Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/B7ayCTbCI3LtuHA8WK3tvovnmdg.roa
File:                     B7ayCTbCI3LtuHA8WK3tvovnmdg.roa (raw, json)
Hash identifier:          V9tl3PmPjbaEU2WsGiaM2hwqpKfxQP5vW8xd4wKkNLY=
Subject key identifier:   07:B6:B2:09:36:C2:23:72:ED:B8:70:3C:58:AD:ED:BE:8B:E7:99:D8
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500DE0DE5B0EB217FCFB3A49D6AD994
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/B7ayCTbCI3LtuHA8WK3tvovnmdg.roa
Signing time:             Mon 01 Jan 2024 12:30:17 +0000
ROA not before:           Mon 01 Jan 2024 12:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14178
IP address blocks:        62.100.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:de:0d:e5:b0:eb:21:7f:cf:b3:a4:9d:6a:d9:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07b6b20936c22372edb8703c58adedbe8be799d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:45:4b:b4:25:c4:62:3b:19:fd:79:5a:a4:ea:
                    19:11:d6:22:75:e6:ce:7f:67:2d:13:5f:e9:dd:88:
                    03:2e:2f:06:59:09:64:a3:c0:06:af:67:37:d9:79:
                    f0:9a:2a:e2:26:89:8a:6d:22:47:3d:e5:ea:69:0c:
                    54:d9:cf:5e:52:e2:43:1a:0e:3e:bc:e7:d8:96:a4:
                    41:98:02:d0:15:2e:b8:40:53:d3:43:6d:25:a8:bd:
                    4e:28:04:f8:12:91:3e:ce:44:87:bf:9f:d0:78:62:
                    f7:7f:59:ad:bb:b9:72:8c:e8:f6:e4:d3:39:d7:69:
                    56:2e:c4:61:2f:29:86:fb:3d:b8:c6:ac:40:87:02:
                    b8:3b:1e:a0:4e:04:53:26:5e:cc:70:9a:01:d5:47:
                    a1:a8:c7:e0:21:c2:d8:54:cd:36:73:1e:55:5d:0f:
                    27:64:e1:98:3d:f3:c3:94:2f:d9:79:34:33:81:a6:
                    50:a3:d9:45:f1:f0:da:b1:ac:e8:0d:5a:53:a7:6b:
                    7e:70:fa:58:36:45:f2:e8:70:62:a6:a6:65:a0:fd:
                    37:05:63:91:95:04:94:cd:f8:d5:1f:d3:e1:47:43:
                    d0:0d:ba:17:bf:69:8d:2e:82:d4:3f:8e:c2:ac:df:
                    ed:40:06:ea:29:a2:59:d7:09:fb:e1:87:3b:72:26:
                    9f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B6:B2:09:36:C2:23:72:ED:B8:70:3C:58:AD:ED:BE:8B:E7:99:D8
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/B7ayCTbCI3LtuHA8WK3tvovnmdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.100.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b2:bd:f5:8d:04:55:8b:9c:1d:1d:3c:79:17:c9:e8:a8:84:
         c1:5b:ae:9b:c1:34:77:c5:92:7d:36:5d:2d:6c:5a:89:89:70:
         78:d0:2c:5d:15:6c:bf:21:27:43:d3:c1:19:ce:f3:7f:52:e4:
         8a:1a:a0:51:16:56:dd:de:95:5d:c4:8f:44:a7:90:41:e8:22:
         f5:9c:29:04:ae:38:ad:95:e5:bd:4c:88:48:80:7f:97:d3:37:
         5e:11:48:26:8c:ad:33:22:cb:d3:9a:8b:11:2b:31:73:ba:d6:
         21:b6:ab:3a:ce:31:5e:29:13:e5:61:bc:f9:91:a6:5b:86:59:
         fe:36:6f:a8:58:94:cf:26:51:51:7b:67:9d:a5:9e:86:59:f7:
         ae:ad:26:bc:47:9d:66:fc:13:bb:05:86:00:cd:79:a2:a7:ac:
         a0:9a:1b:31:bf:10:8f:ff:e7:fe:5c:03:48:ef:1e:39:bb:99:
         41:7c:cd:44:8b:83:5c:a8:04:9f:43:19:d5:6d:5a:9a:a3:ca:
         67:b2:84:0f:16:9e:27:63:bf:bb:b8:fd:64:2a:ed:2f:c6:ce:
         d8:01:a2:13:2b:d8:6b:0c:03:3e:40:ef:aa:a7:29:77:9c:e8:
         c0:2a:95:ba:ef:d0:eb:9e:cb:da:24:4a:5a:57:98:54:c7:05:
         e8:ee:f3:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAN4N5bDrIX/Ps6SdatmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2I2YjIwOTM2YzIyMzcyZWRiODcwM2M1OGFkZWRiZThiZTc5OWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEVLtCXEYjsZ/XlapOoZEdYidebO
f2ctE1/p3YgDLi8GWQlko8AGr2c32XnwmiriJomKbSJHPeXqaQxU2c9eUuJDGg4+
vOfYlqRBmALQFS64QFPTQ20lqL1OKAT4EpE+zkSHv5/QeGL3f1mtu7lyjOj25NM5
12lWLsRhLymG+z24xqxAhwK4Ox6gTgRTJl7McJoB1UehqMfgIcLYVM02cx5VXQ8n
ZOGYPfPDlC/ZeTQzgaZQo9lF8fDasazoDVpTp2t+cPpYNkXy6HBipqZloP03BWOR
lQSUzfjVH9PhR0PQDboXv2mNLoLUP47CrN/tQAbqKaJZ1wn74Yc7ciafCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAe2sgk2wiNy7bhwPFit7b6L55nYMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvQjdheUNUYkNJM0x0dUhBOFdLM3R2b3ZubWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmTRMA0G
CSqGSIb3DQEBCwUAA4IBAQBxsr31jQRVi5wdHTx5F8noqITBW66bwTR3xZJ9Nl0t
bFqJiXB40CxdFWy/ISdD08EZzvN/UuSKGqBRFlbd3pVdxI9Ep5BB6CL1nCkErjit
leW9TIhIgH+X0zdeEUgmjK0zIsvTmosRKzFzutYhtqs6zjFeKRPlYbz5kaZbhln+
Nm+oWJTPJlFRe2edpZ6GWfeurSa8R51m/BO7BYYAzXmip6ygmhsxvxCP/+f+XANI
7x45u5lBfM1Ei4NcqASfQxnVbVqao8pnsoQPFp4nY7+7uP1kKu0vxs7YAaITK9hr
DAM+QO+qpyl3nOjAKpW679DrnsvaJEpaV5hUxwXo7vN0
-----END CERTIFICATE-----