Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/7nTlCZgU8i_OoyupSzx4fGtIS6c.roa
File:                     7nTlCZgU8i_OoyupSzx4fGtIS6c.roa (raw, json)
Hash identifier:          NFylJypgvn2N1Z0Y4ZWsqRFkazz8BPWxvKGD78AB5SU=
Subject key identifier:   EE:74:E5:09:98:14:F2:2F:CE:A3:2B:A9:4B:3C:78:7C:6B:48:4B:A7
Certificate issuer:       /CN=f1c49833f439b9e0677d8d3bf1f52dfbfb2c624f
Certificate serial:       018CC6B790DBFDBB5AB7A8C7E03B7E6B3E9C
Authority key identifier: F1:C4:98:33:F4:39:B9:E0:67:7D:8D:3B:F1:F5:2D:FB:FB:2C:62:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8cSYM_Q5ueBnfY078fUt-_ssYk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/7nTlCZgU8i_OoyupSzx4fGtIS6c.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        194.11.212.0/24 maxlen: 24
                          194.11.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/8cSYM_Q5ueBnfY078fUt-_ssYk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/8cSYM_Q5ueBnfY078fUt-_ssYk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8cSYM_Q5ueBnfY078fUt-_ssYk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:90:db:fd:bb:5a:b7:a8:c7:e0:3b:7e:6b:3e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1c49833f439b9e0677d8d3bf1f52dfbfb2c624f
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee74e5099814f22fcea32ba94b3c787c6b484ba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:de:51:c4:7d:9b:02:c5:88:31:33:35:6b:b7:
                    78:0d:9b:b5:1c:85:43:da:fa:3f:e9:4b:68:da:a2:
                    45:1d:ca:73:49:1f:5d:7e:74:3e:dd:e7:43:59:36:
                    ab:9b:e8:f4:b4:e9:9f:7c:ab:ca:34:54:3c:f5:62:
                    19:bc:c5:11:0e:ba:ce:5d:20:46:02:d8:58:97:2d:
                    77:0e:07:65:d2:9e:be:49:31:1a:62:1d:41:ae:aa:
                    f2:46:3a:a6:6c:d8:fd:b4:f6:f9:36:12:19:a0:02:
                    3f:ad:38:3e:e9:36:e4:ad:54:9b:d8:4e:25:1e:db:
                    b3:ad:60:46:a3:d7:58:36:b8:4a:01:c5:d8:73:1b:
                    ac:5c:6c:dc:56:89:f1:a9:dc:cc:00:f4:10:b9:51:
                    bc:32:5d:1a:d3:cd:f2:05:27:23:ab:b2:ae:bb:cf:
                    1a:88:29:87:87:ad:c2:27:40:54:16:dc:ea:0e:0f:
                    0b:0e:f8:ca:b9:9e:13:d0:76:a3:f7:2c:b4:54:76:
                    5e:6f:ca:ba:5c:ea:5a:32:5b:3d:98:59:07:58:59:
                    2c:5e:89:84:07:e0:50:c6:f9:b9:4f:78:54:95:d2:
                    c9:14:f3:e5:d6:2d:04:fe:d1:8f:62:8d:3c:bd:7f:
                    a3:a5:77:c9:3a:ab:b4:98:a2:f8:da:91:d1:d6:ed:
                    fc:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:74:E5:09:98:14:F2:2F:CE:A3:2B:A9:4B:3C:78:7C:6B:48:4B:A7
            X509v3 Authority Key Identifier:
                keyid:F1:C4:98:33:F4:39:B9:E0:67:7D:8D:3B:F1:F5:2D:FB:FB:2C:62:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8cSYM_Q5ueBnfY078fUt-_ssYk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/7nTlCZgU8i_OoyupSzx4fGtIS6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/8cSYM_Q5ueBnfY078fUt-_ssYk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.207.0/24
                  194.11.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d5:b5:c8:33:d9:33:00:aa:3c:b9:4b:43:a7:98:0c:12:e2:
         7f:8d:17:a7:11:a1:2d:72:7b:db:0a:62:92:c0:6c:58:dd:bb:
         d8:e0:aa:2d:a7:a7:3f:2f:c1:ce:e1:46:d3:0b:fa:8a:21:fc:
         c8:b1:17:45:ea:36:ae:51:c2:2e:68:d2:75:c9:19:5b:ee:e3:
         17:63:9f:46:7f:e3:77:bc:06:65:47:a1:d9:6a:f2:7f:ca:3b:
         c4:65:5a:45:af:b6:28:40:41:1f:94:0d:1d:2e:71:41:8c:f8:
         e4:63:c3:69:60:2f:b3:9d:05:03:00:41:ed:a4:84:17:ff:b6:
         32:26:68:28:52:7e:67:8d:10:62:5a:96:60:8d:4f:38:07:19:
         fc:2b:69:a1:86:2e:31:b7:b7:89:e7:29:19:1a:f4:bf:5e:52:
         df:c1:dc:6d:ec:74:a5:0f:b7:14:f2:7f:78:d9:cf:2a:30:70:
         cb:e8:71:95:40:8b:dc:ce:20:44:4d:b0:61:1f:24:04:d7:ec:
         bc:87:a7:fa:c5:63:72:a4:80:86:e8:b0:5b:82:e3:4c:cb:ea:
         a2:8a:80:6b:fb:34:a5:3f:40:7a:30:58:9b:34:bf:c2:d7:db:
         ef:8f:3b:9e:cf:cb:91:c3:8d:16:e7:13:ba:03:e0:7b:42:dc:
         00:01:2a:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt5Db/btat6jH4Dt+az6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYzQ5ODMzZjQzOWI5ZTA2NzdkOGQzYmYxZjUyZGZiZmIy
YzYyNGYwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTc0ZTUwOTk4MTRmMjJmY2VhMzJiYTk0YjNjNzg3YzZiNDg0YmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN5RxH2bAsWIMTM1a7d4DZu1HIVD
2vo/6Uto2qJFHcpzSR9dfnQ+3edDWTarm+j0tOmffKvKNFQ89WIZvMURDrrOXSBG
AthYly13Dgdl0p6+STEaYh1BrqryRjqmbNj9tPb5NhIZoAI/rTg+6TbkrVSb2E4l
HtuzrWBGo9dYNrhKAcXYcxusXGzcVonxqdzMAPQQuVG8Ml0a083yBScjq7Kuu88a
iCmHh63CJ0BUFtzqDg8LDvjKuZ4T0Haj9yy0VHZeb8q6XOpaMls9mFkHWFksXomE
B+BQxvm5T3hUldLJFPPl1i0E/tGPYo08vX+jpXfJOqu0mKL42pHR1u38wQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO505QmYFPIvzqMrqUs8eHxrSEunMB8GA1UdIwQY
MBaAFPHEmDP0ObngZ32NO/H1Lfv7LGJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGNTWU1fUTV1ZUJuZlkwNzhmVXQtX3NzWWs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8zYWUzNzktNzllMS00NmFiLWIwNGQt
MGYwZmE2YjZlNGJkLzEvN25UbENaZ1U4aV9Pb3l1cFN6eDRmR3RJUzZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8zYWUzNzktNzllMS00NmFiLWIwNGQtMGYwZmE2YjZlNGJk
LzEvOGNTWU1fUTV1ZUJuZlkwNzhmVXQtX3NzWWs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwgvPAwQA
wgvUMA0GCSqGSIb3DQEBCwUAA4IBAQA11bXIM9kzAKo8uUtDp5gMEuJ/jRenEaEt
cnvbCmKSwGxY3bvY4Kotp6c/L8HO4UbTC/qKIfzIsRdF6jauUcIuaNJ1yRlb7uMX
Y59Gf+N3vAZlR6HZavJ/yjvEZVpFr7YoQEEflA0dLnFBjPjkY8NpYC+znQUDAEHt
pIQX/7YyJmgoUn5njRBiWpZgjU84Bxn8K2mhhi4xt7eJ5ykZGvS/XlLfwdxt7HSl
D7cU8n942c8qMHDL6HGVQIvcziBETbBhHyQE1+y8h6f6xWNypICG6LBbguNMy+qi
ioBr+zSlP0B6MFibNL/C19vvjzuez8uRw40W5xO6A+B7QtwAASpF
-----END CERTIFICATE-----