Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/7hqUmh7WQnzqS6U9X8XgQb9RCNI.roa
File:                     7hqUmh7WQnzqS6U9X8XgQb9RCNI.roa (raw, json)
Hash identifier:          j9LarMuP7sX1nChx01FN1MMrwsof9pwZw+McHFCyB/c=
Subject key identifier:   EE:1A:94:9A:1E:D6:42:7C:EA:4B:A5:3D:5F:C5:E0:41:BF:51:08:D2
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E0D8ADB6F4FBF3BE3CE1ED2239135
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/7hqUmh7WQnzqS6U9X8XgQb9RCNI.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        212.69.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 05:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0d:8a:db:6f:4f:bf:3b:e3:ce:1e:d2:23:91:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee1a949a1ed6427cea4ba53d5fc5e041bf5108d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cb:09:08:60:b7:4b:5a:48:14:25:0d:cb:40:
                    7c:90:48:80:61:02:58:bb:43:6e:64:d1:bb:36:92:
                    79:93:67:c1:d7:cc:79:28:4c:94:31:76:78:73:63:
                    c6:2c:df:d0:84:19:dc:61:3e:6e:01:d5:1b:2e:e2:
                    53:31:83:36:c4:48:10:a4:42:99:d8:36:87:ce:8e:
                    85:4d:45:3d:59:6a:0f:d2:47:b7:f2:0e:87:e7:06:
                    72:49:25:46:b4:5a:34:8e:dd:96:71:bd:c5:d7:55:
                    eb:eb:1a:a4:57:94:86:64:c2:fa:45:18:d7:05:85:
                    27:01:41:6d:e0:71:8b:81:1e:09:af:15:fa:72:4f:
                    12:c9:86:05:88:59:1a:2c:6b:a0:e3:54:57:42:2a:
                    f3:e5:e9:e0:77:5d:88:be:ef:28:4f:18:d4:f3:29:
                    c5:cc:b2:d3:e3:7c:0c:d2:60:ca:17:ac:c9:39:43:
                    8d:84:54:77:9e:6c:74:1b:1f:ed:e8:30:88:60:2d:
                    ae:0b:20:4a:77:4d:c6:c5:dc:49:45:2e:ba:15:bc:
                    d6:5c:b1:92:f3:5d:95:d1:8a:34:d0:5f:5f:92:f7:
                    d7:fb:d3:8a:44:e8:f0:0f:92:63:ef:8f:66:0c:8b:
                    6d:3e:15:2d:63:df:50:66:c0:22:b5:c2:60:94:31:
                    36:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1A:94:9A:1E:D6:42:7C:EA:4B:A5:3D:5F:C5:E0:41:BF:51:08:D2
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/7hqUmh7WQnzqS6U9X8XgQb9RCNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.69.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e6:2a:43:35:3b:77:bd:c2:a9:d0:9f:f0:bc:d7:62:9d:ae:
         14:87:e5:11:2c:5c:b7:36:f5:2d:df:49:92:61:25:68:ba:b3:
         bc:c9:64:c9:6d:83:4d:ef:6f:dd:9b:1a:80:2a:b0:57:50:c3:
         45:7f:43:f3:78:94:d2:8f:30:bb:3b:65:c6:a1:32:e0:a7:bf:
         23:07:3a:4c:9f:d6:5c:f1:dc:05:e1:1f:c8:d4:12:07:b2:66:
         85:a0:29:bc:7e:fa:04:f6:70:65:08:f1:8f:f6:91:44:ab:94:
         80:ae:05:88:ec:7a:31:bd:46:70:c5:e7:6d:30:1e:fb:00:39:
         fc:88:e9:fb:4c:ae:54:4e:fb:de:97:8b:73:b5:95:a7:b7:09:
         1b:41:fb:f0:ba:97:f0:9b:67:15:74:9a:c1:63:28:a1:d0:9c:
         0d:0a:59:fd:c4:71:22:85:a5:37:95:b7:1e:10:d6:e9:0b:5e:
         aa:9c:8e:ab:d5:99:4c:ca:57:ab:53:4d:a6:80:d3:3e:80:79:
         3a:c3:71:77:71:4e:45:1c:84:c7:a8:65:eb:ba:1f:5e:35:6a:
         56:f8:95:d3:53:e5:86:8f:07:d5:fb:92:6b:b1:b6:9a:1c:45:
         75:2e:ba:5d:0c:27:f1:7b:45:d6:95:c7:49:8b:1a:6a:f7:eb:
         ce:8f:40:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg2K229Pvzvjzh7SI5E1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTFhOTQ5YTFlZDY0MjdjZWE0YmE1M2Q1ZmM1ZTA0MWJmNTEwOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMsJCGC3S1pIFCUNy0B8kEiAYQJY
u0NuZNG7NpJ5k2fB18x5KEyUMXZ4c2PGLN/QhBncYT5uAdUbLuJTMYM2xEgQpEKZ
2DaHzo6FTUU9WWoP0ke38g6H5wZySSVGtFo0jt2Wcb3F11Xr6xqkV5SGZML6RRjX
BYUnAUFt4HGLgR4JrxX6ck8SyYYFiFkaLGug41RXQirz5engd12Ivu8oTxjU8ynF
zLLT43wM0mDKF6zJOUONhFR3nmx0Gx/t6DCIYC2uCyBKd03GxdxJRS66FbzWXLGS
812V0Yo00F9fkvfX+9OKROjwD5Jj749mDIttPhUtY99QZsAitcJglDE2pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4alJoe1kJ86kulPV/F4EG/UQjSMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvN2hxVW1oN1dRbnpxUzZVOVg4WGdRYjlSQ05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EUBMA0G
CSqGSIb3DQEBCwUAA4IBAQB15ipDNTt3vcKp0J/wvNdina4Uh+URLFy3NvUt30mS
YSVourO8yWTJbYNN72/dmxqAKrBXUMNFf0PzeJTSjzC7O2XGoTLgp78jBzpMn9Zc
8dwF4R/I1BIHsmaFoCm8fvoE9nBlCPGP9pFEq5SArgWI7HoxvUZwxedtMB77ADn8
iOn7TK5UTvvel4tztZWntwkbQfvwupfwm2cVdJrBYyih0JwNCln9xHEihaU3lbce
ENbpC16qnI6r1ZlMylerU02mgNM+gHk6w3F3cU5FHITHqGXruh9eNWpW+JXTU+WG
jwfV+5JrsbaaHEV1LrpdDCfxe0XWlcdJixpq9+vOj0Bg
-----END CERTIFICATE-----