Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/27fce1-11ce-4a32-a649-e076b51721ad/1/e2tteiUYYsGDFXhg_RQB3hpOH4E.roa
File:                     e2tteiUYYsGDFXhg_RQB3hpOH4E.roa (raw, json)
Hash identifier:          QniQF5ent/3oz4voSX+fY0kSPMQvjk0oZexXvfqN+fU=
Subject key identifier:   7B:6B:6D:7A:25:18:62:C1:83:15:78:60:FD:14:01:DE:1A:4E:1F:81
Certificate issuer:       /CN=7f6a8e5d55c2498a82636f99f8fc9e319e07771e
Certificate serial:       018CC4245D4A59A1E0619912F273F0F7CEF0
Authority key identifier: 7F:6A:8E:5D:55:C2:49:8A:82:63:6F:99:F8:FC:9E:31:9E:07:77:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2qOXVXCSYqCY2-Z-PyeMZ4Hdx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/27fce1-11ce-4a32-a649-e076b51721ad/1/e2tteiUYYsGDFXhg_RQB3hpOH4E.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49855
IP address blocks:        202.49.88.0/23 maxlen: 23
                          91.212.95.0/24 maxlen: 24
                          2001:67c:18e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/27fce1-11ce-4a32-a649-e076b51721ad/1/f2qOXVXCSYqCY2-Z-PyeMZ4Hdx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/27fce1-11ce-4a32-a649-e076b51721ad/1/f2qOXVXCSYqCY2-Z-PyeMZ4Hdx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2qOXVXCSYqCY2-Z-PyeMZ4Hdx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5d:4a:59:a1:e0:61:99:12:f2:73:f0:f7:ce:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6a8e5d55c2498a82636f99f8fc9e319e07771e
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b6b6d7a251862c183157860fd1401de1a4e1f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:63:31:a2:32:5c:a7:79:82:38:9b:26:36:16:
                    55:63:94:82:3f:12:0b:4b:52:97:09:16:68:ef:7e:
                    28:2f:9f:6a:32:8a:0c:50:9e:52:48:65:50:2b:f8:
                    42:82:4c:42:3e:9d:93:b9:22:11:3e:88:67:14:51:
                    4e:d4:05:31:01:b1:5c:34:47:79:af:a4:33:b3:71:
                    9c:75:ef:1b:06:06:0e:5b:5d:a6:e4:6a:be:d8:1c:
                    22:29:a0:2a:77:e5:da:07:f9:dd:52:b7:c7:c0:a6:
                    cc:4a:fe:bb:84:44:4a:31:59:0b:cd:df:68:62:6a:
                    1e:7e:b2:49:53:bc:1d:72:51:3f:71:6e:f2:e2:c7:
                    35:23:a6:6b:6f:ce:ad:7c:f8:ab:43:53:9d:1f:3d:
                    6d:db:2c:42:07:d9:ac:69:cd:c7:c3:42:d3:df:b0:
                    36:3a:5f:fe:4e:fd:b5:b5:76:61:db:61:48:e2:3d:
                    36:de:73:ff:d7:9a:3a:0e:07:c4:c4:cd:3c:97:35:
                    47:ea:12:db:1f:c4:11:f8:ab:c0:d4:ff:39:5f:fd:
                    13:a1:95:a3:42:e6:47:5c:e0:41:f8:d5:eb:cc:91:
                    0c:34:8f:fe:4b:13:b6:07:d5:d8:5e:e5:69:d0:ca:
                    e7:17:bd:d7:c1:e3:b7:ee:75:b1:50:e7:65:ac:e8:
                    97:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:6B:6D:7A:25:18:62:C1:83:15:78:60:FD:14:01:DE:1A:4E:1F:81
            X509v3 Authority Key Identifier:
                keyid:7F:6A:8E:5D:55:C2:49:8A:82:63:6F:99:F8:FC:9E:31:9E:07:77:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2qOXVXCSYqCY2-Z-PyeMZ4Hdx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/27fce1-11ce-4a32-a649-e076b51721ad/1/e2tteiUYYsGDFXhg_RQB3hpOH4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/27fce1-11ce-4a32-a649-e076b51721ad/1/f2qOXVXCSYqCY2-Z-PyeMZ4Hdx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.95.0/24
                  202.49.88.0/23
                IPv6:
                  2001:67c:18e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:9c:5a:be:ce:98:69:d1:81:99:d2:a6:f3:7c:90:43:b1:e7:
         fc:ea:d8:c1:93:30:c8:c1:dc:bf:96:54:b5:53:c4:56:c9:1d:
         a4:0e:b4:a9:b5:b4:55:3f:3c:e1:30:b0:ee:3d:37:1a:38:21:
         e2:7c:0a:52:61:4d:1e:1e:c9:bc:f1:e3:7e:2c:fc:7e:3d:15:
         7c:8d:8c:3a:af:c7:26:d9:0b:52:cb:b2:65:e9:45:68:ac:16:
         17:80:ed:3e:98:26:38:6f:36:e0:fe:6f:0e:40:33:eb:8d:75:
         1f:95:be:2c:b6:cb:1d:51:b5:6a:25:34:6f:fa:a2:31:7c:ed:
         c3:34:bc:e5:84:66:c2:41:50:6b:18:71:21:8c:29:8a:d4:c6:
         ca:9d:0a:24:dd:21:6e:3a:65:1b:10:bb:a8:9d:78:80:47:a8:
         13:ed:0d:b5:6f:e5:80:e5:4f:e9:6d:ea:59:56:24:94:4e:93:
         fd:b0:b3:5f:b2:9b:2f:cf:66:8d:95:95:69:8b:cc:b7:da:82:
         26:a9:e2:8b:77:80:4f:26:68:26:a3:8b:fc:ac:ad:af:fc:b5:
         29:5f:65:b8:8b:c5:7b:3d:75:4e:ad:38:56:cc:03:48:13:68:
         ab:9e:ca:9b:3d:41:16:ba:f8:31:4a:50:71:a9:de:f2:4a:5a:
         e6:9a:36:97
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzEJF1KWaHgYZkS8nPw987wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmE4ZTVkNTVjMjQ5OGE4MjYzNmY5OWY4ZmM5ZTMxOWUw
Nzc3MWUwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjZiNmQ3YTI1MTg2MmMxODMxNTc4NjBmZDE0MDFkZTFhNGUxZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2MxojJcp3mCOJsmNhZVY5SCPxIL
S1KXCRZo734oL59qMooMUJ5SSGVQK/hCgkxCPp2TuSIRPohnFFFO1AUxAbFcNEd5
r6Qzs3Gcde8bBgYOW12m5Gq+2BwiKaAqd+XaB/ndUrfHwKbMSv67hERKMVkLzd9o
YmoefrJJU7wdclE/cW7y4sc1I6Zrb86tfPirQ1OdHz1t2yxCB9msac3Hw0LT37A2
Ol/+Tv21tXZh22FI4j023nP/15o6DgfExM08lzVH6hLbH8QR+KvA1P85X/0ToZWj
QuZHXOBB+NXrzJEMNI/+SxO2B9XYXuVp0MrnF73XweO37nWxUOdlrOiXIwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHtrbXolGGLBgxV4YP0UAd4aTh+BMB8GA1UdIwQY
MBaAFH9qjl1VwkmKgmNvmfj8njGeB3ceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJxT1hWWENTWXFDWTItWi1QeWVNWjRIZHg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8yN2ZjZTEtMTFjZS00YTMyLWE2NDkt
ZTA3NmI1MTcyMWFkLzEvZTJ0dGVpVVlZc0dERlhoZ19SUUIzaHBPSDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8yN2ZjZTEtMTFjZS00YTMyLWE2NDktZTA3NmI1MTcyMWFk
LzEvZjJxT1hWWENTWXFDWTItWi1QeWVNWjRIZHg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW9RfAwQB
yjFYMA8EAgACMAkDBwAgAQZ8GOgwDQYJKoZIhvcNAQELBQADggEBAHScWr7OmGnR
gZnSpvN8kEOx5/zq2MGTMMjB3L+WVLVTxFbJHaQOtKm1tFU/POEwsO49Nxo4IeJ8
ClJhTR4eybzx434s/H49FXyNjDqvxybZC1LLsmXpRWisFheA7T6YJjhvNuD+bw5A
M+uNdR+Vviy2yx1RtWolNG/6ojF87cM0vOWEZsJBUGsYcSGMKYrUxsqdCiTdIW46
ZRsQu6ideIBHqBPtDbVv5YDlT+lt6llWJJROk/2ws1+ymy/PZo2VlWmLzLfagiap
4ot3gE8maCaji/ysra/8tSlfZbiLxXs9dU6tOFbMA0gTaKueyps9QRa6+DFKUHGp
3vJKWuaaNpc=
-----END CERTIFICATE-----