Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/17f769-5833-4f26-93f8-ea7f218fdb50/1/ecRfPCfI0bTrLdk922JII3s-JSg.roa
File:                     ecRfPCfI0bTrLdk922JII3s-JSg.roa (raw, json)
Hash identifier:          HIy72fMoYgM2BoggSm1Y2fJqetI3V2cYvdMkSzVhhvM=
Subject key identifier:   79:C4:5F:3C:27:C8:D1:B4:EB:2D:D9:3D:DB:62:48:23:7B:3E:25:28
Certificate issuer:       /CN=047ee74ac490e31f1d40764f092411ee25eb1665
Certificate serial:       018CC56E184615F893A970CD19F8863D6AF3
Authority key identifier: 04:7E:E7:4A:C4:90:E3:1F:1D:40:76:4F:09:24:11:EE:25:EB:16:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BH7nSsSQ4x8dQHZPCSQR7iXrFmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/17f769-5833-4f26-93f8-ea7f218fdb50/1/ecRfPCfI0bTrLdk922JII3s-JSg.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200770
IP address blocks:        185.96.212.0/22 maxlen: 24
                          2a06:200::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/17f769-5833-4f26-93f8-ea7f218fdb50/1/BH7nSsSQ4x8dQHZPCSQR7iXrFmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/17f769-5833-4f26-93f8-ea7f218fdb50/1/BH7nSsSQ4x8dQHZPCSQR7iXrFmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BH7nSsSQ4x8dQHZPCSQR7iXrFmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:18:46:15:f8:93:a9:70:cd:19:f8:86:3d:6a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=047ee74ac490e31f1d40764f092411ee25eb1665
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79c45f3c27c8d1b4eb2dd93ddb6248237b3e2528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e5:bb:de:b6:b8:61:fa:fc:d1:b0:26:4d:31:
                    75:5c:6f:24:45:73:88:0f:1f:48:f2:33:65:98:c7:
                    91:bb:02:1a:2d:e1:58:b2:31:2b:84:38:ba:fc:c2:
                    69:d9:a2:3c:d7:c6:e5:85:dd:5b:cf:e2:19:29:3e:
                    5b:e8:4a:68:b3:87:c3:71:a6:7f:bf:e0:fd:22:d9:
                    0a:0b:e5:cc:3c:16:61:4d:9e:32:a5:ba:63:cc:32:
                    13:de:55:d5:c8:5b:b6:18:cb:31:cb:41:37:bd:95:
                    7f:4a:98:91:6f:dd:dd:f4:96:df:f3:44:f6:63:a2:
                    4b:6a:96:52:8e:d9:39:25:e8:ba:20:f3:4f:25:22:
                    6e:91:d0:cd:63:bd:a3:c7:12:98:e3:7a:41:a3:2e:
                    b0:85:52:51:01:eb:08:88:8e:aa:ea:a8:cb:6b:1d:
                    0a:b9:26:07:15:17:92:9e:3c:47:85:d8:fd:4a:71:
                    a4:25:fb:f7:6e:26:e7:3f:5d:82:bb:aa:b7:69:ec:
                    df:b2:6c:7f:f0:46:8b:4e:22:14:20:ff:c7:7d:ac:
                    6c:f9:ed:af:73:09:2c:db:6f:c2:53:fb:b4:99:61:
                    7d:d3:b9:80:84:83:cf:5e:54:fa:74:db:d5:9e:3a:
                    d9:7d:2b:b8:d5:86:6e:30:fe:5e:ab:b1:29:f1:8e:
                    f2:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C4:5F:3C:27:C8:D1:B4:EB:2D:D9:3D:DB:62:48:23:7B:3E:25:28
            X509v3 Authority Key Identifier:
                keyid:04:7E:E7:4A:C4:90:E3:1F:1D:40:76:4F:09:24:11:EE:25:EB:16:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BH7nSsSQ4x8dQHZPCSQR7iXrFmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/17f769-5833-4f26-93f8-ea7f218fdb50/1/ecRfPCfI0bTrLdk922JII3s-JSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/17f769-5833-4f26-93f8-ea7f218fdb50/1/BH7nSsSQ4x8dQHZPCSQR7iXrFmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.212.0/22
                IPv6:
                  2a06:200::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:bd:91:c6:6b:81:48:cf:25:30:a7:7a:35:7c:5b:00:fe:e6:
         b5:5d:d5:fa:23:ea:ba:22:04:51:44:2c:ca:d1:04:b0:ac:f1:
         c1:71:87:b6:7b:4e:28:cd:35:15:c9:20:a6:9b:20:be:f3:fe:
         71:51:9d:16:1c:0c:31:e1:50:9e:e3:4a:db:61:ce:6d:15:7e:
         00:4d:e6:06:26:db:07:f4:90:2f:2a:86:6f:50:9d:1c:fd:a6:
         c1:e6:33:c3:67:95:4f:da:c1:41:18:7f:a9:cb:e3:fc:72:2f:
         d8:43:6f:8d:e7:1e:b8:45:7c:39:73:0f:e8:64:6b:bd:51:26:
         de:e0:c2:53:82:da:7b:01:46:49:3d:d5:64:7e:6a:b9:94:ab:
         58:99:4d:de:2d:1a:cd:77:b2:32:fa:66:17:e9:73:77:49:3e:
         dd:de:c6:cc:5e:a1:05:d0:85:d8:cf:bf:72:4c:10:06:9a:40:
         cc:b1:f5:79:2a:7a:ba:d0:2d:44:d5:80:fa:c7:18:1e:1d:9a:
         20:5f:0d:32:5c:e6:13:c3:a9:a5:b2:6f:ef:d8:36:0d:b8:3f:
         6a:00:36:0d:1a:65:85:56:e1:0d:c0:38:92:36:b6:77:a8:6c:
         01:80:ea:aa:cd:6f:f1:fe:ce:dc:46:97:eb:40:ab:ab:62:f2:
         86:ea:62:3f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbhhGFfiTqXDNGfiGPWrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0N2VlNzRhYzQ5MGUzMWYxZDQwNzY0ZjA5MjQxMWVlMjVl
YjE2NjUwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWM0NWYzYzI3YzhkMWI0ZWIyZGQ5M2RkYjYyNDgyMzdiM2UyNTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+W73ra4Yfr80bAmTTF1XG8kRXOI
Dx9I8jNlmMeRuwIaLeFYsjErhDi6/MJp2aI818blhd1bz+IZKT5b6Epos4fDcaZ/
v+D9ItkKC+XMPBZhTZ4ypbpjzDIT3lXVyFu2GMsxy0E3vZV/SpiRb93d9Jbf80T2
Y6JLapZSjtk5Jei6IPNPJSJukdDNY72jxxKY43pBoy6whVJRAesIiI6q6qjLax0K
uSYHFReSnjxHhdj9SnGkJfv3bibnP12Cu6q3aezfsmx/8EaLTiIUIP/Hfaxs+e2v
cwks22/CU/u0mWF907mAhIPPXlT6dNvVnjrZfSu41YZuMP5eq7Ep8Y7yMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHnEXzwnyNG06y3ZPdtiSCN7PiUoMB8GA1UdIwQY
MBaAFAR+50rEkOMfHUB2TwkkEe4l6xZlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkg3blNzU1E0eDhkUUhaUENTUVI3aVhyRm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8xN2Y3NjktNTgzMy00ZjI2LTkzZjgt
ZWE3ZjIxOGZkYjUwLzEvZWNSZlBDZkkwYlRyTGRrOTIySklJM3MtSlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8xN2Y3NjktNTgzMy00ZjI2LTkzZjgtZWE3ZjIxOGZkYjUw
LzEvQkg3blNzU1E0eDhkUUhaUENTUVI3aVhyRm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWDUMA0E
AgACMAcDBQMqBgIAMA0GCSqGSIb3DQEBCwUAA4IBAQAlvZHGa4FIzyUwp3o1fFsA
/ua1XdX6I+q6IgRRRCzK0QSwrPHBcYe2e04ozTUVySCmmyC+8/5xUZ0WHAwx4VCe
40rbYc5tFX4ATeYGJtsH9JAvKoZvUJ0c/abB5jPDZ5VP2sFBGH+py+P8ci/YQ2+N
5x64RXw5cw/oZGu9USbe4MJTgtp7AUZJPdVkfmq5lKtYmU3eLRrNd7Iy+mYX6XN3
ST7d3sbMXqEF0IXYz79yTBAGmkDMsfV5Knq60C1E1YD6xxgeHZogXw0yXOYTw6ml
sm/v2DYNuD9qADYNGmWFVuENwDiSNrZ3qGwBgOqqzW/x/s7cRpfrQKurYvKG6mI/
-----END CERTIFICATE-----