Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/0eOTRvUfv2U1WB9vn7vG_O5V8yY.roa
File:                     0eOTRvUfv2U1WB9vn7vG_O5V8yY.roa (raw, json)
Hash identifier:          nTxK2EwT4ZaDiYgPLZY/9g6pXCPEmEMROlC2hqmY2lI=
Subject key identifier:   D1:E3:93:46:F5:1F:BF:65:35:58:1F:6F:9F:BB:C6:FC:EE:55:F3:26
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       018CC8DE2B7BA8F94B1DCC4FB35308F8DEF6
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/0eOTRvUfv2U1WB9vn7vG_O5V8yY.roa
Signing time:             Tue 02 Jan 2024 06:30:52 +0000
ROA not before:           Tue 02 Jan 2024 06:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137280
IP address blocks:        104.166.180.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2b:7b:a8:f9:4b:1d:cc:4f:b3:53:08:f8:de:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Jan  2 06:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1e39346f51fbf6535581f6f9fbbc6fcee55f326
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:96:59:43:5d:75:d4:eb:25:95:36:2e:cc:b8:
                    58:da:84:ac:51:d9:84:97:4b:e6:3d:8d:c2:d4:3a:
                    ab:b3:58:c4:a3:02:1a:81:8d:ba:ba:d7:04:3e:f4:
                    f4:53:37:1b:b9:58:5b:a8:51:30:4a:b5:aa:c9:39:
                    f9:49:82:75:32:d4:cc:66:16:ef:cf:a7:a3:85:2c:
                    4c:2b:64:80:e9:73:50:93:27:4b:4f:d5:d1:55:1c:
                    63:3d:fb:40:a2:17:06:b7:35:c7:f7:21:4b:1a:8f:
                    43:1d:ab:f9:af:eb:5e:37:ae:5f:68:5a:3b:14:15:
                    65:cd:65:72:0a:6d:87:31:16:ff:20:db:d1:d7:7a:
                    12:14:09:1f:9c:35:3d:87:f9:ba:85:13:1f:bb:66:
                    d1:b0:24:91:55:0f:e7:6a:ea:6d:ad:f6:fb:c5:97:
                    3c:03:e5:e1:d7:3a:f5:81:ca:f2:6a:cb:48:6d:39:
                    84:5d:46:4d:c1:bf:99:69:49:24:be:98:ee:09:98:
                    06:2d:87:43:74:50:56:1b:d9:51:79:26:b9:80:f8:
                    e0:ac:66:6d:bb:e0:f6:6e:53:c0:3b:23:e5:76:64:
                    bb:0e:a8:48:2c:6d:5f:7f:13:2b:88:fa:ad:be:c7:
                    cd:18:91:09:e7:7d:14:b6:f7:d5:e2:d6:92:86:9a:
                    30:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E3:93:46:F5:1F:BF:65:35:58:1F:6F:9F:BB:C6:FC:EE:55:F3:26
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/0eOTRvUfv2U1WB9vn7vG_O5V8yY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.166.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:a8:2b:ef:41:a2:06:1a:96:ea:67:d4:62:38:e3:1d:8d:dd:
         98:b0:af:ee:18:e5:cf:fb:b6:e4:2b:ac:a6:aa:26:a5:16:b3:
         14:c9:c7:dd:f5:ef:b9:63:0f:30:73:c5:3c:d8:65:5b:4c:dc:
         25:43:d6:4f:d0:4c:98:83:b5:ac:54:fd:df:3b:09:0f:b5:cc:
         c3:dd:ba:65:23:d5:85:19:08:e5:e8:dd:ba:a5:64:ac:19:35:
         00:37:ed:7e:4a:cf:d4:d5:76:c8:af:7d:df:3d:0f:8c:1e:b2:
         65:f4:0b:33:9d:28:f6:54:3a:9e:f6:17:b5:fe:56:c8:13:d0:
         68:b0:b7:5a:21:b1:68:25:72:07:64:09:06:ab:6a:ab:bb:27:
         c9:ad:0f:2f:9a:1f:d1:0c:ad:4b:76:b2:19:d7:3e:a1:90:2c:
         53:75:e7:e9:d3:38:f0:a4:e5:73:de:e9:3c:07:c0:ae:a7:47:
         22:dc:64:4f:d6:74:8b:33:c5:8f:7b:e1:64:92:34:da:e8:9a:
         57:29:17:f0:df:73:1d:ea:7b:75:bb:ec:64:46:62:a1:2d:fe:
         52:7b:6f:67:ad:d7:fb:07:88:3a:2d:8a:bd:18:2e:63:75:0e:
         e9:2b:70:e6:c5:1c:3b:d7:29:04:8d:6d:f3:11:cb:51:05:05:
         dc:5a:23:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3it7qPlLHcxPs1MI+N72MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjQwMTAyMDYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWUzOTM0NmY1MWZiZjY1MzU1ODFmNmY5ZmJiYzZmY2VlNTVmMzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5ZZQ1111OsllTYuzLhY2oSsUdmE
l0vmPY3C1Dqrs1jEowIagY26utcEPvT0UzcbuVhbqFEwSrWqyTn5SYJ1MtTMZhbv
z6ejhSxMK2SA6XNQkydLT9XRVRxjPftAohcGtzXH9yFLGo9DHav5r+teN65faFo7
FBVlzWVyCm2HMRb/INvR13oSFAkfnDU9h/m6hRMfu2bRsCSRVQ/nauptrfb7xZc8
A+Xh1zr1gcryastIbTmEXUZNwb+ZaUkkvpjuCZgGLYdDdFBWG9lReSa5gPjgrGZt
u+D2blPAOyPldmS7DqhILG1ffxMriPqtvsfNGJEJ530UtvfV4taShpow2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHjk0b1H79lNVgfb5+7xvzuVfMmMB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvMGVPVFJ2VWZ2MlUxV0I5dm43dkdfTzVWOHlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBaKa0MA0G
CSqGSIb3DQEBCwUAA4IBAQAmqCvvQaIGGpbqZ9RiOOMdjd2YsK/uGOXP+7bkK6ym
qialFrMUycfd9e+5Yw8wc8U82GVbTNwlQ9ZP0EyYg7WsVP3fOwkPtczD3bplI9WF
GQjl6N26pWSsGTUAN+1+Ss/U1XbIr33fPQ+MHrJl9AsznSj2VDqe9he1/lbIE9Bo
sLdaIbFoJXIHZAkGq2qruyfJrQ8vmh/RDK1LdrIZ1z6hkCxTdefp0zjwpOVz3uk8
B8Cup0ci3GRP1nSLM8WPe+FkkjTa6JpXKRfw33Md6nt1u+xkRmKhLf5Se29nrdf7
B4g6LYq9GC5jdQ7pK3DmxRw71ykEjW3zEctRBQXcWiNY
-----END CERTIFICATE-----