Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/7qc0Hlc62z5Fv4N4LQuJefLhjFA.roa
File:                     7qc0Hlc62z5Fv4N4LQuJefLhjFA.roa (raw, json)
Hash identifier:          /N00yeSECcMe8P8ZcFEYULrS/A7POeUoWR0cJz47glU=
Subject key identifier:   EE:A7:34:1E:57:3A:DB:3E:45:BF:83:78:2D:0B:89:79:F2:E1:8C:50
Certificate issuer:       /CN=91dd2314dd9b7c61d71d4dbeda8fa3965c424570
Certificate serial:       018CC94E2AF93855D1C8108A8C5D2BC51B15
Authority key identifier: 91:DD:23:14:DD:9B:7C:61:D7:1D:4D:BE:DA:8F:A3:96:5C:42:45:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kd0jFN2bfGHXHU2-2o-jllxCRXA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/7qc0Hlc62z5Fv4N4LQuJefLhjFA.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39093
IP address blocks:        185.212.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kd0jFN2bfGHXHU2-2o-jllxCRXA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2a:f9:38:55:d1:c8:10:8a:8c:5d:2b:c5:1b:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91dd2314dd9b7c61d71d4dbeda8fa3965c424570
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eea7341e573adb3e45bf83782d0b8979f2e18c50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7c:89:fe:36:7f:71:24:4a:6d:99:c6:25:b8:
                    de:56:ca:c6:7d:00:03:f6:0a:74:22:19:66:f2:91:
                    4b:95:e3:cc:33:99:eb:9e:f8:90:64:21:8f:d7:d8:
                    6e:1a:3d:01:b0:0d:9d:63:b5:10:d9:4a:22:00:42:
                    bc:77:32:a7:0d:78:9c:01:60:25:56:fc:98:a1:1c:
                    4c:de:49:36:df:ef:e4:6c:ba:d8:9b:8f:33:1e:db:
                    e9:7d:94:bd:d4:33:68:44:9e:a7:97:4a:e5:bc:b5:
                    cf:58:18:f6:7b:f6:64:84:14:23:fd:5a:ab:aa:1e:
                    40:dc:a3:ad:4f:ea:eb:32:3a:2a:a8:14:b5:04:44:
                    6b:23:7d:a2:79:73:d7:90:f4:af:25:eb:17:c2:d2:
                    0f:45:ba:ba:00:5f:6e:44:14:7b:6e:d7:7f:06:c9:
                    73:e7:b9:ca:e3:fe:03:53:42:2b:7c:42:9f:8c:39:
                    c1:e7:d0:a6:bd:c2:27:94:3c:6b:1c:f5:6e:da:8f:
                    c1:aa:eb:9f:47:cd:5f:2c:3e:69:88:6f:71:72:f2:
                    a2:8a:63:bd:97:81:30:b0:b4:fd:be:ba:f1:cd:49:
                    de:ef:e7:03:35:0a:d8:88:34:d5:59:9f:2d:b3:69:
                    11:96:33:1c:4f:a7:9a:97:08:a6:9b:e9:2b:f5:aa:
                    c1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A7:34:1E:57:3A:DB:3E:45:BF:83:78:2D:0B:89:79:F2:E1:8C:50
            X509v3 Authority Key Identifier:
                keyid:91:DD:23:14:DD:9B:7C:61:D7:1D:4D:BE:DA:8F:A3:96:5C:42:45:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kd0jFN2bfGHXHU2-2o-jllxCRXA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/7qc0Hlc62z5Fv4N4LQuJefLhjFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:90:ef:4a:f2:cc:79:08:ee:5c:29:fb:64:1b:61:25:69:4b:
         a2:96:99:4e:52:76:43:f4:75:db:6a:67:6f:95:c6:4a:f1:0e:
         d2:e9:7f:89:32:08:13:ce:b9:1f:4d:21:7c:a3:90:51:3c:52:
         75:a8:27:11:67:a0:17:77:c3:9c:de:7c:7c:7d:1e:72:7e:a5:
         17:fe:b7:b3:a7:ab:43:28:18:10:11:62:72:a4:35:40:0a:fe:
         e3:f5:dd:5c:6c:be:fc:e1:a7:40:90:f9:1d:92:71:41:cb:6e:
         81:d4:3b:16:1b:34:65:ae:51:e8:8c:3b:32:66:48:13:95:51:
         4b:08:e8:c0:42:ef:32:06:95:9c:19:4d:e7:23:1f:78:98:9f:
         e0:0a:22:3e:70:57:32:d0:f2:a6:9f:b4:96:d7:aa:ee:b2:c7:
         79:85:9e:2c:06:dc:98:2a:68:0d:3d:17:20:34:8a:c3:bf:e1:
         f2:9b:72:9a:90:c9:a6:26:56:b1:b4:9f:67:d0:c2:18:f3:77:
         20:d7:2f:5c:66:43:5e:b8:41:5a:47:24:d7:74:be:f4:90:91:
         29:1f:bd:f4:82:f8:42:f8:11:02:4b:2b:e8:40:ef:69:d3:2e:
         55:9a:93:44:bc:98:b4:1c:9e:c7:09:34:49:67:bb:a2:ac:f2:
         5f:4e:90:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTir5OFXRyBCKjF0rxRsVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZGQyMzE0ZGQ5YjdjNjFkNzFkNGRiZWRhOGZhMzk2NWM0
MjQ1NzAwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWE3MzQxZTU3M2FkYjNlNDViZjgzNzgyZDBiODk3OWYyZTE4YzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXyJ/jZ/cSRKbZnGJbjeVsrGfQAD
9gp0Ihlm8pFLlePMM5nrnviQZCGP19huGj0BsA2dY7UQ2UoiAEK8dzKnDXicAWAl
VvyYoRxM3kk23+/kbLrYm48zHtvpfZS91DNoRJ6nl0rlvLXPWBj2e/ZkhBQj/Vqr
qh5A3KOtT+rrMjoqqBS1BERrI32ieXPXkPSvJesXwtIPRbq6AF9uRBR7btd/Bslz
57nK4/4DU0IrfEKfjDnB59CmvcInlDxrHPVu2o/BquufR81fLD5piG9xcvKiimO9
l4EwsLT9vrrxzUne7+cDNQrYiDTVWZ8ts2kRljMcT6ealwimm+kr9arBfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6nNB5XOts+Rb+DeC0LiXny4YxQMB8GA1UdIwQY
MBaAFJHdIxTdm3xh1x1NvtqPo5ZcQkVwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2QwakZOMmJmR0hYSFUyLTJvLWpsbHhDUlhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wNjNmYTQtMTdkZS00NTk1LWJjODYt
Y2U0YjYyNTBiYjRkLzEvN3FjMEhsYzYyejVGdjRONExRdUplZkxoakZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wNjNmYTQtMTdkZS00NTk1LWJjODYtY2U0YjYyNTBiYjRk
LzEva2QwakZOMmJmR0hYSFUyLTJvLWpsbHhDUlhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudS4MA0G
CSqGSIb3DQEBCwUAA4IBAQAhkO9K8sx5CO5cKftkG2ElaUuilplOUnZD9HXbamdv
lcZK8Q7S6X+JMggTzrkfTSF8o5BRPFJ1qCcRZ6AXd8Oc3nx8fR5yfqUX/rezp6tD
KBgQEWJypDVACv7j9d1cbL784adAkPkdknFBy26B1DsWGzRlrlHojDsyZkgTlVFL
COjAQu8yBpWcGU3nIx94mJ/gCiI+cFcy0PKmn7SW16russd5hZ4sBtyYKmgNPRcg
NIrDv+Hym3KakMmmJlaxtJ9n0MIY83cg1y9cZkNeuEFaRyTXdL70kJEpH730gvhC
+BECSyvoQO9p0y5VmpNEvJi0HJ7HCTRJZ7uirPJfTpCx
-----END CERTIFICATE-----