Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/at7JECeTE1x5NvW0oN7fJXztnuk.roa
File:                     at7JECeTE1x5NvW0oN7fJXztnuk.roa (raw, json)
Hash identifier:          phL/FV6SfBr/L+jCNdP5B6tnbYUalPLySZ3pjqH7oPE=
Subject key identifier:   6A:DE:C9:10:27:93:13:5C:79:36:F5:B4:A0:DE:DF:25:7C:ED:9E:E9
Certificate issuer:       /CN=af6eaeff123ca67446d0e49401e495057078e174
Certificate serial:       018CC64AC8A57638148CF2D89B8336DEBF27
Authority key identifier: AF:6E:AE:FF:12:3C:A6:74:46:D0:E4:94:01:E4:95:05:70:78:E1:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/at7JECeTE1x5NvW0oN7fJXztnuk.roa
Signing time:             Mon 01 Jan 2024 18:30:38 +0000
ROA not before:           Mon 01 Jan 2024 18:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12676
IP address blocks:        185.172.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c8:a5:76:38:14:8c:f2:d8:9b:83:36:de:bf:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af6eaeff123ca67446d0e49401e495057078e174
        Validity
            Not Before: Jan  1 18:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6adec9102793135c7936f5b4a0dedf257ced9ee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:49:4a:51:2e:ae:03:df:57:63:83:c5:fc:47:
                    ab:46:c9:62:bc:ce:61:da:36:dc:b0:06:fa:37:28:
                    3b:a4:7b:08:d5:7b:8d:dd:bd:e5:70:b4:7c:e4:16:
                    15:1a:9a:69:af:24:d8:0f:e5:52:6e:04:01:8a:f7:
                    3e:21:18:ec:c4:29:c1:f3:1d:af:27:7d:de:41:b2:
                    9e:b6:3a:6d:4b:31:91:d9:67:05:2e:8f:c8:09:62:
                    a6:ee:bb:91:9f:57:24:48:4e:52:61:46:2b:22:0f:
                    25:a5:b2:84:1e:05:10:a1:74:f4:4d:31:86:12:61:
                    47:68:68:cd:e7:02:72:c9:a6:b1:7b:48:ea:00:53:
                    9e:70:f2:1c:97:b8:70:04:b3:5e:1d:05:ac:86:59:
                    ff:49:be:ba:1e:50:2c:0c:3c:c7:bc:4b:87:6c:46:
                    b8:17:e8:7b:33:29:59:c6:a5:87:7e:6a:d0:fb:1d:
                    4e:ba:d2:c0:bd:f1:d8:b5:0d:79:cf:83:cf:c0:e0:
                    52:09:a3:2c:a4:05:21:2a:70:4c:07:ba:6e:47:86:
                    57:a5:e7:65:d5:b8:fb:d1:43:52:fa:bb:46:9a:49:
                    55:54:1d:6b:56:c3:26:e7:ad:b0:96:ca:d9:b6:75:
                    49:21:f9:7a:58:fa:f5:bf:5f:16:a4:26:92:a6:46:
                    32:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:DE:C9:10:27:93:13:5C:79:36:F5:B4:A0:DE:DF:25:7C:ED:9E:E9
            X509v3 Authority Key Identifier:
                keyid:AF:6E:AE:FF:12:3C:A6:74:46:D0:E4:94:01:E4:95:05:70:78:E1:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r26u_xI8pnRG0OSUAeSVBXB44XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/at7JECeTE1x5NvW0oN7fJXztnuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/700164-89d1-404f-af35-4ef47fc4bd7f/1/r26u_xI8pnRG0OSUAeSVBXB44XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:1c:50:66:85:3e:a8:b9:c1:bc:43:98:77:0a:3f:d7:8e:c8:
         29:ad:9b:81:f7:b9:a9:a2:dc:59:58:be:cb:14:6d:45:a9:8b:
         ce:62:d6:bb:36:29:b8:94:64:aa:5d:4b:3b:ba:b6:90:22:32:
         01:42:61:0a:1d:13:30:75:94:2e:56:2b:74:01:fb:60:6a:7a:
         16:87:66:cd:18:04:10:4f:ef:b9:58:ce:70:48:64:fa:b7:0a:
         20:b2:ab:d7:52:7a:fd:65:39:c5:fe:49:ca:e4:b0:74:c7:1e:
         dc:f5:1c:9b:a5:d7:25:f3:fd:12:64:5c:f2:ea:5c:6e:5a:fd:
         3c:e9:9e:b0:4a:60:68:e5:63:a9:3f:fb:72:db:1f:e1:2b:b4:
         44:f0:0f:cb:6f:31:70:20:09:59:7c:12:2e:90:db:c7:66:eb:
         ae:a8:d2:a0:da:cf:af:6e:6e:e6:8d:aa:e1:83:ed:8f:21:79:
         f5:e7:18:bd:c0:99:ba:3a:54:4b:71:a3:f8:db:a5:0a:af:0f:
         26:6c:01:22:1b:29:1d:93:d4:9c:06:c4:2a:af:1a:52:ed:da:
         3f:48:85:81:32:1a:fe:b8:0d:d2:33:10:d0:f3:58:e8:4a:f4:
         88:eb:ff:cb:e3:e1:24:cc:dd:fa:b7:22:95:6b:c4:d1:8e:f4:
         a9:37:84:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSsildjgUjPLYm4M23r8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNmVhZWZmMTIzY2E2NzQ0NmQwZTQ5NDAxZTQ5NTA1NzA3
OGUxNzQwHhcNMjQwMTAxMTgzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWRlYzkxMDI3OTMxMzVjNzkzNmY1YjRhMGRlZGYyNTdjZWQ5ZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnElKUS6uA99XY4PF/EerRslivM5h
2jbcsAb6Nyg7pHsI1XuN3b3lcLR85BYVGpppryTYD+VSbgQBivc+IRjsxCnB8x2v
J33eQbKetjptSzGR2WcFLo/ICWKm7ruRn1ckSE5SYUYrIg8lpbKEHgUQoXT0TTGG
EmFHaGjN5wJyyaaxe0jqAFOecPIcl7hwBLNeHQWshln/Sb66HlAsDDzHvEuHbEa4
F+h7MylZxqWHfmrQ+x1OutLAvfHYtQ15z4PPwOBSCaMspAUhKnBMB7puR4ZXpedl
1bj70UNS+rtGmklVVB1rVsMm562wlsrZtnVJIfl6WPr1v18WpCaSpkYyIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGreyRAnkxNceTb1tKDe3yV87Z7pMB8GA1UdIwQY
MBaAFK9urv8SPKZ0RtDklAHklQVweOF0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjI2dV94SThwblJHME9TVUFlU1ZCWEI0NFhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83MDAxNjQtODlkMS00MDRmLWFmMzUt
NGVmNDdmYzRiZDdmLzEvYXQ3SkVDZVRFMXg1TnZXMG9ON2ZKWHp0bnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83MDAxNjQtODlkMS00MDRmLWFmMzUtNGVmNDdmYzRiZDdm
LzEvcjI2dV94SThwblJHME9TVUFlU1ZCWEI0NFhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuax8MA0G
CSqGSIb3DQEBCwUAA4IBAQAXHFBmhT6oucG8Q5h3Cj/XjsgprZuB97mpotxZWL7L
FG1FqYvOYta7Nim4lGSqXUs7uraQIjIBQmEKHRMwdZQuVit0AftganoWh2bNGAQQ
T++5WM5wSGT6twogsqvXUnr9ZTnF/knK5LB0xx7c9Rybpdcl8/0SZFzy6lxuWv08
6Z6wSmBo5WOpP/ty2x/hK7RE8A/LbzFwIAlZfBIukNvHZuuuqNKg2s+vbm7mjarh
g+2PIXn15xi9wJm6OlRLcaP426UKrw8mbAEiGykdk9ScBsQqrxpS7do/SIWBMhr+
uA3SMxDQ81joSvSI6//L4+EkzN36tyKVa8TRjvSpN4TA
-----END CERTIFICATE-----