Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/B6VeX9sedhG1sMkuMNsYcIiLV50.roa
File:                     B6VeX9sedhG1sMkuMNsYcIiLV50.roa (raw, json)
Hash identifier:          6punVFAwjAdbSVmZcfWm3DJ1Li9lEnDTEfkyPm8Twug=
Subject key identifier:   07:A5:5E:5F:DB:1E:76:11:B5:B0:C9:2E:30:DB:18:70:88:8B:57:9D
Certificate issuer:       /CN=c7f04b78b2eedf998edd5cc1e88671c8d10f1865
Certificate serial:       018CC56DEA4BB8B14C2B5206F56B2568ABB8
Authority key identifier: C7:F0:4B:78:B2:EE:DF:99:8E:DD:5C:C1:E8:86:71:C8:D1:0F:18:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x_BLeLLu35mO3VzB6IZxyNEPGGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/B6VeX9sedhG1sMkuMNsYcIiLV50.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9136
IP address blocks:        143.163.64.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/x_BLeLLu35mO3VzB6IZxyNEPGGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/x_BLeLLu35mO3VzB6IZxyNEPGGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x_BLeLLu35mO3VzB6IZxyNEPGGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ea:4b:b8:b1:4c:2b:52:06:f5:6b:25:68:ab:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7f04b78b2eedf998edd5cc1e88671c8d10f1865
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07a55e5fdb1e7611b5b0c92e30db1870888b579d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:2d:6c:e7:e8:61:d7:31:24:1d:68:ad:d6:26:
                    16:df:73:d3:b4:67:01:6f:6f:94:e2:0a:19:40:e6:
                    e5:19:92:94:5c:1b:b8:61:29:38:76:24:09:9f:9b:
                    3b:7c:18:b0:cc:44:b9:e1:b5:0d:c2:0f:11:cc:92:
                    b1:c9:9d:ad:c8:85:98:ce:04:8d:85:9a:64:b0:51:
                    64:de:6a:07:dd:5e:12:78:66:88:9d:55:81:9c:a9:
                    7d:d6:e7:84:3c:9f:3f:79:ac:39:97:89:3a:2a:cd:
                    5f:a1:6d:dc:45:de:e4:8b:e5:1f:2e:4d:e5:2e:51:
                    bb:e9:1a:33:1b:7b:ac:19:8f:e5:da:3c:16:05:c3:
                    af:e1:f0:0e:7c:6b:f2:6d:bf:ad:de:30:37:7c:c4:
                    3a:53:cd:5a:2f:6a:09:b3:d2:25:84:62:97:6d:e9:
                    e8:5c:83:69:b1:65:66:e7:f9:ff:bb:72:2e:c9:1f:
                    da:54:f6:34:29:b0:33:a5:cf:b0:b5:f6:dd:03:f4:
                    cc:9d:49:1b:56:37:58:20:93:db:8c:18:95:21:45:
                    a8:f0:b4:2c:78:91:37:c8:99:ec:37:9e:be:ab:2a:
                    4e:5c:ea:60:de:a6:18:7d:14:59:66:4c:26:3c:e2:
                    9f:4a:e9:70:c2:72:b6:a1:52:39:cc:7c:c7:bb:a8:
                    82:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A5:5E:5F:DB:1E:76:11:B5:B0:C9:2E:30:DB:18:70:88:8B:57:9D
            X509v3 Authority Key Identifier:
                keyid:C7:F0:4B:78:B2:EE:DF:99:8E:DD:5C:C1:E8:86:71:C8:D1:0F:18:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x_BLeLLu35mO3VzB6IZxyNEPGGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/B6VeX9sedhG1sMkuMNsYcIiLV50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/473924-6f99-473d-a077-f437839095d1/1/x_BLeLLu35mO3VzB6IZxyNEPGGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.163.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c3:f1:30:54:a1:36:f5:6e:17:3e:a2:48:94:b9:89:80:9d:9f:
         bc:35:1c:d5:2c:e8:19:cd:82:b6:e6:ce:86:8c:7d:59:14:81:
         c5:a3:c2:68:0b:21:29:ba:0a:b5:f0:a6:d7:ae:71:1e:4b:bb:
         79:af:32:61:cf:7a:00:6e:d6:e9:cd:bb:99:20:86:13:d8:03:
         27:40:f6:47:57:38:06:e1:2e:10:63:a2:ca:5a:11:df:8a:7b:
         03:e7:4a:7a:49:91:50:bb:0a:d6:b9:08:74:54:df:c3:83:9f:
         e2:0f:ca:95:62:18:c1:da:18:9b:60:a3:a4:a2:24:69:8a:7e:
         6a:39:62:40:02:f3:f5:dc:2c:83:af:bb:6d:f2:4c:4e:e6:41:
         50:7d:68:0b:85:83:12:44:e4:59:94:12:f7:d5:82:70:21:02:
         da:fb:f7:94:3f:6c:17:5e:03:87:75:5b:8c:6d:37:56:e2:3c:
         e8:c8:d2:ce:12:f6:76:78:24:d3:48:e9:f8:1c:3e:61:73:ec:
         2d:76:30:7a:e0:05:de:34:32:3a:3f:04:f2:14:c1:a1:cb:f1:
         f7:08:58:d2:f6:a1:c2:ae:95:3b:29:d0:65:ec:06:49:c6:a7:
         cb:df:f4:42:70:d2:7e:df:05:22:d0:7e:df:bd:71:6b:fd:9b:
         d1:aa:51:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbepLuLFMK1IG9WslaKu4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZjA0Yjc4YjJlZWRmOTk4ZWRkNWNjMWU4ODY3MWM4ZDEw
ZjE4NjUwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2E1NWU1ZmRiMWU3NjExYjViMGM5MmUzMGRiMTg3MDg4OGI1NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgy1s5+hh1zEkHWit1iYW33PTtGcB
b2+U4goZQOblGZKUXBu4YSk4diQJn5s7fBiwzES54bUNwg8RzJKxyZ2tyIWYzgSN
hZpksFFk3moH3V4SeGaInVWBnKl91ueEPJ8/eaw5l4k6Ks1foW3cRd7ki+UfLk3l
LlG76RozG3usGY/l2jwWBcOv4fAOfGvybb+t3jA3fMQ6U81aL2oJs9IlhGKXbeno
XINpsWVm5/n/u3IuyR/aVPY0KbAzpc+wtfbdA/TMnUkbVjdYIJPbjBiVIUWo8LQs
eJE3yJnsN56+qypOXOpg3qYYfRRZZkwmPOKfSulwwnK2oVI5zHzHu6iCrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAelXl/bHnYRtbDJLjDbGHCIi1edMB8GA1UdIwQY
MBaAFMfwS3iy7t+Zjt1cweiGccjRDxhlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveF9CTGVMTHUzNW1PM1Z6QjZJWnh5TkVQR0dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80NzM5MjQtNmY5OS00NzNkLWEwNzct
ZjQzNzgzOTA5NWQxLzEvQjZWZVg5c2VkaEcxc01rdU1Oc1ljSWlMVjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80NzM5MjQtNmY5OS00NzNkLWEwNzctZjQzNzgzOTA5NWQx
LzEveF9CTGVMTHUzNW1PM1Z6QjZJWnh5TkVQR0dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBj6NAMA0G
CSqGSIb3DQEBCwUAA4IBAQDD8TBUoTb1bhc+okiUuYmAnZ+8NRzVLOgZzYK25s6G
jH1ZFIHFo8JoCyEpugq18KbXrnEeS7t5rzJhz3oAbtbpzbuZIIYT2AMnQPZHVzgG
4S4QY6LKWhHfinsD50p6SZFQuwrWuQh0VN/Dg5/iD8qVYhjB2hibYKOkoiRpin5q
OWJAAvP13CyDr7tt8kxO5kFQfWgLhYMSRORZlBL31YJwIQLa+/eUP2wXXgOHdVuM
bTdW4jzoyNLOEvZ2eCTTSOn4HD5hc+wtdjB64AXeNDI6PwTyFMGhy/H3CFjS9qHC
rpU7KdBl7AZJxqfL3/RCcNJ+3wUi0H7fvXFr/ZvRqlEa
-----END CERTIFICATE-----