Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/bR2fJPALFqrsaC-O9APvcYfGrmw.roa
File:                     bR2fJPALFqrsaC-O9APvcYfGrmw.roa (raw, json)
Hash identifier:          aIxgvFOuPKL1C8PDQoHVWSge85Bwqk0AWWn88eqT3BA=
Subject key identifier:   6D:1D:9F:24:F0:0B:16:AA:EC:68:2F:8E:F4:03:EF:71:87:C6:AE:6C
Certificate issuer:       /CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
Certificate serial:       018CC5DC07863287B9792C6ED7C028E37CFE
Authority key identifier: D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/bR2fJPALFqrsaC-O9APvcYfGrmw.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.103.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:07:86:32:87:b9:79:2c:6e:d7:c0:28:e3:7c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d1d9f24f00b16aaec682f8ef403ef7187c6ae6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:69:31:cd:06:5b:77:10:ca:c3:ca:98:01:7a:
                    13:26:45:a7:16:64:1c:84:73:9b:75:07:fb:18:32:
                    b6:0a:d3:0f:fe:42:3c:a8:04:55:61:fd:36:9f:3f:
                    55:ce:d8:87:69:88:ae:6d:23:97:5b:a3:df:d7:12:
                    90:db:a4:fe:28:18:24:80:03:33:96:e4:b4:9a:91:
                    f9:00:1a:5a:6a:f8:47:9d:56:9e:c2:bb:97:63:6d:
                    25:e3:95:8a:7c:be:9d:1f:25:dd:a2:6e:a3:87:56:
                    c0:0e:26:4c:38:32:8b:69:c5:bc:3d:33:59:cb:a4:
                    47:67:c5:2b:cf:48:3a:f0:14:8f:68:b2:b5:75:e5:
                    dd:68:73:1f:a4:6d:68:20:b8:c2:4e:a0:d7:6f:05:
                    21:43:b5:fb:c1:3f:e1:84:e8:4f:40:99:ec:07:7e:
                    56:8f:8d:3e:f0:47:fe:b4:1c:58:44:c3:1f:ba:91:
                    4b:66:b2:83:da:95:3b:e9:53:5a:2d:bc:1e:1c:5e:
                    4c:b1:5f:7e:0c:ea:7f:62:d1:77:3e:ad:1f:b2:53:
                    6c:e7:e5:93:92:68:91:7d:04:9b:28:93:3d:b0:fb:
                    1b:75:53:38:a0:18:1a:20:ce:d5:e1:1a:bc:10:2a:
                    4a:51:d1:b5:c0:1a:a2:dd:70:28:07:94:73:73:58:
                    c2:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:1D:9F:24:F0:0B:16:AA:EC:68:2F:8E:F4:03:EF:71:87:C6:AE:6C
            X509v3 Authority Key Identifier:
                keyid:D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/bR2fJPALFqrsaC-O9APvcYfGrmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:f2:c6:70:76:7f:7a:f7:ab:a2:ab:7e:bb:18:2b:1e:16:23:
         8b:33:02:8b:5a:ea:5f:88:83:c4:36:5d:46:bc:e7:13:29:c8:
         3b:d5:f9:37:3b:7d:d4:f4:49:fc:0a:b1:7e:ab:15:cc:92:38:
         0a:02:9b:ad:fd:f2:c1:19:9f:52:f7:a6:3d:40:a0:6f:94:62:
         86:ad:76:89:da:15:fb:a5:96:77:91:ea:3e:3b:29:89:4f:14:
         11:83:75:99:55:87:33:60:23:75:ac:9d:e4:d6:46:b0:72:e0:
         6c:cf:08:8f:42:fe:c4:e2:30:b5:fb:25:5d:dc:dd:ed:0e:b4:
         56:a2:9c:3b:f6:f0:e3:01:1d:53:7c:b8:c9:b8:45:3f:12:61:
         2d:af:c1:61:6e:09:a8:8d:e6:c7:a2:61:4d:16:7b:78:a0:c6:
         0a:b5:2f:87:b3:07:19:65:bb:f0:89:a7:26:99:8d:b3:81:09:
         62:fa:b0:2f:56:c6:f6:ac:b7:42:9c:2d:05:7c:bd:73:67:72:
         7e:4a:e1:40:f0:d4:e2:81:1b:6a:bd:2f:20:70:2a:ba:5e:ab:
         08:f9:76:49:59:e7:a9:e2:2f:63:ab:92:c1:97:a5:26:a8:da:
         55:25:2b:d1:a6:35:f7:a3:85:1b:a2:fa:9d:c2:07:cd:32:c9:
         1e:08:63:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AeGMoe5eSxu18Ao43z+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjE5ZWM3MzgzZmEwNjEwNDgwZGRmYTYyYzNmODJjNDAw
Y2Q1NmYwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDFkOWYyNGYwMGIxNmFhZWM2ODJmOGVmNDAzZWY3MTg3YzZhZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimkxzQZbdxDKw8qYAXoTJkWnFmQc
hHObdQf7GDK2CtMP/kI8qARVYf02nz9VztiHaYiubSOXW6Pf1xKQ26T+KBgkgAMz
luS0mpH5ABpaavhHnVaewruXY20l45WKfL6dHyXdom6jh1bADiZMODKLacW8PTNZ
y6RHZ8Urz0g68BSPaLK1deXdaHMfpG1oILjCTqDXbwUhQ7X7wT/hhOhPQJnsB35W
j40+8Ef+tBxYRMMfupFLZrKD2pU76VNaLbweHF5MsV9+DOp/YtF3Pq0fslNs5+WT
kmiRfQSbKJM9sPsbdVM4oBgaIM7V4Rq8ECpKUdG1wBqi3XAoB5Rzc1jC4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0dnyTwCxaq7GgvjvQD73GHxq5sMB8GA1UdIwQY
MBaAFNchnsc4P6BhBIDd+mLD+CxADNVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4Yjct
ZDBjODJhM2NmNGI2LzEvYlIyZkpQQUxGcXJzYUMtTzlBUHZjWWZHcm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4YjctZDBjODJhM2NmNGI2
LzEvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWcHMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ8sZwdn9696uiq367GCseFiOLMwKLWupfiIPENl1G
vOcTKcg71fk3O33U9En8CrF+qxXMkjgKAput/fLBGZ9S96Y9QKBvlGKGrXaJ2hX7
pZZ3keo+OymJTxQRg3WZVYczYCN1rJ3k1kawcuBszwiPQv7E4jC1+yVd3N3tDrRW
opw79vDjAR1TfLjJuEU/EmEtr8FhbgmojebHomFNFnt4oMYKtS+HswcZZbvwiacm
mY2zgQli+rAvVsb2rLdCnC0FfL1zZ3J+SuFA8NTigRtqvS8gcCq6XqsI+XZJWeep
4i9jq5LBl6UmqNpVJSvRpjX3o4UbovqdwgfNMskeCGMx
-----END CERTIFICATE-----