Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/fObJCIUloqhp6tRVT7g90hAgOZs.roa
File:                     fObJCIUloqhp6tRVT7g90hAgOZs.roa (raw, json)
Hash identifier:          aovxItBM9mHsBzv4iKQlpdWlmqq469QwRI8TunWpc1c=
Subject key identifier:   7C:E6:C9:08:85:25:A2:A8:69:EA:D4:55:4F:B8:3D:D2:10:20:39:9B
Certificate issuer:       /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial:       018CC2DB149C5E57C5706E7F808519590849
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/fObJCIUloqhp6tRVT7g90hAgOZs.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28742
IP address blocks:        194.21.56.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:14:9c:5e:57:c5:70:6e:7f:80:85:19:59:08:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ce6c9088525a2a869ead4554fb83dd21020399b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:36:fe:cf:e7:b3:ec:1a:ce:db:de:05:db:ce:
                    83:50:5c:7b:a5:05:24:e0:a2:08:1e:b4:c4:15:42:
                    4f:23:10:e1:58:42:62:7a:0c:f6:5b:ae:8e:a7:65:
                    c9:36:b1:50:8d:c2:c0:94:06:dd:80:12:44:6a:d5:
                    10:c4:33:b0:21:cb:2d:68:d8:06:e3:bf:bf:85:7f:
                    a8:a0:d9:55:77:96:00:4c:fb:0c:7d:9c:c1:8a:98:
                    f2:c8:df:0d:80:8d:30:35:fb:a5:79:79:00:1f:24:
                    64:28:f4:35:3c:cc:4b:36:ee:49:7d:ca:3b:bc:e5:
                    e4:3b:90:1b:61:b1:ac:d8:7e:66:5d:eb:ef:0a:b5:
                    71:38:d0:3e:4d:df:09:50:d1:f9:a2:9c:8b:29:61:
                    65:43:ce:8b:cd:39:8d:b8:8f:74:aa:74:a0:03:62:
                    93:87:fb:14:56:e7:c7:ef:db:95:be:e7:4d:be:72:
                    87:f9:42:c7:fb:4a:5e:7f:4a:5e:0c:72:63:4e:5d:
                    47:7b:ae:d6:f4:83:fe:83:db:a5:b2:19:bd:16:b3:
                    15:e1:61:92:36:54:76:9a:ec:9f:26:c9:4a:e8:9e:
                    6f:e7:4c:a2:04:11:0d:db:5d:19:44:b6:ce:49:32:
                    ae:8d:1a:21:06:30:c1:d8:80:fe:8c:24:d2:4b:b7:
                    af:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E6:C9:08:85:25:A2:A8:69:EA:D4:55:4F:B8:3D:D2:10:20:39:9B
            X509v3 Authority Key Identifier:
                keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/fObJCIUloqhp6tRVT7g90hAgOZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.21.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:8b:21:c9:4c:c6:3b:6b:f3:f7:3a:3d:62:86:5b:00:48:d2:
         63:0a:f0:89:30:7d:2f:b6:3d:fe:17:80:1e:be:38:9f:4a:3c:
         5c:7f:ad:8e:e7:3d:7e:3b:43:0b:45:f3:c5:c9:c9:90:b4:b2:
         35:f4:8e:ae:27:3c:fe:18:ab:7a:7d:59:60:f8:c7:92:f2:37:
         26:87:72:57:29:ea:e0:32:5f:9e:22:16:35:7e:1e:dc:29:9f:
         72:8f:11:b5:a3:c6:87:e1:be:86:db:33:90:7d:87:67:a6:c0:
         dd:e3:da:99:15:e3:3b:18:ae:bc:ec:0b:b3:06:3a:e6:e5:65:
         c8:c8:23:32:fa:e5:50:0b:01:98:5a:de:78:89:15:2e:5a:ab:
         15:14:a1:55:e4:13:7e:32:31:a8:d2:f4:8a:ee:09:93:d4:fb:
         b7:0e:b1:14:d2:c7:ea:78:67:96:cf:e6:e4:99:87:f0:81:d1:
         67:04:f4:00:d5:c5:fc:76:11:63:0c:1a:d8:57:2b:33:f9:62:
         74:8c:05:ea:06:91:fd:74:a2:8a:46:6a:b2:29:33:5e:8b:1a:
         d4:31:c9:2f:af:7b:60:8e:ce:97:29:0a:f1:eb:bb:96:db:2e:
         61:88:09:e2:1b:4f:ea:62:67:a7:5c:3e:b7:ce:d9:97:f8:b5:
         08:56:31:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xScXlfFcG5/gIUZWQhJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2U2YzkwODg1MjVhMmE4NjllYWQ0NTU0ZmI4M2RkMjEwMjAzOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDb+z+ez7BrO294F286DUFx7pQUk
4KIIHrTEFUJPIxDhWEJiegz2W66Op2XJNrFQjcLAlAbdgBJEatUQxDOwIcstaNgG
47+/hX+ooNlVd5YATPsMfZzBipjyyN8NgI0wNfuleXkAHyRkKPQ1PMxLNu5Jfco7
vOXkO5AbYbGs2H5mXevvCrVxONA+Td8JUNH5opyLKWFlQ86LzTmNuI90qnSgA2KT
h/sUVufH79uVvudNvnKH+ULH+0pef0peDHJjTl1He67W9IP+g9ulshm9FrMV4WGS
NlR2muyfJslK6J5v50yiBBEN210ZRLbOSTKujRohBjDB2ID+jCTSS7evmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzmyQiFJaKoaerUVU+4PdIQIDmbMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvZk9iSkNJVWxvcWhwNnRSVlQ3ZzkwaEFnT1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwhU4MA0G
CSqGSIb3DQEBCwUAA4IBAQApiyHJTMY7a/P3Oj1ihlsASNJjCvCJMH0vtj3+F4Ae
vjifSjxcf62O5z1+O0MLRfPFycmQtLI19I6uJzz+GKt6fVlg+MeS8jcmh3JXKerg
Ml+eIhY1fh7cKZ9yjxG1o8aH4b6G2zOQfYdnpsDd49qZFeM7GK687AuzBjrm5WXI
yCMy+uVQCwGYWt54iRUuWqsVFKFV5BN+MjGo0vSK7gmT1Pu3DrEU0sfqeGeWz+bk
mYfwgdFnBPQA1cX8dhFjDBrYVysz+WJ0jAXqBpH9dKKKRmqyKTNeixrUMckvr3tg
js6XKQrx67uW2y5hiAniG0/qYmenXD63ztmX+LUIVjG8
-----END CERTIFICATE-----