Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/fk7X_YI4TzgGu7ZZhUlvM7D_HFA.roa
File:                     fk7X_YI4TzgGu7ZZhUlvM7D_HFA.roa (raw, json)
Hash identifier:          zokPpep/0uQXe9Xj67FZkY3rJfP9UpN2hnaOiYlUR5Q=
Subject key identifier:   7E:4E:D7:FD:82:38:4F:38:06:BB:B6:59:85:49:6F:33:B0:FF:1C:50
Certificate issuer:       /CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
Certificate serial:       018CC726D1DE75C09774127F88E02A981E59
Authority key identifier: CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/fk7X_YI4TzgGu7ZZhUlvM7D_HFA.roa
Signing time:             Mon 01 Jan 2024 22:30:59 +0000
ROA not before:           Mon 01 Jan 2024 22:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9092
IP address blocks:        213.156.224.0/20 maxlen: 20
                          213.156.240.0/21 maxlen: 21
                          2a00:db0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d1:de:75:c0:97:74:12:7f:88:e0:2a:98:1e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
        Validity
            Not Before: Jan  1 22:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e4ed7fd82384f3806bbb65985496f33b0ff1c50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:24:78:8e:fb:78:70:e0:a9:9e:4c:95:18:70:
                    e6:04:f5:93:18:27:8a:26:de:d0:e7:40:61:81:44:
                    3c:a6:5a:3f:96:32:1f:5e:35:2e:f6:7a:57:ca:9e:
                    d7:36:a2:63:bf:ca:8a:3c:fb:36:20:7f:bc:00:3d:
                    8c:80:32:27:65:c8:4e:24:9d:91:77:0c:11:f2:cc:
                    fb:44:07:f1:23:6f:df:9c:d1:ba:67:aa:d3:62:49:
                    ca:f2:d2:85:9a:5b:76:ba:c7:c4:55:c8:c0:88:d5:
                    6c:3c:84:23:53:a6:08:ab:4e:df:c9:a5:41:12:21:
                    da:38:c7:08:9c:cc:7a:d6:67:cb:aa:c9:70:6a:36:
                    f9:54:9a:9b:70:e1:a7:07:c8:39:e1:2d:e5:b2:49:
                    c7:d1:8b:e5:14:7e:b1:fd:9d:55:32:02:63:c6:fe:
                    f7:ae:5e:94:d5:6f:57:51:5e:90:35:b4:9b:d5:b1:
                    52:c7:5a:3d:1d:f1:3b:e2:66:7f:f6:62:b4:13:42:
                    88:19:84:e2:bd:85:17:ae:f7:47:48:57:6d:a9:9d:
                    46:32:78:64:9b:de:8e:b2:6f:1d:da:70:9d:84:df:
                    8e:e7:80:13:0e:19:1a:99:0d:ae:45:0f:4e:f9:39:
                    67:6f:4f:25:9a:5a:b7:d0:93:26:c8:ac:b1:30:f7:
                    ee:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4E:D7:FD:82:38:4F:38:06:BB:B6:59:85:49:6F:33:B0:FF:1C:50
            X509v3 Authority Key Identifier:
                keyid:CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/fk7X_YI4TzgGu7ZZhUlvM7D_HFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.156.224.0-213.156.247.255
                IPv6:
                  2a00:db0::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:1a:cd:f3:6d:21:e4:6c:6e:03:ab:4b:84:28:4b:a8:53:f0:
         35:e0:03:30:47:7d:d4:9e:5c:a4:57:0c:c2:db:12:3f:02:fe:
         b7:f8:3b:99:03:62:c1:e6:ad:0b:ab:f7:d1:ce:c5:cd:f5:39:
         cc:f6:35:23:c3:c8:b5:59:bc:18:b3:45:bf:8b:63:47:1e:a3:
         db:69:7a:4a:d8:6d:bb:49:5d:13:9f:60:3e:c1:b8:2e:d8:c3:
         c8:da:a9:91:d3:bc:76:27:ab:2a:4e:f2:4f:d1:1e:87:95:ad:
         b2:d5:1a:9a:11:29:e3:e1:6d:49:e5:b6:24:ce:5c:8d:3b:86:
         5a:c8:66:94:55:ef:d7:68:00:33:ed:af:05:81:6f:e2:4b:cf:
         6b:29:d4:ac:0e:00:a1:f6:7f:29:9d:92:f9:db:aa:9a:65:f7:
         77:35:de:72:ef:5c:5f:70:1f:4f:9a:b1:43:ec:5a:b5:75:05:
         de:96:d0:5c:55:0d:2c:69:54:67:9b:31:db:9f:7e:7f:fb:3d:
         08:68:1e:20:0e:48:b2:67:62:4a:61:86:f8:6d:f3:90:c4:f0:
         16:f7:da:45:4b:00:5e:8c:78:06:5d:a3:46:60:bb:56:7c:18:
         26:ca:ec:d3:fe:25:e4:82:0c:02:ea:b9:f2:e7:e9:76:48:66:
         b1:2d:40:13
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHJtHedcCXdBJ/iOAqmB5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzRiMTMzODdmYWIxZGNmOGI2N2YxNmEwYTQzNzYwODYw
MGM0YzIwHhcNMjQwMTAxMjIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTRlZDdmZDgyMzg0ZjM4MDZiYmI2NTk4NTQ5NmYzM2IwZmYxYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCR4jvt4cOCpnkyVGHDmBPWTGCeK
Jt7Q50BhgUQ8plo/ljIfXjUu9npXyp7XNqJjv8qKPPs2IH+8AD2MgDInZchOJJ2R
dwwR8sz7RAfxI2/fnNG6Z6rTYknK8tKFmlt2usfEVcjAiNVsPIQjU6YIq07fyaVB
EiHaOMcInMx61mfLqslwajb5VJqbcOGnB8g54S3lsknH0YvlFH6x/Z1VMgJjxv73
rl6U1W9XUV6QNbSb1bFSx1o9HfE74mZ/9mK0E0KIGYTivYUXrvdHSFdtqZ1GMnhk
m96Osm8d2nCdhN+O54ATDhkamQ2uRQ9O+Tlnb08lmlq30JMmyKyxMPfuSQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFH5O1/2COE84Bru2WYVJbzOw/xxQMB8GA1UdIwQY
MBaAFMo0sTOH+rHc+LZ/FqCkN2CGAMTCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYt
MDQwNTIzNGFiM2YxLzEvZms3WF9ZSTRUemdHdTdaWmhVbHZNN0RfSEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYtMDQwNTIzNGFiM2Yx
LzEveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAXVnOAD
BAPVnPAwDQQCAAIwBwMFACoADbAwDQYJKoZIhvcNAQELBQADggEBAAUazfNtIeRs
bgOrS4QoS6hT8DXgAzBHfdSeXKRXDMLbEj8C/rf4O5kDYsHmrQur99HOxc31Ocz2
NSPDyLVZvBizRb+LY0ceo9tpekrYbbtJXROfYD7BuC7Yw8jaqZHTvHYnqypO8k/R
HoeVrbLVGpoRKePhbUnltiTOXI07hlrIZpRV79doADPtrwWBb+JLz2sp1KwOAKH2
fymdkvnbqppl93c13nLvXF9wH0+asUPsWrV1Bd6W0FxVDSxpVGebMduffn/7PQho
HiAOSLJnYkphhvht85DE8Bb32kVLAF6MeAZdo0Zgu1Z8GCbK7NP+JeSCDALqufLn
6XZIZrEtQBM=
-----END CERTIFICATE-----