Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/foy5Jqurqj3ojGllKGv40RIRL6E.roa
File:                     foy5Jqurqj3ojGllKGv40RIRL6E.roa (raw, json)
Hash identifier:          q+Yp9+heUNnoW/tMsk2x9NBmDhiU0Y4i+yjqCBs46sE=
Subject key identifier:   7E:8C:B9:26:AB:AB:AA:3D:E8:8C:69:65:28:6B:F8:D1:12:11:2F:A1
Certificate issuer:       /CN=ea55dfd13021d5855ff194534933cd7d6cacd6cf
Certificate serial:       018CC6B92C760043B6341174017FD2BF405C
Authority key identifier: EA:55:DF:D1:30:21:D5:85:5F:F1:94:53:49:33:CD:7D:6C:AC:D6:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lXf0TAh1YVf8ZRTSTPNfWys1s8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/foy5Jqurqj3ojGllKGv40RIRL6E.roa
Signing time:             Mon 01 Jan 2024 20:31:13 +0000
ROA not before:           Mon 01 Jan 2024 20:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42303
IP address blocks:        185.102.16.0/22 maxlen: 24
                          2a01:6300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/6lXf0TAh1YVf8ZRTSTPNfWys1s8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/6lXf0TAh1YVf8ZRTSTPNfWys1s8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lXf0TAh1YVf8ZRTSTPNfWys1s8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2c:76:00:43:b6:34:11:74:01:7f:d2:bf:40:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea55dfd13021d5855ff194534933cd7d6cacd6cf
        Validity
            Not Before: Jan  1 20:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e8cb926ababaa3de88c6965286bf8d112112fa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ce:a8:07:4d:82:df:d7:17:ca:a9:46:02:39:
                    c1:ff:dc:86:5a:96:83:4b:b0:a5:08:3f:17:e0:88:
                    32:ba:91:7c:91:ae:ef:cf:af:c4:02:4d:32:2c:4e:
                    79:e3:78:f3:39:a9:8b:12:e4:70:dd:f1:32:54:b8:
                    ec:96:d7:23:2f:83:c0:e0:47:3d:10:01:75:f5:f7:
                    17:fe:48:23:c5:fd:ea:2c:39:3a:ce:86:c9:25:e6:
                    10:62:63:d2:81:df:61:e6:b0:72:cd:61:27:f5:f4:
                    6b:02:3a:bb:49:84:60:77:dc:f8:cf:ee:7d:52:46:
                    0d:f6:7a:e7:2a:de:88:d1:25:9e:7c:97:33:7b:cc:
                    ca:fb:5b:57:01:2a:95:52:df:ed:b9:63:f3:0d:8e:
                    09:e7:36:51:d8:61:1f:d9:88:76:87:a6:25:bf:1e:
                    14:e6:14:69:44:06:f8:89:b2:b8:6e:3d:28:9c:4b:
                    7c:9f:df:7b:51:72:d6:fa:10:d5:97:12:d7:72:61:
                    fe:7f:bd:ed:32:de:58:cb:59:19:57:f8:47:4f:35:
                    05:a3:d0:37:33:70:14:d8:a9:dc:e4:50:76:5e:77:
                    6c:4d:ba:4f:89:1e:96:37:f6:3f:eb:e7:6a:75:90:
                    a7:07:3b:fd:40:73:68:4b:0f:c5:74:64:71:54:9c:
                    20:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:8C:B9:26:AB:AB:AA:3D:E8:8C:69:65:28:6B:F8:D1:12:11:2F:A1
            X509v3 Authority Key Identifier:
                keyid:EA:55:DF:D1:30:21:D5:85:5F:F1:94:53:49:33:CD:7D:6C:AC:D6:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lXf0TAh1YVf8ZRTSTPNfWys1s8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/foy5Jqurqj3ojGllKGv40RIRL6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/6f433b-dc32-45a2-979e-ff143368753f/1/6lXf0TAh1YVf8ZRTSTPNfWys1s8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.16.0/22
                IPv6:
                  2a01:6300::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:17:62:a5:41:ea:24:f5:79:ae:67:10:41:d8:e5:58:de:a4:
         8d:40:ab:9f:b3:8b:a0:44:a5:1d:d6:1b:26:92:08:03:77:62:
         90:48:f6:6b:f6:c9:92:7b:16:28:51:3e:2e:15:57:73:6e:15:
         ee:0a:69:ab:8a:5e:7c:cb:94:5a:e6:22:14:ec:07:92:b9:0d:
         ef:f5:f7:b8:63:5b:fa:b4:e3:37:67:55:da:7b:2d:d5:d1:ff:
         82:6d:6c:63:bf:ae:4d:cc:b6:e9:38:a2:bf:a2:d1:c0:37:38:
         9c:c4:30:39:36:b0:1b:a3:77:82:8d:64:da:50:e3:c0:22:ba:
         9a:54:df:a1:01:d2:1b:82:a0:4d:3f:8f:d8:52:08:26:7b:5e:
         b2:55:b4:6c:c8:20:fb:64:cc:64:a3:52:83:55:fa:98:1e:01:
         63:5f:6b:20:03:1a:fc:3a:6e:4b:f9:4a:d8:46:4c:55:db:1b:
         76:5d:d2:e8:c1:70:9f:68:bd:67:93:82:04:99:57:c9:20:a8:
         fc:dd:92:c9:2c:d2:db:4c:13:2c:a8:aa:71:71:1a:d0:9d:80:
         e9:6e:20:23:1d:68:e0:75:2e:d0:01:f8:d7:98:2e:bd:cd:f0:
         89:f0:fa:80:0a:0e:21:ab:22:9f:36:cf:41:cd:8f:45:31:1e:
         87:6b:25:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuSx2AEO2NBF0AX/Sv0BcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTVkZmQxMzAyMWQ1ODU1ZmYxOTQ1MzQ5MzNjZDdkNmNh
Y2Q2Y2YwHhcNMjQwMTAxMjAzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZThjYjkyNmFiYWJhYTNkZTg4YzY5NjUyODZiZjhkMTEyMTEyZmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxc6oB02C39cXyqlGAjnB/9yGWpaD
S7ClCD8X4IgyupF8ka7vz6/EAk0yLE5543jzOamLEuRw3fEyVLjsltcjL4PA4Ec9
EAF19fcX/kgjxf3qLDk6zobJJeYQYmPSgd9h5rByzWEn9fRrAjq7SYRgd9z4z+59
UkYN9nrnKt6I0SWefJcze8zK+1tXASqVUt/tuWPzDY4J5zZR2GEf2Yh2h6Ylvx4U
5hRpRAb4ibK4bj0onEt8n997UXLW+hDVlxLXcmH+f73tMt5Yy1kZV/hHTzUFo9A3
M3AU2Knc5FB2XndsTbpPiR6WN/Y/6+dqdZCnBzv9QHNoSw/FdGRxVJwgYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH6MuSarq6o96IxpZShr+NESES+hMB8GA1UdIwQY
MBaAFOpV39EwIdWFX/GUU0kzzX1srNbPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxYZjBUQWgxWVZmOFpSVFNUUE5mV3lzMXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS82ZjQzM2ItZGMzMi00NWEyLTk3OWUt
ZmYxNDMzNjg3NTNmLzEvZm95NUpxdXJxajNvakdsbEtHdjQwUklSTDZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS82ZjQzM2ItZGMzMi00NWEyLTk3OWUtZmYxNDMzNjg3NTNm
LzEvNmxYZjBUQWgxWVZmOFpSVFNUUE5mV3lzMXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWYQMA0E
AgACMAcDBQAqAWMAMA0GCSqGSIb3DQEBCwUAA4IBAQAVF2KlQeok9XmuZxBB2OVY
3qSNQKufs4ugRKUd1hsmkggDd2KQSPZr9smSexYoUT4uFVdzbhXuCmmril58y5Ra
5iIU7AeSuQ3v9fe4Y1v6tOM3Z1Xaey3V0f+CbWxjv65NzLbpOKK/otHANzicxDA5
NrAbo3eCjWTaUOPAIrqaVN+hAdIbgqBNP4/YUggme16yVbRsyCD7ZMxko1KDVfqY
HgFjX2sgAxr8Om5L+UrYRkxV2xt2XdLowXCfaL1nk4IEmVfJIKj83ZLJLNLbTBMs
qKpxcRrQnYDpbiAjHWjgdS7QAfjXmC69zfCJ8PqACg4hqyKfNs9BzY9FMR6HayVy
-----END CERTIFICATE-----