Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/v0-1WvqdPopOt_kaXYWVc4YsNvM.roa
File:                     v0-1WvqdPopOt_kaXYWVc4YsNvM.roa (raw, json)
Hash identifier:          uemxayWVfnaNdPlHJJkugkWq+eY/BzTmbjqNFPv/S+Q=
Subject key identifier:   BF:4F:B5:5A:FA:9D:3E:8A:4E:B7:F9:1A:5D:85:95:73:86:2C:36:F3
Certificate issuer:       /CN=7e4b54dfd41610774fe7f242d7dd3873a658473b
Certificate serial:       018CC9BBA4E0273C68F101C6D943814ECF16
Authority key identifier: 7E:4B:54:DF:D4:16:10:77:4F:E7:F2:42:D7:DD:38:73:A6:58:47:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fktU39QWEHdP5_JC1904c6ZYRzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/v0-1WvqdPopOt_kaXYWVc4YsNvM.roa
Signing time:             Tue 02 Jan 2024 10:32:47 +0000
ROA not before:           Tue 02 Jan 2024 10:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51561
IP address blocks:        185.207.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/fktU39QWEHdP5_JC1904c6ZYRzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/fktU39QWEHdP5_JC1904c6ZYRzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fktU39QWEHdP5_JC1904c6ZYRzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a4:e0:27:3c:68:f1:01:c6:d9:43:81:4e:cf:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e4b54dfd41610774fe7f242d7dd3873a658473b
        Validity
            Not Before: Jan  2 10:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf4fb55afa9d3e8a4eb7f91a5d859573862c36f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:11:83:e4:02:f8:11:62:7e:0c:34:96:f5:e5:
                    d2:c9:fe:ee:46:5b:ee:14:ec:89:b2:8d:a9:9e:ae:
                    97:c1:1a:5b:7a:a7:60:3e:14:e1:7e:d0:f7:f8:31:
                    ab:28:05:35:7f:14:9d:28:a0:a9:36:84:b8:39:d3:
                    98:59:c0:d0:d8:d8:57:14:ec:12:9f:e1:70:44:cd:
                    30:92:5d:4a:7d:95:ae:be:51:6d:4a:d1:6c:f9:cd:
                    90:e6:3b:77:b5:ba:36:16:37:de:7a:2b:9b:ef:a5:
                    00:e1:a2:99:ee:67:6c:c4:83:ea:90:3c:2f:fb:a8:
                    33:a8:06:62:3b:c2:8d:05:bc:33:a6:d3:dc:b4:43:
                    4c:b6:51:2a:1d:ea:26:31:3b:f0:55:a8:d4:79:46:
                    96:1e:80:2d:4a:cd:2f:b7:f6:d7:97:e3:c2:8e:e1:
                    98:d4:f8:21:79:73:ef:29:13:e9:04:18:02:03:44:
                    1a:48:95:40:a1:60:fb:cc:9c:61:0b:e5:58:5d:75:
                    a7:9d:3a:6c:b0:c1:e4:64:52:b1:df:e3:cf:9b:b2:
                    de:de:7c:f4:b2:3b:30:ac:8a:68:89:a0:4d:6d:21:
                    fd:ed:11:e2:36:9b:c4:c1:88:96:65:00:dd:18:74:
                    e4:70:3d:ff:69:30:78:66:68:4b:10:d2:c7:1f:6e:
                    29:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4F:B5:5A:FA:9D:3E:8A:4E:B7:F9:1A:5D:85:95:73:86:2C:36:F3
            X509v3 Authority Key Identifier:
                keyid:7E:4B:54:DF:D4:16:10:77:4F:E7:F2:42:D7:DD:38:73:A6:58:47:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fktU39QWEHdP5_JC1904c6ZYRzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/v0-1WvqdPopOt_kaXYWVc4YsNvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/fktU39QWEHdP5_JC1904c6ZYRzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:7c:25:3e:c3:e7:60:14:48:aa:9e:99:01:fb:a2:20:78:6d:
         4f:15:6f:1d:e3:c5:e7:80:5b:e7:97:7d:a0:b7:c7:b5:ca:37:
         e5:47:0b:10:81:4a:3a:9f:64:33:0e:ee:9f:20:7d:25:b0:13:
         4a:bf:a6:9f:5b:42:ab:a6:23:1f:9c:ed:c0:a8:ab:21:14:15:
         4e:b0:73:34:df:27:60:44:91:f9:73:45:a7:bb:05:79:2d:f9:
         6a:4a:b0:1a:2d:48:0e:d8:83:75:2a:ad:f8:fd:61:29:49:d9:
         dd:dc:90:e3:23:7e:7c:5f:de:a7:53:c6:79:2b:cf:bc:5c:9d:
         fa:09:6b:44:01:e2:a5:5a:56:a1:d5:ee:df:45:8c:57:42:d7:
         48:87:43:d3:98:21:35:a9:80:a0:39:18:fb:8d:a1:a3:69:31:
         45:79:8a:ed:b2:3c:1a:a9:76:34:c9:ec:34:83:ab:76:ed:26:
         3a:70:8f:71:1e:44:9d:c9:4b:0a:d9:29:2d:7b:b1:91:7e:bd:
         f7:0a:7c:fa:5b:28:9e:7a:f4:b8:24:79:86:1a:88:de:31:06:
         dd:cc:fa:63:4e:aa:84:f1:4f:b8:3e:71:38:03:5d:a4:37:1a:
         81:6e:4a:e5:54:41:65:87:df:14:52:1c:f1:30:52:2e:5d:fb:
         fa:d3:6d:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu6TgJzxo8QHG2UOBTs8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNGI1NGRmZDQxNjEwNzc0ZmU3ZjI0MmQ3ZGQzODczYTY1
ODQ3M2IwHhcNMjQwMTAyMTAzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRmYjU1YWZhOWQzZThhNGViN2Y5MWE1ZDg1OTU3Mzg2MmMzNmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBGD5AL4EWJ+DDSW9eXSyf7uRlvu
FOyJso2pnq6XwRpbeqdgPhThftD3+DGrKAU1fxSdKKCpNoS4OdOYWcDQ2NhXFOwS
n+FwRM0wkl1KfZWuvlFtStFs+c2Q5jt3tbo2Fjfeeiub76UA4aKZ7mdsxIPqkDwv
+6gzqAZiO8KNBbwzptPctENMtlEqHeomMTvwVajUeUaWHoAtSs0vt/bXl+PCjuGY
1PgheXPvKRPpBBgCA0QaSJVAoWD7zJxhC+VYXXWnnTpssMHkZFKx3+PPm7Le3nz0
sjswrIpoiaBNbSH97RHiNpvEwYiWZQDdGHTkcD3/aTB4ZmhLENLHH24pMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9PtVr6nT6KTrf5Gl2FlXOGLDbzMB8GA1UdIwQY
MBaAFH5LVN/UFhB3T+fyQtfdOHOmWEc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmt0VTM5UVdFSGRQNV9KQzE5MDRjNlpZUnpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYjM1YzUtN2FjNi00MjUzLTg2ZWEt
Nzc0NGVmM2MwYjk5LzEvdjAtMVd2cWRQb3BPdF9rYVhZV1ZjNFlzTnZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYjM1YzUtN2FjNi00MjUzLTg2ZWEtNzc0NGVmM2MwYjk5
LzEvZmt0VTM5UVdFSGRQNV9KQzE5MDRjNlpZUnpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc+MMA0G
CSqGSIb3DQEBCwUAA4IBAQAcfCU+w+dgFEiqnpkB+6IgeG1PFW8d48XngFvnl32g
t8e1yjflRwsQgUo6n2QzDu6fIH0lsBNKv6afW0KrpiMfnO3AqKshFBVOsHM03ydg
RJH5c0WnuwV5LflqSrAaLUgO2IN1Kq34/WEpSdnd3JDjI358X96nU8Z5K8+8XJ36
CWtEAeKlWlah1e7fRYxXQtdIh0PTmCE1qYCgORj7jaGjaTFFeYrtsjwaqXY0yew0
g6t27SY6cI9xHkSdyUsK2Skte7GRfr33Cnz6WyieevS4JHmGGojeMQbdzPpjTqqE
8U+4PnE4A12kNxqBbkrlVEFlh98UUhzxMFIuXfv60208
-----END CERTIFICATE-----