYHDaZ
2Q5AHwK/5clzKTxuJE5CUSUa1bcSAb9wQuH4Ae/Aeim3SscIP2UQDD6hL+ejRJjx
WRN2KQ2VBGyKqtIlmHkhgQXLtt+01pmxX31Cu7PSjELTSyjbHJ9Fd8H1Cd+BZplr
OtNhSvW9F/2v+2JttIcgapNErJ/RUvk5R5gpEDeDZqfHZNqgUeP9Dr1VLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHV1yeppyFhFibYPgVEA8RVpCIE5MB8GA1UdIwQY
MBaAFGftrcdl+o8voZ6yCWPPW9I10BtDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi0ydHgyWDZqeS1obnJJSlk4OWIwalhRRzBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82NjNjNmMtMTNiZi00NDAwLTg0ODIt
MjFlMGE2NmQ1NDQ0LzEvZFhYSjZtbklXRVdKdGctQlVRRHhGV2tJZ1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82NjNjNmMtMTNiZi00NDAwLTg0ODItMjFlMGE2NmQ1NDQ0
LzEvWi0ydHgyWDZqeS1obnJJSlk4OWIwalhRRzBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsvs0MA0G
CSqGSIb3DQEBCwUAA4IBAQAAlwcsJUn5FnZyZz2fUSGzwPVCIDFIe+aFfhyY45a3
WaP8jjgN1F7DOSXKERmlZkwjsBFAIbBpev+RXJl+qHsLQbucKBPdOsOIjHMeseql
qECS3dNtqBXlk1g+L8KgM95YAEr4eq78xrQZlStydpee2jlFou8IAwlC9bc92ePo
QuL6VJvelb9m/O/b5zo0h3ec/GoRer2DjvSh9uSmNXQ92yFHPH83Q0Alq2Af9Z3e
kqQ+ahnrSOQJyTSGH0+Ab+4Hq1DeNpI9nlORAd4vOExOSyKqOh7c3D+MLQzY2Jjy
9EHDzM/PYKyG5lgxGdJbS5mOF/PZzWXgkOz5kcF5+UUB
-----END CERTIFICATE-----