Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/eeb757-5040-4bfb-a35d-a66289851cd9/1/7p0jrPtrY5O8m5LVE1ZmDLqGjMU.roa
File:                     7p0jrPtrY5O8m5LVE1ZmDLqGjMU.roa (raw, json)
Hash identifier:          4wPLhtc6OO53CJOQbUqoZTEHWrFtwTiurK7NjdKCpiM=
Subject key identifier:   EE:9D:23:AC:FB:6B:63:93:BC:9B:92:D5:13:56:66:0C:BA:86:8C:C5
Certificate issuer:       /CN=df7e716649dacbf6ea986023514dfe40df1a7cf0
Certificate serial:       018CC348CB3C4D225173D6FCB553CE497FD8
Authority key identifier: DF:7E:71:66:49:DA:CB:F6:EA:98:60:23:51:4D:FE:40:DF:1A:7C:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/335xZknay_bqmGAjUU3-QN8afPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/eeb757-5040-4bfb-a35d-a66289851cd9/1/7p0jrPtrY5O8m5LVE1ZmDLqGjMU.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209281
IP address blocks:        185.74.223.0/24 maxlen: 24
                          2a04:7480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/eeb757-5040-4bfb-a35d-a66289851cd9/1/335xZknay_bqmGAjUU3-QN8afPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/eeb757-5040-4bfb-a35d-a66289851cd9/1/335xZknay_bqmGAjUU3-QN8afPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/335xZknay_bqmGAjUU3-QN8afPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cb:3c:4d:22:51:73:d6:fc:b5:53:ce:49:7f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df7e716649dacbf6ea986023514dfe40df1a7cf0
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee9d23acfb6b6393bc9b92d51356660cba868cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a6:98:cc:eb:3e:2f:42:90:72:91:09:32:4b:
                    34:4a:b6:f8:94:90:70:32:54:df:c3:d6:3a:50:42:
                    7c:06:a3:35:29:36:e9:13:49:c8:3e:73:96:e7:13:
                    13:27:3b:83:a1:a0:75:86:1d:6f:f5:ac:34:43:af:
                    25:bc:ff:1a:92:76:c6:6e:18:f7:9b:ad:7a:07:10:
                    c7:fb:8a:e8:3c:4f:49:9e:55:90:da:79:53:24:80:
                    76:9a:26:bc:4b:6a:fd:a7:3b:a7:85:cd:3a:c9:f4:
                    a3:1f:0f:24:c2:b7:5d:5e:c9:6f:4b:f8:b2:80:1b:
                    8a:d1:59:5a:c6:ff:e5:7d:41:d1:e0:97:5b:96:e0:
                    0d:7f:46:01:84:95:f1:cf:e8:7c:23:65:20:57:48:
                    4e:ec:b7:34:01:c9:d4:05:d6:1c:24:74:63:de:38:
                    f3:9f:4c:88:78:bd:ee:2f:36:70:71:e7:68:8d:12:
                    79:e1:8b:cf:66:de:d9:8a:1e:cc:f9:93:c2:b2:d5:
                    85:3f:12:6d:7d:36:d2:d3:cb:87:5a:fd:db:01:88:
                    14:84:3f:34:45:6b:d1:e8:11:90:02:ae:22:c6:10:
                    06:4e:35:64:0e:4c:10:81:b9:2b:95:a1:3a:57:fa:
                    24:d1:5d:e0:2b:62:62:5b:a6:67:16:e6:26:79:79:
                    59:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:9D:23:AC:FB:6B:63:93:BC:9B:92:D5:13:56:66:0C:BA:86:8C:C5
            X509v3 Authority Key Identifier:
                keyid:DF:7E:71:66:49:DA:CB:F6:EA:98:60:23:51:4D:FE:40:DF:1A:7C:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/335xZknay_bqmGAjUU3-QN8afPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/eeb757-5040-4bfb-a35d-a66289851cd9/1/7p0jrPtrY5O8m5LVE1ZmDLqGjMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/eeb757-5040-4bfb-a35d-a66289851cd9/1/335xZknay_bqmGAjUU3-QN8afPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.223.0/24
                IPv6:
                  2a04:7480::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:80:6d:9e:40:be:f1:52:6b:54:1f:43:ea:24:e2:a1:5b:01:
         6b:b2:44:18:f5:3a:b3:2a:56:8c:00:b1:91:85:13:26:7c:0f:
         a1:cd:4d:9a:a5:5c:df:95:5e:3b:6b:33:8d:ce:22:ce:9b:83:
         66:84:eb:be:95:3a:07:d0:87:7a:bb:c5:f8:6a:fd:90:3d:08:
         eb:c3:77:ee:85:60:73:94:e6:7f:a4:ee:3c:30:ef:cf:b6:ab:
         05:44:5f:e0:77:10:36:12:a1:18:55:d6:9e:b0:cc:c7:24:ea:
         ee:c9:7e:49:1e:38:f0:b9:82:1f:b1:ca:53:d4:f8:95:02:41:
         91:39:4d:37:f2:ca:ce:37:cf:56:4a:93:8c:6a:84:19:aa:0b:
         1b:74:66:de:73:e8:89:24:78:27:88:16:04:9a:78:41:ef:49:
         41:2a:d7:9b:b3:61:32:cc:df:0a:53:82:bf:a6:b9:55:9d:5d:
         58:7b:6d:29:b4:32:c9:2a:1e:fc:91:11:1d:91:4c:0d:d9:86:
         39:bc:c9:31:13:00:36:fa:54:db:ae:d6:80:91:79:01:94:fd:
         93:01:82:36:32:dd:2b:c7:27:26:d4:c3:70:d6:b5:65:f0:ac:
         53:7a:a5:7b:b6:2c:8c:38:f5:25:aa:5b:e8:c9:33:d5:20:1d:
         2b:51:01:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSMs8TSJRc9b8tVPOSX/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmN2U3MTY2NDlkYWNiZjZlYTk4NjAyMzUxNGRmZTQwZGYx
YTdjZjAwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTlkMjNhY2ZiNmI2MzkzYmM5YjkyZDUxMzU2NjYwY2JhODY4Y2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6aYzOs+L0KQcpEJMks0Srb4lJBw
MlTfw9Y6UEJ8BqM1KTbpE0nIPnOW5xMTJzuDoaB1hh1v9aw0Q68lvP8aknbGbhj3
m616BxDH+4roPE9JnlWQ2nlTJIB2mia8S2r9pzunhc06yfSjHw8kwrddXslvS/iy
gBuK0Vlaxv/lfUHR4JdbluANf0YBhJXxz+h8I2UgV0hO7Lc0AcnUBdYcJHRj3jjz
n0yIeL3uLzZwcedojRJ54YvPZt7Zih7M+ZPCstWFPxJtfTbS08uHWv3bAYgUhD80
RWvR6BGQAq4ixhAGTjVkDkwQgbkrlaE6V/ok0V3gK2JiW6ZnFuYmeXlZGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO6dI6z7a2OTvJuS1RNWZgy6hozFMB8GA1UdIwQY
MBaAFN9+cWZJ2sv26phgI1FN/kDfGnzwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzM1eFprbmF5X2JxbUdBalVVMy1RTjhhZlBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9lZWI3NTctNTA0MC00YmZiLWEzNWQt
YTY2Mjg5ODUxY2Q5LzEvN3AwanJQdHJZNU84bTVMVkUxWm1ETHFHak1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9lZWI3NTctNTA0MC00YmZiLWEzNWQtYTY2Mjg5ODUxY2Q5
LzEvMzM1eFprbmF5X2JxbUdBalVVMy1RTjhhZlBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuUrfMA0E
AgACMAcDBQMqBHSAMA0GCSqGSIb3DQEBCwUAA4IBAQBcgG2eQL7xUmtUH0PqJOKh
WwFrskQY9TqzKlaMALGRhRMmfA+hzU2apVzflV47azONziLOm4NmhOu+lToH0Id6
u8X4av2QPQjrw3fuhWBzlOZ/pO48MO/PtqsFRF/gdxA2EqEYVdaesMzHJOruyX5J
HjjwuYIfscpT1PiVAkGROU038srON89WSpOMaoQZqgsbdGbec+iJJHgniBYEmnhB
70lBKtebs2EyzN8KU4K/prlVnV1Ye20ptDLJKh78kREdkUwN2YY5vMkxEwA2+lTb
rtaAkXkBlP2TAYI2Mt0rxycm1MNw1rVl8KxTeqV7tiyMOPUlqlvoyTPVIB0rUQE4
-----END CERTIFICATE-----