Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c8313-ed1c-414b-b4cc-5ed057025516/1/V7O-66vlMveRtIuyDJN617RH34s.roa
File:                     V7O-66vlMveRtIuyDJN617RH34s.roa (raw, json)
Hash identifier:          dOtrJtrOqnYSwnQk1XTHIFFX3d87ge2DWoM3LNpI4+I=
Subject key identifier:   57:B3:BE:EB:AB:E5:32:F7:91:B4:8B:B2:0C:93:7A:D7:B4:47:DF:8B
Certificate issuer:       /CN=fcf53402fa76fa06376cdea6bcd395e180079db7
Certificate serial:       018CC72765E7F83BA8425F7963754763EF6B
Authority key identifier: FC:F5:34:02:FA:76:FA:06:37:6C:DE:A6:BC:D3:95:E1:80:07:9D:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_PU0Avp2-gY3bN6mvNOV4YAHnbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c8313-ed1c-414b-b4cc-5ed057025516/1/V7O-66vlMveRtIuyDJN617RH34s.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39247
IP address blocks:        195.72.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c8313-ed1c-414b-b4cc-5ed057025516/1/_PU0Avp2-gY3bN6mvNOV4YAHnbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c8313-ed1c-414b-b4cc-5ed057025516/1/_PU0Avp2-gY3bN6mvNOV4YAHnbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_PU0Avp2-gY3bN6mvNOV4YAHnbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:65:e7:f8:3b:a8:42:5f:79:63:75:47:63:ef:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcf53402fa76fa06376cdea6bcd395e180079db7
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57b3beebabe532f791b48bb20c937ad7b447df8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8d:fc:67:d5:5e:04:25:71:cf:b2:07:d3:85:
                    af:49:c6:02:ce:ca:04:40:05:b5:16:30:3a:e6:7a:
                    95:a9:13:6f:de:b5:2e:ec:81:6b:bd:1c:0e:4b:d9:
                    30:75:21:9c:89:64:6f:22:de:55:38:63:f7:d5:cf:
                    e8:b5:cb:38:92:9d:ee:98:f8:30:52:b7:87:1f:3e:
                    00:6e:c0:1d:f3:37:90:86:67:c6:68:5c:4c:75:ed:
                    5d:12:7a:8d:00:e6:ce:ba:9a:28:d9:af:e7:28:d7:
                    4f:59:30:e1:c3:e1:40:fd:e0:9e:18:b3:0f:da:6e:
                    ac:71:11:09:af:d8:6c:2e:3e:9b:37:56:c8:58:1d:
                    08:ec:ab:60:52:29:ae:c5:79:b8:c2:02:27:ff:33:
                    1d:78:40:49:cd:8a:38:dc:cb:18:23:ce:f6:a7:0d:
                    32:e2:59:5f:51:96:62:59:d1:c5:54:a4:bf:e7:7f:
                    f9:f7:78:e6:2a:0f:34:18:0a:75:87:bc:fa:5d:a5:
                    15:fd:48:cf:81:4f:6a:09:f1:4e:43:cb:c2:7f:fc:
                    1a:9f:fe:fc:c5:9f:2a:0c:8e:24:66:38:07:ed:4d:
                    d0:b5:6f:0c:20:35:ad:d6:35:13:95:5b:a7:7a:8f:
                    50:dc:b4:b8:3c:ba:8e:87:7a:d5:4a:48:02:a1:2a:
                    2d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:B3:BE:EB:AB:E5:32:F7:91:B4:8B:B2:0C:93:7A:D7:B4:47:DF:8B
            X509v3 Authority Key Identifier:
                keyid:FC:F5:34:02:FA:76:FA:06:37:6C:DE:A6:BC:D3:95:E1:80:07:9D:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_PU0Avp2-gY3bN6mvNOV4YAHnbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c8313-ed1c-414b-b4cc-5ed057025516/1/V7O-66vlMveRtIuyDJN617RH34s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c8313-ed1c-414b-b4cc-5ed057025516/1/_PU0Avp2-gY3bN6mvNOV4YAHnbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.72.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:fb:c4:b5:21:b8:aa:9c:aa:73:23:80:81:ba:70:c9:21:85:
         81:02:d0:cf:6a:aa:0c:2b:50:e4:88:a0:97:0b:5c:16:d7:5e:
         d8:1c:13:f0:68:d5:7a:91:cb:39:47:04:2e:27:0c:34:40:38:
         ae:41:29:5a:0c:8d:8b:f4:39:92:fe:89:53:10:db:b7:e8:d4:
         8f:a7:11:49:7b:6f:a0:e5:39:f4:d5:1c:8e:0c:50:88:1d:8f:
         3c:47:ca:5d:d1:13:ed:da:03:fd:db:13:4b:39:6c:a5:1f:f6:
         4a:6b:51:21:e1:37:b2:8c:19:f1:39:04:7f:12:4e:8c:7d:cd:
         c3:3b:46:50:fd:d4:9f:00:a4:da:87:cd:94:c0:c9:e6:0d:a5:
         d2:16:ba:96:a5:f5:09:3b:c6:96:de:f1:9d:95:c3:f9:fc:89:
         e8:2f:cc:89:2d:75:ea:7b:64:8d:c8:7d:c3:20:c8:1c:5d:15:
         da:d1:79:04:55:90:b4:55:ca:a2:18:d1:31:e2:ac:d8:e6:77:
         23:ce:47:9f:66:c6:ce:29:92:41:91:7c:0b:db:f3:9a:50:0b:
         9c:38:b9:24:6c:47:ec:f3:d7:24:14:68:21:25:e2:67:04:11:
         61:eb:58:59:10:7f:7f:42:9f:b1:8e:32:9a:20:0c:a1:5e:3f:
         1d:2e:1c:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2Xn+DuoQl95Y3VHY+9rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZjUzNDAyZmE3NmZhMDYzNzZjZGVhNmJjZDM5NWUxODAw
NzlkYjcwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2IzYmVlYmFiZTUzMmY3OTFiNDhiYjIwYzkzN2FkN2I0NDdkZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoo38Z9VeBCVxz7IH04WvScYCzsoE
QAW1FjA65nqVqRNv3rUu7IFrvRwOS9kwdSGciWRvIt5VOGP31c/otcs4kp3umPgw
UreHHz4AbsAd8zeQhmfGaFxMde1dEnqNAObOupoo2a/nKNdPWTDhw+FA/eCeGLMP
2m6scREJr9hsLj6bN1bIWB0I7KtgUimuxXm4wgIn/zMdeEBJzYo43MsYI872pw0y
4llfUZZiWdHFVKS/53/593jmKg80GAp1h7z6XaUV/UjPgU9qCfFOQ8vCf/wan/78
xZ8qDI4kZjgH7U3QtW8MIDWt1jUTlVuneo9Q3LS4PLqOh3rVSkgCoSotewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFezvuur5TL3kbSLsgyTete0R9+LMB8GA1UdIwQY
MBaAFPz1NAL6dvoGN2zeprzTleGAB523MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1BVMEF2cDItZ1kzYk42bXZOT1Y0WUFIbmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzgzMTMtZWQxYy00MTRiLWI0Y2Mt
NWVkMDU3MDI1NTE2LzEvVjdPLTY2dmxNdmVSdEl1eURKTjYxN1JIMzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzgzMTMtZWQxYy00MTRiLWI0Y2MtNWVkMDU3MDI1NTE2
LzEvX1BVMEF2cDItZ1kzYk42bXZOT1Y0WUFIbmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0iTMA0G
CSqGSIb3DQEBCwUAA4IBAQCW+8S1IbiqnKpzI4CBunDJIYWBAtDPaqoMK1DkiKCX
C1wW117YHBPwaNV6kcs5RwQuJww0QDiuQSlaDI2L9DmS/olTENu36NSPpxFJe2+g
5Tn01RyODFCIHY88R8pd0RPt2gP92xNLOWylH/ZKa1Eh4TeyjBnxOQR/Ek6Mfc3D
O0ZQ/dSfAKTah82UwMnmDaXSFrqWpfUJO8aW3vGdlcP5/InoL8yJLXXqe2SNyH3D
IMgcXRXa0XkEVZC0VcqiGNEx4qzY5ncjzkefZsbOKZJBkXwL2/OaUAucOLkkbEfs
89ckFGghJeJnBBFh61hZEH9/Qp+xjjKaIAyhXj8dLhzX
-----END CERTIFICATE-----