Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/20caee-fd68-4ddc-b22e-4433608aa5d5/1/7E-S6HHR_p7xdUtQ5SGVTH0ouNM.roa
File:                     7E-S6HHR_p7xdUtQ5SGVTH0ouNM.roa (raw, json)
Hash identifier:          NjlfCHmzMrjcrt6yP1FGwmnxI5pOcyz3Ru1fnD+9Rs0=
Subject key identifier:   EC:4F:92:E8:71:D1:FE:9E:F1:75:4B:50:E5:21:95:4C:7D:28:B8:D3
Certificate issuer:       /CN=9cc23310c915a4fe095e1b74a066d1cdee47843f
Certificate serial:       018CC424EF3D965E0DECAEDA0B79ABD38B68
Authority key identifier: 9C:C2:33:10:C9:15:A4:FE:09:5E:1B:74:A0:66:D1:CD:EE:47:84:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nMIzEMkVpP4JXht0oGbRze5HhD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/20caee-fd68-4ddc-b22e-4433608aa5d5/1/7E-S6HHR_p7xdUtQ5SGVTH0ouNM.roa
Signing time:             Mon 01 Jan 2024 08:30:04 +0000
ROA not before:           Mon 01 Jan 2024 08:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5413
IP address blocks:        195.49.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/20caee-fd68-4ddc-b22e-4433608aa5d5/1/nMIzEMkVpP4JXht0oGbRze5HhD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/20caee-fd68-4ddc-b22e-4433608aa5d5/1/nMIzEMkVpP4JXht0oGbRze5HhD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nMIzEMkVpP4JXht0oGbRze5HhD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ef:3d:96:5e:0d:ec:ae:da:0b:79:ab:d3:8b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cc23310c915a4fe095e1b74a066d1cdee47843f
        Validity
            Not Before: Jan  1 08:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec4f92e871d1fe9ef1754b50e521954c7d28b8d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:49:2f:c7:d3:9a:b4:ff:95:dc:51:2c:91:2f:
                    98:ae:94:2f:a5:62:45:f2:9a:1e:20:cf:56:91:c2:
                    b5:ad:6c:06:ca:e4:cf:93:7d:02:88:f6:53:f6:fd:
                    51:7a:a3:dd:cd:5a:b2:69:3b:16:15:e2:39:02:a8:
                    e9:99:82:3b:11:ac:1d:e3:4b:9b:7d:da:4b:71:d6:
                    76:fa:a4:f8:4e:b8:92:7b:c9:46:ca:a1:89:2c:34:
                    78:85:0e:f9:f6:3f:ac:e4:07:af:22:07:ab:69:e5:
                    80:d4:a5:e0:43:48:66:a4:e3:ae:5b:64:28:fb:3e:
                    05:25:98:e8:cd:28:da:84:b4:95:2f:77:6d:e8:56:
                    23:71:6d:41:a7:2d:84:3a:fe:74:dd:b0:e2:cf:3a:
                    b6:2a:9e:d2:b6:fd:d1:3b:8f:90:c0:90:b7:eb:2c:
                    b3:19:02:98:68:20:db:db:09:9f:52:9b:7f:75:e0:
                    7f:49:b6:a2:ba:7a:53:fe:b8:91:f0:7a:97:ad:de:
                    52:d2:71:2a:84:d1:36:18:2a:d8:54:d3:3c:4a:f9:
                    30:d5:01:98:16:80:98:f7:cb:0a:f4:c5:78:2b:d3:
                    21:31:46:64:28:a8:70:da:5a:ea:91:2f:dd:8e:1b:
                    33:b2:59:5f:85:42:5f:25:e1:fa:f7:b9:78:05:3e:
                    a1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:4F:92:E8:71:D1:FE:9E:F1:75:4B:50:E5:21:95:4C:7D:28:B8:D3
            X509v3 Authority Key Identifier:
                keyid:9C:C2:33:10:C9:15:A4:FE:09:5E:1B:74:A0:66:D1:CD:EE:47:84:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nMIzEMkVpP4JXht0oGbRze5HhD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/20caee-fd68-4ddc-b22e-4433608aa5d5/1/7E-S6HHR_p7xdUtQ5SGVTH0ouNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/20caee-fd68-4ddc-b22e-4433608aa5d5/1/nMIzEMkVpP4JXht0oGbRze5HhD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:0d:8a:4d:13:4a:3e:c7:42:09:15:f3:95:ba:f9:6d:15:3a:
         48:f9:dd:18:b9:bc:38:a6:3b:94:5a:11:36:6d:fb:ff:1c:bc:
         f5:45:e0:6b:68:e3:46:55:ac:3c:e2:ab:76:a4:7a:03:87:0a:
         b7:e5:80:1c:62:f7:d8:58:e7:9f:9d:34:c1:6a:59:09:d4:27:
         89:62:83:e0:85:2a:18:d5:8e:3d:59:67:2e:f9:a9:3c:4a:2b:
         d3:14:44:0b:c9:7b:3b:2b:82:e5:72:4a:6c:d2:19:51:df:74:
         80:06:4d:fb:ba:a8:a9:69:21:b1:11:ff:73:50:05:98:a2:e8:
         e3:8b:ed:60:b9:75:52:ad:0f:55:c5:e9:bb:f7:52:a2:59:b9:
         07:a7:5c:47:74:07:6d:bb:dc:b3:38:b3:78:56:ee:1a:fe:79:
         08:34:23:9f:9f:37:0a:e3:56:30:b4:64:86:e6:6e:3e:2a:87:
         58:8d:b1:9c:cf:6c:5b:b2:d6:79:cd:64:0d:69:3a:1f:a8:79:
         f4:85:2d:4a:a2:6f:c3:88:51:aa:02:97:07:dd:2e:b7:f2:e2:
         5a:c7:7a:06:fa:dd:74:7c:d8:2d:8f:65:fd:38:db:a8:d9:78:
         6b:3d:cc:27:52:c2:d3:c8:5b:81:76:de:48:34:0f:51:07:d5:
         53:1d:55:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJO89ll4N7K7aC3mr04toMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYzIzMzEwYzkxNWE0ZmUwOTVlMWI3NGEwNjZkMWNkZWU0
Nzg0M2YwHhcNMjQwMTAxMDgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzRmOTJlODcxZDFmZTllZjE3NTRiNTBlNTIxOTU0YzdkMjhiOGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEkvx9OatP+V3FEskS+YrpQvpWJF
8poeIM9WkcK1rWwGyuTPk30CiPZT9v1ReqPdzVqyaTsWFeI5AqjpmYI7Eawd40ub
fdpLcdZ2+qT4TriSe8lGyqGJLDR4hQ759j+s5AevIgeraeWA1KXgQ0hmpOOuW2Qo
+z4FJZjozSjahLSVL3dt6FYjcW1Bpy2EOv503bDizzq2Kp7Stv3RO4+QwJC36yyz
GQKYaCDb2wmfUpt/deB/SbaiunpT/riR8HqXrd5S0nEqhNE2GCrYVNM8Svkw1QGY
FoCY98sK9MV4K9MhMUZkKKhw2lrqkS/djhszsllfhUJfJeH697l4BT6hLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxPkuhx0f6e8XVLUOUhlUx9KLjTMB8GA1UdIwQY
MBaAFJzCMxDJFaT+CV4bdKBm0c3uR4Q/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk1JekVNa1ZwUDRKWGh0MG9HYlJ6ZTVIaEQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8yMGNhZWUtZmQ2OC00ZGRjLWIyMmUt
NDQzMzYwOGFhNWQ1LzEvN0UtUzZISFJfcDd4ZFV0UTVTR1ZUSDBvdU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8yMGNhZWUtZmQ2OC00ZGRjLWIyMmUtNDQzMzYwOGFhNWQ1
LzEvbk1JekVNa1ZwUDRKWGh0MG9HYlJ6ZTVIaEQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwzG0MA0G
CSqGSIb3DQEBCwUAA4IBAQCTDYpNE0o+x0IJFfOVuvltFTpI+d0Yubw4pjuUWhE2
bfv/HLz1ReBraONGVaw84qt2pHoDhwq35YAcYvfYWOefnTTBalkJ1CeJYoPghSoY
1Y49WWcu+ak8SivTFEQLyXs7K4Llckps0hlR33SABk37uqipaSGxEf9zUAWYoujj
i+1guXVSrQ9Vxem791KiWbkHp1xHdAdtu9yzOLN4Vu4a/nkINCOfnzcK41YwtGSG
5m4+KodYjbGcz2xbstZ5zWQNaTofqHn0hS1Kom/DiFGqApcH3S638uJax3oG+t10
fNgtj2X9ONuo2XhrPcwnUsLTyFuBdt5INA9RB9VTHVW9
-----END CERTIFICATE-----