Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/7_5DEvBLZrcUSLFgSHeEBjqVCWg.roa
File:                     7_5DEvBLZrcUSLFgSHeEBjqVCWg.roa (raw, json)
Hash identifier:          1jl/hTprRpNQ7g0H7ZGExCXo7Gjz6z7EqaFomXXV9Lg=
Subject key identifier:   EF:FE:43:12:F0:4B:66:B7:14:48:B1:60:48:77:84:06:3A:95:09:68
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018CC801D68AED99BD38CDE4A6040BF0A1A8
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/7_5DEvBLZrcUSLFgSHeEBjqVCWg.roa
Signing time:             Tue 02 Jan 2024 02:30:12 +0000
ROA not before:           Tue 02 Jan 2024 02:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35536
IP address blocks:        94.124.116.0/24 maxlen: 24
                          2a09:6:6::/48 maxlen: 48
                          2a09:7:2003::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d6:8a:ed:99:bd:38:cd:e4:a6:04:0b:f0:a1:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  2 02:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=effe4312f04b66b71448b160487784063a950968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c2:4c:53:58:7b:eb:f2:63:45:75:b6:34:a8:
                    7e:8e:d2:91:8c:f3:e3:29:a8:45:6b:e7:79:d6:33:
                    b4:78:a0:7a:f6:0d:b7:4f:ee:c1:7a:11:67:6c:8f:
                    f9:f8:78:cf:aa:5e:2e:01:51:1b:fe:15:4a:9c:d9:
                    01:81:b5:13:7c:75:1a:83:c3:ce:a8:59:4e:2c:b2:
                    21:4b:1a:8b:38:c0:46:f4:ca:4c:95:22:4b:ef:9f:
                    a5:5d:e5:62:9e:0f:75:7d:a8:f0:6a:3f:42:c1:f4:
                    7c:31:22:9d:a5:bc:c2:56:79:14:2a:76:a0:74:06:
                    18:95:85:c7:c6:f6:72:5b:50:e8:03:7c:7c:b7:68:
                    5c:d9:48:9e:14:22:d5:35:b8:b8:c6:55:81:68:21:
                    ae:0f:a5:0a:2c:15:04:08:3b:cb:9e:54:66:b7:1e:
                    f4:6b:17:0e:11:5c:6b:14:78:a3:8a:6c:e4:00:9a:
                    25:10:2f:00:20:fe:8c:fe:39:79:f3:7b:16:7f:8b:
                    96:da:f1:3d:ac:0b:aa:24:92:3c:28:33:ff:9c:a6:
                    90:13:d0:95:96:da:dc:2e:61:9c:8e:24:e9:f3:aa:
                    76:ed:65:68:fd:f1:f8:f6:cf:78:96:2f:ad:c3:c1:
                    f3:a0:69:42:93:92:4a:26:49:93:52:d1:e9:d9:d5:
                    4c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:FE:43:12:F0:4B:66:B7:14:48:B1:60:48:77:84:06:3A:95:09:68
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/7_5DEvBLZrcUSLFgSHeEBjqVCWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.116.0/24
                IPv6:
                  2a09:6:6::/48
                  2a09:7:2003::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:19:de:12:00:bf:60:8e:5c:26:7f:d3:7d:ca:42:01:f9:3b:
         dc:f2:f4:09:87:f5:1b:fa:04:2f:d9:a6:e3:93:ae:99:27:7d:
         59:eb:5d:75:09:12:90:e5:00:74:03:cf:bf:32:bd:7b:65:31:
         68:17:0d:1e:6d:da:37:58:4d:da:0d:6e:0f:26:4c:67:d2:74:
         da:da:b9:99:5c:07:14:eb:63:d8:67:66:5a:4b:43:65:96:77:
         1d:80:36:77:d8:39:e7:2f:bc:f6:f3:e7:e2:8f:2d:3b:e0:0b:
         66:6a:b8:60:6b:d8:71:01:23:44:b0:05:e5:b0:a0:99:b1:6a:
         76:f5:03:eb:09:f4:28:4c:5e:15:fd:0d:df:1b:9a:32:6c:2e:
         72:0f:b2:a7:31:c8:c1:97:41:94:a6:eb:ab:b9:bf:a7:3b:e6:
         ed:6f:f6:55:28:65:c7:72:59:c7:15:ea:42:d9:e9:bb:76:a9:
         96:9e:6e:2a:f7:92:4c:cb:68:e3:76:3e:d3:20:da:34:5e:7f:
         c3:3b:ec:91:0f:b4:00:a9:3f:50:fb:70:38:78:f6:2f:56:a0:
         cd:01:7a:2c:8d:0b:64:6f:69:3d:ab:6d:bc:b1:8f:1b:64:66:
         22:b7:28:3a:3d:17:a0:46:87:da:7a:80:cf:73:84:eb:c5:c5:
         d2:2e:d4:90
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzIAdaK7Zm9OM3kpgQL8KGoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwMTAyMDIzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmZlNDMxMmYwNGI2NmI3MTQ0OGIxNjA0ODc3ODQwNjNhOTUwOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMJMU1h76/JjRXW2NKh+jtKRjPPj
KahFa+d51jO0eKB69g23T+7BehFnbI/5+HjPql4uAVEb/hVKnNkBgbUTfHUag8PO
qFlOLLIhSxqLOMBG9MpMlSJL75+lXeVing91fajwaj9CwfR8MSKdpbzCVnkUKnag
dAYYlYXHxvZyW1DoA3x8t2hc2UieFCLVNbi4xlWBaCGuD6UKLBUECDvLnlRmtx70
axcOEVxrFHijimzkAJolEC8AIP6M/jl583sWf4uW2vE9rAuqJJI8KDP/nKaQE9CV
ltrcLmGcjiTp86p27WVo/fH49s94li+tw8HzoGlCk5JKJkmTUtHp2dVMhwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFO/+QxLwS2a3FEixYEh3hAY6lQloMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvN181REV2QkxacmNVU0xGZ1NIZUVCanFWQ1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAXnx0MBgE
AgACMBIDBwAqCQAGAAYDBwAqCQAHIAMwDQYJKoZIhvcNAQELBQADggEBAIYZ3hIA
v2COXCZ/033KQgH5O9zy9AmH9Rv6BC/ZpuOTrpknfVnrXXUJEpDlAHQDz78yvXtl
MWgXDR5t2jdYTdoNbg8mTGfSdNrauZlcBxTrY9hnZlpLQ2WWdx2ANnfYOecvvPbz
5+KPLTvgC2ZquGBr2HEBI0SwBeWwoJmxanb1A+sJ9ChMXhX9Dd8bmjJsLnIPsqcx
yMGXQZSm66u5v6c75u1v9lUoZcdyWccV6kLZ6bt2qZaebir3kkzLaON2PtMg2jRe
f8M77JEPtACpP1D7cDh49i9WoM0BeiyNC2RvaT2rbbyxjxtkZiK3KDo9F6BGh9p6
gM9zhOvFxdIu1JA=
-----END CERTIFICATE-----