Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/47e609-b6b7-443b-8a04-e285cd8cad12/1/7ui36fgrvKGfjyNTTCrgG_QUQ68.roa
File:                     7ui36fgrvKGfjyNTTCrgG_QUQ68.roa (raw, json)
Hash identifier:          AMQJ90eZZ1tkxVEdkOMBBOcdVpakREMHQXdKMM8GKmM=
Subject key identifier:   EE:E8:B7:E9:F8:2B:BC:A1:9F:8F:23:53:4C:2A:E0:1B:F4:14:43:AF
Certificate issuer:       /CN=9eeac1cfbec494ae9457c866e6361865c4f30048
Certificate serial:       018CC26CF4008558C8F8CECAEBE28D64C7C3
Authority key identifier: 9E:EA:C1:CF:BE:C4:94:AE:94:57:C8:66:E6:36:18:65:C4:F3:00:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nurBz77ElK6UV8hm5jYYZcTzAEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/47e609-b6b7-443b-8a04-e285cd8cad12/1/7ui36fgrvKGfjyNTTCrgG_QUQ68.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199951
IP address blocks:        185.41.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/47e609-b6b7-443b-8a04-e285cd8cad12/1/nurBz77ElK6UV8hm5jYYZcTzAEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/47e609-b6b7-443b-8a04-e285cd8cad12/1/nurBz77ElK6UV8hm5jYYZcTzAEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nurBz77ElK6UV8hm5jYYZcTzAEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f4:00:85:58:c8:f8:ce:ca:eb:e2:8d:64:c7:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eeac1cfbec494ae9457c866e6361865c4f30048
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eee8b7e9f82bbca19f8f23534c2ae01bf41443af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ca:d3:9a:b0:25:4c:85:56:24:b2:eb:fe:e4:
                    fe:f3:56:5c:ce:51:71:43:19:60:b9:1d:84:b5:a5:
                    42:23:7a:4a:ef:40:29:3a:7c:6e:dd:ea:e0:9f:a3:
                    f4:64:4d:6b:48:5a:65:a7:03:6b:03:ce:31:30:53:
                    0f:1f:af:de:2c:b4:91:87:6d:3f:b3:ed:08:70:82:
                    57:0e:4d:df:72:20:dd:a9:86:df:38:89:a6:bc:97:
                    60:7c:27:0c:8e:05:91:44:fb:e0:41:89:5e:7f:5d:
                    aa:62:7b:a1:8c:7d:34:0c:da:11:d5:e9:4d:c4:a8:
                    01:98:fe:ad:16:81:44:8e:4c:ac:96:bf:af:63:47:
                    54:fd:ce:b8:50:ef:d9:6e:b5:81:a7:76:bd:1b:58:
                    fe:6b:67:5a:19:27:9e:9c:66:43:67:ee:1a:4f:40:
                    f2:0a:ae:85:2a:5f:70:4e:6b:e9:fe:73:42:62:51:
                    94:52:13:12:0b:c8:cb:db:f2:c4:ce:b9:e6:17:94:
                    14:0c:19:56:cb:ec:a7:89:b3:f1:62:55:b5:ca:dc:
                    d2:ad:4f:29:8f:30:09:65:8b:7e:14:dc:45:4d:73:
                    37:05:12:fb:29:4d:af:a6:33:59:6a:e9:79:9d:55:
                    36:5d:07:ec:78:40:7a:a7:b3:07:cb:f0:4d:61:29:
                    4c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:E8:B7:E9:F8:2B:BC:A1:9F:8F:23:53:4C:2A:E0:1B:F4:14:43:AF
            X509v3 Authority Key Identifier:
                keyid:9E:EA:C1:CF:BE:C4:94:AE:94:57:C8:66:E6:36:18:65:C4:F3:00:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nurBz77ElK6UV8hm5jYYZcTzAEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/47e609-b6b7-443b-8a04-e285cd8cad12/1/7ui36fgrvKGfjyNTTCrgG_QUQ68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/47e609-b6b7-443b-8a04-e285cd8cad12/1/nurBz77ElK6UV8hm5jYYZcTzAEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:2c:1e:91:25:12:67:34:f6:c9:56:32:86:87:8a:85:a3:12:
         26:4f:00:85:11:91:5e:78:70:86:86:f2:cc:3b:6f:f2:78:c9:
         a3:c2:09:24:02:e3:08:d4:51:74:7e:7b:76:a4:43:29:ce:3f:
         f7:3a:03:6a:f5:43:ff:b4:9d:36:77:ba:f1:76:2d:1a:71:cc:
         49:79:10:f5:23:31:1c:bc:1a:81:9d:a5:ad:f4:61:13:8c:fe:
         4b:18:d6:8a:c8:2a:c1:8c:2c:2f:a5:66:95:f5:2e:55:b9:4f:
         66:23:7a:51:b5:3f:cc:29:18:8a:2d:37:ce:e2:0f:8e:1d:28:
         56:38:27:2f:e3:f1:9c:21:f5:dd:15:0c:ef:d4:9e:74:c0:8b:
         c2:78:5b:e3:af:93:f3:71:a2:d2:32:0d:7c:b0:5e:4b:09:bd:
         e3:7c:b0:c5:02:9b:aa:42:36:a9:f2:c8:c0:2c:78:d7:e9:7e:
         80:eb:68:a9:4e:2c:cb:68:3a:83:27:f2:0b:10:c0:b1:63:2b:
         7f:c0:d2:40:2a:51:02:23:65:c2:46:07:d2:96:81:9b:c7:c7:
         0d:df:6e:6e:92:0f:c8:c0:b8:2a:f9:25:6f:c2:dd:6d:50:f6:
         dd:0e:7e:c2:4a:59:b9:a9:b5:c9:11:09:6d:81:77:6c:e2:ea:
         d7:79:fb:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPQAhVjI+M7K6+KNZMfDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZWFjMWNmYmVjNDk0YWU5NDU3Yzg2NmU2MzYxODY1YzRm
MzAwNDgwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWU4YjdlOWY4MmJiY2ExOWY4ZjIzNTM0YzJhZTAxYmY0MTQ0M2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMrTmrAlTIVWJLLr/uT+81ZczlFx
QxlguR2EtaVCI3pK70ApOnxu3ergn6P0ZE1rSFplpwNrA84xMFMPH6/eLLSRh20/
s+0IcIJXDk3fciDdqYbfOImmvJdgfCcMjgWRRPvgQYlef12qYnuhjH00DNoR1elN
xKgBmP6tFoFEjkyslr+vY0dU/c64UO/ZbrWBp3a9G1j+a2daGSeenGZDZ+4aT0Dy
Cq6FKl9wTmvp/nNCYlGUUhMSC8jL2/LEzrnmF5QUDBlWy+ynibPxYlW1ytzSrU8p
jzAJZYt+FNxFTXM3BRL7KU2vpjNZaul5nVU2XQfseEB6p7MHy/BNYSlMAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7ot+n4K7yhn48jU0wq4Bv0FEOvMB8GA1UdIwQY
MBaAFJ7qwc++xJSulFfIZuY2GGXE8wBIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnVyQno3N0VsSzZVVjhobTVqWVlaY1R6QUVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80N2U2MDktYjZiNy00NDNiLThhMDQt
ZTI4NWNkOGNhZDEyLzEvN3VpMzZmZ3J2S0dmanlOVFRDcmdHX1FVUTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80N2U2MDktYjZiNy00NDNiLThhMDQtZTI4NWNkOGNhZDEy
LzEvbnVyQno3N0VsSzZVVjhobTVqWVlaY1R6QUVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSmwMA0G
CSqGSIb3DQEBCwUAA4IBAQCrLB6RJRJnNPbJVjKGh4qFoxImTwCFEZFeeHCGhvLM
O2/yeMmjwgkkAuMI1FF0fnt2pEMpzj/3OgNq9UP/tJ02d7rxdi0accxJeRD1IzEc
vBqBnaWt9GETjP5LGNaKyCrBjCwvpWaV9S5VuU9mI3pRtT/MKRiKLTfO4g+OHShW
OCcv4/GcIfXdFQzv1J50wIvCeFvjr5PzcaLSMg18sF5LCb3jfLDFApuqQjap8sjA
LHjX6X6A62ipTizLaDqDJ/ILEMCxYyt/wNJAKlECI2XCRgfSloGbx8cN325ukg/I
wLgq+SVvwt1tUPbdDn7CSlm5qbXJEQltgXds4urXefsJ
-----END CERTIFICATE-----