Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/59d4e9-662c-435a-b351-4aa539a30d21/1/7K2xIHhRpJI9MxjVGJXQPeDRk5g.roa
File:                     7K2xIHhRpJI9MxjVGJXQPeDRk5g.roa (raw, json)
Hash identifier:          O6lWLeufHP9pVBds0C+OqFQ7fmO8pUPmP/g8MZHBCWk=
Subject key identifier:   EC:AD:B1:20:78:51:A4:92:3D:33:18:D5:18:95:D0:3D:E0:D1:93:98
Certificate issuer:       /CN=d1f6e4370111cfbf968404854227b8092851450d
Certificate serial:       018CC802E46AE3F9FB030E811235C1ED4208
Authority key identifier: D1:F6:E4:37:01:11:CF:BF:96:84:04:85:42:27:B8:09:28:51:45:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0fbkNwERz7-WhASFQie4CShRRQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/59d4e9-662c-435a-b351-4aa539a30d21/1/7K2xIHhRpJI9MxjVGJXQPeDRk5g.roa
Signing time:             Tue 02 Jan 2024 02:31:21 +0000
ROA not before:           Tue 02 Jan 2024 02:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        185.21.0.0/22 maxlen: 24
                          37.1.184.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/59d4e9-662c-435a-b351-4aa539a30d21/1/0fbkNwERz7-WhASFQie4CShRRQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/59d4e9-662c-435a-b351-4aa539a30d21/1/0fbkNwERz7-WhASFQie4CShRRQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0fbkNwERz7-WhASFQie4CShRRQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e4:6a:e3:f9:fb:03:0e:81:12:35:c1:ed:42:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1f6e4370111cfbf968404854227b8092851450d
        Validity
            Not Before: Jan  2 02:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecadb1207851a4923d3318d51895d03de0d19398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6c:09:33:1b:c1:e3:ac:2c:33:2b:47:2b:80:
                    51:46:38:d5:e5:f7:0c:a6:e6:72:3f:43:f1:03:09:
                    b1:68:40:f6:20:da:71:1b:39:80:b2:be:c7:69:33:
                    6b:f6:6b:ac:1e:e7:8a:5d:90:85:85:df:dc:54:0a:
                    6f:d7:80:30:3c:5e:93:11:be:78:86:a5:de:0b:d3:
                    be:c7:cc:72:59:93:e6:69:50:c1:50:9a:79:ce:e3:
                    b2:0d:af:5a:28:08:2c:fd:92:d1:74:4e:e8:f2:eb:
                    9f:ac:05:1c:ca:29:e3:b4:3c:9f:1a:a2:e2:94:db:
                    83:e2:dc:d8:44:3e:dd:01:35:38:97:e3:7c:ce:c5:
                    22:26:0f:6b:bd:fb:b1:29:e2:78:fb:c2:b4:fd:15:
                    7d:a4:80:b7:ab:2e:08:f0:91:7f:00:8b:16:f8:e4:
                    b7:b8:53:fb:2e:ca:76:79:22:69:34:17:ed:bf:a0:
                    71:13:06:30:57:b2:e7:05:a9:5e:d8:c8:a9:8c:d9:
                    07:02:86:2b:45:88:25:d8:48:e6:25:90:97:e4:ad:
                    51:a9:4e:c8:c1:0c:27:ff:79:79:7a:4b:29:cf:e8:
                    28:ce:5a:4c:2c:74:ca:88:7e:7e:aa:7e:df:5b:01:
                    6e:61:db:bf:76:73:46:af:b8:a5:19:eb:44:b3:86:
                    41:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:AD:B1:20:78:51:A4:92:3D:33:18:D5:18:95:D0:3D:E0:D1:93:98
            X509v3 Authority Key Identifier:
                keyid:D1:F6:E4:37:01:11:CF:BF:96:84:04:85:42:27:B8:09:28:51:45:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0fbkNwERz7-WhASFQie4CShRRQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/59d4e9-662c-435a-b351-4aa539a30d21/1/7K2xIHhRpJI9MxjVGJXQPeDRk5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/59d4e9-662c-435a-b351-4aa539a30d21/1/0fbkNwERz7-WhASFQie4CShRRQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.184.0/21
                  185.21.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:c9:5d:00:e8:f6:a3:63:07:1b:43:94:8e:32:f8:a9:be:df:
         d0:33:78:e6:b4:fd:d1:90:24:56:71:34:5a:e5:02:20:68:84:
         94:d8:bb:90:f0:e4:a9:7d:8c:94:b2:45:47:ad:5d:8c:01:f3:
         68:ef:ed:95:ea:41:ad:01:94:fa:21:c2:4c:17:41:a8:28:10:
         2e:d3:c6:01:cb:33:cd:1f:da:fc:8c:ba:7a:a1:c3:7d:0a:8d:
         8f:b8:63:72:d0:50:21:e2:9a:c4:be:c7:b8:29:ef:f9:04:60:
         ae:38:27:3a:eb:89:c6:6e:88:f0:f7:77:6f:30:cf:ab:15:26:
         59:ba:26:51:de:88:0b:2f:a8:9d:f6:f9:b8:17:a2:ad:71:6b:
         4f:7d:68:a6:b9:68:8e:7a:b3:76:45:30:ae:53:94:e6:1b:66:
         9d:a0:7b:3e:c1:a1:a7:87:84:67:92:42:de:7a:37:8a:f4:4d:
         ec:de:eb:16:f7:64:19:42:82:d9:91:88:51:e7:09:78:87:8f:
         89:03:92:bc:8a:0b:0e:77:47:16:99:ea:3d:79:75:1e:8d:c8:
         06:5a:b6:4d:04:c5:c6:43:f2:20:17:84:27:d8:48:3f:80:22:
         ee:62:30:95:00:35:9a:58:90:54:2a:eb:c5:a7:a1:10:39:6d:
         ee:6d:ee:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAuRq4/n7Aw6BEjXB7UIIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZjZlNDM3MDExMWNmYmY5Njg0MDQ4NTQyMjdiODA5Mjg1
MTQ1MGQwHhcNMjQwMTAyMDIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2FkYjEyMDc4NTFhNDkyM2QzMzE4ZDUxODk1ZDAzZGUwZDE5Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WwJMxvB46wsMytHK4BRRjjV5fcM
puZyP0PxAwmxaED2INpxGzmAsr7HaTNr9musHueKXZCFhd/cVApv14AwPF6TEb54
hqXeC9O+x8xyWZPmaVDBUJp5zuOyDa9aKAgs/ZLRdE7o8uufrAUcyinjtDyfGqLi
lNuD4tzYRD7dATU4l+N8zsUiJg9rvfuxKeJ4+8K0/RV9pIC3qy4I8JF/AIsW+OS3
uFP7Lsp2eSJpNBftv6BxEwYwV7LnBale2MipjNkHAoYrRYgl2EjmJZCX5K1RqU7I
wQwn/3l5ekspz+gozlpMLHTKiH5+qn7fWwFuYdu/dnNGr7ilGetEs4ZBiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOytsSB4UaSSPTMY1RiV0D3g0ZOYMB8GA1UdIwQY
MBaAFNH25DcBEc+/loQEhUInuAkoUUUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGZia053RVJ6Ny1XaEFTRlFpZTRDU2hSUlEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81OWQ0ZTktNjYyYy00MzVhLWIzNTEt
NGFhNTM5YTMwZDIxLzEvN0syeElIaFJwSkk5TXhqVkdKWFFQZURSazVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81OWQ0ZTktNjYyYy00MzVhLWIzNTEtNGFhNTM5YTMwZDIx
LzEvMGZia053RVJ6Ny1XaEFTRlFpZTRDU2hSUlEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJQG4AwQC
uRUAMA0GCSqGSIb3DQEBCwUAA4IBAQBiyV0A6PajYwcbQ5SOMvipvt/QM3jmtP3R
kCRWcTRa5QIgaISU2LuQ8OSpfYyUskVHrV2MAfNo7+2V6kGtAZT6IcJMF0GoKBAu
08YByzPNH9r8jLp6ocN9Co2PuGNy0FAh4prEvse4Ke/5BGCuOCc664nGbojw93dv
MM+rFSZZuiZR3ogLL6id9vm4F6KtcWtPfWimuWiOerN2RTCuU5TmG2adoHs+waGn
h4RnkkLeejeK9E3s3usW92QZQoLZkYhR5wl4h4+JA5K8igsOd0cWmeo9eXUejcgG
WrZNBMXGQ/IgF4Qn2Eg/gCLuYjCVADWaWJBUKuvFp6EQOW3ube4A
-----END CERTIFICATE-----