Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/4gZWE4TNYULNOZOQv6G5_q62VD0.roa
File:                     4gZWE4TNYULNOZOQv6G5_q62VD0.roa (raw, json)
Hash identifier:          jzrESAfZD5GMXbgkOv8cuE3kM3PqICadP2tcXpWkFhw=
Subject key identifier:   E2:06:56:13:84:CD:61:42:CD:39:93:90:BF:A1:B9:FE:AE:B6:54:3D
Certificate issuer:       /CN=7b24358c4f16c19ffad37f3cafe0c8f6acbf65b1
Certificate serial:       018CC26D5B3C5026A85690F86104AA9DDE56
Authority key identifier: 7B:24:35:8C:4F:16:C1:9F:FA:D3:7F:3C:AF:E0:C8:F6:AC:BF:65:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eyQ1jE8WwZ_60388r-DI9qy_ZbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/4gZWE4TNYULNOZOQv6G5_q62VD0.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39405
IP address blocks:        213.178.148.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/eyQ1jE8WwZ_60388r-DI9qy_ZbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/eyQ1jE8WwZ_60388r-DI9qy_ZbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eyQ1jE8WwZ_60388r-DI9qy_ZbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5b:3c:50:26:a8:56:90:f8:61:04:aa:9d:de:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b24358c4f16c19ffad37f3cafe0c8f6acbf65b1
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e206561384cd6142cd399390bfa1b9feaeb6543d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ab:59:34:7f:ea:1a:05:91:b7:9e:3c:cd:2a:
                    77:64:89:08:5c:0e:92:81:07:a5:e7:27:c4:df:72:
                    53:bd:13:96:49:cd:0d:41:56:5b:5d:84:9e:d3:58:
                    fa:04:1f:81:a6:61:d2:cc:53:03:63:cb:a0:60:dc:
                    70:97:93:4f:66:a1:0d:e2:d8:97:4a:12:e9:41:5c:
                    a4:c5:b9:ab:4e:36:78:7c:7f:f4:90:61:17:17:ff:
                    6a:99:17:9a:80:48:bc:23:5f:ae:f6:41:9b:61:1a:
                    18:1e:6f:b7:be:d3:cf:d1:40:af:82:19:36:c4:49:
                    26:ab:de:54:a8:5d:6a:f5:6a:b1:71:41:44:9b:7f:
                    c0:6c:c5:66:f1:0e:4e:99:ed:f6:ff:07:9a:54:a9:
                    af:8b:46:f1:94:32:53:e6:73:81:e8:16:31:b9:ff:
                    89:5f:a4:62:89:b5:54:30:dd:3a:a2:c3:b1:21:67:
                    5e:20:db:7c:8c:d5:62:72:ab:c7:4e:04:e5:da:f4:
                    c7:5b:b1:10:7b:0f:24:96:24:f8:52:e6:9d:10:3d:
                    6a:fa:ed:33:e4:ab:98:66:33:b0:00:cb:a7:6e:af:
                    60:20:d4:ea:f9:ae:1a:ee:cf:24:5d:9a:38:de:4b:
                    b8:ea:ce:21:df:9d:f8:ee:79:e1:8c:24:0d:4b:5c:
                    4d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:06:56:13:84:CD:61:42:CD:39:93:90:BF:A1:B9:FE:AE:B6:54:3D
            X509v3 Authority Key Identifier:
                keyid:7B:24:35:8C:4F:16:C1:9F:FA:D3:7F:3C:AF:E0:C8:F6:AC:BF:65:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eyQ1jE8WwZ_60388r-DI9qy_ZbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/4gZWE4TNYULNOZOQv6G5_q62VD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/eyQ1jE8WwZ_60388r-DI9qy_ZbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:55:18:1c:05:c7:ff:1f:bb:99:d3:18:85:a4:70:89:3d:a5:
         3f:34:8b:96:02:39:8c:5a:fe:44:f6:2a:6e:89:25:1e:57:77:
         d4:8b:e3:40:75:a0:85:cd:1a:53:6f:1c:2e:2f:23:50:cf:9c:
         f7:bb:3c:99:95:f0:e4:f4:2f:52:a8:3e:12:c7:3f:cb:a7:69:
         64:12:33:80:40:03:f9:6d:9d:29:9c:cc:0b:df:cc:6d:a7:55:
         e3:7c:fd:bd:bf:3b:9c:d9:e8:1b:d2:e9:e5:ea:db:31:dd:a7:
         60:26:a8:76:67:6c:9e:5e:f9:51:c6:bd:96:56:43:e7:dd:f2:
         66:20:52:38:f0:6a:0c:a8:d6:4e:79:8d:4e:e5:83:55:fc:38:
         65:25:60:2f:cb:08:e0:63:1e:fb:2b:d3:51:22:5c:ab:a5:ea:
         2d:16:9e:e8:ab:68:1b:86:33:b3:6d:11:ce:41:e0:0a:62:88:
         b2:8f:c5:04:ec:c3:1d:8a:bc:9b:69:9e:33:f5:f6:56:2d:73:
         95:98:e7:e9:21:12:f0:0c:c6:07:10:88:15:86:58:a2:c6:2c:
         c6:30:ed:aa:b7:9c:c8:06:c1:8f:d9:17:fa:a0:27:9b:ee:44:
         38:5f:2e:bd:d5:00:13:4e:2f:5e:d6:b3:a5:49:1b:06:cc:4c:
         9c:9a:a2:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVs8UCaoVpD4YQSqnd5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMjQzNThjNGYxNmMxOWZmYWQzN2YzY2FmZTBjOGY2YWNi
ZjY1YjEwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjA2NTYxMzg0Y2Q2MTQyY2QzOTkzOTBiZmExYjlmZWFlYjY1NDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiatZNH/qGgWRt548zSp3ZIkIXA6S
gQel5yfE33JTvROWSc0NQVZbXYSe01j6BB+BpmHSzFMDY8ugYNxwl5NPZqEN4tiX
ShLpQVykxbmrTjZ4fH/0kGEXF/9qmReagEi8I1+u9kGbYRoYHm+3vtPP0UCvghk2
xEkmq95UqF1q9WqxcUFEm3/AbMVm8Q5Ome32/weaVKmvi0bxlDJT5nOB6BYxuf+J
X6RiibVUMN06osOxIWdeINt8jNVicqvHTgTl2vTHW7EQew8kliT4UuadED1q+u0z
5KuYZjOwAMunbq9gINTq+a4a7s8kXZo43ku46s4h35347nnhjCQNS1xN4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIGVhOEzWFCzTmTkL+huf6utlQ9MB8GA1UdIwQY
MBaAFHskNYxPFsGf+tN/PK/gyPasv2WxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXlRMWpFOFd3Wl82MDM4OHItREk5cXlfWmJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS85YWE2M2ItNzY0Ny00MDczLTllNjYt
MGQ3YzUyMTU0MTgzLzEvNGdaV0U0VE5ZVUxOT1pPUXY2RzVfcTYyVkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS85YWE2M2ItNzY0Ny00MDczLTllNjYtMGQ3YzUyMTU0MTgz
LzEvZXlRMWpFOFd3Wl82MDM4OHItREk5cXlfWmJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bKUMA0G
CSqGSIb3DQEBCwUAA4IBAQBdVRgcBcf/H7uZ0xiFpHCJPaU/NIuWAjmMWv5E9ipu
iSUeV3fUi+NAdaCFzRpTbxwuLyNQz5z3uzyZlfDk9C9SqD4Sxz/Lp2lkEjOAQAP5
bZ0pnMwL38xtp1XjfP29vzuc2egb0unl6tsx3adgJqh2Z2yeXvlRxr2WVkPn3fJm
IFI48GoMqNZOeY1O5YNV/DhlJWAvywjgYx77K9NRIlyrpeotFp7oq2gbhjOzbRHO
QeAKYoiyj8UE7MMdirybaZ4z9fZWLXOVmOfpIRLwDMYHEIgVhliixizGMO2qt5zI
BsGP2Rf6oCeb7kQ4Xy691QATTi9e1rOlSRsGzEycmqIx
-----END CERTIFICATE-----