Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/d9aa88-6426-4933-a69a-80b96680f043/1/7PVkNyEhDi9JXaYGGtkNrTyXbhA.roa
File:                     7PVkNyEhDi9JXaYGGtkNrTyXbhA.roa (raw, json)
Hash identifier:          PATtm9QcIWsjl8AryZPLI/NZQ+oup8QuUw+sYDgZiqo=
Subject key identifier:   EC:F5:64:37:21:21:0E:2F:49:5D:A6:06:1A:D9:0D:AD:3C:97:6E:10
Certificate issuer:       /CN=9ee54fd9f17fc97a70a5bf415b78891b15b8f795
Certificate serial:       018ED7962BE9E60D0D889C5CE7F2965AAD01
Authority key identifier: 9E:E5:4F:D9:F1:7F:C9:7A:70:A5:BF:41:5B:78:89:1B:15:B8:F7:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nuVP2fF_yXpwpb9BW3iJGxW495U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/d9aa88-6426-4933-a69a-80b96680f043/1/7PVkNyEhDi9JXaYGGtkNrTyXbhA.roa
Signing time:             Sat 13 Apr 2024 13:12:06 +0000
ROA not before:           Sat 13 Apr 2024 13:12:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        194.32.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/d9aa88-6426-4933-a69a-80b96680f043/1/nuVP2fF_yXpwpb9BW3iJGxW495U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/d9aa88-6426-4933-a69a-80b96680f043/1/nuVP2fF_yXpwpb9BW3iJGxW495U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nuVP2fF_yXpwpb9BW3iJGxW495U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d7:96:2b:e9:e6:0d:0d:88:9c:5c:e7:f2:96:5a:ad:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ee54fd9f17fc97a70a5bf415b78891b15b8f795
        Validity
            Not Before: Apr 13 13:12:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecf5643721210e2f495da6061ad90dad3c976e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c5:0a:42:86:fb:8e:29:2f:8c:0a:63:c5:74:
                    35:7e:92:21:fe:7a:0c:e9:e8:d6:66:3a:d9:55:a5:
                    0a:54:b1:ac:52:c0:24:fa:5d:5b:27:06:77:61:c9:
                    a1:52:52:d4:3a:d1:5a:dc:f2:57:38:69:3d:36:90:
                    f8:96:99:bc:cd:2c:a7:c8:16:ae:14:86:eb:54:95:
                    77:c5:6c:33:36:d5:43:32:74:ce:f1:33:a8:c9:53:
                    eb:df:18:5e:fa:8b:4c:a4:a9:23:bb:ab:f2:3a:18:
                    7e:4c:4d:cf:47:df:24:ce:e0:29:31:0a:c4:f4:98:
                    d5:97:9b:79:e2:36:fa:3e:ad:a4:75:e7:81:66:60:
                    44:df:c9:04:4f:a9:7a:9b:01:02:a4:23:82:de:06:
                    b4:a4:bc:c9:e1:3c:f4:57:0f:73:fe:0c:25:61:f5:
                    12:19:f6:5b:0f:e8:0a:eb:45:66:dd:90:cf:a6:e8:
                    9b:cf:b2:47:de:81:04:98:91:76:70:76:26:a8:ce:
                    3e:c0:81:24:72:8e:f4:25:b6:ee:09:a5:11:ff:b8:
                    a2:7e:2a:7e:c6:10:20:ca:d9:d0:14:26:1a:ec:4c:
                    26:a4:09:f3:43:f1:f7:b6:30:9f:f1:77:39:17:07:
                    35:65:8d:12:3f:16:48:96:64:df:34:83:41:a1:10:
                    c2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F5:64:37:21:21:0E:2F:49:5D:A6:06:1A:D9:0D:AD:3C:97:6E:10
            X509v3 Authority Key Identifier:
                keyid:9E:E5:4F:D9:F1:7F:C9:7A:70:A5:BF:41:5B:78:89:1B:15:B8:F7:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nuVP2fF_yXpwpb9BW3iJGxW495U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/d9aa88-6426-4933-a69a-80b96680f043/1/7PVkNyEhDi9JXaYGGtkNrTyXbhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/d9aa88-6426-4933-a69a-80b96680f043/1/nuVP2fF_yXpwpb9BW3iJGxW495U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:f7:f8:58:b0:3f:99:ee:1c:21:1b:51:1d:76:ed:09:0e:a4:
         6f:23:35:5a:ec:e2:47:a3:ab:b0:f7:86:b4:5b:2d:55:b0:96:
         10:8d:b4:4e:29:08:15:39:bc:ce:05:b3:96:2e:96:b6:ab:7b:
         29:7e:8d:28:26:b2:d5:4e:c4:a6:a8:7e:4e:06:f5:84:9c:b9:
         e0:36:90:1c:4c:d1:a9:66:70:70:cd:4f:3a:6d:bd:04:83:e0:
         13:86:e7:3d:cb:60:6d:5a:3b:50:c1:c5:e6:7c:01:3b:11:55:
         40:78:08:a0:f3:94:95:fb:80:06:8a:71:30:b7:a9:b2:82:8f:
         2d:fe:a3:8d:fa:8b:99:d7:7e:46:43:e9:b2:18:64:51:19:d7:
         8b:44:4b:cd:24:9c:3e:ad:48:33:06:ac:c6:30:d8:74:82:92:
         dc:7a:18:d9:6a:1f:00:d7:c0:76:b9:1a:5e:0d:6d:e2:ed:40:
         a5:e3:d0:6f:b2:11:a6:a4:5e:a9:27:55:7f:fd:87:b9:74:ef:
         c2:32:18:c5:e1:65:24:75:74:68:8c:72:43:fe:1f:e6:39:2c:
         58:d9:e1:13:a7:36:da:15:45:b0:83:09:24:1f:27:24:79:15:
         cb:06:55:cd:e1:2e:5f:14:48:1f:4a:1e:0b:d6:91:20:79:15:
         35:38:4b:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Xlivp5g0NiJxc5/KWWq0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZTU0ZmQ5ZjE3ZmM5N2E3MGE1YmY0MTViNzg4OTFiMTVi
OGY3OTUwHhcNMjQwNDEzMTMxMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Y1NjQzNzIxMjEwZTJmNDk1ZGE2MDYxYWQ5MGRhZDNjOTc2ZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsUKQob7jikvjApjxXQ1fpIh/noM
6ejWZjrZVaUKVLGsUsAk+l1bJwZ3YcmhUlLUOtFa3PJXOGk9NpD4lpm8zSynyBau
FIbrVJV3xWwzNtVDMnTO8TOoyVPr3xhe+otMpKkju6vyOhh+TE3PR98kzuApMQrE
9JjVl5t54jb6Pq2kdeeBZmBE38kET6l6mwECpCOC3ga0pLzJ4Tz0Vw9z/gwlYfUS
GfZbD+gK60Vm3ZDPpuibz7JH3oEEmJF2cHYmqM4+wIEkco70JbbuCaUR/7iifip+
xhAgytnQFCYa7EwmpAnzQ/H3tjCf8Xc5Fwc1ZY0SPxZIlmTfNINBoRDCxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOz1ZDchIQ4vSV2mBhrZDa08l24QMB8GA1UdIwQY
MBaAFJ7lT9nxf8l6cKW/QVt4iRsVuPeVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnVWUDJmRl95WHB3cGI5QlczaUpHeFc0OTVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9kOWFhODgtNjQyNi00OTMzLWE2OWEt
ODBiOTY2ODBmMDQzLzEvN1BWa055RWhEaTlKWGFZR0d0a05yVHlYYmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9kOWFhODgtNjQyNi00OTMzLWE2OWEtODBiOTY2ODBmMDQz
LzEvbnVWUDJmRl95WHB3cGI5QlczaUpHeFc0OTVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiCiMA0G
CSqGSIb3DQEBCwUAA4IBAQCf9/hYsD+Z7hwhG1Eddu0JDqRvIzVa7OJHo6uw94a0
Wy1VsJYQjbROKQgVObzOBbOWLpa2q3spfo0oJrLVTsSmqH5OBvWEnLngNpAcTNGp
ZnBwzU86bb0Eg+AThuc9y2BtWjtQwcXmfAE7EVVAeAig85SV+4AGinEwt6mygo8t
/qON+ouZ135GQ+myGGRRGdeLREvNJJw+rUgzBqzGMNh0gpLcehjZah8A18B2uRpe
DW3i7UCl49BvshGmpF6pJ1V//Ye5dO/CMhjF4WUkdXRojHJD/h/mOSxY2eETpzba
FUWwgwkkHyckeRXLBlXN4S5fFEgfSh4L1pEgeRU1OEup
-----END CERTIFICATE-----