Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/DBXCygkHPRngmQrhrQMRjXF9iPA.roa
File:                     DBXCygkHPRngmQrhrQMRjXF9iPA.roa (raw, json)
Hash identifier:          KLCLS6xmtT3mu4bsMGL1AXU7JSxXLvGwAMto+f2WpqA=
Subject key identifier:   0C:15:C2:CA:09:07:3D:19:E0:99:0A:E1:AD:03:11:8D:71:7D:88:F0
Certificate issuer:       /CN=6857a9bb297f0b3c444ab0af673a52750e979b4e
Certificate serial:       018CCA2992D38EE71B3D46FDF80C39B93F01
Authority key identifier: 68:57:A9:BB:29:7F:0B:3C:44:4A:B0:AF:67:3A:52:75:0E:97:9B:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aFepuyl_CzxESrCvZzpSdQ6Xm04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/DBXCygkHPRngmQrhrQMRjXF9iPA.roa
Signing time:             Tue 02 Jan 2024 12:32:51 +0000
ROA not before:           Tue 02 Jan 2024 12:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.14.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/aFepuyl_CzxESrCvZzpSdQ6Xm04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/aFepuyl_CzxESrCvZzpSdQ6Xm04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aFepuyl_CzxESrCvZzpSdQ6Xm04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:92:d3:8e:e7:1b:3d:46:fd:f8:0c:39:b9:3f:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6857a9bb297f0b3c444ab0af673a52750e979b4e
        Validity
            Not Before: Jan  2 12:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c15c2ca09073d19e0990ae1ad03118d717d88f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:74:c7:d4:97:6f:0c:81:32:bb:af:3a:f6:
                    f4:1f:c3:25:04:e9:9c:17:d4:be:39:81:24:73:05:
                    95:46:95:b3:ca:cd:d7:17:61:3d:8c:e5:a1:42:96:
                    3e:d7:75:66:8f:49:77:67:66:f5:85:d6:d8:80:65:
                    3d:b3:d9:42:4d:78:e2:d6:c4:6d:1f:df:cd:97:25:
                    5e:28:0f:77:44:92:d5:f2:28:4e:82:15:e9:f2:aa:
                    9d:56:69:27:6a:de:34:34:10:25:f5:57:b5:4e:b0:
                    76:03:bb:4f:6a:55:3c:93:74:49:87:08:19:1a:00:
                    91:79:82:ea:88:75:7f:66:6e:28:37:bb:07:43:99:
                    d8:e4:98:e7:14:b1:d8:31:90:e5:23:b2:be:a4:1a:
                    7b:33:12:36:65:d5:fc:ce:ba:4b:a0:2b:42:04:1c:
                    f6:0f:71:7c:50:4e:93:91:50:b0:42:07:76:2b:6d:
                    64:15:e7:28:88:94:c0:c4:25:00:c5:3b:f3:f2:24:
                    3d:40:58:08:5f:be:d9:98:f8:b6:70:e7:10:5a:61:
                    a3:ed:78:be:e0:5c:52:29:7a:85:54:6e:82:0b:1b:
                    bc:98:c7:35:a5:f9:fe:c8:18:ec:34:c0:a9:3c:70:
                    51:be:1a:e1:22:71:2c:9c:21:79:9d:66:c6:8e:86:
                    47:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:15:C2:CA:09:07:3D:19:E0:99:0A:E1:AD:03:11:8D:71:7D:88:F0
            X509v3 Authority Key Identifier:
                keyid:68:57:A9:BB:29:7F:0B:3C:44:4A:B0:AF:67:3A:52:75:0E:97:9B:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aFepuyl_CzxESrCvZzpSdQ6Xm04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/DBXCygkHPRngmQrhrQMRjXF9iPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/9d0a15-d546-4970-9a81-8596c2af9dcc/1/aFepuyl_CzxESrCvZzpSdQ6Xm04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.14.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:f2:3f:58:2f:27:7a:50:91:8a:7b:e4:5a:ab:ab:e6:28:d0:
         17:1b:f9:4b:2e:f8:a7:2b:e3:7f:bd:4a:f1:7a:b6:79:c9:42:
         2c:41:ab:16:d6:38:28:1b:25:62:48:c7:f8:ee:78:8c:a1:45:
         14:25:61:ee:0a:e3:65:f0:f2:b3:cc:1a:7d:8b:b7:89:28:ac:
         f9:36:d9:d5:be:04:ec:af:40:4a:97:a8:79:54:d3:cc:50:79:
         a5:84:c2:ea:e9:47:b7:61:5d:2b:ef:d2:00:6a:bd:0b:64:24:
         2f:c5:1f:eb:f0:4e:8a:63:0f:c5:63:64:c5:f4:3d:01:e0:51:
         14:6b:bf:d4:48:56:ce:49:e8:f9:a7:7b:3d:bb:61:a9:37:3a:
         5b:4c:81:6e:a8:ba:47:ca:a8:51:a8:76:e2:e1:2d:44:6b:74:
         ac:92:23:20:05:47:2a:fb:90:b5:25:0e:8a:07:22:88:74:54:
         b8:fd:a8:d0:d3:f2:b1:6a:a5:8b:88:09:e8:22:bc:ce:1a:1f:
         eb:65:25:48:cf:d8:c8:f0:8c:67:0c:0a:55:5f:f0:18:12:ef:
         fb:e3:aa:92:d4:45:48:23:3e:34:7d:f7:a6:9b:23:44:83:96:
         5c:de:9e:a6:cb:a3:07:e7:dd:d3:35:d1:3d:a7:21:f9:df:29:
         65:f3:93:ee
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzKKZLTjucbPUb9+Aw5uT8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NTdhOWJiMjk3ZjBiM2M0NDRhYjBhZjY3M2E1Mjc1MGU5
NzliNGUwHhcNMjQwMTAyMTIzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzE1YzJjYTA5MDczZDE5ZTA5OTBhZTFhZDAzMTE4ZDcxN2Q4OGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcV0x9SXbwyBMruvOvb0H8MlBOmc
F9S+OYEkcwWVRpWzys3XF2E9jOWhQpY+13Vmj0l3Z2b1hdbYgGU9s9lCTXji1sRt
H9/NlyVeKA93RJLV8ihOghXp8qqdVmknat40NBAl9Ve1TrB2A7tPalU8k3RJhwgZ
GgCReYLqiHV/Zm4oN7sHQ5nY5JjnFLHYMZDlI7K+pBp7MxI2ZdX8zrpLoCtCBBz2
D3F8UE6TkVCwQgd2K21kFecoiJTAxCUAxTvz8iQ9QFgIX77ZmPi2cOcQWmGj7Xi+
4FxSKXqFVG6CCxu8mMc1pfn+yBjsNMCpPHBRvhrhInEsnCF5nWbGjoZHMwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAwVwsoJBz0Z4JkK4a0DEY1xfYjwMB8GA1UdIwQY
MBaAFGhXqbspfws8REqwr2c6UnUOl5tOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUZlcHV5bF9DenhFU3JDdlp6cFNkUTZYbTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85ZDBhMTUtZDU0Ni00OTcwLTlhODEt
ODU5NmMyYWY5ZGNjLzEvREJYQ3lna0hQUm5nbVFyaHJRTVJqWEY5aVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85ZDBhMTUtZDU0Ni00OTcwLTlhODEtODU5NmMyYWY5ZGNj
LzEvYUZlcHV5bF9DenhFU3JDdlp6cFNkUTZYbTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQ4wDQYJ
KoZIhvcNAQELBQADggEBAHbyP1gvJ3pQkYp75Fqrq+Yo0Bcb+Usu+Kcr43+9SvF6
tnnJQixBqxbWOCgbJWJIx/jueIyhRRQlYe4K42Xw8rPMGn2Lt4korPk22dW+BOyv
QEqXqHlU08xQeaWEwurpR7dhXSvv0gBqvQtkJC/FH+vwTopjD8VjZMX0PQHgURRr
v9RIVs5J6Pmnez27Yak3OltMgW6oukfKqFGoduLhLURrdKySIyAFRyr7kLUlDooH
Ioh0VLj9qNDT8rFqpYuICegivM4aH+tlJUjP2MjwjGcMClVf8BgS7/vjqpLURUgj
PjR996abI0SDllzenqbLowfn3dM10T2nIfnfKWXzk+4=
-----END CERTIFICATE-----