Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/DnEq13a8cTWsHBKdMy2a0YYIULg.roa
File:                     DnEq13a8cTWsHBKdMy2a0YYIULg.roa (raw, json)
Hash identifier:          arpusWKaIbRI0rfv/nx9iri43hg4P85rSlwd0LKO6No=
Subject key identifier:   0E:71:2A:D7:76:BC:71:35:AC:1C:12:9D:33:2D:9A:D1:86:08:50:B8
Certificate issuer:       /CN=153d072ccef00bf464d660dbd05dada1da33d2c8
Certificate serial:       018CC2DACD7B17F2E6FE563C359DE7A113F7
Authority key identifier: 15:3D:07:2C:CE:F0:0B:F4:64:D6:60:DB:D0:5D:AD:A1:DA:33:D2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FT0HLM7wC_Rk1mDb0F2todoz0sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/DnEq13a8cTWsHBKdMy2a0YYIULg.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        77.73.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/FT0HLM7wC_Rk1mDb0F2todoz0sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/FT0HLM7wC_Rk1mDb0F2todoz0sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FT0HLM7wC_Rk1mDb0F2todoz0sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cd:7b:17:f2:e6:fe:56:3c:35:9d:e7:a1:13:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=153d072ccef00bf464d660dbd05dada1da33d2c8
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e712ad776bc7135ac1c129d332d9ad1860850b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ab:56:3a:9a:ec:8a:08:24:fe:50:a7:17:3d:
                    5f:1b:6d:1a:f7:27:2e:6a:23:58:6d:05:bd:d9:d4:
                    61:1b:df:46:2f:60:6b:fb:38:47:b6:53:f3:43:38:
                    bf:d6:49:ab:55:68:85:66:0d:87:ad:b8:5e:50:d5:
                    c1:33:33:dc:09:7b:15:3a:2a:d9:9f:b2:87:dc:ee:
                    79:c6:19:2b:3e:ef:4b:e8:a5:a6:43:66:a5:7f:cb:
                    55:c2:1b:88:6d:65:de:2a:6a:01:e9:84:42:3b:d0:
                    ea:fd:7a:5a:fc:3e:4c:9e:74:f1:be:37:5f:47:a3:
                    f8:6d:9c:5d:98:46:50:93:c0:23:e0:24:95:18:37:
                    87:4d:08:90:4b:fa:97:ad:b9:e5:2a:f5:8c:a4:4e:
                    07:2e:a9:c9:01:bf:ff:77:80:18:00:cd:4a:db:c1:
                    77:63:04:6c:b2:fe:1e:a2:ea:dd:42:b6:2e:85:4e:
                    66:80:72:66:75:ca:04:43:66:0d:e4:7c:a6:40:eb:
                    be:8f:55:4a:4b:b4:0a:fc:d0:26:18:43:69:2f:f0:
                    67:e7:40:69:51:95:7a:c4:de:5f:1b:67:01:eb:b6:
                    a0:89:22:9c:a0:30:74:06:f2:37:6b:fe:87:65:e8:
                    94:06:ed:e4:45:66:75:ac:11:3d:75:ff:49:7f:81:
                    f4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:71:2A:D7:76:BC:71:35:AC:1C:12:9D:33:2D:9A:D1:86:08:50:B8
            X509v3 Authority Key Identifier:
                keyid:15:3D:07:2C:CE:F0:0B:F4:64:D6:60:DB:D0:5D:AD:A1:DA:33:D2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FT0HLM7wC_Rk1mDb0F2todoz0sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/DnEq13a8cTWsHBKdMy2a0YYIULg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/FT0HLM7wC_Rk1mDb0F2todoz0sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:0e:d5:e1:76:27:2e:6c:cb:ab:ed:aa:7c:65:b5:d6:63:b7:
         49:85:c7:f9:25:23:53:83:55:8e:30:f5:35:56:2c:9c:f8:f8:
         9f:ea:bb:ac:22:b5:f2:c4:ee:87:2b:ef:cb:9d:43:e9:ec:6f:
         7e:35:4d:ae:eb:13:29:38:0d:82:6a:34:62:ad:9e:db:33:53:
         8d:9b:af:83:74:c2:a7:65:e5:d7:06:0f:2e:8a:c4:fc:ab:a3:
         c1:74:2b:40:84:e2:54:3a:af:1c:73:39:74:36:60:1b:e6:7d:
         aa:1a:e5:1b:d6:34:a2:88:12:2a:7e:25:4b:5a:48:a7:c3:56:
         89:94:28:6f:a1:e8:c1:41:02:6e:a4:a5:7f:1f:30:0a:ef:a0:
         44:f2:66:9b:b5:24:33:4b:9c:d1:ed:21:d5:69:b8:75:cc:d6:
         ae:9e:06:80:47:21:7d:b9:19:10:13:ed:a0:d7:fa:ce:0d:cc:
         50:9c:c8:25:e1:17:be:f7:ff:f3:95:b2:7a:f1:26:9d:ee:21:
         e4:fb:92:d8:45:b7:ac:2e:da:ab:d0:30:62:6e:02:aa:72:42:
         92:9d:26:7e:31:7f:d3:05:77:93:43:f5:28:2e:2e:c6:ee:28:
         1d:84:75:34:c8:d9:aa:80:ad:4e:de:35:7e:74:b0:4a:99:06:
         7c:7f:c9:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2s17F/Lm/lY8NZ3noRP3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1M2QwNzJjY2VmMDBiZjQ2NGQ2NjBkYmQwNWRhZGExZGEz
M2QyYzgwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTcxMmFkNzc2YmM3MTM1YWMxYzEyOWQzMzJkOWFkMTg2MDg1MGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqtWOprsiggk/lCnFz1fG20a9ycu
aiNYbQW92dRhG99GL2Br+zhHtlPzQzi/1kmrVWiFZg2HrbheUNXBMzPcCXsVOirZ
n7KH3O55xhkrPu9L6KWmQ2alf8tVwhuIbWXeKmoB6YRCO9Dq/Xpa/D5MnnTxvjdf
R6P4bZxdmEZQk8Aj4CSVGDeHTQiQS/qXrbnlKvWMpE4HLqnJAb//d4AYAM1K28F3
YwRssv4eourdQrYuhU5mgHJmdcoEQ2YN5HymQOu+j1VKS7QK/NAmGENpL/Bn50Bp
UZV6xN5fG2cB67agiSKcoDB0BvI3a/6HZeiUBu3kRWZ1rBE9df9Jf4H0ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5xKtd2vHE1rBwSnTMtmtGGCFC4MB8GA1UdIwQY
MBaAFBU9ByzO8Av0ZNZg29BdraHaM9LIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlQwSExNN3dDX1JrMW1EYjBGMnRvZG96MHNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC82NGIxZTYtMGExZi00MGVjLTk0Mzct
MDRhNGMyYzQxYzM0LzEvRG5FcTEzYThjVFdzSEJLZE15MmEwWVlJVUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC82NGIxZTYtMGExZi00MGVjLTk0MzctMDRhNGMyYzQxYzM0
LzEvRlQwSExNN3dDX1JrMW1EYjBGMnRvZG96MHNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUnZMA0G
CSqGSIb3DQEBCwUAA4IBAQBjDtXhdicubMur7ap8ZbXWY7dJhcf5JSNTg1WOMPU1
Viyc+Pif6rusIrXyxO6HK+/LnUPp7G9+NU2u6xMpOA2CajRirZ7bM1ONm6+DdMKn
ZeXXBg8uisT8q6PBdCtAhOJUOq8cczl0NmAb5n2qGuUb1jSiiBIqfiVLWkinw1aJ
lChvoejBQQJupKV/HzAK76BE8mabtSQzS5zR7SHVabh1zNaungaARyF9uRkQE+2g
1/rODcxQnMgl4Re+9//zlbJ68Sad7iHk+5LYRbesLtqr0DBibgKqckKSnSZ+MX/T
BXeTQ/UoLi7G7igdhHU0yNmqgK1O3jV+dLBKmQZ8f8mu
-----END CERTIFICATE-----