Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/6eH7D41CMTYuVeT9DJEdZKqpGrQ.roa
File:                     6eH7D41CMTYuVeT9DJEdZKqpGrQ.roa (raw, json)
Hash identifier:          uB7V0W+1j8c7BThtcZYr2yXRXg+LzrVu7JY6KWy6z3E=
Subject key identifier:   E9:E1:FB:0F:8D:42:31:36:2E:55:E4:FD:0C:91:1D:64:AA:A9:1A:B4
Certificate issuer:       /CN=ee3be768d28668f490afb74e9aefe41e03495d7a
Certificate serial:       018CC870B9A8BBEB59F027576982C064948D
Authority key identifier: EE:3B:E7:68:D2:86:68:F4:90:AF:B7:4E:9A:EF:E4:1E:03:49:5D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/6eH7D41CMTYuVeT9DJEdZKqpGrQ.roa
Signing time:             Tue 02 Jan 2024 04:31:19 +0000
ROA not before:           Tue 02 Jan 2024 04:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212579
IP address blocks:        185.19.224.0/22 maxlen: 24
                          185.243.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:b9:a8:bb:eb:59:f0:27:57:69:82:c0:64:94:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee3be768d28668f490afb74e9aefe41e03495d7a
        Validity
            Not Before: Jan  2 04:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9e1fb0f8d4231362e55e4fd0c911d64aaa91ab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:fc:a5:b4:58:ca:c8:92:db:a0:e8:63:ac:8a:
                    e7:23:8d:7d:82:60:c3:59:a3:e1:58:c7:79:07:7d:
                    e6:12:94:b9:d1:f2:13:28:55:21:f9:89:07:f5:90:
                    a3:bf:9c:58:00:94:82:2f:05:7c:ea:9a:b6:2f:ac:
                    27:af:e1:a2:f8:37:c3:bb:49:f8:03:cb:e8:d1:4a:
                    ff:c7:24:d6:12:94:84:dc:78:b1:8c:7d:00:9b:bf:
                    09:c3:cf:27:aa:62:95:d5:d1:0e:fc:9b:28:a1:f3:
                    43:97:60:5b:fc:cc:7e:aa:36:08:a2:d1:2b:1f:47:
                    84:be:4d:50:f7:f9:bb:1b:7e:92:db:8e:64:2a:f6:
                    ba:71:77:63:6a:b4:d3:e6:04:fe:90:0b:5c:8a:09:
                    3a:9d:3a:67:93:43:f3:05:84:43:14:6a:e3:23:3e:
                    44:c1:af:a6:32:27:f4:22:e0:11:05:c2:31:b5:fa:
                    22:49:52:ba:7b:bc:c9:b4:c2:4e:2c:5f:b5:a8:66:
                    0a:43:da:85:9b:68:e7:4e:27:09:ca:26:be:9f:8a:
                    3a:ec:0f:60:6d:ac:03:83:b2:4c:d3:93:9c:82:86:
                    37:55:ef:2f:5f:9e:41:00:38:93:8b:8d:60:d7:3f:
                    22:7e:82:8c:22:1b:10:3a:58:8c:06:c3:53:8c:3a:
                    de:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E1:FB:0F:8D:42:31:36:2E:55:E4:FD:0C:91:1D:64:AA:A9:1A:B4
            X509v3 Authority Key Identifier:
                keyid:EE:3B:E7:68:D2:86:68:F4:90:AF:B7:4E:9A:EF:E4:1E:03:49:5D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/6eH7D41CMTYuVeT9DJEdZKqpGrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.224.0/22
                  185.243.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:42:6b:7d:fa:9d:cb:f6:a9:c3:e8:35:2a:21:7e:e5:ed:0b:
         b1:49:55:c4:7a:73:79:c0:d9:c6:f4:5f:fb:59:f7:a5:b3:11:
         34:c8:96:f3:08:c8:56:60:8c:3f:f6:6a:43:16:48:34:58:eb:
         f8:db:30:f9:ae:f1:8d:5a:8c:0d:2a:ca:52:74:e4:a3:6b:40:
         2a:23:44:b0:af:63:9f:bd:b8:d7:64:06:98:99:e1:f1:89:5e:
         06:a1:81:6c:87:7d:23:42:18:6d:f0:29:d6:2e:70:d8:fc:6f:
         bc:13:40:eb:e4:0a:8c:51:2c:70:d8:ed:9b:b7:d7:bd:18:68:
         15:77:34:79:d7:ad:db:cf:4b:7c:b8:26:20:6c:f8:49:37:a2:
         d4:71:6a:14:47:7c:d2:bf:ab:21:48:97:ae:2a:0e:e8:ed:0e:
         a0:7a:55:85:cd:45:4c:34:1b:0a:9a:d9:79:3a:a3:b2:c6:1b:
         d6:7b:da:98:4a:2a:1f:90:55:3b:4b:e5:cb:e0:38:77:69:57:
         d1:38:f3:17:62:62:ce:03:90:c6:ad:31:6e:dc:9e:1e:fd:31:
         53:f3:b0:80:98:7d:61:71:ea:ea:60:97:2c:42:d1:ec:36:a1:
         d2:95:b6:cc:b1:8c:08:84:b7:01:42:63:15:08:09:8e:b6:64:
         eb:7d:d6:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcLmou+tZ8CdXaYLAZJSNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlM2JlNzY4ZDI4NjY4ZjQ5MGFmYjc0ZTlhZWZlNDFlMDM0
OTVkN2EwHhcNMjQwMTAyMDQzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWUxZmIwZjhkNDIzMTM2MmU1NWU0ZmQwYzkxMWQ2NGFhYTkxYWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPyltFjKyJLboOhjrIrnI419gmDD
WaPhWMd5B33mEpS50fITKFUh+YkH9ZCjv5xYAJSCLwV86pq2L6wnr+Gi+DfDu0n4
A8vo0Ur/xyTWEpSE3HixjH0Am78Jw88nqmKV1dEO/JsoofNDl2Bb/Mx+qjYIotEr
H0eEvk1Q9/m7G36S245kKva6cXdjarTT5gT+kAtcigk6nTpnk0PzBYRDFGrjIz5E
wa+mMif0IuARBcIxtfoiSVK6e7zJtMJOLF+1qGYKQ9qFm2jnTicJyia+n4o67A9g
bawDg7JM05OcgoY3Ve8vX55BADiTi41g1z8ifoKMIhsQOliMBsNTjDreLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOnh+w+NQjE2LlXk/QyRHWSqqRq0MB8GA1UdIwQY
MBaAFO4752jShmj0kK+3Tprv5B4DSV16MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2p2bmFOS0dhUFNRcjdkT211X2tIZ05KWFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83NDc0ZTEtNGQ2NS00M2I0LThiYjEt
ZmVlZjEwNWYwYTc3LzEvNmVIN0Q0MUNNVFl1VmVUOURKRWRaS3FwR3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83NDc0ZTEtNGQ2NS00M2I0LThiYjEtZmVlZjEwNWYwYTc3
LzEvN2p2bmFOS0dhUFNRcjdkT211X2tIZ05KWFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRPgAwQC
ufMQMA0GCSqGSIb3DQEBCwUAA4IBAQAlQmt9+p3L9qnD6DUqIX7l7QuxSVXEenN5
wNnG9F/7WfelsxE0yJbzCMhWYIw/9mpDFkg0WOv42zD5rvGNWowNKspSdOSja0Aq
I0Swr2OfvbjXZAaYmeHxiV4GoYFsh30jQhht8CnWLnDY/G+8E0Dr5AqMUSxw2O2b
t9e9GGgVdzR5163bz0t8uCYgbPhJN6LUcWoUR3zSv6shSJeuKg7o7Q6gelWFzUVM
NBsKmtl5OqOyxhvWe9qYSiofkFU7S+XL4Dh3aVfROPMXYmLOA5DGrTFu3J4e/TFT
87CAmH1hcerqYJcsQtHsNqHSlbbMsYwIhLcBQmMVCAmOtmTrfdYn
-----END CERTIFICATE-----