Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/L7R3g4R9Y7IPQ38r9aTtrIvpSR4.roa
File:                     L7R3g4R9Y7IPQ38r9aTtrIvpSR4.roa (raw, json)
Hash identifier:          nAw8fYsYlXa+EWadzV6KYnyPx0a1Ym3w2Sh5cgZVCcY=
Subject key identifier:   2F:B4:77:83:84:7D:63:B2:0F:43:7F:2B:F5:A4:ED:AC:8B:E9:49:1E
Certificate issuer:       /CN=897da6001b12383068fe71a30f8cf285c66830fe
Certificate serial:       018CC26D13862A335649641F3C839B489618
Authority key identifier: 89:7D:A6:00:1B:12:38:30:68:FE:71:A3:0F:8C:F2:85:C6:68:30:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iX2mABsSODBo_nGjD4zyhcZoMP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/L7R3g4R9Y7IPQ38r9aTtrIvpSR4.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39430
IP address blocks:        185.236.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/iX2mABsSODBo_nGjD4zyhcZoMP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/iX2mABsSODBo_nGjD4zyhcZoMP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iX2mABsSODBo_nGjD4zyhcZoMP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:13:86:2a:33:56:49:64:1f:3c:83:9b:48:96:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=897da6001b12383068fe71a30f8cf285c66830fe
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fb47783847d63b20f437f2bf5a4edac8be9491e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:09:a1:df:f9:db:b7:e6:26:56:fa:10:80:5e:
                    d9:9b:40:bf:1b:8f:0b:f6:9e:55:af:02:0e:8f:94:
                    7f:36:bc:00:df:32:cb:cc:f2:b0:fa:eb:f2:cc:92:
                    38:76:44:21:31:bd:17:73:44:ef:4f:f1:87:87:ba:
                    47:b7:84:50:d1:09:f3:a3:fa:e8:f9:da:9c:b4:86:
                    a3:4b:1d:fa:cd:2e:b3:4f:a1:b9:f3:76:37:c0:eb:
                    b5:be:db:55:22:44:71:f0:58:dc:00:40:ce:92:72:
                    60:2e:f6:6e:1a:1a:23:21:9d:42:e1:84:01:3d:3e:
                    6c:61:35:65:36:78:a7:5d:25:3e:66:70:26:d6:8f:
                    c9:af:de:5c:e7:63:8a:1e:6f:f7:26:21:49:78:79:
                    2f:44:5d:91:79:c9:de:cc:3b:54:ab:93:d1:2c:9a:
                    f0:c9:0e:97:1a:49:98:c9:d4:df:d2:c2:07:76:fa:
                    6e:c9:db:1b:2c:08:f4:41:64:59:1a:32:5e:89:b3:
                    5e:ae:ae:a1:7b:2e:a8:14:28:2e:9a:f0:82:6c:1d:
                    9a:4c:0a:76:60:4c:49:63:cc:02:1b:07:3e:4f:f2:
                    fa:91:6c:42:ea:32:0c:af:4b:89:df:e1:6a:ff:26:
                    30:c5:17:ea:51:71:3d:e2:0e:fc:6e:79:27:b6:51:
                    8f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B4:77:83:84:7D:63:B2:0F:43:7F:2B:F5:A4:ED:AC:8B:E9:49:1E
            X509v3 Authority Key Identifier:
                keyid:89:7D:A6:00:1B:12:38:30:68:FE:71:A3:0F:8C:F2:85:C6:68:30:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iX2mABsSODBo_nGjD4zyhcZoMP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/L7R3g4R9Y7IPQ38r9aTtrIvpSR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/96dec8-7720-4efc-bd39-84faaf105a97/1/iX2mABsSODBo_nGjD4zyhcZoMP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:a5:24:01:86:4a:61:09:3c:04:db:3c:ae:6e:37:7e:0e:e1:
         fa:52:4e:f2:19:13:c9:be:05:cc:b8:99:de:31:b3:dd:fa:46:
         06:d4:e7:10:b8:ae:ca:0d:35:00:ac:b5:67:cc:98:39:06:db:
         09:50:67:e8:41:2a:9e:40:45:b3:51:84:33:12:dd:9b:1e:c4:
         9e:76:b3:a2:54:47:b4:07:0d:13:67:c9:b1:36:1e:c8:88:76:
         eb:f3:b3:64:8a:0f:62:ea:70:da:a6:49:68:02:6b:81:3f:96:
         31:02:8e:65:36:27:59:b9:a8:f3:b5:c2:22:c0:65:47:c5:80:
         19:68:81:e0:11:31:b7:08:42:ca:03:b3:92:1d:65:ca:08:b3:
         10:d0:9f:f3:82:1a:5d:dc:1d:8b:bd:f8:f2:92:a3:9c:b5:ac:
         0d:c6:72:cc:76:5b:28:89:e9:2f:02:57:08:4c:2a:c5:d7:70:
         c3:ee:b9:61:81:8e:d8:57:ba:33:10:4b:d4:50:b9:a0:4b:05:
         b8:79:4a:d6:c4:9f:30:23:4a:99:73:93:21:44:aa:17:7e:4d:
         5c:64:fe:2c:d3:07:a6:c8:05:08:38:66:df:6f:a0:ee:85:cc:
         e4:b4:0b:2b:f8:c1:5a:d1:63:4d:f2:86:db:69:b0:84:38:be:
         61:b6:97:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbROGKjNWSWQfPIObSJYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5N2RhNjAwMWIxMjM4MzA2OGZlNzFhMzBmOGNmMjg1YzY2
ODMwZmUwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmI0Nzc4Mzg0N2Q2M2IyMGY0MzdmMmJmNWE0ZWRhYzhiZTk0OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgmh3/nbt+YmVvoQgF7Zm0C/G48L
9p5VrwIOj5R/NrwA3zLLzPKw+uvyzJI4dkQhMb0Xc0TvT/GHh7pHt4RQ0Qnzo/ro
+dqctIajSx36zS6zT6G583Y3wOu1vttVIkRx8FjcAEDOknJgLvZuGhojIZ1C4YQB
PT5sYTVlNninXSU+ZnAm1o/Jr95c52OKHm/3JiFJeHkvRF2RecnezDtUq5PRLJrw
yQ6XGkmYydTf0sIHdvpuydsbLAj0QWRZGjJeibNerq6hey6oFCgumvCCbB2aTAp2
YExJY8wCGwc+T/L6kWxC6jIMr0uJ3+Fq/yYwxRfqUXE94g78bnkntlGPCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+0d4OEfWOyD0N/K/Wk7ayL6UkeMB8GA1UdIwQY
MBaAFIl9pgAbEjgwaP5xow+M8oXGaDD+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVgybUFCc1NPREJvX25HakQ0enloY1pvTVA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85NmRlYzgtNzcyMC00ZWZjLWJkMzkt
ODRmYWFmMTA1YTk3LzEvTDdSM2c0UjlZN0lQUTM4cjlhVHRySXZwU1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85NmRlYzgtNzcyMC00ZWZjLWJkMzktODRmYWFmMTA1YTk3
LzEvaVgybUFCc1NPREJvX25HakQ0enloY1pvTVA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuezcMA0G
CSqGSIb3DQEBCwUAA4IBAQB8pSQBhkphCTwE2zyubjd+DuH6Uk7yGRPJvgXMuJne
MbPd+kYG1OcQuK7KDTUArLVnzJg5BtsJUGfoQSqeQEWzUYQzEt2bHsSedrOiVEe0
Bw0TZ8mxNh7IiHbr87Nkig9i6nDapkloAmuBP5YxAo5lNidZuajztcIiwGVHxYAZ
aIHgETG3CELKA7OSHWXKCLMQ0J/zghpd3B2LvfjykqOctawNxnLMdlsoiekvAlcI
TCrF13DD7rlhgY7YV7ozEEvUULmgSwW4eUrWxJ8wI0qZc5MhRKoXfk1cZP4s0wem
yAUIOGbfb6DuhczktAsr+MFa0WNN8obbabCEOL5htpfd
-----END CERTIFICATE-----