Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/f842c1-9a96-44f1-a36f-b1081750ce15/1/7zlx5B3z2PzyXMyrmB3MqqRZBzI.roa
File:                     7zlx5B3z2PzyXMyrmB3MqqRZBzI.roa (raw, json)
Hash identifier:          F015V+0deN2icymMqCgGiXmvDa1AboP6wHjCC6qQIGQ=
Subject key identifier:   EF:39:71:E4:1D:F3:D8:FC:F2:5C:CC:AB:98:1D:CC:AA:A4:59:07:32
Certificate issuer:       /CN=cb81d1f3ac14af50dc0665744f9076b7fadb1f9b
Certificate serial:       018FBF9C4D776495329D477FED33EA57B1F3
Authority key identifier: CB:81:D1:F3:AC:14:AF:50:DC:06:65:74:4F:90:76:B7:FA:DB:1F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y4HR86wUr1DcBmV0T5B2t_rbH5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/f842c1-9a96-44f1-a36f-b1081750ce15/1/7zlx5B3z2PzyXMyrmB3MqqRZBzI.roa
Signing time:             Tue 28 May 2024 14:30:42 +0000
ROA not before:           Tue 28 May 2024 14:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205988
IP address blocks:        185.200.52.0/22 maxlen: 24
                          2a0a:ab40::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/f842c1-9a96-44f1-a36f-b1081750ce15/1/y4HR86wUr1DcBmV0T5B2t_rbH5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/f842c1-9a96-44f1-a36f-b1081750ce15/1/y4HR86wUr1DcBmV0T5B2t_rbH5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y4HR86wUr1DcBmV0T5B2t_rbH5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:9c:4d:77:64:95:32:9d:47:7f:ed:33:ea:57:b1:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb81d1f3ac14af50dc0665744f9076b7fadb1f9b
        Validity
            Not Before: May 28 14:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef3971e41df3d8fcf25cccab981dccaaa4590732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:05:08:99:91:16:8d:83:97:8f:a2:4c:23:d6:
                    1b:dc:02:33:ce:58:14:05:4a:5e:56:77:b4:7e:b0:
                    9b:8b:ce:d8:1c:c4:b9:26:ca:1d:c1:98:a1:bd:8c:
                    c1:c1:0a:27:ba:25:63:1f:c0:d2:1d:43:e3:6c:af:
                    fd:20:41:15:7a:6b:d2:ca:91:9e:80:4c:d1:8d:0e:
                    7f:98:c3:ed:39:59:cc:28:a3:34:da:66:e6:5f:29:
                    15:6d:9e:f6:92:c2:db:a5:73:9a:7e:28:4d:40:26:
                    f9:a9:50:b5:fa:b5:35:2b:68:ca:0c:66:ee:9c:fe:
                    e5:35:c7:03:f0:ae:19:49:76:8b:f2:75:1c:92:a7:
                    04:be:5e:b2:ca:f6:75:b0:a9:2a:32:b8:db:02:cc:
                    22:ab:46:c4:db:f4:70:8f:69:cd:ee:61:e5:01:ce:
                    a1:28:bd:d3:ad:68:15:91:70:00:4c:6a:8e:78:83:
                    81:35:53:18:f5:66:bf:66:32:e6:1a:0e:c0:3e:6a:
                    75:e0:ae:d4:50:5e:49:f1:07:1e:85:33:15:ef:68:
                    d4:db:68:be:46:5f:96:32:e6:ab:5f:f0:0d:9c:db:
                    e0:fd:fa:46:88:b5:64:16:e2:88:3f:5e:63:bb:08:
                    3f:56:72:b0:52:b3:08:42:1c:8c:66:46:14:b5:a0:
                    7c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:39:71:E4:1D:F3:D8:FC:F2:5C:CC:AB:98:1D:CC:AA:A4:59:07:32
            X509v3 Authority Key Identifier:
                keyid:CB:81:D1:F3:AC:14:AF:50:DC:06:65:74:4F:90:76:B7:FA:DB:1F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y4HR86wUr1DcBmV0T5B2t_rbH5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f842c1-9a96-44f1-a36f-b1081750ce15/1/7zlx5B3z2PzyXMyrmB3MqqRZBzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/f842c1-9a96-44f1-a36f-b1081750ce15/1/y4HR86wUr1DcBmV0T5B2t_rbH5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.52.0/22
                IPv6:
                  2a0a:ab40::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:ee:94:a5:7a:28:60:79:39:52:55:81:b7:d1:32:1f:c1:3f:
         a9:09:93:9e:cf:9d:c9:a2:ad:15:cb:ae:a6:fd:2c:ff:39:bc:
         0e:43:df:90:41:04:b5:6c:e5:c6:52:82:c2:32:fb:56:77:08:
         7b:6b:c0:03:4d:8e:9c:ed:32:01:b3:d7:c9:79:42:94:8d:f3:
         ec:d3:c7:83:88:e3:c2:28:db:6c:6e:e3:71:1b:8f:48:70:48:
         18:7d:a3:d7:3e:21:53:12:fa:73:b1:10:61:6b:f5:02:65:87:
         79:d1:3e:96:f7:d3:f9:84:b0:33:bf:70:67:83:63:63:f4:30:
         4e:a2:1a:f7:d0:8b:87:e0:5e:af:16:6d:a1:5e:96:bc:7f:83:
         7c:04:ec:55:60:40:d3:04:2d:f7:7a:44:7d:fe:73:68:e4:74:
         d8:54:58:95:d2:7b:3f:77:83:36:af:32:74:17:70:43:eb:9b:
         8c:42:fc:73:f7:a1:1e:df:b2:8b:c2:e3:b7:d9:e9:23:24:73:
         a8:63:cf:2d:6f:16:70:54:d2:ea:e2:fa:03:e0:e4:b9:db:d7:
         f5:2f:6b:01:eb:f3:1c:be:73:b9:e2:20:91:00:ab:a8:b6:dc:
         4c:04:8b:fb:a9:a1:3e:98:61:ef:e0:c0:dd:66:27:0f:4a:6b:
         66:01:09:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY+/nE13ZJUynUd/7TPqV7HzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiODFkMWYzYWMxNGFmNTBkYzA2NjU3NDRmOTA3NmI3ZmFk
YjFmOWIwHhcNMjQwNTI4MTQzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjM5NzFlNDFkZjNkOGZjZjI1Y2NjYWI5ODFkY2NhYWE0NTkwNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgUImZEWjYOXj6JMI9Yb3AIzzlgU
BUpeVne0frCbi87YHMS5JsodwZihvYzBwQonuiVjH8DSHUPjbK/9IEEVemvSypGe
gEzRjQ5/mMPtOVnMKKM02mbmXykVbZ72ksLbpXOafihNQCb5qVC1+rU1K2jKDGbu
nP7lNccD8K4ZSXaL8nUckqcEvl6yyvZ1sKkqMrjbAswiq0bE2/Rwj2nN7mHlAc6h
KL3TrWgVkXAATGqOeIOBNVMY9Wa/ZjLmGg7APmp14K7UUF5J8QcehTMV72jU22i+
Rl+WMuarX/ANnNvg/fpGiLVkFuKIP15juwg/VnKwUrMIQhyMZkYUtaB8wQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO85ceQd89j88lzMq5gdzKqkWQcyMB8GA1UdIwQY
MBaAFMuB0fOsFK9Q3AZldE+Qdrf62x+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTRIUjg2d1VyMURjQm1WMFQ1QjJ0X3JiSDVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9mODQyYzEtOWE5Ni00NGYxLWEzNmYt
YjEwODE3NTBjZTE1LzEvN3pseDVCM3oyUHp5WE15cm1CM01xcVJaQnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9mODQyYzEtOWE5Ni00NGYxLWEzNmYtYjEwODE3NTBjZTE1
LzEveTRIUjg2d1VyMURjQm1WMFQ1QjJ0X3JiSDVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucg0MA0E
AgACMAcDBQMqCqtAMA0GCSqGSIb3DQEBCwUAA4IBAQBD7pSleihgeTlSVYG30TIf
wT+pCZOez53Joq0Vy66m/Sz/ObwOQ9+QQQS1bOXGUoLCMvtWdwh7a8ADTY6c7TIB
s9fJeUKUjfPs08eDiOPCKNtsbuNxG49IcEgYfaPXPiFTEvpzsRBha/UCZYd50T6W
99P5hLAzv3Bng2Nj9DBOohr30IuH4F6vFm2hXpa8f4N8BOxVYEDTBC33ekR9/nNo
5HTYVFiV0ns/d4M2rzJ0F3BD65uMQvxz96Ee37KLwuO32ekjJHOoY88tbxZwVNLq
4voD4OS529f1L2sB6/McvnO54iCRAKuottxMBIv7qaE+mGHv4MDdZicPSmtmAQna
-----END CERTIFICATE-----