Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/7ar9ix5WCREQclyLSkm-ZTLRNkE.roa
File:                     7ar9ix5WCREQclyLSkm-ZTLRNkE.roa (raw, json)
Hash identifier:          mjTCrRaJC3bDVGHV/yOL2bsYT69YEfQ7NU05r0T4Lxo=
Subject key identifier:   ED:AA:FD:8B:1E:56:09:11:10:72:5C:8B:4A:49:BE:65:32:D1:36:41
Certificate issuer:       /CN=d6fb452a0ae33dfa52aaaacba794df1af6bc4334
Certificate serial:       018CC72574613B84000D53BA7CAA9A733998
Authority key identifier: D6:FB:45:2A:0A:E3:3D:FA:52:AA:AA:CB:A7:94:DF:1A:F6:BC:43:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/7ar9ix5WCREQclyLSkm-ZTLRNkE.roa
Signing time:             Mon 01 Jan 2024 22:29:29 +0000
ROA not before:           Mon 01 Jan 2024 22:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60720
IP address blocks:        81.25.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:74:61:3b:84:00:0d:53:ba:7c:aa:9a:73:39:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6fb452a0ae33dfa52aaaacba794df1af6bc4334
        Validity
            Not Before: Jan  1 22:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edaafd8b1e56091110725c8b4a49be6532d13641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a7:e6:86:ac:9d:62:75:48:17:62:ec:d7:1f:
                    3c:1a:56:c4:2a:81:7d:70:ea:9e:b2:f1:b0:dd:90:
                    6b:ad:7d:3b:2f:1d:4f:f5:02:13:d5:00:c4:32:1d:
                    63:eb:71:bd:60:de:7d:44:b2:91:f0:1f:aa:e1:bb:
                    2d:b1:ad:81:ea:cf:ab:90:46:87:30:a8:a4:44:0c:
                    6b:da:25:1e:2b:5a:94:2e:dd:27:76:9e:03:4e:9f:
                    0e:df:2e:df:04:ac:8a:a5:2a:63:fc:2b:6a:69:ee:
                    21:df:82:07:e6:ba:0b:ab:37:f8:68:96:75:a8:20:
                    bd:c6:8b:d7:75:9e:1f:6f:c7:02:73:9c:5f:82:ea:
                    5d:4b:d3:3d:26:3b:d8:16:12:f6:0c:bf:e9:1d:b3:
                    aa:86:56:9b:97:9e:bd:e6:1e:4e:61:3e:d2:88:2f:
                    20:b0:4a:ff:a8:6e:f7:ab:c6:2e:be:7a:8b:3e:ad:
                    25:64:c3:ed:a0:e5:d0:ef:32:3d:7a:53:38:a6:b8:
                    f0:d0:98:fa:93:ab:43:b7:1c:c0:f2:c7:20:2f:a8:
                    d9:8d:85:e2:8e:14:26:20:c1:c2:c1:6d:b7:0f:94:
                    d6:78:68:88:4f:5b:ac:91:b3:ff:46:9e:0a:50:75:
                    14:f7:07:2e:85:e2:fc:7e:f5:d3:7f:cc:97:6a:c9:
                    7c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:AA:FD:8B:1E:56:09:11:10:72:5C:8B:4A:49:BE:65:32:D1:36:41
            X509v3 Authority Key Identifier:
                keyid:D6:FB:45:2A:0A:E3:3D:FA:52:AA:AA:CB:A7:94:DF:1A:F6:BC:43:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vtFKgrjPfpSqqrLp5TfGva8QzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/7ar9ix5WCREQclyLSkm-ZTLRNkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3bdd7e-a729-49ad-85aa-f75962d30e36/1/1vtFKgrjPfpSqqrLp5TfGva8QzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.25.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:50:f6:4f:5b:16:8d:ef:03:a6:26:de:af:98:ca:74:8f:b2:
         d1:2e:ce:b3:e1:cc:a7:f6:76:ee:be:cb:66:0d:61:16:84:83:
         ad:f4:d3:ae:ec:fc:86:31:48:2d:e8:55:53:73:04:3f:86:07:
         6a:c9:f0:8b:6c:2b:c8:44:9d:5e:10:5d:67:d7:ae:f5:d2:a0:
         46:39:8f:21:39:bb:0a:15:10:f7:7e:f2:e2:cb:ae:18:41:5e:
         80:c7:c2:a2:b4:83:0f:20:47:ce:48:5c:ef:bf:a4:e2:74:61:
         1e:f6:41:d0:cb:6d:06:f6:1c:ce:4e:65:8e:6e:d8:cb:2d:c1:
         72:71:ef:90:ad:59:25:16:c3:66:c2:ab:20:2d:f7:93:dc:cb:
         20:ff:f0:7e:e7:23:1f:eb:4f:60:da:4c:13:11:23:d0:c7:30:
         f2:5b:d9:0a:da:47:30:38:84:8e:0b:41:55:15:84:0f:9f:f0:
         53:32:d5:4e:0d:94:4f:0b:d0:f5:35:1c:96:ad:41:14:a1:c1:
         7f:94:19:44:10:af:00:40:eb:6c:b2:38:9e:86:70:31:dc:00:
         59:b8:21:86:b0:6d:b8:52:8b:7b:2a:dc:3d:ce:60:5d:0f:66:
         4a:de:87:fb:8f:5d:4a:d3:9a:14:82:32:95:d6:b0:88:40:5a:
         1c:a5:53:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXRhO4QADVO6fKqaczmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZmI0NTJhMGFlMzNkZmE1MmFhYWFjYmE3OTRkZjFhZjZi
YzQzMzQwHhcNMjQwMTAxMjIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGFhZmQ4YjFlNTYwOTExMTA3MjVjOGI0YTQ5YmU2NTMyZDEzNjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqfmhqydYnVIF2Ls1x88GlbEKoF9
cOqesvGw3ZBrrX07Lx1P9QIT1QDEMh1j63G9YN59RLKR8B+q4bstsa2B6s+rkEaH
MKikRAxr2iUeK1qULt0ndp4DTp8O3y7fBKyKpSpj/Ctqae4h34IH5roLqzf4aJZ1
qCC9xovXdZ4fb8cCc5xfgupdS9M9JjvYFhL2DL/pHbOqhlabl5695h5OYT7SiC8g
sEr/qG73q8YuvnqLPq0lZMPtoOXQ7zI9elM4prjw0Jj6k6tDtxzA8scgL6jZjYXi
jhQmIMHCwW23D5TWeGiIT1uskbP/Rp4KUHUU9wcuheL8fvXTf8yXasl8lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2q/YseVgkREHJci0pJvmUy0TZBMB8GA1UdIwQY
MBaAFNb7RSoK4z36Uqqqy6eU3xr2vEM0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZ0RktncmpQZnBTcXFyTHA1VGZHdmE4UXpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYmRkN2UtYTcyOS00OWFkLTg1YWEt
Zjc1OTYyZDMwZTM2LzEvN2FyOWl4NVdDUkVRY2x5TFNrbS1aVExSTmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYmRkN2UtYTcyOS00OWFkLTg1YWEtZjc1OTYyZDMwZTM2
LzEvMXZ0RktncmpQZnBTcXFyTHA1VGZHdmE4UXpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCURlAMA0G
CSqGSIb3DQEBCwUAA4IBAQB6UPZPWxaN7wOmJt6vmMp0j7LRLs6z4cyn9nbuvstm
DWEWhIOt9NOu7PyGMUgt6FVTcwQ/hgdqyfCLbCvIRJ1eEF1n16710qBGOY8hObsK
FRD3fvLiy64YQV6Ax8KitIMPIEfOSFzvv6TidGEe9kHQy20G9hzOTmWObtjLLcFy
ce+QrVklFsNmwqsgLfeT3Msg//B+5yMf609g2kwTESPQxzDyW9kK2kcwOISOC0FV
FYQPn/BTMtVODZRPC9D1NRyWrUEUocF/lBlEEK8AQOtssjiehnAx3ABZuCGGsG24
Uot7Ktw9zmBdD2ZK3of7j11K05oUgjKV1rCIQFocpVP/
-----END CERTIFICATE-----