Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/867209-d35f-49c4-a6ea-858dd1b1617f/1/z7gEt1EbBipH1HfKqPmkcVRKJao.roa
File:                     z7gEt1EbBipH1HfKqPmkcVRKJao.roa (raw, json)
Hash identifier:          RG9pCtgi2ew7DcangcgFHeOMGKMgLcP5+0SkzbMLO9Y=
Subject key identifier:   CF:B8:04:B7:51:1B:06:2A:47:D4:77:CA:A8:F9:A4:71:54:4A:25:AA
Certificate issuer:       /CN=7b2a8ac3028b70911cb6111ffda3a2efe558862d
Certificate serial:       018CC26D794E43320F8D0ADCB01DA8C1E5C1
Authority key identifier: 7B:2A:8A:C3:02:8B:70:91:1C:B6:11:1F:FD:A3:A2:EF:E5:58:86:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eyqKwwKLcJEcthEf_aOi7-VYhi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/867209-d35f-49c4-a6ea-858dd1b1617f/1/z7gEt1EbBipH1HfKqPmkcVRKJao.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202891
IP address blocks:        85.117.192.0/19 maxlen: 24
                          46.245.152.0/21 maxlen: 24
                          85.117.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/867209-d35f-49c4-a6ea-858dd1b1617f/1/eyqKwwKLcJEcthEf_aOi7-VYhi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/867209-d35f-49c4-a6ea-858dd1b1617f/1/eyqKwwKLcJEcthEf_aOi7-VYhi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eyqKwwKLcJEcthEf_aOi7-VYhi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:79:4e:43:32:0f:8d:0a:dc:b0:1d:a8:c1:e5:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b2a8ac3028b70911cb6111ffda3a2efe558862d
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfb804b7511b062a47d477caa8f9a471544a25aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:95:5f:90:8a:da:62:10:6f:06:a9:de:b6:7a:
                    90:c8:e9:2b:31:63:d8:ef:7c:3d:6c:b5:9b:1a:20:
                    4a:9f:23:b9:27:10:55:e8:ea:5f:a6:87:87:87:14:
                    a2:73:5a:63:a9:25:3e:42:0f:d8:5f:b1:3f:96:2a:
                    13:9d:6f:02:6d:44:57:2f:d9:d8:e7:c7:c4:03:b4:
                    01:52:aa:28:df:16:bb:d6:a3:a8:5b:e6:c3:59:60:
                    54:4e:2b:64:b5:9e:9a:bb:7e:40:08:82:f0:0a:cc:
                    60:35:23:ab:53:a2:3b:6c:f3:8b:5d:f8:06:c6:73:
                    36:ab:dd:84:87:77:e6:b1:99:21:17:05:f6:e9:f1:
                    5e:2b:bd:85:bc:81:c6:fd:73:00:b7:ec:ba:07:90:
                    b6:0c:6d:07:9a:d6:c9:26:90:c8:3f:7b:ab:c5:47:
                    13:36:2a:6f:af:23:32:9a:f7:25:73:a1:6a:15:d3:
                    e5:22:7c:33:dc:90:bd:2b:96:28:22:b5:8b:9f:d8:
                    3e:30:99:4d:b5:69:04:4b:52:8e:8b:76:e1:25:3d:
                    71:cc:57:b5:5f:34:92:81:b9:dc:46:b9:09:a0:47:
                    9c:8d:93:2f:79:9e:a9:ec:38:56:3c:a0:78:57:90:
                    44:af:6a:ce:94:54:dc:f2:51:4c:18:67:03:66:2a:
                    75:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B8:04:B7:51:1B:06:2A:47:D4:77:CA:A8:F9:A4:71:54:4A:25:AA
            X509v3 Authority Key Identifier:
                keyid:7B:2A:8A:C3:02:8B:70:91:1C:B6:11:1F:FD:A3:A2:EF:E5:58:86:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eyqKwwKLcJEcthEf_aOi7-VYhi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/867209-d35f-49c4-a6ea-858dd1b1617f/1/z7gEt1EbBipH1HfKqPmkcVRKJao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/867209-d35f-49c4-a6ea-858dd1b1617f/1/eyqKwwKLcJEcthEf_aOi7-VYhi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.152.0/21
                  85.117.160.0-85.117.223.255

    Signature Algorithm: sha256WithRSAEncryption
         0c:c8:f9:e4:08:0c:22:47:16:ee:3a:3b:fa:fe:8c:d6:fc:ca:
         39:61:f5:bf:05:52:fd:1c:9a:cd:95:0d:4f:06:fe:0b:d9:13:
         e5:9b:0f:5f:c5:1d:48:ab:4e:36:be:cd:2d:0e:0d:40:ee:a7:
         c7:18:12:88:44:19:52:d1:37:07:42:21:96:97:54:b2:b2:b9:
         60:4e:d7:0d:09:45:29:11:f4:86:8d:ee:a5:8e:36:b6:a7:3d:
         71:64:d1:69:9a:c4:45:cc:4a:90:5d:d0:b8:6a:c0:7d:ca:df:
         20:d8:f0:48:0a:3a:4b:c5:0c:5b:ad:47:af:0c:63:cf:a3:a9:
         7a:77:ea:c1:de:0f:8f:b2:a2:e5:67:e9:88:e6:17:3f:ea:75:
         48:c7:fe:ce:50:68:b5:c1:04:36:f8:6c:1d:26:3d:f2:ed:b9:
         b8:e3:1e:cf:54:24:1c:4f:e5:88:b6:f0:2e:c2:9f:9c:eb:c7:
         45:96:55:b3:70:06:dd:19:03:8d:13:5d:aa:ce:36:2e:b7:c2:
         f6:f5:cf:f4:50:77:ee:2b:00:27:6b:98:9b:96:1b:98:01:61:
         b7:57:51:e6:df:b4:e9:8f:11:fc:45:10:ef:4c:2c:3f:80:bd:
         d6:63:d1:35:a1:e5:ac:b5:9b:e6:1e:f5:c6:fc:15:a6:02:c8:
         01:7f:bf:25
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzCbXlOQzIPjQrcsB2oweXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMmE4YWMzMDI4YjcwOTExY2I2MTExZmZkYTNhMmVmZTU1
ODg2MmQwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI4MDRiNzUxMWIwNjJhNDdkNDc3Y2FhOGY5YTQ3MTU0NGEyNWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5VfkIraYhBvBqnetnqQyOkrMWPY
73w9bLWbGiBKnyO5JxBV6OpfpoeHhxSic1pjqSU+Qg/YX7E/lioTnW8CbURXL9nY
58fEA7QBUqoo3xa71qOoW+bDWWBUTitktZ6au35ACILwCsxgNSOrU6I7bPOLXfgG
xnM2q92Eh3fmsZkhFwX26fFeK72FvIHG/XMAt+y6B5C2DG0HmtbJJpDIP3urxUcT
NipvryMymvclc6FqFdPlInwz3JC9K5YoIrWLn9g+MJlNtWkES1KOi3bhJT1xzFe1
XzSSgbncRrkJoEecjZMveZ6p7DhWPKB4V5BEr2rOlFTc8lFMGGcDZip1ewIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFM+4BLdRGwYqR9R3yqj5pHFUSiWqMB8GA1UdIwQY
MBaAFHsqisMCi3CRHLYRH/2jou/lWIYtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXlxS3d3S0xjSkVjdGhFZl9hT2k3LVZZaGkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi84NjcyMDktZDM1Zi00OWM0LWE2ZWEt
ODU4ZGQxYjE2MTdmLzEvejdnRXQxRWJCaXBIMUhmS3FQbWtjVlJLSmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi84NjcyMDktZDM1Zi00OWM0LWE2ZWEtODU4ZGQxYjE2MTdm
LzEvZXlxS3d3S0xjSkVjdGhFZl9hT2k3LVZZaGkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDLvWYMAwD
BAVVdaADBAVVdcAwDQYJKoZIhvcNAQELBQADggEBAAzI+eQIDCJHFu46O/r+jNb8
yjlh9b8FUv0cms2VDU8G/gvZE+WbD1/FHUirTja+zS0ODUDup8cYEohEGVLRNwdC
IZaXVLKyuWBO1w0JRSkR9IaN7qWONranPXFk0WmaxEXMSpBd0LhqwH3K3yDY8EgK
OkvFDFutR68MY8+jqXp36sHeD4+youVn6YjmFz/qdUjH/s5QaLXBBDb4bB0mPfLt
ubjjHs9UJBxP5Yi28C7Cn5zrx0WWVbNwBt0ZA40TXarONi63wvb1z/RQd+4rACdr
mJuWG5gBYbdXUebftOmPEfxFEO9MLD+AvdZj0TWh5ay1m+Ye9cb8FaYCyAF/vyU=
-----END CERTIFICATE-----