Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/a7cozjz_VlptmO3crTYSIafZv3Q.roa
File:                     a7cozjz_VlptmO3crTYSIafZv3Q.roa (raw, json)
Hash identifier:          si4nw2kic4kUcPbTs/4Iy8E0i248prtukmqshQeugkk=
Subject key identifier:   6B:B7:28:CE:3C:FF:56:5A:6D:98:ED:DC:AD:36:12:21:A7:D9:BF:74
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018DCB8BF8C4FD371A23EE237E8D42DF3B65
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/a7cozjz_VlptmO3crTYSIafZv3Q.roa
Signing time:             Wed 21 Feb 2024 12:02:44 +0000
ROA not before:           Wed 21 Feb 2024 12:02:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        82.206.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 02:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:8b:f8:c4:fd:37:1a:23:ee:23:7e:8d:42:df:3b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Feb 21 12:02:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bb728ce3cff565a6d98eddcad361221a7d9bf74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:14:1a:2a:08:ed:85:dc:e9:7a:3b:64:91:bd:
                    be:48:f7:c0:0f:1c:eb:b4:29:f1:17:88:cf:b8:8f:
                    54:91:d7:90:85:8a:6a:b5:76:bc:37:22:c1:10:a8:
                    e7:e3:b7:be:f9:10:4f:29:39:f8:a0:e8:e9:5f:33:
                    d5:d1:29:a2:7e:53:aa:f6:2c:11:a0:db:19:45:70:
                    fc:44:b7:65:3f:2d:1e:d2:d2:b4:fa:d3:ba:e3:95:
                    26:e4:4f:df:11:78:b1:37:73:97:c9:a1:56:e4:0c:
                    a7:39:78:54:59:43:a6:38:3e:4d:d2:71:ae:de:28:
                    58:3f:47:60:4c:7e:af:21:0e:ba:12:f4:dc:9a:09:
                    68:b1:3f:c1:d6:5a:60:32:97:ad:3b:a7:43:55:56:
                    49:f0:e1:b3:d2:af:28:af:63:b4:c6:d2:54:4d:78:
                    10:16:24:78:3f:3d:bf:44:0a:60:ce:a9:c6:9c:d7:
                    5e:4f:40:d6:e4:ce:62:72:8c:ea:fb:03:87:9d:c8:
                    50:0f:cc:4f:31:74:7c:bb:4a:e1:79:47:79:de:32:
                    5c:ec:b2:80:e8:79:0e:d2:da:8e:e3:27:fe:7e:a1:
                    b0:f4:1d:74:70:de:6b:c2:14:0d:7f:97:d2:40:d4:
                    cc:8f:18:c2:bd:40:24:c0:11:02:1e:8c:01:2f:6d:
                    54:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:B7:28:CE:3C:FF:56:5A:6D:98:ED:DC:AD:36:12:21:A7:D9:BF:74
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/a7cozjz_VlptmO3crTYSIafZv3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:40:56:bc:46:13:36:db:51:92:e4:fc:9c:e0:68:b1:22:8d:
         44:84:8a:19:47:50:e9:17:e0:b3:84:4c:de:2a:b9:56:84:26:
         2a:a0:05:da:45:76:d3:9d:77:3d:16:54:4e:fb:d1:25:26:4e:
         e1:ff:d9:a8:e6:32:5a:68:03:22:f6:e8:07:28:cf:c3:8f:a6:
         3c:7b:f3:d9:dc:a9:f5:97:22:1f:36:45:8c:5b:a5:f2:6a:8d:
         15:9e:67:77:e7:4d:53:82:97:28:bf:70:ec:e5:59:55:2e:27:
         d7:91:58:e1:52:70:c8:e8:4a:4d:2c:8c:59:b8:a4:6c:6a:6b:
         16:35:9a:6b:7a:d1:b2:bf:2f:1a:b4:75:4d:9c:3f:9d:7d:e1:
         0f:69:5b:28:21:c3:7b:ee:32:11:93:19:59:09:99:d8:c1:32:
         98:b4:f5:11:29:84:02:af:50:7c:07:cb:10:af:18:bc:8c:a1:
         ce:ee:92:05:a8:20:61:9f:17:03:55:d1:4d:9c:6b:fd:20:76:
         9d:c8:bb:5f:28:c6:1b:4e:26:08:38:14:ed:8e:3d:04:d6:54:
         61:1c:78:da:ea:83:c3:8b:13:52:f3:91:c6:f2:fd:e1:ca:53:
         93:4d:a7:a1:ba:e0:9e:da:e1:75:c2:33:a1:48:dc:bb:0e:59:
         80:03:dc:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Li/jE/TcaI+4jfo1C3ztlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwMjIxMTIwMjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmI3MjhjZTNjZmY1NjVhNmQ5OGVkZGNhZDM2MTIyMWE3ZDliZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxQaKgjthdzpejtkkb2+SPfADxzr
tCnxF4jPuI9UkdeQhYpqtXa8NyLBEKjn47e++RBPKTn4oOjpXzPV0SmiflOq9iwR
oNsZRXD8RLdlPy0e0tK0+tO645Um5E/fEXixN3OXyaFW5AynOXhUWUOmOD5N0nGu
3ihYP0dgTH6vIQ66EvTcmglosT/B1lpgMpetO6dDVVZJ8OGz0q8or2O0xtJUTXgQ
FiR4Pz2/RApgzqnGnNdeT0DW5M5icozq+wOHnchQD8xPMXR8u0rheUd53jJc7LKA
6HkO0tqO4yf+fqGw9B10cN5rwhQNf5fSQNTMjxjCvUAkwBECHowBL21UrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGu3KM48/1ZabZjt3K02EiGn2b90MB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvYTdjb3pqel9WbHB0bU8zY3JUWVNJYWZadjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUs4IMA0G
CSqGSIb3DQEBCwUAA4IBAQCBQFa8RhM221GS5Pyc4GixIo1EhIoZR1DpF+CzhEze
KrlWhCYqoAXaRXbTnXc9FlRO+9ElJk7h/9mo5jJaaAMi9ugHKM/Dj6Y8e/PZ3Kn1
lyIfNkWMW6Xyao0Vnmd3501Tgpcov3Ds5VlVLifXkVjhUnDI6EpNLIxZuKRsamsW
NZpretGyvy8atHVNnD+dfeEPaVsoIcN77jIRkxlZCZnYwTKYtPURKYQCr1B8B8sQ
rxi8jKHO7pIFqCBhnxcDVdFNnGv9IHadyLtfKMYbTiYIOBTtjj0E1lRhHHja6oPD
ixNS85HG8v3hylOTTaehuuCe2uF1wjOhSNy7DlmAA9zk
-----END CERTIFICATE-----