Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/B_7ZeIexpKu0UD91Mvkzdt2IDmg.roa
File:                     B_7ZeIexpKu0UD91Mvkzdt2IDmg.roa (raw, json)
Hash identifier:          MPuSxUTzItX4qDR7K4IqopWQODowekaURwt61FjebxU=
Subject key identifier:   07:FE:D9:78:87:B1:A4:AB:B4:50:3F:75:32:F9:33:76:DD:88:0E:68
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       018CC42553A7F261C915F818EA6224BA0935
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/B_7ZeIexpKu0UD91Mvkzdt2IDmg.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48383
IP address blocks:        217.12.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:53:a7:f2:61:c9:15:f8:18:ea:62:24:ba:09:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07fed97887b1a4abb4503f7532f93376dd880e68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:71:88:7d:9f:ad:2c:43:24:2c:cb:b9:25:bf:
                    87:c4:ef:0a:41:f9:ae:fc:c2:15:b0:9a:4f:ac:5e:
                    b7:52:07:73:52:11:fb:96:0c:4f:37:2e:66:9b:7c:
                    89:40:1b:c7:e5:bf:5a:94:f2:00:65:ea:9d:94:77:
                    7d:be:56:71:f5:b1:50:f5:52:35:fa:93:ce:44:26:
                    12:13:bf:81:bf:50:58:8c:bc:f9:63:ac:63:12:08:
                    a7:5a:84:93:d9:4a:c4:07:10:16:52:3a:c1:1f:e6:
                    83:7d:8a:19:59:f6:9c:43:49:1d:92:e1:da:c4:5d:
                    17:85:37:df:19:f3:5c:b5:00:57:78:52:d4:c0:71:
                    34:eb:ec:ea:3b:9c:1c:dc:ec:32:dc:51:5f:4c:90:
                    8f:4d:e5:e7:a6:f6:4f:ac:7d:43:9a:28:2d:1b:28:
                    87:bb:c2:b7:92:5c:4e:8a:7f:8d:55:40:cf:2d:8e:
                    3e:8b:c7:98:e0:00:57:d1:40:8c:bb:e7:27:e8:4e:
                    c9:53:fc:37:45:c2:a2:9a:23:fb:de:41:4f:17:c3:
                    8e:95:69:63:b8:1f:8b:ff:94:c9:c1:53:fd:ce:65:
                    53:e8:28:2e:8e:79:d5:72:1e:30:0d:40:09:66:dd:
                    95:a0:0f:5b:a0:e1:4f:88:d1:e8:40:dc:02:0c:b7:
                    1e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:FE:D9:78:87:B1:A4:AB:B4:50:3F:75:32:F9:33:76:DD:88:0E:68
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/B_7ZeIexpKu0UD91Mvkzdt2IDmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.12.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         aa:d5:c1:bb:6f:35:87:bf:6c:d5:fa:11:f0:63:39:18:ac:46:
         04:7d:4a:e6:80:84:fe:f6:f9:45:6d:a0:2f:ac:6b:53:5f:a1:
         84:36:45:d4:14:37:95:b8:f7:f0:6f:ce:fb:03:b7:27:98:d9:
         e0:c7:09:13:f5:c7:8a:f1:83:fc:d9:42:7c:4a:fa:e2:6b:1b:
         2d:a5:e5:67:46:0d:bf:0f:b6:82:e7:94:d0:e0:a4:f0:fc:97:
         63:5d:b6:e1:48:e9:da:66:ec:e9:6a:55:12:02:e5:e5:b5:59:
         b6:93:e7:77:81:4e:c4:3b:d8:53:f1:67:b3:ee:50:1e:da:c0:
         7d:53:d1:21:05:9c:46:23:65:96:b9:71:7c:34:35:2f:16:f7:
         cf:52:9e:76:d3:6a:da:13:26:fd:6c:1e:a9:c8:f3:e4:58:2d:
         4a:6c:01:51:4f:67:de:16:cc:6b:7b:52:83:82:ee:64:aa:9e:
         e4:17:72:e2:38:3e:7c:13:5d:9f:03:f8:b0:93:9e:ca:66:11:
         d7:0b:c7:24:df:aa:43:67:1c:a8:ad:77:e1:9e:d2:a7:96:63:
         f7:f6:27:12:88:5f:92:a3:0a:ee:1e:32:57:90:b6:26:12:5c:
         94:01:43:a5:ec:eb:c6:69:7c:a9:5b:94:5b:6f:bd:ad:00:67:
         eb:f6:d7:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVOn8mHJFfgY6mIkugk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ZlZDk3ODg3YjFhNGFiYjQ1MDNmNzUzMmY5MzM3NmRkODgwZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnGIfZ+tLEMkLMu5Jb+HxO8KQfmu
/MIVsJpPrF63UgdzUhH7lgxPNy5mm3yJQBvH5b9alPIAZeqdlHd9vlZx9bFQ9VI1
+pPORCYSE7+Bv1BYjLz5Y6xjEginWoST2UrEBxAWUjrBH+aDfYoZWfacQ0kdkuHa
xF0XhTffGfNctQBXeFLUwHE06+zqO5wc3Owy3FFfTJCPTeXnpvZPrH1DmigtGyiH
u8K3klxOin+NVUDPLY4+i8eY4ABX0UCMu+cn6E7JU/w3RcKimiP73kFPF8OOlWlj
uB+L/5TJwVP9zmVT6CgujnnVch4wDUAJZt2VoA9boOFPiNHoQNwCDLcezwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAf+2XiHsaSrtFA/dTL5M3bdiA5oMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvQl83WmVJZXhwS3UwVUQ5MU12a3pkdDJJRG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2QwgMA0G
CSqGSIb3DQEBCwUAA4IBAQCq1cG7bzWHv2zV+hHwYzkYrEYEfUrmgIT+9vlFbaAv
rGtTX6GENkXUFDeVuPfwb877A7cnmNngxwkT9ceK8YP82UJ8SvriaxstpeVnRg2/
D7aC55TQ4KTw/JdjXbbhSOnaZuzpalUSAuXltVm2k+d3gU7EO9hT8Wez7lAe2sB9
U9EhBZxGI2WWuXF8NDUvFvfPUp5202raEyb9bB6pyPPkWC1KbAFRT2feFsxre1KD
gu5kqp7kF3LiOD58E12fA/iwk57KZhHXC8ck36pDZxyorXfhntKnlmP39icSiF+S
owruHjJXkLYmElyUAUOl7OvGaXypW5Rbb72tAGfr9tfW
-----END CERTIFICATE-----