Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/7f4b5a-82e7-4fce-b6fc-317e820dfcdb/1/pVKY_LRhzY7wOhdFsABP4QeRs8s.roa
File:                     pVKY_LRhzY7wOhdFsABP4QeRs8s.roa (raw, json)
Hash identifier:          C/umEslztfGcxQa2WSssnExawj459/id/sM2cie+lSs=
Subject key identifier:   A5:52:98:FC:B4:61:CD:8E:F0:3A:17:45:B0:00:4F:E1:07:91:B3:CB
Certificate issuer:       /CN=ee7a264dbccd75aa86cd361c6d366bd88c90da23
Certificate serial:       018CC7275FADFAA33D60877C203A28F8F671
Authority key identifier: EE:7A:26:4D:BC:CD:75:AA:86:CD:36:1C:6D:36:6B:D8:8C:90:DA:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7nomTbzNdaqGzTYcbTZr2IyQ2iM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/7f4b5a-82e7-4fce-b6fc-317e820dfcdb/1/pVKY_LRhzY7wOhdFsABP4QeRs8s.roa
Signing time:             Mon 01 Jan 2024 22:31:35 +0000
ROA not before:           Mon 01 Jan 2024 22:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200635
IP address blocks:        185.100.196.0/22 maxlen: 32
                          2a06:1900::/29 maxlen: 120

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/7f4b5a-82e7-4fce-b6fc-317e820dfcdb/1/7nomTbzNdaqGzTYcbTZr2IyQ2iM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/7f4b5a-82e7-4fce-b6fc-317e820dfcdb/1/7nomTbzNdaqGzTYcbTZr2IyQ2iM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7nomTbzNdaqGzTYcbTZr2IyQ2iM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5f:ad:fa:a3:3d:60:87:7c:20:3a:28:f8:f6:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee7a264dbccd75aa86cd361c6d366bd88c90da23
        Validity
            Not Before: Jan  1 22:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a55298fcb461cd8ef03a1745b0004fe10791b3cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:06:f7:8d:00:fc:2b:49:13:ee:27:ea:e7:21:
                    6a:f5:09:98:c8:61:02:b3:17:13:16:1a:b3:f9:00:
                    59:f0:e5:ba:9c:76:d0:da:8f:dd:43:34:c3:b2:6c:
                    3e:76:79:33:aa:51:40:1d:5a:58:08:e5:42:bd:9d:
                    c3:54:cb:57:e9:6b:f9:7b:bd:e3:52:fb:07:e8:bc:
                    13:21:a2:6d:34:75:f0:db:75:62:27:d2:36:0a:3d:
                    7a:4e:5b:14:4e:67:37:59:d2:d9:6a:61:d2:c9:dd:
                    88:41:01:72:73:bc:33:1d:fc:ad:e9:c4:25:ab:b2:
                    aa:46:38:29:d5:db:ad:5a:83:02:cb:98:2a:44:20:
                    ce:0e:99:aa:e6:8a:fe:ed:88:9c:30:8f:1f:db:f6:
                    64:61:52:bf:20:84:08:ba:69:9f:12:86:1f:e5:8b:
                    10:4c:0b:45:1f:2d:a9:28:26:f7:14:9c:ca:17:5c:
                    17:e4:64:66:fc:c1:3d:7e:fd:7b:3c:4b:21:f1:26:
                    63:ca:b2:a8:50:93:92:1f:4d:e7:b9:18:c4:85:64:
                    44:fd:ca:8f:74:7d:53:35:0f:b2:5e:ce:5c:10:33:
                    6a:41:83:2f:81:fd:75:19:4e:c7:55:d7:96:46:db:
                    66:3c:d8:5e:91:67:7e:f8:6a:0b:89:50:8c:03:3f:
                    f5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:52:98:FC:B4:61:CD:8E:F0:3A:17:45:B0:00:4F:E1:07:91:B3:CB
            X509v3 Authority Key Identifier:
                keyid:EE:7A:26:4D:BC:CD:75:AA:86:CD:36:1C:6D:36:6B:D8:8C:90:DA:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7nomTbzNdaqGzTYcbTZr2IyQ2iM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7f4b5a-82e7-4fce-b6fc-317e820dfcdb/1/pVKY_LRhzY7wOhdFsABP4QeRs8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7f4b5a-82e7-4fce-b6fc-317e820dfcdb/1/7nomTbzNdaqGzTYcbTZr2IyQ2iM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.196.0/22
                IPv6:
                  2a06:1900::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:cb:e3:ee:68:f3:30:10:55:dd:ed:2e:85:a3:8b:4d:4f:a2:
         d1:35:b1:e7:73:11:3a:d9:6a:15:ed:86:5a:d3:ce:00:98:ec:
         1e:5f:c8:9f:a1:b7:5c:db:08:e6:38:f2:90:36:7d:d5:ca:0c:
         2e:cc:c3:b3:b7:18:97:15:f0:d1:b7:dc:96:8b:d0:47:ef:04:
         15:1e:54:bf:d7:d9:12:48:79:e0:80:3c:96:ce:de:47:1f:90:
         ea:61:b0:27:29:d5:13:55:16:51:42:35:51:30:3d:de:07:88:
         8f:92:3f:8c:c0:f2:d3:c0:a5:00:d5:2e:82:2c:b9:d4:3f:ac:
         4a:ab:fb:f9:cd:9a:4b:bc:cf:e8:20:7e:cb:9d:ad:17:0e:e2:
         ff:59:51:7d:4d:30:b8:0a:aa:e7:3e:20:30:eb:b3:ce:78:8a:
         2e:cc:da:89:1a:0d:ee:7a:75:29:09:30:20:8f:91:d3:30:ea:
         f9:fe:2d:90:73:1a:24:b3:18:97:b2:e7:79:97:40:13:40:ff:
         6b:ec:51:33:e2:60:79:1a:2c:87:65:c4:50:c4:3e:9f:35:d0:
         4c:c2:37:aa:60:fa:5a:5a:4f:4d:4b:41:b4:aa:7e:b6:97:d2:
         49:bf:c1:23:4c:df:86:c9:55:2c:58:2e:d7:a9:12:f5:99:b3:
         78:80:86:0f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJ1+t+qM9YId8IDoo+PZxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlN2EyNjRkYmNjZDc1YWE4NmNkMzYxYzZkMzY2YmQ4OGM5
MGRhMjMwHhcNMjQwMTAxMjIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTUyOThmY2I0NjFjZDhlZjAzYTE3NDViMDAwNGZlMTA3OTFiM2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwb3jQD8K0kT7ifq5yFq9QmYyGEC
sxcTFhqz+QBZ8OW6nHbQ2o/dQzTDsmw+dnkzqlFAHVpYCOVCvZ3DVMtX6Wv5e73j
UvsH6LwTIaJtNHXw23ViJ9I2Cj16TlsUTmc3WdLZamHSyd2IQQFyc7wzHfyt6cQl
q7KqRjgp1dutWoMCy5gqRCDODpmq5or+7YicMI8f2/ZkYVK/IIQIummfEoYf5YsQ
TAtFHy2pKCb3FJzKF1wX5GRm/ME9fv17PEsh8SZjyrKoUJOSH03nuRjEhWRE/cqP
dH1TNQ+yXs5cEDNqQYMvgf11GU7HVdeWRttmPNhekWd++GoLiVCMAz/1jQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKVSmPy0Yc2O8DoXRbAAT+EHkbPLMB8GA1UdIwQY
MBaAFO56Jk28zXWqhs02HG02a9iMkNojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN25vbVRiek5kYXFHelRZY2JUWnIySXlRMmlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83ZjRiNWEtODJlNy00ZmNlLWI2ZmMt
MzE3ZTgyMGRmY2RiLzEvcFZLWV9MUmh6WTd3T2hkRnNBQlA0UWVSczhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83ZjRiNWEtODJlNy00ZmNlLWI2ZmMtMzE3ZTgyMGRmY2Ri
LzEvN25vbVRiek5kYXFHelRZY2JUWnIySXlRMmlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWTEMA0E
AgACMAcDBQMqBhkAMA0GCSqGSIb3DQEBCwUAA4IBAQAIy+PuaPMwEFXd7S6Fo4tN
T6LRNbHncxE62WoV7YZa084AmOweX8ifobdc2wjmOPKQNn3VygwuzMOztxiXFfDR
t9yWi9BH7wQVHlS/19kSSHnggDyWzt5HH5DqYbAnKdUTVRZRQjVRMD3eB4iPkj+M
wPLTwKUA1S6CLLnUP6xKq/v5zZpLvM/oIH7Lna0XDuL/WVF9TTC4CqrnPiAw67PO
eIouzNqJGg3uenUpCTAgj5HTMOr5/i2QcxoksxiXsud5l0ATQP9r7FEz4mB5GiyH
ZcRQxD6fNdBMwjeqYPpaWk9NS0G0qn62l9JJv8EjTN+GyVUsWC7XqRL1mbN4gIYP
-----END CERTIFICATE-----