Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/7WR1etNULqqDS3QC1dhMpxpbYBA.roa
File:                     7WR1etNULqqDS3QC1dhMpxpbYBA.roa (raw, json)
Hash identifier:          2kSJSpOSATOJE0N6/y9AewJ/9m/eG8wbe4po/lzJW/I=
Subject key identifier:   ED:64:75:7A:D3:54:2E:AA:83:4B:74:02:D5:D8:4C:A7:1A:5B:60:10
Certificate issuer:       /CN=a934b8dec1281bc54317c7fed0e9acbc7b97cac7
Certificate serial:       018CC2DB4210C8F5AB8BB1E4DA5F0B79E2F1
Authority key identifier: A9:34:B8:DE:C1:28:1B:C5:43:17:C7:FE:D0:E9:AC:BC:7B:97:CA:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qTS43sEoG8VDF8f-0OmsvHuXysc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/7WR1etNULqqDS3QC1dhMpxpbYBA.roa
Signing time:             Mon 01 Jan 2024 02:29:58 +0000
ROA not before:           Mon 01 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57761
IP address blocks:        185.27.219.0/24 maxlen: 24
                          185.27.216.0/24 maxlen: 24
                          185.27.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qTS43sEoG8VDF8f-0OmsvHuXysc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:42:10:c8:f5:ab:8b:b1:e4:da:5f:0b:79:e2:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a934b8dec1281bc54317c7fed0e9acbc7b97cac7
        Validity
            Not Before: Jan  1 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed64757ad3542eaa834b7402d5d84ca71a5b6010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7d:d0:9b:cb:6c:74:d4:ba:db:64:85:ab:b1:
                    fa:d9:35:cd:22:bb:8d:55:9d:a7:c7:6f:b3:46:fe:
                    38:ce:18:54:47:f8:9b:b7:7b:9a:a0:8b:56:75:5c:
                    95:25:95:4d:76:e0:48:7b:0d:c3:5e:9c:0e:49:d3:
                    89:1f:f9:cc:09:da:7a:64:45:cc:16:8b:91:17:c7:
                    90:1a:6b:8d:ac:a5:99:ca:5a:9e:64:1b:18:f1:ee:
                    bf:d9:41:0c:c3:d1:ab:ec:36:3d:f4:32:50:ab:44:
                    a7:1a:14:3b:de:37:c0:bd:cb:87:57:c8:ac:ba:f9:
                    65:95:d2:91:de:ff:2e:4c:fd:f0:4c:a4:b3:4c:c1:
                    34:65:9c:3b:15:01:97:2e:f6:5c:5e:92:71:22:6e:
                    07:f2:05:28:2b:d9:ca:c6:d2:47:a0:02:bc:98:8f:
                    97:b5:82:ad:5d:28:fc:d3:c3:be:1a:9d:6a:74:c5:
                    11:d3:d3:71:10:e0:45:04:45:ef:bf:50:c9:24:b1:
                    bf:f1:eb:53:bf:17:10:30:1a:3d:24:5e:0e:cb:09:
                    61:56:7d:f0:f5:92:d3:2c:5c:ce:e6:76:90:ed:99:
                    3d:9d:00:0d:8b:8b:92:9e:2e:60:ce:5f:73:94:23:
                    3d:d4:02:01:12:d2:1d:a2:24:96:7f:74:bf:7a:28:
                    f9:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:64:75:7A:D3:54:2E:AA:83:4B:74:02:D5:D8:4C:A7:1A:5B:60:10
            X509v3 Authority Key Identifier:
                keyid:A9:34:B8:DE:C1:28:1B:C5:43:17:C7:FE:D0:E9:AC:BC:7B:97:CA:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qTS43sEoG8VDF8f-0OmsvHuXysc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/7WR1etNULqqDS3QC1dhMpxpbYBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/87b562-cb7d-4a93-bd43-27ee42d925ad/1/qTS43sEoG8VDF8f-0OmsvHuXysc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.216.0/23
                  185.27.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:9c:24:b2:b2:bd:81:7c:03:48:c7:db:d4:c6:57:02:57:5f:
         0e:f5:de:21:de:da:d1:21:39:fa:da:d5:ad:f1:f8:86:37:32:
         3e:c8:cb:34:94:51:96:66:47:8c:c3:14:08:db:05:01:77:43:
         ee:85:12:66:dc:5b:44:98:be:98:39:90:61:dd:db:5c:25:d7:
         7c:d3:26:a2:14:d5:aa:cc:30:a9:21:87:92:ed:bc:d9:b9:d2:
         b2:44:f8:8c:e7:ec:34:3f:46:1d:c6:41:e5:3a:dd:1d:fd:4d:
         29:9f:e0:00:99:8e:45:60:d7:c1:02:46:8a:61:e2:d9:86:60:
         b4:a9:e7:61:45:c0:70:96:d7:a5:42:04:9a:9e:fd:9a:e0:53:
         67:28:16:b6:d7:ff:67:8b:ab:9d:3c:ab:f9:97:d3:3d:8f:97:
         4e:f7:8d:36:ca:5a:fb:e7:63:fa:c5:42:8b:0d:95:b4:d1:dc:
         5e:7a:15:d8:75:0e:b8:d5:c1:0a:47:f4:d6:48:15:05:bf:fa:
         a6:70:3b:56:95:c0:95:ec:6f:f5:c5:56:88:95:d1:12:0f:56:
         a4:b3:95:4e:f7:0e:0c:49:e5:15:12:e8:d8:83:f6:2d:de:99:
         f3:f9:f2:b8:a4:a7:53:8b:ce:ec:68:9d:e7:70:96:66:ce:c5:
         d4:54:0f:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC20IQyPWri7Hk2l8LeeLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MzRiOGRlYzEyODFiYzU0MzE3YzdmZWQwZTlhY2JjN2I5
N2NhYzcwHhcNMjQwMTAxMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDY0NzU3YWQzNTQyZWFhODM0Yjc0MDJkNWQ4NGNhNzFhNWI2MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAin3Qm8tsdNS622SFq7H62TXNIruN
VZ2nx2+zRv44zhhUR/ibt3uaoItWdVyVJZVNduBIew3DXpwOSdOJH/nMCdp6ZEXM
FouRF8eQGmuNrKWZylqeZBsY8e6/2UEMw9Gr7DY99DJQq0SnGhQ73jfAvcuHV8is
uvllldKR3v8uTP3wTKSzTME0ZZw7FQGXLvZcXpJxIm4H8gUoK9nKxtJHoAK8mI+X
tYKtXSj808O+Gp1qdMUR09NxEOBFBEXvv1DJJLG/8etTvxcQMBo9JF4OywlhVn3w
9ZLTLFzO5naQ7Zk9nQANi4uSni5gzl9zlCM91AIBEtIdoiSWf3S/eij5KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO1kdXrTVC6qg0t0AtXYTKcaW2AQMB8GA1UdIwQY
MBaAFKk0uN7BKBvFQxfH/tDprLx7l8rHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVRTNDNzRW9HOFZERjhmLTBPbXN2SHVYeXNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC84N2I1NjItY2I3ZC00YTkzLWJkNDMt
MjdlZTQyZDkyNWFkLzEvN1dSMWV0TlVMcXFEUzNRQzFkaE1weHBiWUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC84N2I1NjItY2I3ZC00YTkzLWJkNDMtMjdlZTQyZDkyNWFk
LzEvcVRTNDNzRW9HOFZERjhmLTBPbXN2SHVYeXNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuRvYAwQA
uRvbMA0GCSqGSIb3DQEBCwUAA4IBAQBjnCSysr2BfANIx9vUxlcCV18O9d4h3trR
ITn62tWt8fiGNzI+yMs0lFGWZkeMwxQI2wUBd0PuhRJm3FtEmL6YOZBh3dtcJdd8
0yaiFNWqzDCpIYeS7bzZudKyRPiM5+w0P0YdxkHlOt0d/U0pn+AAmY5FYNfBAkaK
YeLZhmC0qedhRcBwltelQgSanv2a4FNnKBa21/9ni6udPKv5l9M9j5dO9402ylr7
52P6xUKLDZW00dxeehXYdQ641cEKR/TWSBUFv/qmcDtWlcCV7G/1xVaIldESD1ak
s5VO9w4MSeUVEujYg/Yt3pnz+fK4pKdTi87saJ3ncJZmzsXUVA/k
-----END CERTIFICATE-----