Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/dNr6Jg5ZKhQN7Gej6-fgtpsrlsE.roa
File:                     dNr6Jg5ZKhQN7Gej6-fgtpsrlsE.roa (raw, json)
Hash identifier:          mjOh3Gj9FM/imlOKDCz3+T7XAcqIeeOO55dWseGNvQ4=
Subject key identifier:   74:DA:FA:26:0E:59:2A:14:0D:EC:67:A3:EB:E7:E0:B6:9B:2B:96:C1
Certificate issuer:       /CN=188ed4884f111939ca6c7f0f34b2792b39b93423
Certificate serial:       018CC5DC01392C49457456B8147D56F9145B
Authority key identifier: 18:8E:D4:88:4F:11:19:39:CA:6C:7F:0F:34:B2:79:2B:39:B9:34:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/dNr6Jg5ZKhQN7Gej6-fgtpsrlsE.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.76.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:01:39:2c:49:45:74:56:b8:14:7d:56:f9:14:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=188ed4884f111939ca6c7f0f34b2792b39b93423
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74dafa260e592a140dec67a3ebe7e0b69b2b96c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ce:03:a4:27:e5:d7:22:a2:84:06:5f:71:93:
                    ef:75:5d:a2:aa:e6:13:bf:71:f4:67:c2:a8:05:bb:
                    7d:91:a9:25:93:d9:59:6c:84:96:4e:ff:ca:57:d1:
                    3e:57:95:f3:9f:4f:15:21:fe:2b:32:b8:5a:92:34:
                    0e:5b:e5:6c:b4:f7:32:f0:2f:25:7c:86:95:7d:83:
                    f4:fc:5d:2b:84:02:f0:ac:d6:98:a7:04:63:6f:b7:
                    68:30:1f:c8:f7:ac:93:f6:2b:7b:cd:c8:24:82:fa:
                    cb:ba:aa:ba:a3:74:3d:55:9c:6f:73:e5:ca:79:c8:
                    d5:03:4b:c3:39:fb:d4:3d:4e:6d:61:71:e4:6e:3b:
                    57:0e:54:a3:6c:dc:37:18:d8:05:76:40:d5:ac:f0:
                    95:4b:d8:10:de:72:77:2e:d8:b0:35:90:97:c8:c0:
                    8a:6e:17:27:7b:f8:cd:e8:5a:e1:67:f1:28:0e:55:
                    b6:53:09:20:ff:f7:c0:e2:61:ee:0c:5a:7d:3b:ca:
                    29:60:99:3f:a8:31:d3:95:6a:63:33:a5:04:a0:50:
                    3d:01:3c:bf:bc:bd:57:42:c1:79:f4:c0:54:af:6b:
                    64:0d:e0:eb:9b:83:30:d5:e4:d3:e4:c5:4a:c8:24:
                    87:4e:a5:37:b8:39:9f:8b:11:b3:54:bf:58:ad:84:
                    36:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:DA:FA:26:0E:59:2A:14:0D:EC:67:A3:EB:E7:E0:B6:9B:2B:96:C1
            X509v3 Authority Key Identifier:
                keyid:18:8E:D4:88:4F:11:19:39:CA:6C:7F:0F:34:B2:79:2B:39:B9:34:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/dNr6Jg5ZKhQN7Gej6-fgtpsrlsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.76.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:92:04:dc:c9:15:9c:80:9e:ea:83:a7:ab:86:4d:18:e4:f3:
         7e:35:a8:f9:06:56:41:0e:32:58:57:3f:ab:65:36:66:ec:70:
         1e:8d:61:ab:5c:00:00:c4:98:57:e6:89:9a:ed:b4:14:8b:a9:
         26:0a:cb:21:15:1f:fb:e4:c3:e3:31:10:49:60:1b:1f:95:a9:
         e7:df:ad:66:fe:40:f3:9a:91:6f:4f:b1:b3:ae:8b:f8:c0:7d:
         c5:c9:f9:ba:13:4d:be:e4:6c:3a:46:17:0d:d5:bb:e8:32:57:
         f7:2a:50:bc:d9:36:19:02:14:36:d9:ec:37:a2:bd:53:d0:aa:
         7f:21:81:2a:d7:a7:99:f7:7e:88:fa:54:58:4e:38:90:3e:0f:
         b3:97:ac:c6:2b:91:74:02:8d:cd:0f:17:ae:55:ae:f7:9d:54:
         29:84:42:44:1a:35:87:e6:eb:9d:cd:7b:60:fe:09:cd:d1:dc:
         6f:5b:60:9a:72:56:6e:4b:ea:73:5c:66:c8:45:89:fa:07:d9:
         18:66:90:d8:e2:fa:fc:1e:b9:74:82:09:8d:fe:02:24:e7:fa:
         4c:54:c6:71:84:9f:f8:34:bd:b2:0f:71:3d:7c:08:5e:45:08:
         e9:34:05:3a:1b:d7:01:c3:5c:86:6d:19:ee:f6:77:a4:e8:a6:
         a0:5a:74:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AE5LElFdFa4FH1W+RRbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OGVkNDg4NGYxMTE5MzljYTZjN2YwZjM0YjI3OTJiMzli
OTM0MjMwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGRhZmEyNjBlNTkyYTE0MGRlYzY3YTNlYmU3ZTBiNjliMmI5NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyM4DpCfl1yKihAZfcZPvdV2iquYT
v3H0Z8KoBbt9kaklk9lZbISWTv/KV9E+V5Xzn08VIf4rMrhakjQOW+VstPcy8C8l
fIaVfYP0/F0rhALwrNaYpwRjb7doMB/I96yT9it7zcgkgvrLuqq6o3Q9VZxvc+XK
ecjVA0vDOfvUPU5tYXHkbjtXDlSjbNw3GNgFdkDVrPCVS9gQ3nJ3LtiwNZCXyMCK
bhcne/jN6FrhZ/EoDlW2Uwkg//fA4mHuDFp9O8opYJk/qDHTlWpjM6UEoFA9ATy/
vL1XQsF59MBUr2tkDeDrm4Mw1eTT5MVKyCSHTqU3uDmfixGzVL9YrYQ2PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTa+iYOWSoUDexno+vn4LabK5bBMB8GA1UdIwQY
MBaAFBiO1IhPERk5ymx/DzSyeSs5uTQjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0k3VWlFOFJHVG5LYkg4UE5MSjVLem01TkNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9iODg1MzItOTk3NC00NjEyLTk0YzQt
NWUwNzc3YjA0MDQ5LzEvZE5yNkpnNVpLaFFON0dlajYtZmd0cHNybHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9iODg1MzItOTk3NC00NjEyLTk0YzQtNWUwNzc3YjA0MDQ5
LzEvR0k3VWlFOFJHVG5LYkg4UE5MSjVLem01TkNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEyaMA0G
CSqGSIb3DQEBCwUAA4IBAQDCkgTcyRWcgJ7qg6erhk0Y5PN+Naj5BlZBDjJYVz+r
ZTZm7HAejWGrXAAAxJhX5oma7bQUi6kmCsshFR/75MPjMRBJYBsflann361m/kDz
mpFvT7Gzrov4wH3Fyfm6E02+5Gw6RhcN1bvoMlf3KlC82TYZAhQ22ew3or1T0Kp/
IYEq16eZ936I+lRYTjiQPg+zl6zGK5F0Ao3NDxeuVa73nVQphEJEGjWH5uudzXtg
/gnN0dxvW2CaclZuS+pzXGbIRYn6B9kYZpDY4vr8Hrl0ggmN/gIk5/pMVMZxhJ/4
NL2yD3E9fAheRQjpNAU6G9cBw1yGbRnu9nek6KagWnTv
-----END CERTIFICATE-----