Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c03d37-4efc-4c3c-8281-3c738544482e/1/moO0u0O2gZF55Ae0JSxHBziU23M.roa
File:                     moO0u0O2gZF55Ae0JSxHBziU23M.roa (raw, json)
Hash identifier:          imCpS88PEfNCtItHpZMsgm+2HxJ9DQabz4AC/P6jvIA=
Subject key identifier:   9A:83:B4:BB:43:B6:81:91:79:E4:07:B4:25:2C:47:07:38:94:DB:73
Certificate issuer:       /CN=7d7856c97beb97c2b386fb958c2db122c57db36c
Certificate serial:       0190065C0D917B34EF57FF299D954957F3F7
Authority key identifier: 7D:78:56:C9:7B:EB:97:C2:B3:86:FB:95:8C:2D:B1:22:C5:7D:B3:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fXhWyXvrl8KzhvuVjC2xIsV9s2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c03d37-4efc-4c3c-8281-3c738544482e/1/moO0u0O2gZF55Ae0JSxHBziU23M.roa
Signing time:             Tue 11 Jun 2024 08:13:34 +0000
ROA not before:           Tue 11 Jun 2024 08:13:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215331
IP address blocks:        84.246.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c03d37-4efc-4c3c-8281-3c738544482e/1/fXhWyXvrl8KzhvuVjC2xIsV9s2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c03d37-4efc-4c3c-8281-3c738544482e/1/fXhWyXvrl8KzhvuVjC2xIsV9s2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fXhWyXvrl8KzhvuVjC2xIsV9s2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:5c:0d:91:7b:34:ef:57:ff:29:9d:95:49:57:f3:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d7856c97beb97c2b386fb958c2db122c57db36c
        Validity
            Not Before: Jun 11 08:13:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a83b4bb43b6819179e407b4252c47073894db73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:30:ea:20:f2:cb:21:57:b5:d6:56:08:88:4a:
                    7c:2b:d4:f6:88:85:b6:73:42:af:d1:1a:6f:90:7c:
                    0d:9b:ac:9d:3b:68:94:e7:e9:54:31:95:73:03:af:
                    5c:b7:16:70:be:a7:0a:92:00:2e:a3:e5:db:79:1a:
                    c2:fb:b9:29:d8:be:33:04:37:47:10:7d:29:c2:77:
                    77:43:2b:80:f5:a3:41:27:5b:a0:4f:95:4a:db:0b:
                    cf:de:e9:4f:93:61:61:fa:37:45:f7:a7:75:e3:66:
                    00:11:f2:a6:21:96:3e:ac:3c:da:26:42:60:43:3e:
                    12:25:fb:f0:fc:7a:8e:39:f2:23:73:c2:7d:97:94:
                    bb:7f:b7:d4:c7:98:2b:c7:ae:9e:8c:39:9f:c1:4b:
                    ff:ec:3b:4f:bf:da:82:18:2b:ec:86:cf:9b:dc:d7:
                    a9:92:6a:8c:c6:ce:90:4c:e3:fa:95:0a:b6:ec:34:
                    cc:cb:cf:c4:33:43:f7:63:17:12:3d:8c:a8:d6:b2:
                    b4:0e:34:32:b5:7d:59:01:91:c1:fe:2b:f4:c6:6f:
                    5d:b6:43:6a:62:7f:c4:d8:4e:0f:e2:0d:5b:0c:1a:
                    51:82:d5:03:97:36:79:e2:ce:71:d0:20:1d:ee:5f:
                    8d:9a:dd:c6:37:c4:78:e1:ad:aa:ea:76:e5:49:04:
                    4d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:83:B4:BB:43:B6:81:91:79:E4:07:B4:25:2C:47:07:38:94:DB:73
            X509v3 Authority Key Identifier:
                keyid:7D:78:56:C9:7B:EB:97:C2:B3:86:FB:95:8C:2D:B1:22:C5:7D:B3:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fXhWyXvrl8KzhvuVjC2xIsV9s2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c03d37-4efc-4c3c-8281-3c738544482e/1/moO0u0O2gZF55Ae0JSxHBziU23M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c03d37-4efc-4c3c-8281-3c738544482e/1/fXhWyXvrl8KzhvuVjC2xIsV9s2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:d3:5c:bf:e4:d9:9e:b0:d0:b0:b6:58:b3:10:30:37:33:a3:
         e2:99:a1:25:59:89:fe:31:3e:4c:6d:d8:de:af:32:e2:cd:fe:
         6b:c6:93:a3:98:14:09:c8:77:ac:07:b6:4b:1e:1c:1e:fd:86:
         53:6d:81:2f:45:46:4a:75:41:3b:29:c1:ad:89:20:b1:1f:86:
         72:d3:e3:aa:fb:3f:25:b9:63:dd:6e:85:d1:32:d0:5b:28:36:
         dc:ff:4b:35:99:e5:8a:50:78:26:dc:ef:92:f6:a1:9f:2c:2c:
         5f:da:3d:dd:67:9f:75:a4:d0:6f:b3:27:96:6c:f3:bd:a0:6f:
         4c:66:35:3a:87:2b:24:c1:a6:f3:bb:2d:b5:69:89:a8:76:3b:
         4f:52:fd:da:01:6a:fd:59:83:c9:b9:2f:20:0c:ad:95:a8:ce:
         4d:f7:8a:1b:cd:97:e5:e7:2e:5b:e6:a8:de:56:93:23:4e:16:
         ac:8c:e0:94:b6:25:b7:85:62:50:cb:ec:d2:14:69:1e:b5:83:
         1c:f2:b3:b7:23:02:a4:79:44:cb:bc:fb:6c:4e:75:ba:e1:4e:
         64:09:1d:5e:58:b9:82:a5:aa:21:59:a7:e6:d6:9d:4e:f1:1b:
         a3:ff:4c:80:3f:96:70:dd:f4:5d:3a:82:e7:81:1f:83:f9:32:
         ba:f3:05:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAGXA2RezTvV/8pnZVJV/P3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNzg1NmM5N2JlYjk3YzJiMzg2ZmI5NThjMmRiMTIyYzU3
ZGIzNmMwHhcNMjQwNjExMDgxMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTgzYjRiYjQzYjY4MTkxNzllNDA3YjQyNTJjNDcwNzM4OTRkYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjDqIPLLIVe11lYIiEp8K9T2iIW2
c0Kv0RpvkHwNm6ydO2iU5+lUMZVzA69ctxZwvqcKkgAuo+XbeRrC+7kp2L4zBDdH
EH0pwnd3QyuA9aNBJ1ugT5VK2wvP3ulPk2Fh+jdF96d142YAEfKmIZY+rDzaJkJg
Qz4SJfvw/HqOOfIjc8J9l5S7f7fUx5grx66ejDmfwUv/7DtPv9qCGCvshs+b3Nep
kmqMxs6QTOP6lQq27DTMy8/EM0P3YxcSPYyo1rK0DjQytX1ZAZHB/iv0xm9dtkNq
Yn/E2E4P4g1bDBpRgtUDlzZ54s5x0CAd7l+Nmt3GN8R44a2q6nblSQRNOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqDtLtDtoGReeQHtCUsRwc4lNtzMB8GA1UdIwQY
MBaAFH14Vsl765fCs4b7lYwtsSLFfbNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlhoV3lYdnJsOEt6aHZ1VmpDMnhJc1Y5czJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jMDNkMzctNGVmYy00YzNjLTgyODEt
M2M3Mzg1NDQ0ODJlLzEvbW9PMHUwTzJnWkY1NUFlMEpTeEhCemlVMjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jMDNkMzctNGVmYy00YzNjLTgyODEtM2M3Mzg1NDQ0ODJl
LzEvZlhoV3lYdnJsOEt6aHZ1VmpDMnhJc1Y5czJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPaHMA0G
CSqGSIb3DQEBCwUAA4IBAQCW01y/5NmesNCwtlizEDA3M6PimaElWYn+MT5Mbdje
rzLizf5rxpOjmBQJyHesB7ZLHhwe/YZTbYEvRUZKdUE7KcGtiSCxH4Zy0+Oq+z8l
uWPdboXRMtBbKDbc/0s1meWKUHgm3O+S9qGfLCxf2j3dZ591pNBvsyeWbPO9oG9M
ZjU6hyskwabzuy21aYmodjtPUv3aAWr9WYPJuS8gDK2VqM5N94obzZfl5y5b5qje
VpMjThasjOCUtiW3hWJQy+zSFGketYMc8rO3IwKkeUTLvPtsTnW64U5kCR1eWLmC
paohWafm1p1O8Ruj/0yAP5Zw3fRdOoLngR+D+TK68wUW
-----END CERTIFICATE-----