Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/7xfgsw4vF1uMpjpZopMaqQ5eYGY.roa
File:                     7xfgsw4vF1uMpjpZopMaqQ5eYGY.roa (raw, json)
Hash identifier:          v553qwTVn5dRO80MIqQUHtW54Ds6JlD4YQ0S3QL+jeM=
Subject key identifier:   EF:17:E0:B3:0E:2F:17:5B:8C:A6:3A:59:A2:93:1A:A9:0E:5E:60:66
Certificate issuer:       /CN=6161470d39be4ba2dd5df8fa47b16396278e670a
Certificate serial:       018CC3493FDDC4563D4DA41752D750BE9831
Authority key identifier: 61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/7xfgsw4vF1uMpjpZopMaqQ5eYGY.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        195.85.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 22:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3f:dd:c4:56:3d:4d:a4:17:52:d7:50:be:98:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6161470d39be4ba2dd5df8fa47b16396278e670a
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef17e0b30e2f175b8ca63a59a2931aa90e5e6066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ae:b9:96:fe:e1:2a:49:a6:4f:af:20:8a:ba:
                    9e:12:91:0f:e5:ce:c3:77:2f:b8:80:c2:c7:1a:dd:
                    11:48:c6:ad:a3:73:dd:72:54:39:9f:a2:2d:37:ee:
                    4c:cf:18:87:bd:68:66:7e:fa:67:98:0f:15:c8:88:
                    b6:41:27:a4:a5:c5:de:15:c6:f6:fe:fc:61:99:d5:
                    3d:33:9b:af:39:0d:89:03:ea:05:8e:7c:fa:17:b3:
                    24:f8:b6:8e:4b:7e:72:8f:66:2b:db:86:05:20:52:
                    5d:f8:84:3a:f8:dc:59:c8:4b:6d:08:79:d1:c1:34:
                    e0:c0:01:86:86:0f:2d:31:51:ef:5c:64:83:eb:0a:
                    56:8d:f5:ef:c4:49:13:28:9a:9f:80:c1:3e:f3:d8:
                    ca:9d:53:88:1a:96:67:b6:16:e7:f2:45:97:60:e2:
                    2e:2c:dc:29:ed:a3:48:38:df:f1:08:b1:38:f8:41:
                    0b:42:60:51:0e:f7:fd:e8:6a:77:be:a9:df:0b:d2:
                    3a:15:c1:d4:05:04:e2:1d:95:b6:a2:9a:41:93:2d:
                    a2:4b:80:0b:c5:b5:58:b1:5f:15:ba:04:0f:f6:d5:
                    8c:a7:6f:c9:e3:8e:2e:c2:1b:8b:dc:92:14:52:20:
                    d6:5e:db:21:97:48:68:bf:68:16:00:d2:5a:c9:87:
                    c1:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:17:E0:B3:0E:2F:17:5B:8C:A6:3A:59:A2:93:1A:A9:0E:5E:60:66
            X509v3 Authority Key Identifier:
                keyid:61:61:47:0D:39:BE:4B:A2:DD:5D:F8:FA:47:B1:63:96:27:8E:67:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YWFHDTm-S6LdXfj6R7FjlieOZwo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/7xfgsw4vF1uMpjpZopMaqQ5eYGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e51856-e52e-4b24-8c99-c240bfc9cbc1/1/YWFHDTm-S6LdXfj6R7FjlieOZwo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:43:bb:c0:bb:5b:76:4c:68:df:bf:3d:73:7a:81:70:ae:cf:
         7a:98:54:d5:9e:d9:fb:f3:19:b8:22:5f:99:0e:be:75:d1:04:
         e1:a3:47:74:86:3e:36:11:6b:c6:d2:c2:2b:57:f5:38:a8:fa:
         c3:85:8f:50:dc:09:77:82:96:5f:a5:c3:9d:d9:18:96:ef:fe:
         1c:fa:95:62:85:32:d3:ff:39:b8:de:93:06:18:1a:1a:13:49:
         61:7a:86:05:62:5f:51:4b:68:0f:50:0a:c9:37:e7:c2:91:48:
         e8:96:97:b4:12:1c:82:fc:9f:ba:66:ae:29:83:c1:50:18:2a:
         97:62:5d:65:05:48:8b:bd:d9:c4:42:a0:9f:21:59:bd:4a:d1:
         14:e4:5e:47:e0:79:c8:0b:36:c5:b9:05:1d:6b:7c:c0:85:0f:
         78:66:4c:0b:4f:47:e3:1d:15:f0:51:05:33:66:3d:95:9b:e1:
         8a:ff:2a:bb:3e:87:33:20:1b:54:d2:70:71:52:dc:08:14:18:
         88:43:36:ac:a6:de:b3:a8:57:5b:26:b5:8f:fc:1b:5d:e0:85:
         dc:d9:6e:41:11:56:72:be:4a:b6:83:ab:94:9a:5d:51:35:48:
         38:a7:df:b1:10:f0:0f:a9:3c:9a:75:99:42:8b:4b:4e:9a:cf:
         e9:b7:e4:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDST/dxFY9TaQXUtdQvpgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNjE0NzBkMzliZTRiYTJkZDVkZjhmYTQ3YjE2Mzk2Mjc4
ZTY3MGEwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjE3ZTBiMzBlMmYxNzViOGNhNjNhNTlhMjkzMWFhOTBlNWU2MDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwq65lv7hKkmmT68girqeEpEP5c7D
dy+4gMLHGt0RSMato3PdclQ5n6ItN+5MzxiHvWhmfvpnmA8VyIi2QSekpcXeFcb2
/vxhmdU9M5uvOQ2JA+oFjnz6F7Mk+LaOS35yj2Yr24YFIFJd+IQ6+NxZyEttCHnR
wTTgwAGGhg8tMVHvXGSD6wpWjfXvxEkTKJqfgME+89jKnVOIGpZnthbn8kWXYOIu
LNwp7aNION/xCLE4+EELQmBRDvf96Gp3vqnfC9I6FcHUBQTiHZW2oppBky2iS4AL
xbVYsV8VugQP9tWMp2/J444uwhuL3JIUUiDWXtshl0hov2gWANJayYfBPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8X4LMOLxdbjKY6WaKTGqkOXmBmMB8GA1UdIwQY
MBaAFGFhRw05vkui3V34+kexY5YnjmcKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTkt
YzI0MGJmYzljYmMxLzEvN3hmZ3N3NHZGMXVNcGpwWm9wTWFxUTVlWUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lNTE4NTYtZTUyZS00YjI0LThjOTktYzI0MGJmYzljYmMx
LzEvWVdGSERUbS1TNkxkWGZqNlI3RmpsaWVPWndvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1U7MA0G
CSqGSIb3DQEBCwUAA4IBAQAcQ7vAu1t2TGjfvz1zeoFwrs96mFTVntn78xm4Il+Z
Dr510QTho0d0hj42EWvG0sIrV/U4qPrDhY9Q3Al3gpZfpcOd2RiW7/4c+pVihTLT
/zm43pMGGBoaE0lheoYFYl9RS2gPUArJN+fCkUjolpe0EhyC/J+6Zq4pg8FQGCqX
Yl1lBUiLvdnEQqCfIVm9StEU5F5H4HnICzbFuQUda3zAhQ94ZkwLT0fjHRXwUQUz
Zj2Vm+GK/yq7PoczIBtU0nBxUtwIFBiIQzaspt6zqFdbJrWP/Btd4IXc2W5BEVZy
vkq2g6uUml1RNUg4p9+xEPAPqTyadZlCi0tOms/pt+Tb
-----END CERTIFICATE-----