Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/7z-coQEMjtiCrDoG_9Fjeu6gTM8.roa
File:                     7z-coQEMjtiCrDoG_9Fjeu6gTM8.roa (raw, json)
Hash identifier:          zQIjvTdnrxriM+ypw/fpIubVgc6iGVdC5GET9xB41cs=
Subject key identifier:   EF:3F:9C:A1:01:0C:8E:D8:82:AC:3A:06:FF:D1:63:7A:EE:A0:4C:CF
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93E428425EAE112EEAF7A08119EF2
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/7z-coQEMjtiCrDoG_9Fjeu6gTM8.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61270
IP address blocks:        82.144.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3e:42:84:25:ea:e1:12:ee:af:7a:08:11:9e:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef3f9ca1010c8ed882ac3a06ffd1637aeea04ccf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8e:a3:3f:d3:bf:cd:79:64:b5:f9:ca:49:cf:
                    90:01:12:26:f3:85:33:b6:5c:e7:d8:c1:69:0a:72:
                    c3:b5:0e:c9:22:82:c9:8e:90:a8:94:56:53:cc:d3:
                    9a:f0:73:bf:ad:cd:2d:71:3b:40:1e:38:88:7d:5b:
                    33:44:16:c4:69:8d:6a:fc:e9:a4:66:b9:2f:a0:85:
                    a9:5f:81:d5:2b:22:d7:1d:38:82:f8:45:e3:fc:8b:
                    0b:f2:0f:ec:b8:6d:c1:68:9a:48:0a:4a:8f:33:16:
                    43:14:4c:5c:6c:f7:71:a6:8b:db:ed:93:99:77:e5:
                    f6:01:44:62:e3:f8:54:7b:69:02:3e:eb:0b:56:ed:
                    7a:65:6e:11:66:a1:5d:26:04:f7:6e:f1:bc:4f:25:
                    cf:64:5b:aa:93:f1:22:b6:0f:f5:1e:72:c2:ed:fc:
                    10:82:b8:82:0d:d7:b9:cc:22:aa:90:17:39:ec:cd:
                    7a:f4:a0:5f:e6:bc:c2:74:fb:16:67:c0:69:48:f3:
                    20:c6:c2:e5:11:b0:83:bf:94:28:ac:56:67:ed:e6:
                    91:a7:09:5a:a1:e6:34:a9:10:f9:f3:9f:02:8d:8a:
                    46:da:40:99:18:21:db:36:b7:3f:fd:50:26:07:18:
                    0f:2c:52:db:a5:7e:50:df:36:d5:49:5c:8b:44:6b:
                    db:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:3F:9C:A1:01:0C:8E:D8:82:AC:3A:06:FF:D1:63:7A:EE:A0:4C:CF
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/7z-coQEMjtiCrDoG_9Fjeu6gTM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:00:32:8a:d8:dc:97:2f:d1:9c:1a:95:70:8c:83:70:9a:56:
         04:8b:23:7b:e3:1a:ee:68:a4:d7:2f:e1:b5:5a:20:a5:d5:a4:
         ef:3e:4a:0a:56:1a:ff:45:f3:be:43:4b:63:61:c1:4b:02:fb:
         a4:56:5c:03:7b:b0:43:3a:f2:08:65:ee:88:29:73:01:98:cd:
         02:b9:99:60:6f:2b:8b:e3:5b:6f:8b:c0:1c:94:94:54:e6:a6:
         e3:f4:9a:e5:48:c5:ac:eb:8b:ec:ac:46:bd:3f:1a:59:d4:93:
         8d:4b:4b:f2:57:67:f5:f0:98:be:91:84:a9:ae:16:a1:38:30:
         f5:14:3e:3e:5b:00:5c:ba:71:47:a3:6a:36:ec:35:bf:1e:7d:
         43:c7:3a:77:89:a7:4b:75:ad:77:44:35:81:18:6d:51:19:82:
         f5:a1:44:c4:32:47:e5:b6:57:89:c0:d4:ef:a8:50:75:90:4b:
         7c:67:5b:86:b6:c9:3b:b3:45:01:8c:88:0b:15:4b:6e:c6:87:
         65:35:5a:d0:4b:09:00:fe:ba:20:d4:44:b2:e0:99:7c:d6:11:
         e5:a9:b9:5c:eb:7f:2b:ab:a0:83:60:7f:bf:cf:42:b0:57:8a:
         3f:b9:63:9b:b4:56:8d:97:d0:4b:6e:18:74:a4:89:ab:60:28:
         93:23:89:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT5ChCXq4RLur3oIEZ7yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjNmOWNhMTAxMGM4ZWQ4ODJhYzNhMDZmZmQxNjM3YWVlYTA0Y2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAio6jP9O/zXlktfnKSc+QARIm84Uz
tlzn2MFpCnLDtQ7JIoLJjpColFZTzNOa8HO/rc0tcTtAHjiIfVszRBbEaY1q/Omk
ZrkvoIWpX4HVKyLXHTiC+EXj/IsL8g/suG3BaJpICkqPMxZDFExcbPdxpovb7ZOZ
d+X2AURi4/hUe2kCPusLVu16ZW4RZqFdJgT3bvG8TyXPZFuqk/Eitg/1HnLC7fwQ
griCDde5zCKqkBc57M169KBf5rzCdPsWZ8BpSPMgxsLlEbCDv5QorFZn7eaRpwla
oeY0qRD5858CjYpG2kCZGCHbNrc//VAmBxgPLFLbpX5Q3zbVSVyLRGvbQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8/nKEBDI7Ygqw6Bv/RY3ruoEzPMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvN3otY29RRU1qdGlDckRvR185RmpldTZnVE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpC7MA0G
CSqGSIb3DQEBCwUAA4IBAQB4ADKK2NyXL9GcGpVwjINwmlYEiyN74xruaKTXL+G1
WiCl1aTvPkoKVhr/RfO+Q0tjYcFLAvukVlwDe7BDOvIIZe6IKXMBmM0CuZlgbyuL
41tvi8AclJRU5qbj9JrlSMWs64vsrEa9PxpZ1JONS0vyV2f18Ji+kYSprhahODD1
FD4+WwBcunFHo2o27DW/Hn1Dxzp3iadLda13RDWBGG1RGYL1oUTEMkfltleJwNTv
qFB1kEt8Z1uGtsk7s0UBjIgLFUtuxodlNVrQSwkA/rog1ESy4Jl81hHlqblc638r
q6CDYH+/z0KwV4o/uWObtFaNl9BLbhh0pImrYCiTI4li
-----END CERTIFICATE-----