Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/tr-7-LW22-F644QJA0E93mmq9e4.roa
File:                     tr-7-LW22-F644QJA0E93mmq9e4.roa (raw, json)
Hash identifier:          OJhI6XM+ynOcGfMMqRxrNrO4CJwzqAEyUwdqm+bMaHs=
Subject key identifier:   B6:BF:BB:F8:B5:B6:DB:E1:7A:E3:84:09:03:41:3D:DE:69:AA:F5:EE
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       018F05D30D19453A63DB138D9A48ACE52512
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/tr-7-LW22-F644QJA0E93mmq9e4.roa
Signing time:             Mon 22 Apr 2024 12:41:08 +0000
ROA not before:           Mon 22 Apr 2024 12:41:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        91.212.216.0/24 maxlen: 24
                          194.69.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 18:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:d3:0d:19:45:3a:63:db:13:8d:9a:48:ac:e5:25:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 22 12:41:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6bfbbf8b5b6dbe17ae3840903413dde69aaf5ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:93:57:cc:c1:80:2b:eb:da:50:0c:08:75:4b:
                    91:05:f9:d0:4e:7d:a4:20:97:30:93:9b:09:29:ef:
                    2e:59:13:f1:13:07:4e:0b:86:18:84:85:0e:ed:25:
                    2c:8f:32:ad:02:6f:94:e6:bd:d7:29:3d:8f:13:32:
                    7c:52:ab:2d:b2:93:4d:73:a8:cc:38:fb:32:de:1f:
                    0d:01:ad:28:8d:0b:bf:c0:79:71:77:5d:e5:59:fb:
                    1e:06:6e:54:b4:56:f3:bc:f2:7f:c7:13:b1:85:84:
                    a7:ca:9f:39:a2:f2:b9:b3:a2:c7:cc:d0:6d:16:eb:
                    f2:14:32:d8:7c:dc:68:37:7a:a4:80:ed:32:48:53:
                    12:bd:13:63:8d:de:2b:22:e3:c8:10:94:f4:e9:88:
                    21:cc:76:07:42:ac:59:9b:44:28:45:56:4b:04:4c:
                    3a:c2:84:17:f6:82:d7:85:a6:79:1e:d8:70:c1:f1:
                    83:dc:fd:a0:55:17:17:cd:c6:36:8f:ef:c9:05:df:
                    8b:b7:10:8b:8b:e9:86:25:71:c6:cb:60:f3:57:05:
                    25:40:7a:5b:c2:34:f5:26:11:3a:32:e4:8c:1b:5c:
                    f8:e7:67:66:9b:4f:2a:f5:aa:0d:89:a8:44:57:a1:
                    98:c7:c9:8a:59:c3:33:4d:74:3a:69:ee:81:b3:d4:
                    25:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:BF:BB:F8:B5:B6:DB:E1:7A:E3:84:09:03:41:3D:DE:69:AA:F5:EE
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/tr-7-LW22-F644QJA0E93mmq9e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.216.0/24
                  194.69.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:9e:3f:9d:86:b0:bf:19:28:b4:fa:e3:bb:9c:b0:e5:d8:ab:
         6a:57:8f:08:24:f5:99:51:64:de:b4:27:44:e7:fe:8d:ec:b8:
         c8:27:4b:b2:1c:eb:82:ff:fe:fb:30:9f:f3:0c:ef:61:94:70:
         b1:e0:d8:7f:20:a7:1e:60:a0:88:3f:4a:e8:8c:08:54:6e:51:
         29:a1:bb:d1:7f:48:56:35:c4:8a:c7:6a:60:1a:2b:ea:9d:54:
         f2:35:3e:d7:40:ab:30:57:a3:57:9d:46:29:46:ae:5d:38:9e:
         c3:52:e8:81:c6:84:2d:4f:25:be:ca:d9:b3:a8:76:8b:9f:5e:
         67:6a:29:0c:5a:14:86:2e:5d:19:2d:e3:cf:78:2d:11:3d:18:
         d8:c9:26:f5:86:00:14:2b:e0:76:b7:95:3e:c4:0b:83:5f:22:
         c5:e0:ef:87:44:54:e1:30:25:ec:d2:92:ad:f1:6a:19:6b:ec:
         9c:d3:47:83:2d:44:06:2e:c4:10:40:b1:a9:7d:66:fb:05:03:
         d6:a4:d6:13:42:3a:17:5f:fa:f0:d8:4c:c1:99:d4:8f:15:25:
         83:72:26:fe:44:47:36:fc:32:a4:26:1a:f4:ad:98:e2:d2:fd:
         bf:e4:8b:51:41:08:cc:16:59:8a:46:cb:f3:a2:83:ea:a3:4c:
         42:88:db:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8F0w0ZRTpj2xONmkis5SUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwNDIyMTI0MTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmJmYmJmOGI1YjZkYmUxN2FlMzg0MDkwMzQxM2RkZTY5YWFmNWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ZNXzMGAK+vaUAwIdUuRBfnQTn2k
IJcwk5sJKe8uWRPxEwdOC4YYhIUO7SUsjzKtAm+U5r3XKT2PEzJ8UqstspNNc6jM
OPsy3h8NAa0ojQu/wHlxd13lWfseBm5UtFbzvPJ/xxOxhYSnyp85ovK5s6LHzNBt
FuvyFDLYfNxoN3qkgO0ySFMSvRNjjd4rIuPIEJT06YghzHYHQqxZm0QoRVZLBEw6
woQX9oLXhaZ5HthwwfGD3P2gVRcXzcY2j+/JBd+LtxCLi+mGJXHGy2DzVwUlQHpb
wjT1JhE6MuSMG1z452dmm08q9aoNiahEV6GYx8mKWcMzTXQ6ae6Bs9Ql6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLa/u/i1ttvheuOECQNBPd5pqvXuMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvdHItNy1MVzIyLUY2NDRRSkEwRTkzbW1xOWU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9TYAwQA
wkWjMA0GCSqGSIb3DQEBCwUAA4IBAQBSnj+dhrC/GSi0+uO7nLDl2KtqV48IJPWZ
UWTetCdE5/6N7LjIJ0uyHOuC//77MJ/zDO9hlHCx4Nh/IKceYKCIP0rojAhUblEp
obvRf0hWNcSKx2pgGivqnVTyNT7XQKswV6NXnUYpRq5dOJ7DUuiBxoQtTyW+ytmz
qHaLn15naikMWhSGLl0ZLePPeC0RPRjYySb1hgAUK+B2t5U+xAuDXyLF4O+HRFTh
MCXs0pKt8WoZa+yc00eDLUQGLsQQQLGpfWb7BQPWpNYTQjoXX/rw2EzBmdSPFSWD
cib+REc2/DKkJhr0rZji0v2/5ItRQQjMFlmKRsvzooPqo0xCiNts
-----END CERTIFICATE-----