Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/Dv6TT6fRCEtjqw_UsdWsDuQwMUc.roa
File:                     Dv6TT6fRCEtjqw_UsdWsDuQwMUc.roa (raw, json)
Hash identifier:          2i25g5MN3L5J0wumA9SIX+eJJSGUmUO5Dr9UVaz831U=
Subject key identifier:   0E:FE:93:4F:A7:D1:08:4B:63:AB:0F:D4:B1:D5:AC:0E:E4:30:31:47
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       018CC56E6C3B5CC7FA0AA34A96709B06C57C
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/Dv6TT6fRCEtjqw_UsdWsDuQwMUc.roa
Signing time:             Mon 01 Jan 2024 14:29:57 +0000
ROA not before:           Mon 01 Jan 2024 14:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210016
IP address blocks:        131.117.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:6c:3b:5c:c7:fa:0a:a3:4a:96:70:9b:06:c5:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jan  1 14:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0efe934fa7d1084b63ab0fd4b1d5ac0ee4303147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:53:36:01:a0:e7:19:09:20:3c:97:33:9d:98:
                    e9:69:2a:ec:61:73:ff:03:51:25:41:fe:e7:90:cf:
                    de:d4:6b:88:74:fd:a9:06:98:db:b5:bd:06:3a:d4:
                    a3:4f:e1:af:cd:19:eb:55:e2:ef:14:29:3e:f8:54:
                    92:f1:43:ef:4f:37:d4:91:5a:f7:b3:ba:09:82:1f:
                    0e:45:d1:b0:75:87:87:3b:0b:5d:f0:65:fd:10:bc:
                    87:b7:c1:0a:69:7b:bb:24:58:72:20:cc:60:15:bb:
                    3b:4a:b6:7b:c6:a7:e7:1e:e5:9a:f0:08:ae:59:8f:
                    39:17:f8:e8:c3:0e:44:34:af:7b:c1:6b:0a:a6:59:
                    f1:c8:a3:67:3c:10:1e:c8:9e:ed:9c:ab:7e:8f:a7:
                    cb:49:30:6b:0c:5d:f3:fc:b8:15:38:86:c3:39:e0:
                    56:f1:f8:c2:82:f2:4e:ad:4d:5d:ea:1d:14:42:0b:
                    48:82:b0:d6:2f:27:2f:ad:01:e7:71:93:e6:a4:ae:
                    3b:37:f4:14:40:b5:84:d5:3d:45:ca:0c:33:3f:c2:
                    01:53:f1:85:bf:64:85:14:11:be:88:38:93:0b:06:
                    9f:48:68:22:5a:75:58:a9:6a:24:2f:24:2d:61:cc:
                    fa:bf:bd:fb:da:85:af:ed:1a:6c:17:e5:65:5e:d1:
                    e2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:FE:93:4F:A7:D1:08:4B:63:AB:0F:D4:B1:D5:AC:0E:E4:30:31:47
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/Dv6TT6fRCEtjqw_UsdWsDuQwMUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.117.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:2f:d4:22:d9:44:23:35:fd:49:cb:ef:e7:d1:58:d1:d4:66:
         1e:b0:76:e0:db:f4:08:fc:6e:15:d8:f4:1d:c6:86:88:f2:84:
         00:e1:f2:e4:1b:a3:8b:ce:ee:1d:65:c4:6b:6c:68:01:93:05:
         0a:60:aa:c7:7a:9c:65:dd:9f:fc:9e:7b:c8:5f:d4:1d:a2:50:
         38:22:2a:37:00:b5:31:ae:a1:b2:6a:c8:b6:f1:ab:5d:da:ad:
         b6:5b:7c:2a:d0:74:71:1f:8a:00:cb:06:ec:33:96:e2:9e:bb:
         42:47:d6:7b:ce:af:da:dc:f5:fc:10:b5:fa:ae:4c:ca:da:98:
         64:eb:84:59:b7:a4:3e:a2:82:ec:c8:a9:ba:d0:2c:4d:a1:b2:
         fc:a8:9e:60:13:f4:30:14:ea:bd:e8:60:fb:4b:a3:2f:74:d2:
         eb:58:69:fe:97:e9:87:c8:4b:d9:ec:02:a5:11:5b:4f:3b:28:
         8a:1f:3c:1e:42:2e:66:5e:b4:e6:90:db:25:a7:0a:95:24:c0:
         73:a1:ed:bb:4c:db:22:e5:c3:bc:17:0d:c7:b2:2a:f0:be:18:
         7c:9a:2b:e6:72:18:6f:be:a6:0a:8d:be:f9:24:17:ba:2d:1e:
         e6:1b:ce:3c:41:f0:c9:84:53:07:dc:42:1e:43:6e:1b:e7:3c:
         d4:4f:97:ae
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbmw7XMf6CqNKlnCbBsV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjQwMTAxMTQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWZlOTM0ZmE3ZDEwODRiNjNhYjBmZDRiMWQ1YWMwZWU0MzAzMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFM2AaDnGQkgPJcznZjpaSrsYXP/
A1ElQf7nkM/e1GuIdP2pBpjbtb0GOtSjT+GvzRnrVeLvFCk++FSS8UPvTzfUkVr3
s7oJgh8ORdGwdYeHOwtd8GX9ELyHt8EKaXu7JFhyIMxgFbs7SrZ7xqfnHuWa8Aiu
WY85F/joww5ENK97wWsKplnxyKNnPBAeyJ7tnKt+j6fLSTBrDF3z/LgVOIbDOeBW
8fjCgvJOrU1d6h0UQgtIgrDWLycvrQHncZPmpK47N/QUQLWE1T1FygwzP8IBU/GF
v2SFFBG+iDiTCwafSGgiWnVYqWokLyQtYcz6v7372oWv7RpsF+VlXtHiQQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFA7+k0+n0QhLY6sP1LHVrA7kMDFHMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL0R2NlRUNmZSQ0V0anF3X1VzZFdzRHVRd01VYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACDdegw
DQYJKoZIhvcNAQELBQADggEBAG4v1CLZRCM1/UnL7+fRWNHUZh6wduDb9Aj8bhXY
9B3GhojyhADh8uQbo4vO7h1lxGtsaAGTBQpgqsd6nGXdn/yee8hf1B2iUDgiKjcA
tTGuobJqyLbxq13arbZbfCrQdHEfigDLBuwzluKeu0JH1nvOr9rc9fwQtfquTMra
mGTrhFm3pD6iguzIqbrQLE2hsvyonmAT9DAU6r3oYPtLoy900utYaf6X6YfIS9ns
AqURW087KIofPB5CLmZetOaQ2yWnCpUkwHOh7btM2yLlw7wXDceyKvC+GHyaK+Zy
GG++pgqNvvkkF7otHuYbzjxB8MmEUwfcQh5DbhvnPNRPl64=
-----END CERTIFICATE-----