Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/7a7871-08f3-4757-a9f0-bf1c5cc36b66/1/N698xH3D3ov-iVkFzRRvmxAv2Ss.roa
File:                     N698xH3D3ov-iVkFzRRvmxAv2Ss.roa (raw, json)
Hash identifier:          bvET/skinFiVg+C1Ampa5Kx3tQNttAEGIZgcHrAkFR8=
Subject key identifier:   37:AF:7C:C4:7D:C3:DE:8B:FE:89:59:05:CD:14:6F:9B:10:2F:D9:2B
Certificate issuer:       /CN=7df7cfd6c8826a67f642a373d131955308d9c1ca
Certificate serial:       018DAC7E1A66A38C2BF702D25A0863B8C8D6
Authority key identifier: 7D:F7:CF:D6:C8:82:6A:67:F6:42:A3:73:D1:31:95:53:08:D9:C1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fffP1siCamf2QqNz0TGVUwjZwco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/7a7871-08f3-4757-a9f0-bf1c5cc36b66/1/N698xH3D3ov-iVkFzRRvmxAv2Ss.roa
Signing time:             Thu 15 Feb 2024 11:19:21 +0000
ROA not before:           Thu 15 Feb 2024 11:19:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205654
IP address blocks:        152.89.64.0/24 maxlen: 24
                          185.211.20.0/22 maxlen: 24
                          195.234.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/7a7871-08f3-4757-a9f0-bf1c5cc36b66/1/fffP1siCamf2QqNz0TGVUwjZwco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/7a7871-08f3-4757-a9f0-bf1c5cc36b66/1/fffP1siCamf2QqNz0TGVUwjZwco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fffP1siCamf2QqNz0TGVUwjZwco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:7e:1a:66:a3:8c:2b:f7:02:d2:5a:08:63:b8:c8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df7cfd6c8826a67f642a373d131955308d9c1ca
        Validity
            Not Before: Feb 15 11:19:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37af7cc47dc3de8bfe895905cd146f9b102fd92b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d1:65:54:0f:87:23:7e:18:fd:2e:69:52:54:
                    7d:92:8b:4c:04:9a:4e:e1:f8:da:6d:df:84:54:b3:
                    fb:db:ea:43:a1:89:a7:30:dc:2e:b0:d3:b0:c7:77:
                    35:a9:11:72:78:a4:9e:41:62:68:95:3b:e4:76:65:
                    f1:fd:2c:96:2a:6b:a2:ca:a3:00:6e:9c:bf:95:93:
                    7a:0c:b4:f2:c6:5c:1b:85:31:ff:cc:db:4e:b6:9d:
                    33:a5:e0:1c:31:8c:94:86:25:cc:b8:cf:54:9c:ad:
                    0a:3a:d1:8b:12:9b:80:d9:28:ce:6c:80:d4:c6:fc:
                    c5:b5:bf:ce:a4:dc:8c:2c:f8:8c:ac:86:ba:ca:78:
                    e0:49:23:b1:3e:5a:98:84:f6:f1:b4:1e:8f:f8:2d:
                    7a:d9:10:16:fc:78:95:37:46:e6:6a:1c:c0:2d:fe:
                    f0:b6:9a:26:3f:7b:f9:29:08:ae:52:2d:ae:c9:c6:
                    d2:c4:28:e1:18:9a:8a:ef:ee:b5:b4:6f:0c:6b:7e:
                    20:06:68:7e:67:56:39:e2:1f:2e:38:f1:93:5f:d4:
                    cb:fd:d3:03:77:4e:ae:4a:81:d2:53:86:a5:95:8b:
                    99:b6:59:98:37:e7:ec:48:97:03:3c:59:12:3e:83:
                    62:9a:42:f2:b0:49:e9:db:4b:f5:d6:83:b1:af:52:
                    40:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:AF:7C:C4:7D:C3:DE:8B:FE:89:59:05:CD:14:6F:9B:10:2F:D9:2B
            X509v3 Authority Key Identifier:
                keyid:7D:F7:CF:D6:C8:82:6A:67:F6:42:A3:73:D1:31:95:53:08:D9:C1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fffP1siCamf2QqNz0TGVUwjZwco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/7a7871-08f3-4757-a9f0-bf1c5cc36b66/1/N698xH3D3ov-iVkFzRRvmxAv2Ss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/7a7871-08f3-4757-a9f0-bf1c5cc36b66/1/fffP1siCamf2QqNz0TGVUwjZwco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.64.0/24
                  185.211.20.0/22
                  195.234.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:bb:ba:57:23:3a:58:3f:14:b1:b5:cc:83:93:8d:ec:fa:b9:
         b7:32:3b:83:e7:c6:10:00:5e:0e:88:5e:e7:2a:b0:13:7e:d5:
         8a:ef:73:dc:21:39:34:85:52:85:73:be:a3:7c:d0:4e:9d:eb:
         19:5d:92:92:c2:5a:4d:55:4b:fb:73:3d:1d:20:c6:f3:bb:37:
         8c:03:b1:62:16:9d:b8:26:69:05:84:5e:62:f4:0e:00:30:5d:
         2a:5c:7c:b4:ac:4b:08:cb:8d:98:43:5b:3c:11:5d:7d:7a:15:
         d2:c4:d1:32:6a:6b:7b:fb:a4:81:d9:8f:8f:95:a9:48:90:b9:
         e1:13:47:f3:42:8e:f9:ab:31:87:38:8c:e2:11:8d:50:ad:f9:
         8a:63:93:31:63:78:e0:f5:58:87:5c:16:c7:eb:bf:15:ad:18:
         c5:cf:a5:42:72:31:07:73:6d:7f:08:90:d9:6d:bb:a8:c3:20:
         ea:a6:09:72:4f:7b:ad:de:a1:7c:a1:28:93:28:b7:64:41:2d:
         2d:d8:8b:e3:2f:5f:50:9b:03:9f:f3:6b:c7:86:4b:a4:7e:1a:
         d4:2b:ee:c4:7e:ee:9f:e1:18:c7:ea:21:10:42:45:96:da:1d:
         e0:8f:fd:92:c1:0f:57:b0:7b:3f:09:a3:11:e9:d2:62:63:45:
         f2:19:19:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2sfhpmo4wr9wLSWghjuMjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjdjZmQ2Yzg4MjZhNjdmNjQyYTM3M2QxMzE5NTUzMDhk
OWMxY2EwHhcNMjQwMjE1MTExOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2FmN2NjNDdkYzNkZThiZmU4OTU5MDVjZDE0NmY5YjEwMmZkOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktFlVA+HI34Y/S5pUlR9kotMBJpO
4fjabd+EVLP72+pDoYmnMNwusNOwx3c1qRFyeKSeQWJolTvkdmXx/SyWKmuiyqMA
bpy/lZN6DLTyxlwbhTH/zNtOtp0zpeAcMYyUhiXMuM9UnK0KOtGLEpuA2SjObIDU
xvzFtb/OpNyMLPiMrIa6ynjgSSOxPlqYhPbxtB6P+C162RAW/HiVN0bmahzALf7w
tpomP3v5KQiuUi2uycbSxCjhGJqK7+61tG8Ma34gBmh+Z1Y54h8uOPGTX9TL/dMD
d06uSoHSU4allYuZtlmYN+fsSJcDPFkSPoNimkLysEnp20v11oOxr1JAkQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDevfMR9w96L/olZBc0Ub5sQL9krMB8GA1UdIwQY
MBaAFH33z9bIgmpn9kKjc9ExlVMI2cHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZmUDFzaUNhbWYyUXFOejBUR1ZVd2pad2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi83YTc4NzEtMDhmMy00NzU3LWE5ZjAt
YmYxYzVjYzM2YjY2LzEvTjY5OHhIM0Qzb3YtaVZrRnpSUnZteEF2MlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi83YTc4NzEtMDhmMy00NzU3LWE5ZjAtYmYxYzVjYzM2YjY2
LzEvZmZmUDFzaUNhbWYyUXFOejBUR1ZVd2pad2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAmFlAAwQC
udMUAwQAw+pfMA0GCSqGSIb3DQEBCwUAA4IBAQBRu7pXIzpYPxSxtcyDk43s+rm3
MjuD58YQAF4OiF7nKrATftWK73PcITk0hVKFc76jfNBOnesZXZKSwlpNVUv7cz0d
IMbzuzeMA7FiFp24JmkFhF5i9A4AMF0qXHy0rEsIy42YQ1s8EV19ehXSxNEyamt7
+6SB2Y+PlalIkLnhE0fzQo75qzGHOIziEY1QrfmKY5MxY3jg9ViHXBbH678VrRjF
z6VCcjEHc21/CJDZbbuowyDqpglyT3ut3qF8oSiTKLdkQS0t2IvjL19QmwOf82vH
hkukfhrUK+7Efu6f4RjH6iEQQkWW2h3gj/2SwQ9XsHs/CaMR6dJiY0XyGRnO
-----END CERTIFICATE-----