Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/pNWR7iaU3EKbNN_i2wnFzLClQBI.roa
File:                     pNWR7iaU3EKbNN_i2wnFzLClQBI.roa (raw, json)
Hash identifier:          /4U5hkDOHDCDwnmQjQ53g1D2qPUc0/tQ7a2vcc6DUn0=
Subject key identifier:   A4:D5:91:EE:26:94:DC:42:9B:34:DF:E2:DB:09:C5:CC:B0:A5:40:12
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       018CC56E6CCACE98884E524C285552501459
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/pNWR7iaU3EKbNN_i2wnFzLClQBI.roa
Signing time:             Mon 01 Jan 2024 14:29:57 +0000
ROA not before:           Mon 01 Jan 2024 14:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212330
IP address blocks:        185.21.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:6c:ca:ce:98:88:4e:52:4c:28:55:52:50:14:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jan  1 14:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4d591ee2694dc429b34dfe2db09c5ccb0a54012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f5:c1:96:d9:4f:d0:5b:98:31:dd:d3:41:1e:
                    48:a7:0f:46:17:5c:a8:54:e4:7b:ec:ee:88:8b:16:
                    2e:f8:e9:17:86:42:cd:10:94:c9:86:d9:42:88:c3:
                    e6:d3:00:13:c5:26:54:22:52:3a:d5:54:d3:51:37:
                    f9:4f:74:bd:6c:10:1f:2d:30:0c:01:7a:79:ed:8b:
                    dd:09:fc:fb:8b:18:a5:80:8d:1c:e4:51:cf:7b:bd:
                    c0:19:cd:2a:e5:e1:97:d8:ad:9a:d1:4c:66:54:ad:
                    fc:95:45:9b:e8:0b:2f:de:ea:6c:bf:ce:ac:ea:18:
                    2c:19:5f:05:60:76:cb:2e:16:8b:e8:eb:ea:2f:2b:
                    6f:43:db:b0:4c:5e:00:46:69:6c:b1:26:ea:7b:1c:
                    c8:3e:6b:c3:44:d8:6d:f4:d1:37:2b:a1:e9:f1:dc:
                    d0:e6:0e:c6:c0:fc:b3:13:82:df:b9:7b:7f:15:4c:
                    80:bf:a9:c1:47:b8:0f:ff:ce:90:f9:fc:ec:d2:97:
                    29:09:d7:94:1a:3b:9e:ef:85:bf:34:73:9a:2f:ae:
                    ce:d0:b4:40:f4:74:c4:c5:f3:57:86:ec:ae:e7:b6:
                    1e:74:ba:a5:8a:3c:78:52:9b:42:fa:21:f1:32:ce:
                    4c:ca:7f:6f:3b:88:25:d0:62:0b:24:5a:47:f0:36:
                    31:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:D5:91:EE:26:94:DC:42:9B:34:DF:E2:DB:09:C5:CC:B0:A5:40:12
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/pNWR7iaU3EKbNN_i2wnFzLClQBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:ac:f9:58:60:ae:f0:a6:6a:fa:ad:c6:37:f6:85:ff:53:e9:
         45:d1:db:8c:cf:75:68:ce:f0:2a:62:b6:5a:83:0f:d3:ac:b3:
         bd:49:05:6c:b8:8e:c0:36:7c:44:7f:00:e8:d2:66:f7:56:e7:
         39:f0:73:0f:e9:3a:f0:71:23:13:3b:4a:ac:79:18:86:e8:df:
         93:2d:54:bf:86:6e:68:13:77:ca:b0:c1:1e:22:2f:ad:e6:be:
         54:6b:e3:f1:80:b1:1b:44:8a:35:51:8a:60:6f:53:74:52:55:
         b2:2f:2a:d4:c9:25:ed:6e:20:1b:ab:69:9d:b7:60:21:b8:6d:
         47:fc:c9:dd:84:cf:f4:fc:fd:61:dd:e2:16:f3:07:40:a4:ce:
         ac:2c:ff:a2:c1:23:a6:7f:2c:38:46:9a:71:15:a7:30:c6:74:
         8b:90:49:35:06:f3:08:46:37:eb:80:aa:f8:16:2e:ed:7d:86:
         f6:f5:49:27:71:0c:ca:38:a1:1f:1f:6f:cb:43:a7:50:bf:a2:
         0b:36:1c:d3:ae:d9:a9:d2:c2:18:9d:de:e8:82:8d:71:cd:a3:
         32:c3:a9:96:9b:39:a1:69:39:23:f8:57:5b:b1:dd:3a:81:b7:
         f5:41:76:7d:36:10:98:09:f4:51:ee:1a:43:c3:ce:7f:2b:31:
         7e:a4:a7:cc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbmzKzpiITlJMKFVSUBRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjQwMTAxMTQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGQ1OTFlZTI2OTRkYzQyOWIzNGRmZTJkYjA5YzVjY2IwYTU0MDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofXBltlP0FuYMd3TQR5Ipw9GF1yo
VOR77O6IixYu+OkXhkLNEJTJhtlCiMPm0wATxSZUIlI61VTTUTf5T3S9bBAfLTAM
AXp57YvdCfz7ixilgI0c5FHPe73AGc0q5eGX2K2a0UxmVK38lUWb6Asv3upsv86s
6hgsGV8FYHbLLhaL6OvqLytvQ9uwTF4ARmlssSbqexzIPmvDRNht9NE3K6Hp8dzQ
5g7GwPyzE4LfuXt/FUyAv6nBR7gP/86Q+fzs0pcpCdeUGjue74W/NHOaL67O0LRA
9HTExfNXhuyu57YedLqlijx4UptC+iHxMs5Myn9vO4gl0GILJFpH8DYxVwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKTVke4mlNxCmzTf4tsJxcywpUASMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL3BOV1I3aWFVM0VLYk5OX2kyd25GekxDbFFCSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5FYsw
DQYJKoZIhvcNAQELBQADggEBAISs+VhgrvCmavqtxjf2hf9T6UXR24zPdWjO8Cpi
tlqDD9Oss71JBWy4jsA2fER/AOjSZvdW5znwcw/pOvBxIxM7Sqx5GIbo35MtVL+G
bmgTd8qwwR4iL63mvlRr4/GAsRtEijVRimBvU3RSVbIvKtTJJe1uIBuraZ23YCG4
bUf8yd2Ez/T8/WHd4hbzB0Ckzqws/6LBI6Z/LDhGmnEVpzDGdIuQSTUG8whGN+uA
qvgWLu19hvb1SSdxDMo4oR8fb8tDp1C/ogs2HNOu2anSwhid3uiCjXHNozLDqZab
OaFpOSP4V1ux3TqBt/VBdn02EJgJ9FHuGkPDzn8rMX6kp8w=
-----END CERTIFICATE-----