Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/7krjxGJSIb7axDgZ8IKM3D-VvZw.roa
File:                     7krjxGJSIb7axDgZ8IKM3D-VvZw.roa (raw, json)
Hash identifier:          MCYrAkIhFrzchIRLetqz1/A4It085NmM60S7m+YC5OA=
Subject key identifier:   EE:4A:E3:C4:62:52:21:BE:DA:C4:38:19:F0:82:8C:DC:3F:95:BD:9C
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       0191C1E3BA07C4039E36ADDAAB381F8B0EAC
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/7krjxGJSIb7axDgZ8IKM3D-VvZw.roa
Signing time:             Thu 05 Sep 2024 11:13:32 +0000
ROA not before:           Thu 05 Sep 2024 11:13:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3216
IP address blocks:        141.101.217.0/24 maxlen: 24
                          141.101.218.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c1:e3:ba:07:c4:03:9e:36:ad:da:ab:38:1f:8b:0e:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Sep  5 11:13:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee4ae3c4625221bedac43819f0828cdc3f95bd9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:53:64:85:5d:b1:8b:77:c1:5a:2b:59:33:a2:
                    a3:06:33:97:c0:63:05:b0:35:f7:28:5d:92:ab:b3:
                    0d:ef:c0:bf:f0:f5:22:de:34:9d:13:13:ba:ea:5b:
                    e2:ee:23:f4:4a:3a:d0:e7:83:5d:3a:9c:11:1e:bf:
                    3a:97:da:32:35:ca:66:04:52:07:c8:1e:7b:09:84:
                    4e:72:28:5d:6f:4e:44:f8:51:27:ce:d1:e9:b2:3b:
                    c6:a5:cb:28:b9:ff:b5:46:cf:eb:b1:a8:d6:9a:d7:
                    ed:aa:ab:06:fb:e9:44:3c:a9:94:36:2c:64:56:c4:
                    8f:d9:dd:71:d7:99:75:13:82:94:67:7e:9d:1d:4e:
                    a4:12:d9:73:59:6e:d6:57:50:e5:76:23:8e:05:24:
                    61:1d:b8:5a:23:fc:36:b0:cb:b2:cf:85:ea:92:f8:
                    29:71:14:ee:b9:10:ee:af:77:a3:91:a5:86:36:2d:
                    14:4a:19:f4:2c:67:a3:53:16:95:12:b6:ea:e7:b8:
                    ba:e2:5d:d2:3e:e6:f3:28:2d:ec:57:68:ac:39:f3:
                    cd:ae:46:fa:1d:0c:bd:df:2f:4e:e0:aa:87:4d:f1:
                    f8:a2:0c:47:c6:3b:af:ad:0a:28:62:02:00:7b:63:
                    30:75:24:b3:cd:1f:18:bd:9b:da:6f:27:d0:cd:4d:
                    39:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:4A:E3:C4:62:52:21:BE:DA:C4:38:19:F0:82:8C:DC:3F:95:BD:9C
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/7krjxGJSIb7axDgZ8IKM3D-VvZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.217.0-141.101.219.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:2c:71:ca:55:17:cb:0d:4a:36:40:50:cf:7a:cd:f5:57:fa:
         80:a6:f3:74:78:4f:7d:05:fa:f3:b6:a5:72:12:f6:16:64:22:
         14:76:a1:0d:ed:77:85:16:23:12:b1:f1:4b:25:6a:d2:02:a8:
         ea:fb:b2:a2:4c:07:f6:72:c7:09:7d:dc:f2:e0:fb:3e:16:52:
         fd:c6:c5:37:25:82:b4:29:92:5d:d9:bb:52:85:08:d7:7d:e4:
         0d:d5:94:df:c8:06:14:91:2f:d2:0c:e6:f6:b6:ac:c4:3a:c3:
         65:61:89:bd:d0:3c:67:e2:4c:dd:35:32:c8:d5:a8:d1:9e:f8:
         6e:e6:c0:e6:9a:dd:1d:62:eb:09:fe:7b:6d:bc:36:5c:fd:84:
         e8:45:98:47:27:46:c0:49:2c:13:00:b6:44:7a:01:6e:e6:df:
         8d:25:55:89:43:c1:3c:b9:c3:96:2a:f1:67:b2:4a:ad:12:50:
         a8:d3:68:a9:dc:45:0c:b9:03:40:46:eb:51:57:28:9c:3d:89:
         c2:16:6f:1e:a7:9a:68:bc:89:32:4b:57:3d:af:d7:f0:2e:f5:
         1f:fb:df:d9:e9:7e:bb:3e:63:17:88:89:6b:32:7f:9f:59:c6:
         a0:bd:07:4c:c6:f4:bc:76:79:b2:87:cb:09:f1:15:97:4a:42:
         34:39:14:4d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZHB47oHxAOeNq3aqzgfiw6sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwOTA1MTExMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTRhZTNjNDYyNTIyMWJlZGFjNDM4MTlmMDgyOGNkYzNmOTViZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFNkhV2xi3fBWitZM6KjBjOXwGMF
sDX3KF2Sq7MN78C/8PUi3jSdExO66lvi7iP0SjrQ54NdOpwRHr86l9oyNcpmBFIH
yB57CYROcihdb05E+FEnztHpsjvGpcsouf+1Rs/rsajWmtftqqsG++lEPKmUNixk
VsSP2d1x15l1E4KUZ36dHU6kEtlzWW7WV1DldiOOBSRhHbhaI/w2sMuyz4Xqkvgp
cRTuuRDur3ejkaWGNi0UShn0LGejUxaVErbq57i64l3SPubzKC3sV2isOfPNrkb6
HQy93y9O4KqHTfH4ogxHxjuvrQooYgIAe2MwdSSzzR8YvZvabyfQzU056wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO5K48RiUiG+2sQ4GfCCjNw/lb2cMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvN2tyanhHSlNJYjdheERnWjhJS00zRC1Wdlp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACNZdkD
BAKNZdgwDQYJKoZIhvcNAQELBQADggEBADosccpVF8sNSjZAUM96zfVX+oCm83R4
T30F+vO2pXIS9hZkIhR2oQ3td4UWIxKx8UslatICqOr7sqJMB/Zyxwl93PLg+z4W
Uv3GxTclgrQpkl3Zu1KFCNd95A3VlN/IBhSRL9IM5va2rMQ6w2Vhib3QPGfiTN01
MsjVqNGe+G7mwOaa3R1i6wn+e228Nlz9hOhFmEcnRsBJLBMAtkR6AW7m340lVYlD
wTy5w5Yq8WeySq0SUKjTaKncRQy5A0BG61FXKJw9icIWbx6nmmi8iTJLVz2v1/Au
9R/739npfrs+YxeIiWsyf59ZxqC9B0zG9Lx2ebKHywnxFZdKQjQ5FE0=
-----END CERTIFICATE-----