Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Cl7L6zzCf69TRyeWXNYe9SwsbUc.roa
File:                     Cl7L6zzCf69TRyeWXNYe9SwsbUc.roa (raw, json)
Hash identifier:          WIWtWEwAfU6PcM+euUBVlTjmsayLb3NZxwNy0D7ZjF4=
Subject key identifier:   0A:5E:CB:EB:3C:C2:7F:AF:53:47:27:96:5C:D6:1E:F5:2C:2C:6D:47
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018E0F7099CA2C2BD7C7BB28E5E850F36BDE
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Cl7L6zzCf69TRyeWXNYe9SwsbUc.roa
Signing time:             Tue 05 Mar 2024 16:27:01 +0000
ROA not before:           Tue 05 Mar 2024 16:27:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        188.213.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0f:70:99:ca:2c:2b:d7:c7:bb:28:e5:e8:50:f3:6b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar  5 16:27:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a5ecbeb3cc27faf534727965cd61ef52c2c6d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:46:92:ba:0f:20:61:05:57:89:4b:71:f9:ad:
                    7c:d0:84:66:5b:b9:d9:fd:84:cc:57:7e:fb:fb:03:
                    81:f6:63:bb:83:d8:f4:0c:f8:91:3f:f2:1a:e8:c0:
                    da:76:ea:4d:3f:67:c7:0f:f5:55:98:e0:8f:f4:22:
                    e2:9e:e8:f5:b1:4e:71:4b:c6:b6:b7:1f:4f:f4:a6:
                    ba:be:05:86:49:4e:a4:e8:8f:e5:0b:a1:58:19:25:
                    e0:f5:7d:11:4a:b5:26:a1:66:db:4c:65:14:58:17:
                    5a:53:44:f1:a9:02:08:0b:68:10:63:62:2a:32:91:
                    93:1f:d6:42:e9:3a:4f:73:6b:10:da:c3:22:b1:1b:
                    e0:8a:74:53:f3:f2:ee:03:db:1c:d8:7d:01:1a:b5:
                    5e:9c:e0:65:96:37:88:34:18:ce:5c:b3:b0:bc:94:
                    db:6b:cb:8c:96:eb:db:19:21:c5:09:5c:cd:ec:52:
                    02:3c:5a:74:23:5b:a4:05:b2:a1:0d:53:36:c6:67:
                    46:7a:cc:84:4a:4d:ca:f2:4b:f5:b6:7d:79:b1:7a:
                    f8:8f:02:c7:c6:65:57:80:e9:3e:a9:ac:9d:34:af:
                    64:7c:49:d4:de:c4:73:55:a8:0a:77:f5:58:1b:b2:
                    fa:55:51:58:6a:b2:1d:7b:e0:b7:cc:e1:f0:b4:9e:
                    cf:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:5E:CB:EB:3C:C2:7F:AF:53:47:27:96:5C:D6:1E:F5:2C:2C:6D:47
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/Cl7L6zzCf69TRyeWXNYe9SwsbUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:d2:0d:bf:01:5f:91:2b:95:9f:88:1a:99:30:7d:d0:d5:9a:
         e3:5c:2a:7b:17:ba:fc:51:84:00:bd:25:bb:df:3f:bd:29:1e:
         25:bc:c9:86:c4:e1:8d:27:fb:ce:f9:c8:1a:a8:c3:94:f4:bc:
         5a:c6:4b:81:ac:2c:8c:e6:bb:d2:1a:67:3f:ac:db:19:ef:75:
         ed:17:e7:67:0f:82:bc:18:55:97:01:b0:fa:6f:6a:7e:94:69:
         5b:29:8d:13:bd:20:06:ef:12:b5:20:84:4a:e7:7e:7e:94:e3:
         9d:fe:b5:56:05:28:66:5a:68:63:1e:8c:51:4f:bd:af:c0:75:
         16:2b:cd:ea:dd:c8:4a:1b:b8:ce:22:85:eb:03:ac:4c:54:ee:
         c1:d3:91:d9:cb:de:e9:11:40:15:da:0f:e4:42:fe:8d:aa:f6:
         b2:45:5a:32:56:6e:f0:af:e8:39:7e:0d:f7:49:7a:b3:52:69:
         57:0f:bc:87:00:f6:1e:9f:8d:1b:11:93:5d:41:83:70:5a:e2:
         2d:9a:7e:09:7b:71:44:27:9a:ec:8f:e5:d4:25:9d:a9:65:e3:
         01:31:bf:0a:ba:2a:81:ea:2f:a7:f8:36:75:b4:a2:cc:81:1b:
         ed:1c:7c:11:ed:b7:1b:6f:cf:ab:3c:c2:a7:04:38:ec:08:d1:
         6c:94:f3:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4PcJnKLCvXx7so5ehQ82veMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMzA1MTYyNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTVlY2JlYjNjYzI3ZmFmNTM0NzI3OTY1Y2Q2MWVmNTJjMmM2ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEaSug8gYQVXiUtx+a180IRmW7nZ
/YTMV377+wOB9mO7g9j0DPiRP/Ia6MDadupNP2fHD/VVmOCP9CLinuj1sU5xS8a2
tx9P9Ka6vgWGSU6k6I/lC6FYGSXg9X0RSrUmoWbbTGUUWBdaU0TxqQIIC2gQY2Iq
MpGTH9ZC6TpPc2sQ2sMisRvginRT8/LuA9sc2H0BGrVenOBlljeINBjOXLOwvJTb
a8uMluvbGSHFCVzN7FICPFp0I1ukBbKhDVM2xmdGesyESk3K8kv1tn15sXr4jwLH
xmVXgOk+qaydNK9kfEnU3sRzVagKd/VYG7L6VVFYarIde+C3zOHwtJ7P7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApey+s8wn+vU0cnllzWHvUsLG1HMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvQ2w3TDZ6ekNmNjlUUnllV1hOWWU5U3dzYlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNUAMA0G
CSqGSIb3DQEBCwUAA4IBAQA20g2/AV+RK5WfiBqZMH3Q1ZrjXCp7F7r8UYQAvSW7
3z+9KR4lvMmGxOGNJ/vO+cgaqMOU9LxaxkuBrCyM5rvSGmc/rNsZ73XtF+dnD4K8
GFWXAbD6b2p+lGlbKY0TvSAG7xK1IIRK535+lOOd/rVWBShmWmhjHoxRT72vwHUW
K83q3chKG7jOIoXrA6xMVO7B05HZy97pEUAV2g/kQv6NqvayRVoyVm7wr+g5fg33
SXqzUmlXD7yHAPYen40bEZNdQYNwWuItmn4Je3FEJ5rsj+XUJZ2pZeMBMb8KuiqB
6i+n+DZ1tKLMgRvtHHwR7bcbb8+rPMKnBDjsCNFslPN5
-----END CERTIFICATE-----