Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/by_SZNcpR0i-I5Z-Q1D6tF5jGRA.roa
File:                     by_SZNcpR0i-I5Z-Q1D6tF5jGRA.roa (raw, json)
Hash identifier:          F4BXoqT1mhlVmss7SbYRNk6c0UdZ0OW4oill4GIp0DQ=
Subject key identifier:   6F:2F:D2:64:D7:29:47:48:BE:23:96:7E:43:50:FA:B4:5E:63:19:10
Certificate issuer:       /CN=77292dc63718eebc704ab002ecb81d3d52d4d1c3
Certificate serial:       018CC726AE0BDCBF5BE0962E9C75199DAAE3
Authority key identifier: 77:29:2D:C6:37:18:EE:BC:70:4A:B0:02:EC:B8:1D:3D:52:D4:D1:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/by_SZNcpR0i-I5Z-Q1D6tF5jGRA.roa
Signing time:             Mon 01 Jan 2024 22:30:49 +0000
ROA not before:           Mon 01 Jan 2024 22:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15435
IP address blocks:        193.176.104.0/21 maxlen: 24
                          2001:67c:460::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ae:0b:dc:bf:5b:e0:96:2e:9c:75:19:9d:aa:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77292dc63718eebc704ab002ecb81d3d52d4d1c3
        Validity
            Not Before: Jan  1 22:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f2fd264d7294748be23967e4350fab45e631910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:40:18:31:65:78:ef:52:e0:6f:92:4e:67:45:
                    d3:19:97:5f:67:48:11:b0:cc:ba:ff:61:73:f7:2c:
                    95:30:fe:09:d2:da:2e:56:7d:56:41:cd:66:fb:73:
                    66:3d:90:ac:74:50:f9:a4:52:a8:19:3f:1a:9b:4a:
                    44:1c:ec:ca:b7:d1:fa:cf:37:dc:3e:86:41:16:e3:
                    c6:52:3c:2b:93:29:5f:28:82:12:55:1e:b2:6b:e7:
                    4b:40:33:6b:6c:42:4d:6a:3d:39:2b:64:57:5c:cd:
                    34:6b:ce:e3:bb:18:8d:5b:da:df:b5:15:f2:88:af:
                    7c:2d:4b:80:68:bc:a3:43:b7:7b:4b:5f:e4:ca:29:
                    c7:9b:f7:ff:dc:09:d5:cf:0d:8c:01:60:95:4e:84:
                    27:a2:2b:44:3d:cb:e2:ae:b4:51:76:04:59:8a:02:
                    dc:c7:bd:61:63:46:29:42:69:d5:3d:e1:9d:53:ee:
                    5a:3f:bd:a4:3d:a6:a7:b8:44:01:01:40:bc:91:40:
                    30:a6:6e:a7:ab:25:71:40:78:91:46:b9:04:90:47:
                    62:3e:d5:ed:3c:7f:20:79:75:d6:45:0f:9b:0d:e9:
                    ad:95:28:de:ac:7d:07:d9:7d:aa:35:67:42:02:cb:
                    c2:66:dd:90:01:e6:66:91:24:9a:99:c5:88:24:26:
                    e6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:2F:D2:64:D7:29:47:48:BE:23:96:7E:43:50:FA:B4:5E:63:19:10
            X509v3 Authority Key Identifier:
                keyid:77:29:2D:C6:37:18:EE:BC:70:4A:B0:02:EC:B8:1D:3D:52:D4:D1:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/by_SZNcpR0i-I5Z-Q1D6tF5jGRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.104.0/21
                IPv6:
                  2001:67c:460::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:af:29:af:ea:2f:dd:5f:fb:5c:34:0c:1b:f0:f2:93:f0:d6:
         5d:f4:bb:4a:52:32:1e:9d:e1:5d:c3:e4:c7:62:33:fb:29:26:
         9c:37:f8:31:f9:31:05:0f:a7:05:76:ef:c8:92:b7:38:92:eb:
         e3:4d:57:82:48:ae:64:24:41:0b:0f:24:24:12:66:0e:81:e0:
         01:39:f7:8c:c2:8a:9f:e6:f5:16:14:2e:fe:95:a4:1f:61:09:
         bc:6c:9c:54:3b:c3:cd:a9:9d:4d:f4:8a:82:36:a7:63:da:75:
         04:d3:d5:56:38:db:e1:84:5f:c4:6a:d6:24:9d:6e:fd:49:e6:
         ad:10:4a:db:bc:d8:0d:31:64:84:cf:d1:f4:11:02:92:19:d5:
         4e:65:1e:99:dc:85:db:21:9f:61:35:2b:b8:ff:bd:e1:7d:7b:
         2a:92:8d:4f:28:3c:4f:33:a6:80:04:02:92:61:70:8b:38:cd:
         ab:43:65:dc:04:98:e2:8f:81:7b:3f:fe:85:f1:5e:44:e1:ee:
         52:b5:97:6a:11:94:9d:5e:52:e9:78:08:0a:2a:27:ea:63:96:
         f2:c7:ba:20:12:f9:fc:ae:f3:70:20:99:3e:89:c9:b1:06:19:
         22:e5:67:be:9b:1a:99:ec:5d:9c:85:ea:b8:39:b7:82:72:e6:
         1f:2c:95:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJq4L3L9b4JYunHUZnarjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MjkyZGM2MzcxOGVlYmM3MDRhYjAwMmVjYjgxZDNkNTJk
NGQxYzMwHhcNMjQwMTAxMjIzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjJmZDI2NGQ3Mjk0NzQ4YmUyMzk2N2U0MzUwZmFiNDVlNjMxOTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0AYMWV471Lgb5JOZ0XTGZdfZ0gR
sMy6/2Fz9yyVMP4J0touVn1WQc1m+3NmPZCsdFD5pFKoGT8am0pEHOzKt9H6zzfc
PoZBFuPGUjwrkylfKIISVR6ya+dLQDNrbEJNaj05K2RXXM00a87juxiNW9rftRXy
iK98LUuAaLyjQ7d7S1/kyinHm/f/3AnVzw2MAWCVToQnoitEPcvirrRRdgRZigLc
x71hY0YpQmnVPeGdU+5aP72kPaanuEQBAUC8kUAwpm6nqyVxQHiRRrkEkEdiPtXt
PH8geXXWRQ+bDemtlSjerH0H2X2qNWdCAsvCZt2QAeZmkSSamcWIJCbmPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG8v0mTXKUdIviOWfkNQ+rReYxkQMB8GA1UdIwQY
MBaAFHcpLcY3GO68cEqwAuy4HT1S1NHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHlrdHhqY1k3cnh3U3JBQzdMZ2RQVkxVMGNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82NTc2NGEtZGQ4ZS00MDFiLWI3MzEt
ZDljNWQyNjQxOWIyLzEvYnlfU1pOY3BSMGktSTVaLVExRDZ0RjVqR1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82NTc2NGEtZGQ4ZS00MDFiLWI3MzEtZDljNWQyNjQxOWIy
LzEvZHlrdHhqY1k3cnh3U3JBQzdMZ2RQVkxVMGNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwbBoMA8E
AgACMAkDBwAgAQZ8BGAwDQYJKoZIhvcNAQELBQADggEBAKSvKa/qL91f+1w0DBvw
8pPw1l30u0pSMh6d4V3D5MdiM/spJpw3+DH5MQUPpwV278iStziS6+NNV4JIrmQk
QQsPJCQSZg6B4AE594zCip/m9RYULv6VpB9hCbxsnFQ7w82pnU30ioI2p2PadQTT
1VY42+GEX8Rq1iSdbv1J5q0QStu82A0xZITP0fQRApIZ1U5lHpnchdshn2E1K7j/
veF9eyqSjU8oPE8zpoAEApJhcIs4zatDZdwEmOKPgXs//oXxXkTh7lK1l2oRlJ1e
Uul4CAoqJ+pjlvLHuiAS+fyu83AgmT6JybEGGSLlZ76bGpnsXZyF6rg5t4Jy5h8s
lTI=
-----END CERTIFICATE-----