Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/f9cnE4SsdeSMhztRP8eW_BMb2Qs.roa
File:                     f9cnE4SsdeSMhztRP8eW_BMb2Qs.roa (raw, json)
Hash identifier:          SOusAogYAop6m6tX95KPUL2JeqDICAUpt4XomdtTFI0=
Subject key identifier:   7F:D7:27:13:84:AC:75:E4:8C:87:3B:51:3F:C7:96:FC:13:1B:D9:0B
Certificate issuer:       /CN=970ebd0469a5c69c1098971caab36fe032ece311
Certificate serial:       018CC801A70FA2A7FE96BE1C01DAED9AA440
Authority key identifier: 97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/f9cnE4SsdeSMhztRP8eW_BMb2Qs.roa
Signing time:             Tue 02 Jan 2024 02:30:00 +0000
ROA not before:           Tue 02 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        149.157.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a7:0f:a2:a7:fe:96:be:1c:01:da:ed:9a:a4:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=970ebd0469a5c69c1098971caab36fe032ece311
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fd7271384ac75e48c873b513fc796fc131bd90b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:19:4a:82:50:c3:4b:57:4a:ec:57:1b:61:18:
                    d8:bf:5f:13:f0:3f:7b:bc:0f:fe:88:b8:08:f6:ee:
                    9a:08:97:5e:c6:d2:6e:d3:a0:1e:43:68:0d:02:95:
                    ea:57:c1:75:5d:4e:c2:f4:b6:ee:db:5d:46:c4:06:
                    fd:f8:ab:ae:16:0c:51:32:e3:c1:06:6b:92:38:aa:
                    04:21:74:68:5e:dd:f7:06:5c:20:45:ab:27:0b:79:
                    4c:68:ff:48:e0:61:fd:44:ee:b2:f0:7b:b8:4c:97:
                    0b:62:10:c9:0a:67:89:5a:39:68:f3:52:ce:32:ac:
                    f8:29:95:7e:08:30:2a:7e:4c:69:aa:7f:4c:da:8c:
                    d9:63:af:aa:6f:92:95:bf:87:ee:99:4c:99:a6:42:
                    43:2b:7c:61:dd:7d:d7:d5:5c:4b:82:6d:33:c3:c0:
                    41:c0:d6:ed:e0:3f:f7:32:4f:9f:a2:e0:20:46:3d:
                    42:ea:36:72:24:25:41:5f:93:c3:c4:43:c7:51:e7:
                    ca:2d:9d:3a:cd:22:59:ae:44:55:a6:5e:f8:84:7b:
                    9b:71:17:69:fc:82:b3:f7:1a:6d:65:07:13:43:ce:
                    12:17:8a:eb:ae:52:4f:12:d0:b6:cf:ea:fe:bd:70:
                    40:b3:e1:84:02:b1:18:b3:20:23:a4:42:d7:b4:fe:
                    22:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D7:27:13:84:AC:75:E4:8C:87:3B:51:3F:C7:96:FC:13:1B:D9:0B
            X509v3 Authority Key Identifier:
                keyid:97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/f9cnE4SsdeSMhztRP8eW_BMb2Qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2f:da:27:cd:20:a3:97:94:e4:b5:db:8b:a6:c7:c2:77:0d:ec:
         ed:c8:8f:95:56:89:36:e7:c8:79:bc:9a:47:87:a0:4b:73:8a:
         84:2b:bd:cc:22:d1:dd:ba:c8:8d:f2:d3:cf:36:8d:13:0a:e2:
         6c:2f:96:52:6a:ab:a6:5f:27:51:f4:cc:cb:89:3e:2c:38:a3:
         c1:09:65:1f:e0:2c:b3:21:8b:ea:a1:c9:e6:25:51:6d:ef:b2:
         1b:6c:a3:d4:33:2c:8c:3e:93:a3:9f:91:9b:0d:65:88:3c:a2:
         f4:1d:4d:19:0e:73:30:54:be:d4:30:23:27:19:1a:a8:0f:50:
         11:ca:a3:c3:6e:32:f9:b7:44:64:5f:e8:d4:d3:4f:c9:f3:76:
         20:03:9a:fe:c2:59:cd:ec:2c:01:ff:90:5a:ac:f0:4c:5b:22:
         ec:2e:10:ac:48:fc:81:91:8f:b9:5e:35:ba:36:77:0d:e1:cc:
         95:e8:4c:95:4c:09:14:0f:6f:2b:23:7f:ab:60:6f:a9:ba:04:
         c6:77:ab:ab:fc:50:63:b9:99:6a:57:ad:0c:b2:74:a1:22:55:
         ee:c2:3a:26:6c:a9:2f:00:a7:ea:7d:f0:87:0e:0e:2e:e7:e4:
         6b:f9:68:b6:c3:30:c8:9e:67:2d:38:b1:5b:87:1e:6a:13:bc:
         22:2d:5e:3a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAacPoqf+lr4cAdrtmqRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MGViZDA0NjlhNWM2OWMxMDk4OTcxY2FhYjM2ZmUwMzJl
Y2UzMTEwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ3MjcxMzg0YWM3NWU0OGM4NzNiNTEzZmM3OTZmYzEzMWJkOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxlKglDDS1dK7FcbYRjYv18T8D97
vA/+iLgI9u6aCJdextJu06AeQ2gNApXqV8F1XU7C9Lbu211GxAb9+KuuFgxRMuPB
BmuSOKoEIXRoXt33BlwgRasnC3lMaP9I4GH9RO6y8Hu4TJcLYhDJCmeJWjlo81LO
Mqz4KZV+CDAqfkxpqn9M2ozZY6+qb5KVv4fumUyZpkJDK3xh3X3X1VxLgm0zw8BB
wNbt4D/3Mk+fouAgRj1C6jZyJCVBX5PDxEPHUefKLZ06zSJZrkRVpl74hHubcRdp
/IKz9xptZQcTQ84SF4rrrlJPEtC2z+r+vXBAs+GEArEYsyAjpELXtP4iLQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFH/XJxOErHXkjIc7UT/HlvwTG9kLMB8GA1UdIwQY
MBaAFJcOvQRppcacEJiXHKqzb+Ay7OMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHc2OUJHbWx4cHdRbUpjY3FyTnY0RExzNHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82MjAwMWEtYTMxMy00ZTMzLWJiMDQt
OTE0YjRiMzRmOTgxLzEvZjljbkU0U3NkZVNNaHp0UlA4ZVdfQk1iMlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82MjAwMWEtYTMxMy00ZTMzLWJiMDQtOTE0YjRiMzRmOTgx
LzEvbHc2OUJHbWx4cHdRbUpjY3FyTnY0RExzNHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlZ0wDQYJ
KoZIhvcNAQELBQADggEBAC/aJ80go5eU5LXbi6bHwncN7O3Ij5VWiTbnyHm8mkeH
oEtzioQrvcwi0d26yI3y0882jRMK4mwvllJqq6ZfJ1H0zMuJPiw4o8EJZR/gLLMh
i+qhyeYlUW3vshtso9QzLIw+k6OfkZsNZYg8ovQdTRkOczBUvtQwIycZGqgPUBHK
o8NuMvm3RGRf6NTTT8nzdiADmv7CWc3sLAH/kFqs8ExbIuwuEKxI/IGRj7leNbo2
dw3hzJXoTJVMCRQPbysjf6tgb6m6BMZ3q6v8UGO5mWpXrQyydKEiVe7COiZsqS8A
p+p98IcODi7n5Gv5aLbDMMieZy04sVuHHmoTvCItXjo=
-----END CERTIFICATE-----