Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/7p4GO_BeFOQo9RZ5rRsva1a-g4s.roa
File:                     7p4GO_BeFOQo9RZ5rRsva1a-g4s.roa (raw, json)
Hash identifier:          MD7CHecx54zBuxFOSDYlf0ddQy2Ve0BtTWHRDIC5KU0=
Subject key identifier:   EE:9E:06:3B:F0:5E:14:E4:28:F5:16:79:AD:1B:2F:6B:56:BE:83:8B
Certificate issuer:       /CN=3a5ec28e841f29f380a7ce2cb5cd5673700821fd
Certificate serial:       018CC794046644AB3F392DDDEBC662153509
Authority key identifier: 3A:5E:C2:8E:84:1F:29:F3:80:A7:CE:2C:B5:CD:56:73:70:08:21:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/7p4GO_BeFOQo9RZ5rRsva1a-g4s.roa
Signing time:             Tue 02 Jan 2024 00:30:15 +0000
ROA not before:           Tue 02 Jan 2024 00:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        185.161.149.0/24 maxlen: 24
                          185.238.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:04:66:44:ab:3f:39:2d:dd:eb:c6:62:15:35:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a5ec28e841f29f380a7ce2cb5cd5673700821fd
        Validity
            Not Before: Jan  2 00:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee9e063bf05e14e428f51679ad1b2f6b56be838b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:92:0c:44:aa:18:79:66:32:28:66:e4:a3:6b:
                    37:4e:fd:94:21:a2:88:06:7d:67:ba:45:97:fa:8f:
                    41:8f:93:4e:63:4f:19:8b:92:62:df:15:5c:5a:79:
                    6a:80:7a:dd:7f:6e:e9:39:6a:24:9f:df:12:e7:84:
                    06:6b:e5:d2:2e:06:e0:3b:1b:3d:a3:e5:06:8d:97:
                    9e:88:5d:33:a0:b4:43:66:77:8a:c4:e6:cd:fe:59:
                    8e:22:11:19:93:d1:1b:2d:7f:2f:7b:f5:79:58:1c:
                    ed:25:ed:9f:2a:a5:54:ee:24:f3:9a:d7:ed:4d:14:
                    9e:ac:a5:06:e8:d1:a2:c2:9f:74:dc:43:89:7b:e7:
                    d2:b5:5b:8e:40:ae:bb:f9:f7:6c:a5:b7:0e:fb:dd:
                    41:71:a6:54:4c:7d:71:2e:b3:65:65:e0:43:86:53:
                    9a:ea:f1:6d:16:0b:09:07:36:c0:95:16:e3:26:3a:
                    93:64:db:2a:8a:37:fc:e2:46:a7:ac:78:5d:13:13:
                    ca:23:e5:ab:f3:07:d7:5f:d7:a9:5a:50:6e:b9:6f:
                    22:32:58:97:c6:f4:1a:d9:48:37:9a:ee:90:a1:cb:
                    07:78:48:dd:59:fa:45:cd:d8:6f:07:0e:1c:62:55:
                    25:8c:67:4d:5a:6c:24:46:40:0a:fb:55:76:2b:86:
                    cf:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:9E:06:3B:F0:5E:14:E4:28:F5:16:79:AD:1B:2F:6B:56:BE:83:8B
            X509v3 Authority Key Identifier:
                keyid:3A:5E:C2:8E:84:1F:29:F3:80:A7:CE:2C:B5:CD:56:73:70:08:21:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ol7CjoQfKfOAp84stc1Wc3AIIf0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/7p4GO_BeFOQo9RZ5rRsva1a-g4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/c12020-a1a1-400e-91f3-835599260ff6/1/Ol7CjoQfKfOAp84stc1Wc3AIIf0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.149.0/24
                  185.238.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:26:d1:de:05:69:83:38:fe:02:e2:7c:16:45:e2:19:e5:40:
         88:93:aa:e6:8c:fb:f4:9f:0e:c7:62:cc:c3:71:c1:51:c7:a8:
         3f:bb:13:d5:3e:01:03:13:3b:42:88:31:40:65:06:80:9f:f3:
         e2:e3:82:be:e7:4c:53:9e:e3:20:ef:bf:c6:8d:ab:5d:59:f0:
         29:e0:23:e9:4c:8c:a4:12:8b:fb:69:1d:5d:1c:2e:01:7b:dc:
         e0:7b:4f:dc:42:0e:34:4b:31:53:51:e5:59:cd:1d:44:87:3e:
         dc:7c:08:72:b8:cb:b5:1d:c0:ca:04:89:ed:30:cd:2f:e2:f2:
         7e:ae:73:ab:8c:ef:e7:d9:bc:fc:33:56:dd:58:79:1a:a7:11:
         1a:5f:77:a9:4f:89:86:ad:09:42:5b:89:6e:d3:cb:8b:cd:39:
         f6:01:0c:2b:cf:66:e5:f2:d2:cb:19:97:70:e0:36:c7:80:c2:
         ad:6e:0a:83:1e:8f:d7:15:16:ca:2a:30:10:ca:33:4e:cc:d6:
         78:a7:c4:b3:89:a7:6f:f1:c0:49:28:0b:d4:ce:8c:27:de:c5:
         a8:0f:2c:88:d4:55:4d:85:64:95:6b:8e:7c:b4:2e:38:30:dd:
         84:e5:26:24:a8:b5:83:c0:5f:74:5b:65:dd:91:83:1d:2b:f0:
         a0:e5:27:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlARmRKs/OS3d68ZiFTUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNWVjMjhlODQxZjI5ZjM4MGE3Y2UyY2I1Y2Q1NjczNzAw
ODIxZmQwHhcNMjQwMTAyMDAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTllMDYzYmYwNWUxNGU0MjhmNTE2NzlhZDFiMmY2YjU2YmU4MzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpIMRKoYeWYyKGbko2s3Tv2UIaKI
Bn1nukWX+o9Bj5NOY08Zi5Ji3xVcWnlqgHrdf27pOWokn98S54QGa+XSLgbgOxs9
o+UGjZeeiF0zoLRDZneKxObN/lmOIhEZk9EbLX8ve/V5WBztJe2fKqVU7iTzmtft
TRSerKUG6NGiwp903EOJe+fStVuOQK67+fdspbcO+91BcaZUTH1xLrNlZeBDhlOa
6vFtFgsJBzbAlRbjJjqTZNsqijf84kanrHhdExPKI+Wr8wfXX9epWlBuuW8iMliX
xvQa2Ug3mu6QocsHeEjdWfpFzdhvBw4cYlUljGdNWmwkRkAK+1V2K4bPkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO6eBjvwXhTkKPUWea0bL2tWvoOLMB8GA1UdIwQY
MBaAFDpewo6EHynzgKfOLLXNVnNwCCH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2w3Q2pvUWZLZk9BcDg0c3RjMVdjM0FJSWYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9jMTIwMjAtYTFhMS00MDBlLTkxZjMt
ODM1NTk5MjYwZmY2LzEvN3A0R09fQmVGT1FvOVJaNXJSc3ZhMWEtZzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9jMTIwMjAtYTFhMS00MDBlLTkxZjMtODM1NTk5MjYwZmY2
LzEvT2w3Q2pvUWZLZk9BcDg0c3RjMVdjM0FJSWYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuaGVAwQA
ue6yMA0GCSqGSIb3DQEBCwUAA4IBAQBsJtHeBWmDOP4C4nwWReIZ5UCIk6rmjPv0
nw7HYszDccFRx6g/uxPVPgEDEztCiDFAZQaAn/Pi44K+50xTnuMg77/GjatdWfAp
4CPpTIykEov7aR1dHC4Be9zge0/cQg40SzFTUeVZzR1Ehz7cfAhyuMu1HcDKBInt
MM0v4vJ+rnOrjO/n2bz8M1bdWHkapxEaX3epT4mGrQlCW4lu08uLzTn2AQwrz2bl
8tLLGZdw4DbHgMKtbgqDHo/XFRbKKjAQyjNOzNZ4p8Sziadv8cBJKAvUzown3sWo
DyyI1FVNhWSVa458tC44MN2E5SYkqLWDwF90W2XdkYMdK/Cg5Se+
-----END CERTIFICATE-----