Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/7sxBQLCw1ValpILI7wErQQrai7E.roa
File:                     7sxBQLCw1ValpILI7wErQQrai7E.roa (raw, json)
Hash identifier:          OCyrfN7Ss8+4A+mY8iuKa7cEMA8Yp6g7ZAHad4frs90=
Subject key identifier:   EE:CC:41:40:B0:B0:D5:56:A5:A4:82:C8:EF:01:2B:41:0A:DA:8B:B1
Certificate issuer:       /CN=60325c21d2fafe743398dc1e5574433280110469
Certificate serial:       018CC3B671EA2842FD0E1521E36D85952BB9
Authority key identifier: 60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/7sxBQLCw1ValpILI7wErQQrai7E.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59268
IP address blocks:        195.10.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:71:ea:28:42:fd:0e:15:21:e3:6d:85:95:2b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60325c21d2fafe743398dc1e5574433280110469
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eecc4140b0b0d556a5a482c8ef012b410ada8bb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:90:99:2a:29:da:ee:8b:d2:1a:f3:2c:48:01:
                    f3:58:91:ac:4d:16:78:7c:ff:86:82:a9:3e:49:15:
                    b0:74:cd:ba:37:fe:cf:40:b4:aa:b9:4d:9f:40:6f:
                    f6:97:d2:ac:99:f0:a4:2b:df:0b:28:45:1b:7d:78:
                    7f:3c:66:30:4d:4d:35:c5:99:fa:06:6b:1d:78:42:
                    ba:93:87:26:19:de:e2:73:11:78:0d:f8:2b:e0:e3:
                    79:bf:32:13:5e:00:23:cb:7a:64:f0:e1:af:78:fc:
                    1c:1d:62:f7:f7:0e:6c:45:5d:2b:ab:29:a4:de:6c:
                    d2:68:d6:80:d9:b0:64:ce:7e:aa:02:8e:a3:ff:28:
                    84:3f:4c:b1:07:7c:06:25:2c:9a:ab:e1:3a:92:46:
                    5d:e8:b1:7c:d3:53:d7:b2:d3:33:de:70:8f:0a:17:
                    f6:3d:d4:f0:a0:d3:1b:93:bf:c1:e9:3c:74:0f:9d:
                    92:55:40:83:36:d2:f1:7c:93:65:f2:ac:5b:a6:fb:
                    78:18:a5:3c:9d:69:99:28:02:cb:d7:c8:bb:4e:7c:
                    dd:05:89:48:18:78:f8:31:f2:f8:a8:e2:06:10:2b:
                    fc:eb:d5:14:40:0e:8b:8f:0c:96:4a:b0:d7:6a:c5:
                    69:a3:2f:37:5c:46:84:90:bf:d6:68:c5:37:d1:fd:
                    20:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:CC:41:40:B0:B0:D5:56:A5:A4:82:C8:EF:01:2B:41:0A:DA:8B:B1
            X509v3 Authority Key Identifier:
                keyid:60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/7sxBQLCw1ValpILI7wErQQrai7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:cb:af:a6:bb:89:fb:ca:97:a1:60:8e:56:58:11:1d:55:7c:
         60:ce:90:d4:78:f1:0a:4f:29:9e:04:1d:7a:06:4a:1d:25:87:
         fe:e8:85:f4:88:60:65:c4:b5:ac:15:c8:9c:19:1b:b6:d1:e3:
         1a:6a:09:2a:02:ae:8e:e4:58:b6:c4:62:45:51:ba:89:f5:44:
         a3:23:8f:dd:a0:5a:da:3a:c8:45:11:8c:b7:7a:8a:22:c1:60:
         37:87:32:7f:4a:29:99:13:3b:ba:ca:37:7b:41:4d:2c:fa:26:
         66:97:88:a5:18:85:7c:28:5b:8c:b2:97:3e:e5:b8:d9:a8:e3:
         ee:cb:11:00:68:8e:9d:6c:ad:fc:90:e4:d5:8b:65:32:66:19:
         f2:a3:1a:b4:86:5f:0a:c4:f7:dc:74:9d:b4:17:6f:71:f8:f5:
         03:6c:a5:9e:2f:dd:f7:2b:2b:39:cf:c8:7e:36:0d:35:de:dd:
         c5:b6:35:13:3c:79:9e:1e:8e:58:45:50:4b:27:50:35:76:33:
         72:14:cd:e1:d6:bf:0a:64:ce:96:fd:0d:55:be:9c:b3:2d:fb:
         4b:2e:bd:e1:df:12:02:cb:d0:65:93:c0:c5:3c:6a:c1:69:86:
         07:91:8f:80:28:72:59:91:e1:c1:06:e0:bf:39:cf:4e:0a:56:
         2a:b3:55:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnHqKEL9DhUh422FlSu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzI1YzIxZDJmYWZlNzQzMzk4ZGMxZTU1NzQ0MzMyODAx
MTA0NjkwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWNjNDE0MGIwYjBkNTU2YTVhNDgyYzhlZjAxMmI0MTBhZGE4YmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5CZKina7ovSGvMsSAHzWJGsTRZ4
fP+Ggqk+SRWwdM26N/7PQLSquU2fQG/2l9KsmfCkK98LKEUbfXh/PGYwTU01xZn6
BmsdeEK6k4cmGd7icxF4Dfgr4ON5vzITXgAjy3pk8OGvePwcHWL39w5sRV0rqymk
3mzSaNaA2bBkzn6qAo6j/yiEP0yxB3wGJSyaq+E6kkZd6LF801PXstMz3nCPChf2
PdTwoNMbk7/B6Tx0D52SVUCDNtLxfJNl8qxbpvt4GKU8nWmZKALL18i7TnzdBYlI
GHj4MfL4qOIGECv869UUQA6LjwyWSrDXasVpoy83XEaEkL/WaMU30f0gJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7MQUCwsNVWpaSCyO8BK0EK2ouxMB8GA1UdIwQY
MBaAFGAyXCHS+v50M5jcHlV0QzKAEQRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQt
YzU4ZTk1Y2Q0Mjc3LzEvN3N4QlFMQ3cxVmFscElMSTd3RXJRUXJhaTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQtYzU4ZTk1Y2Q0Mjc3
LzEvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrZMA0G
CSqGSIb3DQEBCwUAA4IBAQB5y6+mu4n7ypehYI5WWBEdVXxgzpDUePEKTymeBB16
BkodJYf+6IX0iGBlxLWsFcicGRu20eMaagkqAq6O5Fi2xGJFUbqJ9USjI4/doFra
OshFEYy3eooiwWA3hzJ/SimZEzu6yjd7QU0s+iZml4ilGIV8KFuMspc+5bjZqOPu
yxEAaI6dbK38kOTVi2UyZhnyoxq0hl8KxPfcdJ20F29x+PUDbKWeL933Kys5z8h+
Ng013t3FtjUTPHmeHo5YRVBLJ1A1djNyFM3h1r8KZM6W/Q1VvpyzLftLLr3h3xIC
y9Blk8DFPGrBaYYHkY+AKHJZkeHBBuC/Oc9OClYqs1X+
-----END CERTIFICATE-----