Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/7OXZKIiOiArGy5tMo2FSNlPBJ3k.roa
File:                     7OXZKIiOiArGy5tMo2FSNlPBJ3k.roa (raw, json)
Hash identifier:          TOTtM+DbOWhXTjfZdOZiFlkFHBxRiltSlrPJ59I3Pno=
Subject key identifier:   EC:E5:D9:28:88:8E:88:0A:C6:CB:9B:4C:A3:61:52:36:53:C1:27:79
Certificate issuer:       /CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
Certificate serial:       018F4FF3016AF5D5C1BBF5BE316BA5F30E7D
Authority key identifier: AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/7OXZKIiOiArGy5tMo2FSNlPBJ3k.roa
Signing time:             Mon 06 May 2024 22:07:56 +0000
ROA not before:           Mon 06 May 2024 22:07:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2540
IP address blocks:        212.169.64.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:f3:01:6a:f5:d5:c1:bb:f5:be:31:6b:a5:f3:0e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad243dcff0cb38211f7fe7db3f913169b44cf456
        Validity
            Not Before: May  6 22:07:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ece5d928888e880ac6cb9b4ca361523653c12779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e3:7c:9c:9f:4e:6f:0e:7e:c4:d0:c6:09:07:
                    4c:3e:21:7d:7a:25:cf:73:ec:70:5e:eb:a9:7d:d1:
                    e9:5a:7a:95:46:24:a6:fa:14:f2:cc:7e:d7:1a:b4:
                    86:80:58:b1:af:bf:30:4e:45:3e:64:b1:16:67:73:
                    57:eb:67:8f:98:97:be:7f:bf:c6:3c:89:68:9e:6e:
                    db:81:ac:f8:3d:ee:5a:69:92:63:3a:ca:49:35:74:
                    fd:87:28:75:54:83:8d:17:0d:12:a3:5f:87:86:57:
                    a4:46:fa:93:87:0f:45:15:25:22:ed:10:3e:98:7e:
                    25:95:df:25:9a:fc:f1:fb:41:27:6e:21:6d:07:cc:
                    4c:d2:77:65:04:6c:0a:39:98:8e:80:a6:74:ad:5f:
                    a4:8b:28:66:35:63:5a:b3:68:ee:d1:5b:77:db:30:
                    ff:5f:fb:03:95:7d:5f:20:63:8c:6f:93:cf:98:8f:
                    f8:a6:a7:0d:de:19:e1:81:80:e2:60:54:92:8a:fb:
                    3a:32:90:f8:aa:32:47:fd:c9:bc:4b:00:5b:3f:10:
                    a0:ef:7c:dc:f9:df:95:99:26:f2:bc:d6:21:76:01:
                    7e:45:0d:ee:62:4b:03:75:12:a0:f7:ae:86:b7:90:
                    7f:6c:5a:24:7f:92:98:91:69:10:e9:b7:06:25:3c:
                    b3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:E5:D9:28:88:8E:88:0A:C6:CB:9B:4C:A3:61:52:36:53:C1:27:79
            X509v3 Authority Key Identifier:
                keyid:AD:24:3D:CF:F0:CB:38:21:1F:7F:E7:DB:3F:91:31:69:B4:4C:F4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rSQ9z_DLOCEff-fbP5ExabRM9FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/7OXZKIiOiArGy5tMo2FSNlPBJ3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a5d27b-26c0-4eb3-89bc-b9f298a798e4/1/rSQ9z_DLOCEff-fbP5ExabRM9FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.169.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         2b:89:de:9e:32:1b:ea:4f:8b:f6:38:7a:cf:7a:1b:99:3a:84:
         ad:65:38:57:4d:26:6e:67:88:78:e8:35:2f:34:fe:ce:3e:9b:
         51:ce:c3:dd:cf:e9:b9:f3:65:bc:3e:d3:24:47:cd:e4:6c:2e:
         82:27:dc:7e:87:cf:64:03:85:4e:d4:94:6b:b6:46:a9:48:44:
         bd:a4:c9:87:66:ee:23:76:84:6a:a1:cf:f9:85:1c:4a:31:ef:
         0c:37:04:61:66:9f:f0:4e:29:97:ee:c8:87:d7:04:10:0b:4d:
         cd:f2:bf:eb:9f:6e:27:7a:7e:fa:53:14:02:04:7a:6f:f3:32:
         58:f9:f9:11:58:7a:2d:f1:6f:ff:5c:7c:63:fe:de:73:06:23:
         3c:aa:f9:ff:09:c8:78:57:8c:31:bf:a6:d5:70:5b:08:37:2f:
         f4:de:c1:9f:70:99:b9:35:c7:37:d4:c3:82:48:b2:b2:08:42:
         39:ea:10:eb:d9:04:f8:6c:bd:cc:58:9a:59:d2:50:71:36:76:
         89:99:88:d4:7f:bc:25:0f:ad:c9:63:b1:aa:81:bb:ef:22:7c:
         22:70:7e:41:82:11:9c:53:48:17:00:31:28:68:2c:10:0a:97:
         92:4d:a6:53:9d:ff:d7:40:c8:3d:89:ca:a3:6a:53:ed:f4:43:
         a3:da:22:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9P8wFq9dXBu/W+MWul8w59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMjQzZGNmZjBjYjM4MjExZjdmZTdkYjNmOTEzMTY5YjQ0
Y2Y0NTYwHhcNMjQwNTA2MjIwNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2U1ZDkyODg4OGU4ODBhYzZjYjliNGNhMzYxNTIzNjUzYzEyNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApON8nJ9Obw5+xNDGCQdMPiF9eiXP
c+xwXuupfdHpWnqVRiSm+hTyzH7XGrSGgFixr78wTkU+ZLEWZ3NX62ePmJe+f7/G
PIlonm7bgaz4Pe5aaZJjOspJNXT9hyh1VIONFw0So1+HhlekRvqThw9FFSUi7RA+
mH4lld8lmvzx+0EnbiFtB8xM0ndlBGwKOZiOgKZ0rV+kiyhmNWNas2ju0Vt32zD/
X/sDlX1fIGOMb5PPmI/4pqcN3hnhgYDiYFSSivs6MpD4qjJH/cm8SwBbPxCg73zc
+d+VmSbyvNYhdgF+RQ3uYksDdRKg966Gt5B/bFokf5KYkWkQ6bcGJTyzYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzl2SiIjogKxsubTKNhUjZTwSd5MB8GA1UdIwQY
MBaAFK0kPc/wyzghH3/n2z+RMWm0TPRWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMt
YjlmMjk4YTc5OGU0LzEvN09YWktJaU9pQXJHeTV0TW8yRlNObFBCSjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNWQyN2ItMjZjMC00ZWIzLTg5YmMtYjlmMjk4YTc5OGU0
LzEvclNROXpfRExPQ0VmZi1mYlA1RXhhYlJNOUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQG1KlAMA0G
CSqGSIb3DQEBCwUAA4IBAQArid6eMhvqT4v2OHrPehuZOoStZThXTSZuZ4h46DUv
NP7OPptRzsPdz+m582W8PtMkR83kbC6CJ9x+h89kA4VO1JRrtkapSES9pMmHZu4j
doRqoc/5hRxKMe8MNwRhZp/wTimX7siH1wQQC03N8r/rn24nen76UxQCBHpv8zJY
+fkRWHot8W//XHxj/t5zBiM8qvn/Cch4V4wxv6bVcFsINy/03sGfcJm5Ncc31MOC
SLKyCEI56hDr2QT4bL3MWJpZ0lBxNnaJmYjUf7wlD63JY7GqgbvvInwicH5BghGc
U0gXADEoaCwQCpeSTaZTnf/XQMg9icqjalPt9EOj2iKo
-----END CERTIFICATE-----