Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/c7xsL4Ztb3bKsr7-W_s9U3VFHB4.roa
File:                     c7xsL4Ztb3bKsr7-W_s9U3VFHB4.roa (raw, json)
Hash identifier:          xgt1dt4cdv/at3NUrPU4a5PsQum0xGEArWFfRqr7jLI=
Subject key identifier:   73:BC:6C:2F:86:6D:6F:76:CA:B2:BE:FE:5B:FB:3D:53:75:45:1C:1E
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019010D4731040481A186E6E36DF4C04BB8F
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/c7xsL4Ztb3bKsr7-W_s9U3VFHB4.roa
Signing time:             Thu 13 Jun 2024 09:01:16 +0000
ROA not before:           Thu 13 Jun 2024 09:01:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        212.16.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:d4:73:10:40:48:1a:18:6e:6e:36:df:4c:04:bb:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jun 13 09:01:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73bc6c2f866d6f76cab2befe5bfb3d5375451c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:00:77:59:10:83:9a:96:f7:b9:12:5f:75:7f:
                    d3:d3:f5:c5:5f:c5:16:b5:b5:27:08:b2:99:60:ea:
                    76:b3:91:03:b7:c7:15:c0:de:e8:b4:34:53:b1:b0:
                    3c:b0:f0:2e:eb:85:69:3b:b5:e3:b9:9d:b7:3d:8e:
                    05:17:74:da:dc:81:3a:7b:7a:e3:22:ce:ed:21:12:
                    70:bc:57:66:e7:94:a8:e2:da:73:21:b6:78:52:c7:
                    92:72:c0:7d:7c:bf:2c:84:87:9e:a2:ff:d6:38:99:
                    7d:55:46:9e:3b:8d:c1:e2:9d:a1:77:3d:52:fd:56:
                    fe:8b:02:c1:50:55:30:1b:a2:19:7f:ed:d4:22:ec:
                    35:58:01:d2:78:52:19:7c:e7:45:32:fb:08:7c:a6:
                    a8:26:20:f7:ec:3a:9f:47:ed:df:7b:a8:ce:dc:03:
                    25:a9:e1:95:57:91:d9:2a:05:c9:64:2a:9c:61:db:
                    d2:70:3d:c8:23:da:69:57:53:7c:ec:59:35:de:f3:
                    2c:ad:f3:a2:0a:2d:a7:20:1b:3c:b8:a6:5b:52:22:
                    6c:b3:e7:8d:e1:4a:38:95:e5:de:b4:60:f5:8f:01:
                    a5:82:4e:bb:b5:76:31:ab:70:4c:d9:32:fe:f9:5e:
                    1c:58:76:0e:d7:ea:85:91:94:8f:31:90:8d:07:be:
                    f0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BC:6C:2F:86:6D:6F:76:CA:B2:BE:FE:5B:FB:3D:53:75:45:1C:1E
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/c7xsL4Ztb3bKsr7-W_s9U3VFHB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:a6:b5:02:d5:39:cc:d4:e2:9d:02:fd:da:04:c5:c4:08:ab:
         19:16:04:e3:99:cd:0c:f8:05:9d:26:dd:1e:d7:31:16:4e:ba:
         94:0b:6a:16:cc:13:e7:09:d5:f2:15:f8:c2:04:1e:f5:da:2c:
         c6:0c:63:22:22:ae:c5:18:3b:24:bd:3b:73:17:fa:2c:41:8d:
         d1:d5:8d:fb:55:c2:25:1f:d2:12:5d:0d:f6:36:85:69:65:ab:
         20:c4:8d:36:55:55:a1:db:de:15:03:2e:8e:28:db:e2:b4:ba:
         91:c9:bc:64:97:5e:d4:59:57:e2:76:be:7c:1c:5f:2c:87:29:
         e2:bc:af:6e:98:f5:32:5e:a4:32:33:df:0d:53:49:bf:7e:8d:
         c8:b3:55:a1:bc:02:e9:76:2b:b9:48:6b:58:c9:a6:80:c1:33:
         74:dd:3d:d8:6e:fc:b9:30:e7:67:fa:fc:20:cb:29:c4:2f:c8:
         1a:78:df:66:15:bd:a3:47:51:82:01:12:7d:12:3e:8f:19:0e:
         e7:36:0e:a3:2b:5a:30:ba:91:3e:f1:e4:fd:37:47:3c:95:09:
         53:1c:c5:27:f5:2e:4b:aa:70:b8:75:d9:14:f6:e2:73:d4:d7:
         8b:88:46:2a:0c:53:da:a4:f1:36:ca:61:9b:19:4b:88:0c:e0:
         ce:73:7e:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAQ1HMQQEgaGG5uNt9MBLuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwNjEzMDkwMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JjNmMyZjg2NmQ2Zjc2Y2FiMmJlZmU1YmZiM2Q1Mzc1NDUxYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AB3WRCDmpb3uRJfdX/T0/XFX8UW
tbUnCLKZYOp2s5EDt8cVwN7otDRTsbA8sPAu64VpO7XjuZ23PY4FF3Ta3IE6e3rj
Is7tIRJwvFdm55So4tpzIbZ4UseScsB9fL8shIeeov/WOJl9VUaeO43B4p2hdz1S
/Vb+iwLBUFUwG6IZf+3UIuw1WAHSeFIZfOdFMvsIfKaoJiD37DqfR+3fe6jO3AMl
qeGVV5HZKgXJZCqcYdvScD3II9ppV1N87Fk13vMsrfOiCi2nIBs8uKZbUiJss+eN
4Uo4leXetGD1jwGlgk67tXYxq3BM2TL++V4cWHYO1+qFkZSPMZCNB77wPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHO8bC+GbW92yrK+/lv7PVN1RRweMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvYzd4c0w0WnRiM2JLc3I3LVdfczlVM1ZGSEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BBcMA0G
CSqGSIb3DQEBCwUAA4IBAQA6prUC1TnM1OKdAv3aBMXECKsZFgTjmc0M+AWdJt0e
1zEWTrqUC2oWzBPnCdXyFfjCBB712izGDGMiIq7FGDskvTtzF/osQY3R1Y37VcIl
H9ISXQ32NoVpZasgxI02VVWh294VAy6OKNvitLqRybxkl17UWVfidr58HF8shyni
vK9umPUyXqQyM98NU0m/fo3Is1WhvALpdiu5SGtYyaaAwTN03T3Ybvy5MOdn+vwg
yynEL8gaeN9mFb2jR1GCARJ9Ej6PGQ7nNg6jK1owupE+8eT9N0c8lQlTHMUn9S5L
qnC4ddkU9uJz1NeLiEYqDFPapPE2ymGbGUuIDODOc37Z
-----END CERTIFICATE-----