Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/7l56dlrFb9fMabU3WCspPVcuNz8.roa
File:                     7l56dlrFb9fMabU3WCspPVcuNz8.roa (raw, json)
Hash identifier:          BNqxxuIlwtXbBXPbd4qhO3KGAaTZUr0l50Y4l+Brijw=
Subject key identifier:   EE:5E:7A:76:5A:C5:6F:D7:CC:69:B5:37:58:2B:29:3D:57:2E:37:3F
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       019426D95C5CB6AC536211D5A8BF85ED948A
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/7l56dlrFb9fMabU3WCspPVcuNz8.roa
Signing time:             Thu 02 Jan 2025 11:49:26 +0000
ROA not before:           Thu 02 Jan 2025 11:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201931
IP address blocks:        185.217.232.0/23 maxlen: 23
                          2a07:6882::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:5c:5c:b6:ac:53:62:11:d5:a8:bf:85:ed:94:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Jan  2 11:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee5e7a765ac56fd7cc69b537582b293d572e373f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:59:be:97:96:87:af:d4:61:bc:76:29:a1:99:
                    b6:23:9a:22:b1:1e:4b:f7:1a:14:e0:6f:c6:00:3f:
                    62:cf:e5:0c:6b:6b:4a:d6:ff:26:52:2b:2b:a2:81:
                    44:be:8b:26:97:f5:d5:68:bb:68:bf:27:47:e0:de:
                    2f:fd:4c:58:e1:f6:e7:96:5c:37:b2:cc:12:23:db:
                    58:7a:06:89:c8:c9:05:89:4f:60:0a:a6:a3:b7:46:
                    cc:7a:4e:9c:bd:fa:e0:1b:4a:52:15:b3:f1:11:03:
                    94:76:31:54:2d:a4:04:ea:78:bf:2f:9f:93:33:24:
                    ee:9c:9b:fb:b8:d6:e5:19:f4:4c:9f:01:7a:52:1d:
                    4c:ac:b9:ab:ea:e3:1c:89:e4:eb:4d:c0:4b:53:d3:
                    9e:e9:5c:60:36:6b:97:9f:2e:c0:70:1d:91:6f:82:
                    56:91:c9:ce:c0:a4:6e:23:48:09:e9:1a:fa:47:43:
                    3c:91:ef:a2:13:c1:9e:b3:70:38:d2:b6:9f:fd:61:
                    68:ad:a3:59:84:91:ad:36:30:cd:3d:22:5b:3d:bb:
                    ef:bb:fb:60:d6:46:67:0d:60:79:22:50:18:4a:95:
                    20:a5:23:51:46:9c:6f:71:ff:1b:90:07:64:23:04:
                    17:ad:3f:ae:67:f3:a6:b3:c1:49:1f:8a:0a:ee:a4:
                    18:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:5E:7A:76:5A:C5:6F:D7:CC:69:B5:37:58:2B:29:3D:57:2E:37:3F
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/7l56dlrFb9fMabU3WCspPVcuNz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.232.0/23
                IPv6:
                  2a07:6882::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:cd:a5:2f:4f:dc:32:f8:2f:4d:5d:f6:a0:fa:cc:39:04:9c:
         36:36:35:fe:75:c6:ca:1a:79:95:ab:e8:71:ee:85:f1:b2:49:
         84:2e:82:8e:7e:7b:5b:62:e4:21:9a:61:ec:23:5f:bf:bf:ff:
         7f:78:4f:7b:4b:46:60:81:27:bb:91:6b:9d:39:78:bf:b9:62:
         22:dd:21:70:ce:b4:ff:96:f7:da:3b:04:e5:4d:1e:98:70:0f:
         83:8c:48:1a:cf:94:be:5c:4e:40:1e:ab:b5:18:59:6f:78:db:
         22:bf:e9:f0:9a:f1:b1:cd:d8:2e:83:72:db:17:9e:ca:f4:0a:
         27:77:a4:86:64:1b:5d:1c:6a:62:35:44:23:6c:2a:1c:dc:09:
         a2:ec:b5:78:4f:62:09:fd:47:02:ee:87:e2:3c:1c:cf:38:31:
         c7:fa:9e:08:bc:11:d2:a0:22:c8:c3:a7:85:db:ba:10:c3:73:
         0f:9a:a7:39:ac:39:a9:96:03:3e:f2:51:79:6f:8d:9e:cf:46:
         de:4d:1a:1e:d1:17:10:ce:f5:15:df:3f:3f:b1:c8:fb:44:91:
         f8:59:bc:c0:41:55:b1:5f:82:df:fe:c5:6a:a4:14:60:3a:bf:
         fb:a6:ae:e7:7e:18:6e:f5:d5:16:d6:14:3b:70:23:d4:88:ea:
         bc:b1:ee:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2VxctqxTYhHVqL+F7ZSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjUwMTAyMTE0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTVlN2E3NjVhYzU2ZmQ3Y2M2OWI1Mzc1ODJiMjkzZDU3MmUzNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Vm+l5aHr9RhvHYpoZm2I5oisR5L
9xoU4G/GAD9iz+UMa2tK1v8mUisrooFEvosml/XVaLtovydH4N4v/UxY4fbnllw3
sswSI9tYegaJyMkFiU9gCqajt0bMek6cvfrgG0pSFbPxEQOUdjFULaQE6ni/L5+T
MyTunJv7uNblGfRMnwF6Uh1MrLmr6uMcieTrTcBLU9Oe6VxgNmuXny7AcB2Rb4JW
kcnOwKRuI0gJ6Rr6R0M8ke+iE8Ges3A40raf/WForaNZhJGtNjDNPSJbPbvvu/tg
1kZnDWB5IlAYSpUgpSNRRpxvcf8bkAdkIwQXrT+uZ/Oms8FJH4oK7qQYewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO5eenZaxW/XzGm1N1grKT1XLjc/MB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvN2w1NmRsckZiOWZNYWJVM1dDc3BQVmN1Tno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBudnoMA0E
AgACMAcDBQAqB2iCMA0GCSqGSIb3DQEBCwUAA4IBAQBTzaUvT9wy+C9NXfag+sw5
BJw2NjX+dcbKGnmVq+hx7oXxskmELoKOfntbYuQhmmHsI1+/v/9/eE97S0ZggSe7
kWudOXi/uWIi3SFwzrT/lvfaOwTlTR6YcA+DjEgaz5S+XE5AHqu1GFlveNsiv+nw
mvGxzdgug3LbF57K9Aond6SGZBtdHGpiNUQjbCoc3Ami7LV4T2IJ/UcC7ofiPBzP
ODHH+p4IvBHSoCLIw6eF27oQw3MPmqc5rDmplgM+8lF5b42ez0beTRoe0RcQzvUV
3z8/scj7RJH4WbzAQVWxX4Lf/sVqpBRgOr/7pq7nfhhu9dUW1hQ7cCPUiOq8se4N
-----END CERTIFICATE-----