Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/7l-zV_vbGPew-G9rJRh6g1avHtk.roa
File:                     7l-zV_vbGPew-G9rJRh6g1avHtk.roa (raw, json)
Hash identifier:          IfmVKIOf7kELynfZj0fLkONjqY3N62BbOHBqIcCpvNs=
Subject key identifier:   EE:5F:B3:57:FB:DB:18:F7:B0:F8:6F:6B:25:18:7A:83:56:AF:1E:D9
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018F14EE50542F19738C9A680A4F5697A0CA
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/7l-zV_vbGPew-G9rJRh6g1avHtk.roa
Signing time:             Thu 25 Apr 2024 11:05:13 +0000
ROA not before:           Thu 25 Apr 2024 11:05:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        159.255.32.0/21 maxlen: 24
                          188.214.236.0/22 maxlen: 24
                          188.253.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:ee:50:54:2f:19:73:8c:9a:68:0a:4f:56:97:a0:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Apr 25 11:05:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee5fb357fbdb18f7b0f86f6b25187a8356af1ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:16:55:4c:f3:a5:09:a8:28:0e:c2:8e:38:79:
                    16:40:17:b9:13:7a:1f:a9:b3:22:25:83:eb:11:f7:
                    63:28:14:96:48:5e:ce:92:a4:76:59:d0:2b:08:88:
                    b4:dd:41:53:20:e7:fe:11:8c:cc:6e:78:ee:cb:cd:
                    66:c9:62:0b:4c:ae:91:c8:f5:3e:29:79:77:b1:23:
                    ab:31:2c:1d:96:d1:4b:36:cb:1d:06:9c:67:da:96:
                    5d:52:5b:8f:84:9a:28:fa:37:63:72:7f:89:41:2d:
                    27:ab:65:a1:a3:4c:e7:27:b2:1e:07:40:d2:a6:77:
                    ee:cb:66:8e:42:19:13:55:d2:d0:86:71:8f:60:42:
                    46:c0:70:bd:a7:8b:ca:52:bf:cb:e3:ae:70:4e:d5:
                    50:0d:9d:51:12:bc:7e:3b:6a:16:60:87:a3:d2:11:
                    a7:5c:e5:15:a8:63:54:b2:28:f5:9f:5e:b1:87:4e:
                    0c:e0:6a:18:1e:21:b4:a8:29:0f:86:f8:71:d5:62:
                    04:d8:74:43:ac:f4:da:37:d4:1c:7c:a7:33:c4:3d:
                    ae:74:ad:c8:a2:bf:db:06:b0:41:ad:ff:74:00:65:
                    ef:c8:19:02:e0:66:f6:86:47:41:6e:1a:c9:4b:f7:
                    58:bb:ec:1e:bb:4d:59:7a:6e:6c:0f:5f:3e:0f:43:
                    f9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:5F:B3:57:FB:DB:18:F7:B0:F8:6F:6B:25:18:7A:83:56:AF:1E:D9
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/7l-zV_vbGPew-G9rJRh6g1avHtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.32.0/21
                  188.214.236.0/22
                  188.253.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:6a:5f:bd:13:98:ec:64:e9:68:b5:e8:99:38:36:d6:0d:ab:
         83:d0:4b:3d:f8:bf:bc:37:19:e8:28:00:b4:fe:5c:95:b9:ba:
         18:cd:19:8b:71:3f:ce:b7:25:5f:a0:f0:48:a8:6e:ee:82:ef:
         16:66:1f:55:9a:22:2c:9e:52:ff:bc:6d:e2:e3:97:1c:ca:fe:
         af:4d:c8:72:5f:31:6a:3a:6d:14:78:6d:84:23:73:0a:c8:19:
         07:30:bc:d6:7e:9e:3a:d4:c9:8c:09:d1:d5:d4:b5:48:03:21:
         44:2d:b7:3a:d8:f2:36:40:b9:77:74:73:06:b2:a6:7e:67:42:
         0e:0f:05:6d:6f:58:03:23:95:45:fa:33:6f:22:27:b8:9a:20:
         4d:dc:52:1e:f2:6c:14:77:cb:e8:1c:c3:b8:77:a2:8d:2f:e7:
         98:a7:eb:06:a2:86:41:18:40:31:42:d5:87:8c:2c:ce:f6:4e:
         be:88:e6:46:2c:89:3b:33:25:4b:1c:6b:52:db:e7:5b:5b:ec:
         9d:74:57:4e:ff:21:72:41:39:f6:59:40:52:d4:ec:4b:f3:b7:
         f9:32:13:b1:3c:4d:cb:d4:9c:ab:3c:1d:af:f3:e9:ec:70:3a:
         72:2a:73:3e:e5:49:5b:95:b7:69:72:0b:2c:02:4b:9f:b8:31:
         30:8e:a3:e1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8U7lBULxlzjJpoCk9Wl6DKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNDI1MTEwNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTVmYjM1N2ZiZGIxOGY3YjBmODZmNmIyNTE4N2E4MzU2YWYxZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphZVTPOlCagoDsKOOHkWQBe5E3of
qbMiJYPrEfdjKBSWSF7OkqR2WdArCIi03UFTIOf+EYzMbnjuy81myWILTK6RyPU+
KXl3sSOrMSwdltFLNssdBpxn2pZdUluPhJoo+jdjcn+JQS0nq2Who0znJ7IeB0DS
pnfuy2aOQhkTVdLQhnGPYEJGwHC9p4vKUr/L465wTtVQDZ1RErx+O2oWYIej0hGn
XOUVqGNUsij1n16xh04M4GoYHiG0qCkPhvhx1WIE2HRDrPTaN9QcfKczxD2udK3I
or/bBrBBrf90AGXvyBkC4Gb2hkdBbhrJS/dYu+weu01Zem5sD18+D0P59wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO5fs1f72xj3sPhvayUYeoNWrx7ZMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvN2wtelZfdmJHUGV3LUc5ckpSaDZnMWF2SHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDn/8gAwQC
vNbsAwQCvP0MMA0GCSqGSIb3DQEBCwUAA4IBAQAZal+9E5jsZOloteiZODbWDauD
0Es9+L+8NxnoKAC0/lyVuboYzRmLcT/OtyVfoPBIqG7ugu8WZh9VmiIsnlL/vG3i
45ccyv6vTchyXzFqOm0UeG2EI3MKyBkHMLzWfp461MmMCdHV1LVIAyFELbc62PI2
QLl3dHMGsqZ+Z0IODwVtb1gDI5VF+jNvIie4miBN3FIe8mwUd8voHMO4d6KNL+eY
p+sGooZBGEAxQtWHjCzO9k6+iOZGLIk7MyVLHGtS2+dbW+yddFdO/yFyQTn2WUBS
1OxL87f5MhOxPE3L1JyrPB2v8+nscDpyKnM+5UlblbdpcgssAkufuDEwjqPh
-----END CERTIFICATE-----