Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/B7npirX8ueJ5-0wSWUOhZB65wBI.roa
File:                     B7npirX8ueJ5-0wSWUOhZB65wBI.roa (raw, json)
Hash identifier:          qtCDLiqLB0nYA2dOHGEppvZMo7+KkhUG8wxgt2HtLWc=
Subject key identifier:   07:B9:E9:8A:B5:FC:B9:E2:79:FB:4C:12:59:43:A1:64:1E:B9:C0:12
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       018CC6B8D5D80091F9B396074E824C09B884
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/B7npirX8ueJ5-0wSWUOhZB65wBI.roa
Signing time:             Mon 01 Jan 2024 20:30:51 +0000
ROA not before:           Mon 01 Jan 2024 20:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47498
IP address blocks:        185.1.147.0/24 maxlen: 24
                          2001:7f8:ca::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 06:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:d5:d8:00:91:f9:b3:96:07:4e:82:4c:09:b8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 20:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07b9e98ab5fcb9e279fb4c125943a1641eb9c012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:8a:76:28:50:c2:16:2b:0a:13:02:fe:d3:86:
                    ad:cf:78:c6:94:79:7d:7f:83:7b:fc:7c:a7:e5:42:
                    7a:c8:77:3c:d7:fa:82:b3:7a:0b:2e:53:0d:66:09:
                    c3:3b:f8:f9:ac:7d:d1:fe:92:2b:5a:10:7f:dc:1b:
                    28:d6:ff:08:20:ad:3a:dc:0d:16:ec:81:2a:33:e0:
                    84:49:66:d1:47:df:fd:fc:5e:97:d7:d0:3e:78:c4:
                    26:8c:11:3d:c6:9b:00:37:ef:5c:1b:ba:83:08:e0:
                    1c:17:bd:73:f2:7b:a4:58:62:09:7f:cc:01:8d:4c:
                    f5:8f:78:6d:09:34:2d:b0:98:ad:f7:8c:3d:29:cd:
                    54:9f:f5:b7:56:44:78:f7:af:13:ea:ce:a7:d2:8f:
                    7b:c2:d5:1b:2d:4d:86:cd:99:ed:6b:2f:c7:f8:df:
                    98:0a:91:55:15:2d:63:09:a3:b1:6c:57:66:41:75:
                    be:d8:2d:e3:94:9b:1b:d5:db:64:e1:74:82:58:5e:
                    51:1d:f4:e4:9e:b6:0f:59:d9:dc:7f:31:da:d3:21:
                    d3:c4:73:87:0a:33:0b:30:40:c7:84:c8:de:ff:49:
                    b2:83:6c:d9:28:81:a2:44:f6:35:a9:f1:93:14:1c:
                    bc:f8:f7:fa:7c:f2:99:49:3d:0b:77:2a:4d:54:66:
                    1e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B9:E9:8A:B5:FC:B9:E2:79:FB:4C:12:59:43:A1:64:1E:B9:C0:12
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/B7npirX8ueJ5-0wSWUOhZB65wBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.147.0/24
                IPv6:
                  2001:7f8:ca::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:1d:ba:c2:8f:64:fe:1f:9a:7b:95:ec:a4:a1:10:cf:83:2a:
         30:90:1a:77:15:30:dc:75:30:db:49:6d:8b:0d:a4:f3:07:de:
         33:2d:04:f6:30:e5:02:84:ca:87:6c:4b:f1:0a:cb:f1:5a:0d:
         ce:7e:ed:49:92:80:34:dd:88:de:0e:22:78:ce:29:4d:06:87:
         11:84:76:55:1a:e6:e3:44:42:2d:29:86:ca:5f:0b:68:a0:c4:
         14:4f:23:fa:91:49:ea:29:99:77:93:25:43:9f:6e:a0:14:02:
         f7:e8:20:42:6c:e0:8c:e1:9d:85:92:7f:78:26:26:bf:87:a6:
         ee:1f:7a:27:0c:1c:eb:de:2a:91:2e:60:a0:42:43:a4:4f:99:
         9d:2e:26:56:c8:be:9c:15:90:4e:79:42:2d:79:7c:cb:20:22:
         07:b1:88:bf:43:c6:b0:d8:3f:8c:e0:4b:33:c7:b5:82:8c:c9:
         6f:f4:b8:86:69:0c:a3:fd:d3:11:5a:0e:c2:cc:9f:af:6a:28:
         d9:1f:7c:c5:d1:74:94:0d:73:c5:02:28:a0:e1:7b:bf:3a:71:
         1e:2a:f6:61:43:92:84:ce:03:d6:f8:1d:59:2e:e2:ec:0d:5c:
         63:ac:5e:ed:0d:39:3c:70:24:43:54:e6:f0:ea:1c:11:1d:12:
         0c:a2:3f:98
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuNXYAJH5s5YHToJMCbiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjQwMTAxMjAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2I5ZTk4YWI1ZmNiOWUyNzlmYjRjMTI1OTQzYTE2NDFlYjljMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIp2KFDCFisKEwL+04atz3jGlHl9
f4N7/Hyn5UJ6yHc81/qCs3oLLlMNZgnDO/j5rH3R/pIrWhB/3Bso1v8IIK063A0W
7IEqM+CESWbRR9/9/F6X19A+eMQmjBE9xpsAN+9cG7qDCOAcF71z8nukWGIJf8wB
jUz1j3htCTQtsJit94w9Kc1Un/W3VkR4968T6s6n0o97wtUbLU2GzZntay/H+N+Y
CpFVFS1jCaOxbFdmQXW+2C3jlJsb1dtk4XSCWF5RHfTknrYPWdncfzHa0yHTxHOH
CjMLMEDHhMje/0myg2zZKIGiRPY1qfGTFBy8+Pf6fPKZST0LdypNVGYeJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAe56Yq1/LnieftMEllDoWQeucASMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvQjducGlyWDh1ZUo1LTB3U1dVT2haQjY1d0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGTMA8E
AgACMAkDBwAgAQf4AMowDQYJKoZIhvcNAQELBQADggEBADIdusKPZP4fmnuV7KSh
EM+DKjCQGncVMNx1MNtJbYsNpPMH3jMtBPYw5QKEyodsS/EKy/FaDc5+7UmSgDTd
iN4OInjOKU0GhxGEdlUa5uNEQi0phspfC2igxBRPI/qRSeopmXeTJUOfbqAUAvfo
IEJs4IzhnYWSf3gmJr+Hpu4feicMHOveKpEuYKBCQ6RPmZ0uJlbIvpwVkE55Qi15
fMsgIgexiL9DxrDYP4zgSzPHtYKMyW/0uIZpDKP90xFaDsLMn69qKNkffMXRdJQN
c8UCKKDhe786cR4q9mFDkoTOA9b4HVku4uwNXGOsXu0NOTxwJENU5vDqHBEdEgyi
P5g=
-----END CERTIFICATE-----