Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/grzrGg4_ToMbBX9iaB8jKFatUlk.roa
File:                     grzrGg4_ToMbBX9iaB8jKFatUlk.roa (raw, json)
Hash identifier:          rjONq1y4IsPKttoDvDDiwmzXpuQJimcBu0cOd2DCgNI=
Subject key identifier:   82:BC:EB:1A:0E:3F:4E:83:1B:05:7F:62:68:1F:23:28:56:AD:52:59
Certificate issuer:       /CN=74f9369c6e23c1bf0dbed301c7d00b4a3fdf0d04
Certificate serial:       018CC3488E28F309D7986C0622981EBAA82A
Authority key identifier: 74:F9:36:9C:6E:23:C1:BF:0D:BE:D3:01:C7:D0:0B:4A:3F:DF:0D:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/grzrGg4_ToMbBX9iaB8jKFatUlk.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        130.73.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8e:28:f3:09:d7:98:6c:06:22:98:1e:ba:a8:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74f9369c6e23c1bf0dbed301c7d00b4a3fdf0d04
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82bceb1a0e3f4e831b057f62681f232856ad5259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b9:ba:1a:91:67:d7:1a:94:d3:72:ab:1b:50:
                    18:7f:da:dd:ef:a4:4b:17:e3:7e:f9:d7:a6:cf:db:
                    3d:40:6a:0a:9d:0d:65:ad:0b:17:60:10:e0:bd:7f:
                    d6:f1:10:f8:5f:f6:08:52:a1:c4:7e:0a:41:47:6d:
                    d7:93:ae:4f:c5:42:55:0b:52:59:f5:62:d5:8a:d6:
                    1a:df:73:c5:93:c1:35:50:85:54:db:27:63:17:50:
                    79:b3:f3:67:53:f7:f6:73:79:e3:c5:61:a7:3f:b3:
                    5e:ea:47:f9:47:27:d0:ba:f4:94:2f:55:07:43:c4:
                    98:fa:11:64:90:32:bb:a1:f7:56:70:f7:42:5e:fa:
                    93:31:ed:52:b2:92:c7:55:22:be:97:b7:9d:3c:d4:
                    e4:13:55:80:0d:03:70:8c:8b:a5:8e:e3:40:81:32:
                    a1:3f:49:a1:e5:d7:db:ca:06:20:20:bd:85:04:44:
                    68:e9:56:2e:96:22:fd:aa:9b:e4:72:b1:33:df:af:
                    51:91:fd:f2:39:bb:7b:dd:71:9f:48:b5:90:b5:22:
                    45:3e:a2:11:b7:f1:a9:8a:d5:28:da:5c:b4:11:d5:
                    4a:4a:7f:7c:58:48:24:06:5d:07:a5:68:da:cd:2c:
                    c8:b5:d3:5d:7c:8f:cf:7e:d6:17:f0:7d:32:93:64:
                    21:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:BC:EB:1A:0E:3F:4E:83:1B:05:7F:62:68:1F:23:28:56:AD:52:59
            X509v3 Authority Key Identifier:
                keyid:74:F9:36:9C:6E:23:C1:BF:0D:BE:D3:01:C7:D0:0B:4A:3F:DF:0D:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/grzrGg4_ToMbBX9iaB8jKFatUlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/b9dc4c-643a-41b8-a459-2b518acb78f3/1/dPk2nG4jwb8NvtMBx9ALSj_fDQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b3:b0:25:23:a9:5c:55:5b:f2:69:a4:c4:e6:6c:41:2b:b3:d5:
         d8:f6:4a:d1:b9:e7:bf:ac:7b:14:76:69:d0:be:3d:13:03:f1:
         e1:1d:d3:ba:7e:b4:f4:94:82:7a:bb:17:c9:26:4b:9f:2f:b9:
         a7:32:52:d9:69:f9:7b:78:9f:1a:4b:0b:43:c5:f7:9c:65:11:
         4b:b6:b2:c1:c4:2b:47:e2:ac:c6:9d:49:98:d1:e7:7e:f2:4d:
         45:fc:2e:4d:d9:c4:49:46:a3:89:52:17:bc:9b:23:4c:d6:e1:
         fc:3e:2f:63:f5:ef:58:07:50:38:0d:85:b5:d7:d0:fb:dd:27:
         a6:db:ec:06:98:2f:81:fb:af:02:4f:d6:18:80:90:1e:83:54:
         d9:96:10:35:f3:5a:c3:5d:08:d4:5a:1f:e5:04:c9:cd:cf:b5:
         d4:c2:80:d2:51:0a:fa:12:24:54:f2:3f:e7:10:96:92:6a:11:
         db:43:81:9c:ff:47:2b:f4:b4:a8:38:19:9d:44:85:75:fe:a6:
         66:d0:9f:f7:ce:3c:98:f9:a2:b5:12:bd:1e:b5:d3:4d:b4:fc:
         ac:84:27:90:bf:dd:b6:55:f8:31:49:1c:d4:09:ee:f9:db:d6:
         36:54:79:bb:e2:11:40:62:30:16:23:4a:c3:74:33:e8:7c:37:
         ff:af:f0:a6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDSI4o8wnXmGwGIpgeuqgqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZjkzNjljNmUyM2MxYmYwZGJlZDMwMWM3ZDAwYjRhM2Zk
ZjBkMDQwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmJjZWIxYTBlM2Y0ZTgzMWIwNTdmNjI2ODFmMjMyODU2YWQ1MjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorm6GpFn1xqU03KrG1AYf9rd76RL
F+N++demz9s9QGoKnQ1lrQsXYBDgvX/W8RD4X/YIUqHEfgpBR23Xk65PxUJVC1JZ
9WLVitYa33PFk8E1UIVU2ydjF1B5s/NnU/f2c3njxWGnP7Ne6kf5RyfQuvSUL1UH
Q8SY+hFkkDK7ofdWcPdCXvqTMe1SspLHVSK+l7edPNTkE1WADQNwjIuljuNAgTKh
P0mh5dfbygYgIL2FBERo6VYuliL9qpvkcrEz369Rkf3yObt73XGfSLWQtSJFPqIR
t/GpitUo2ly0EdVKSn98WEgkBl0HpWjazSzItdNdfI/PftYX8H0yk2QhEQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIK86xoOP06DGwV/YmgfIyhWrVJZMB8GA1UdIwQY
MBaAFHT5NpxuI8G/Db7TAcfQC0o/3w0EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFBrMm5HNGp3YjhOdnRNQng5QUxTal9mRFFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9iOWRjNGMtNjQzYS00MWI4LWE0NTkt
MmI1MThhY2I3OGYzLzEvZ3J6ckdnNF9Ub01iQlg5aWFCOGpLRmF0VWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9iOWRjNGMtNjQzYS00MWI4LWE0NTktMmI1MThhY2I3OGYz
LzEvZFBrMm5HNGp3YjhOdnRNQng5QUxTal9mRFFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgkkwDQYJ
KoZIhvcNAQELBQADggEBALOwJSOpXFVb8mmkxOZsQSuz1dj2StG557+sexR2adC+
PRMD8eEd07p+tPSUgnq7F8kmS58vuacyUtlp+Xt4nxpLC0PF95xlEUu2ssHEK0fi
rMadSZjR537yTUX8Lk3ZxElGo4lSF7ybI0zW4fw+L2P171gHUDgNhbXX0PvdJ6bb
7AaYL4H7rwJP1hiAkB6DVNmWEDXzWsNdCNRaH+UEyc3PtdTCgNJRCvoSJFTyP+cQ
lpJqEdtDgZz/Ryv0tKg4GZ1EhXX+pmbQn/fOPJj5orUSvR610020/KyEJ5C/3bZV
+DFJHNQJ7vnb1jZUebviEUBiMBYjSsN0M+h8N/+v8KY=
-----END CERTIFICATE-----