Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/aprDNRhAxtPNAL3DJAsOJ_GWWjA.roa
File:                     aprDNRhAxtPNAL3DJAsOJ_GWWjA.roa (raw, json)
Hash identifier:          9Mcfyt1H3R6LQc5cUxYYmAduzGkS0L97b1fmaHA4ybU=
Subject key identifier:   6A:9A:C3:35:18:40:C6:D3:CD:00:BD:C3:24:0B:0E:27:F1:96:5A:30
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       018E17A2FCBE849A66B60DA5E3A7467DFDE8
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/aprDNRhAxtPNAL3DJAsOJ_GWWjA.roa
Signing time:             Thu 07 Mar 2024 06:39:01 +0000
ROA not before:           Thu 07 Mar 2024 06:39:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51020
IP address blocks:        185.21.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:17:a2:fc:be:84:9a:66:b6:0d:a5:e3:a7:46:7d:fd:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Mar  7 06:39:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a9ac3351840c6d3cd00bdc3240b0e27f1965a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f6:82:6b:65:71:43:3d:c2:cd:42:37:d2:48:
                    fa:17:4a:c2:d8:01:94:18:1d:70:c1:d2:f2:75:ee:
                    6c:5f:98:3a:7b:f9:6c:32:f1:91:30:b0:5e:9d:72:
                    9b:7f:3b:9d:f5:a0:53:d0:e5:9a:74:7f:6f:e3:c7:
                    6d:73:a3:25:dd:da:da:e5:a1:ce:07:c7:b8:e4:8b:
                    7b:cd:90:e1:61:55:24:25:bf:58:11:ca:ff:c2:c7:
                    e3:b5:a4:b1:fd:68:73:16:75:f5:38:76:2f:78:73:
                    b6:09:de:96:fc:bd:26:4a:70:8a:05:08:a7:4c:00:
                    8e:95:b8:95:84:e5:8f:69:f0:c9:12:25:55:6c:8e:
                    01:47:c3:6a:43:33:88:c0:c1:e7:50:ec:c8:76:7e:
                    de:fb:15:79:e9:9b:6e:d4:fd:d8:9d:d1:1c:66:c0:
                    a3:d2:e8:92:a2:4e:98:6f:15:6a:90:56:b2:8d:7b:
                    f7:4b:56:63:93:b7:cf:8c:5d:d8:97:b3:e9:13:da:
                    88:3b:53:be:92:9a:2a:96:65:67:81:29:bf:d8:82:
                    93:53:e1:eb:e2:4b:fe:58:99:b5:85:3a:a2:4b:ab:
                    5c:42:e9:61:43:b1:4c:42:7e:b8:85:2e:35:0b:c8:
                    96:63:46:02:e1:85:31:f7:bb:99:30:fb:2a:9b:27:
                    81:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9A:C3:35:18:40:C6:D3:CD:00:BD:C3:24:0B:0E:27:F1:96:5A:30
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/aprDNRhAxtPNAL3DJAsOJ_GWWjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:20:20:e0:1e:4c:0f:a9:bc:e7:d0:e9:bc:4c:14:00:a8:47:
         1e:94:39:60:09:64:c6:b2:60:05:95:b1:a0:dc:72:6d:27:25:
         34:38:8a:a7:6c:6e:7e:62:fa:eb:4b:8d:17:98:2b:fd:25:bf:
         23:97:b0:30:0f:33:08:38:97:5c:09:f9:1f:9b:f3:25:39:b0:
         f7:69:a4:ea:25:44:fd:72:c9:85:75:3a:65:a5:66:d5:5b:46:
         8b:9f:e7:1a:0a:7d:b4:73:80:e5:bf:1d:ff:74:90:f7:1c:b8:
         91:a3:68:db:32:b0:77:ba:92:12:35:e4:bd:af:14:6d:bc:eb:
         e3:63:1a:ec:19:0d:6d:ab:c1:85:63:40:f5:f1:c3:08:02:77:
         38:d7:48:af:f8:c8:fa:fd:13:57:99:c3:98:a8:82:c2:6c:f5:
         8f:43:89:19:fc:d1:be:d7:51:4d:4b:d2:ab:c9:e9:59:ab:b1:
         98:18:97:6b:0a:40:31:c0:2e:b5:7f:76:c3:f6:2f:96:5a:ee:
         de:6c:33:1d:bd:fc:c2:be:63:40:67:51:c9:67:ea:63:e9:52:
         15:11:e6:7f:e9:d3:80:81:c5:a3:ec:e7:e7:39:5c:d9:34:71:
         89:ef:46:06:4f:ee:bf:18:30:fe:62:c7:98:7c:b9:bb:db:89:
         a4:07:0f:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY4Xovy+hJpmtg2l46dGff3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjQwMzA3MDYzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTlhYzMzNTE4NDBjNmQzY2QwMGJkYzMyNDBiMGUyN2YxOTY1YTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPaCa2VxQz3CzUI30kj6F0rC2AGU
GB1wwdLyde5sX5g6e/lsMvGRMLBenXKbfzud9aBT0OWadH9v48dtc6Ml3dra5aHO
B8e45It7zZDhYVUkJb9YEcr/wsfjtaSx/WhzFnX1OHYveHO2Cd6W/L0mSnCKBQin
TACOlbiVhOWPafDJEiVVbI4BR8NqQzOIwMHnUOzIdn7e+xV56Ztu1P3YndEcZsCj
0uiSok6YbxVqkFayjXv3S1Zjk7fPjF3Yl7PpE9qIO1O+kpoqlmVngSm/2IKTU+Hr
4kv+WJm1hTqiS6tcQulhQ7FMQn64hS41C8iWY0YC4YUx97uZMPsqmyeB7wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGqawzUYQMbTzQC9wyQLDifxllowMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL2FwckROUmhBeHRQTkFMM0RKQXNPSl9HV1dqQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5FYsw
DQYJKoZIhvcNAQELBQADggEBAM8gIOAeTA+pvOfQ6bxMFACoRx6UOWAJZMayYAWV
saDccm0nJTQ4iqdsbn5i+utLjReYK/0lvyOXsDAPMwg4l1wJ+R+b8yU5sPdppOol
RP1yyYV1OmWlZtVbRouf5xoKfbRzgOW/Hf90kPccuJGjaNsysHe6khI15L2vFG28
6+NjGuwZDW2rwYVjQPXxwwgCdzjXSK/4yPr9E1eZw5iogsJs9Y9DiRn80b7XUU1L
0qvJ6VmrsZgYl2sKQDHALrV/dsP2L5Za7t5sMx29/MK+Y0BnUcln6mPpUhUR5n/p
04CBxaPs5+c5XNk0cYnvRgZP7r8YMP5ix5h8ubvbiaQHDyU=
-----END CERTIFICATE-----