Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/fa6f43-7dd1-405b-8dce-29b038084aa6/1/j7xm2TL2edJEIsEXDX3K9W3A07s.roa
File:                     j7xm2TL2edJEIsEXDX3K9W3A07s.roa (raw, json)
Hash identifier:          f3oFH1qaB8EC7z4II3mWRmbq4Qhg1+UD2V6ZYVncT98=
Subject key identifier:   8F:BC:66:D9:32:F6:79:D2:44:22:C1:17:0D:7D:CA:F5:6D:C0:D3:BB
Certificate issuer:       /CN=061e2554e52037781d107c8f8319c93e59986f05
Certificate serial:       018CCA2A06211C79CE8E735E7BFAA4C3400F
Authority key identifier: 06:1E:25:54:E5:20:37:78:1D:10:7C:8F:83:19:C9:3E:59:98:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bh4lVOUgN3gdEHyPgxnJPlmYbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/fa6f43-7dd1-405b-8dce-29b038084aa6/1/j7xm2TL2edJEIsEXDX3K9W3A07s.roa
Signing time:             Tue 02 Jan 2024 12:33:20 +0000
ROA not before:           Tue 02 Jan 2024 12:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.137.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/fa6f43-7dd1-405b-8dce-29b038084aa6/1/Bh4lVOUgN3gdEHyPgxnJPlmYbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/fa6f43-7dd1-405b-8dce-29b038084aa6/1/Bh4lVOUgN3gdEHyPgxnJPlmYbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bh4lVOUgN3gdEHyPgxnJPlmYbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:06:21:1c:79:ce:8e:73:5e:7b:fa:a4:c3:40:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=061e2554e52037781d107c8f8319c93e59986f05
        Validity
            Not Before: Jan  2 12:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fbc66d932f679d24422c1170d7dcaf56dc0d3bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7d:25:ed:37:d1:de:cf:ad:89:54:33:72:b4:
                    e7:a4:f0:00:0c:da:15:49:80:74:84:a3:b7:bd:01:
                    3a:ff:28:bf:9f:6c:62:3c:a2:78:4a:31:85:3c:37:
                    69:d6:61:ac:55:9d:a1:68:03:88:79:84:37:d6:bf:
                    0e:cf:38:13:6d:5a:a8:4f:81:2e:f4:08:dd:ba:13:
                    90:af:3f:e3:0c:41:66:ee:ba:b7:4f:e2:02:94:c0:
                    b9:3d:4b:f7:54:61:87:20:06:6c:03:96:2e:d2:e4:
                    1a:73:21:23:dd:22:27:ec:70:2b:4c:56:04:36:46:
                    52:9e:8f:a4:0e:8a:0c:f0:fc:76:a3:41:36:0e:2b:
                    9c:6c:72:7f:c4:9e:c5:8c:4f:7f:c3:f6:34:eb:a3:
                    a4:85:0b:a9:7c:a9:e4:bf:fb:c6:44:40:2a:79:21:
                    67:e5:00:d3:88:d5:15:dc:58:20:4b:f7:31:96:19:
                    c3:b9:31:1d:8a:02:15:da:23:8b:2e:2e:41:40:ca:
                    0a:8c:32:d4:5d:58:58:aa:85:ec:53:36:b4:95:5f:
                    56:e0:f9:84:70:61:d6:e3:37:c5:cb:52:51:f9:17:
                    74:92:e9:a9:e4:ec:18:c0:a2:13:65:ea:72:04:3a:
                    3e:1a:9f:16:51:81:0b:84:4c:d4:e1:4d:93:5b:5f:
                    4d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:BC:66:D9:32:F6:79:D2:44:22:C1:17:0D:7D:CA:F5:6D:C0:D3:BB
            X509v3 Authority Key Identifier:
                keyid:06:1E:25:54:E5:20:37:78:1D:10:7C:8F:83:19:C9:3E:59:98:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bh4lVOUgN3gdEHyPgxnJPlmYbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/fa6f43-7dd1-405b-8dce-29b038084aa6/1/j7xm2TL2edJEIsEXDX3K9W3A07s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/fa6f43-7dd1-405b-8dce-29b038084aa6/1/Bh4lVOUgN3gdEHyPgxnJPlmYbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:df:d9:d5:55:f1:28:ad:f0:3b:bb:cf:b4:bd:52:f9:f7:a3:
         30:b7:a7:08:14:32:0b:98:2a:e6:5b:0b:48:84:47:ae:12:00:
         e2:3e:3c:04:5f:41:52:11:78:15:1b:cc:61:a6:81:0c:1b:37:
         0c:0c:65:1f:9c:a8:29:30:7e:c0:73:7e:ff:39:e3:15:91:c3:
         fb:58:fe:72:17:f9:26:72:df:f6:27:9b:94:29:46:37:07:9e:
         b7:27:e2:02:ae:38:44:93:ca:e6:8e:da:fb:53:1a:6d:de:ea:
         97:56:9f:38:b2:ab:5c:94:0b:27:3c:2f:c4:c5:9f:e3:66:91:
         fa:4d:22:f3:76:d1:95:1d:d6:a4:84:88:c8:ce:b7:ee:de:50:
         2d:09:29:9c:2c:c6:1a:11:76:f6:21:56:8d:8a:ec:a3:97:fc:
         4d:f9:93:aa:d6:b0:a0:31:5e:dd:ad:76:c1:7b:4c:17:e8:3d:
         7b:31:dc:e8:e7:57:df:a6:75:c3:b3:7e:55:75:c5:ac:12:ea:
         5a:1c:5a:9b:dc:4e:83:d4:b7:b7:09:4f:20:af:6a:88:55:7f:
         46:51:af:02:bb:71:28:25:66:97:a9:5c:dd:42:5e:e3:8e:e3:
         7b:18:24:c6:18:ff:6e:67:e9:f4:6c:67:9b:b7:66:51:7c:ef:
         b6:37:bf:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgYhHHnOjnNee/qkw0APMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MWUyNTU0ZTUyMDM3NzgxZDEwN2M4ZjgzMTljOTNlNTk5
ODZmMDUwHhcNMjQwMTAyMTIzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmJjNjZkOTMyZjY3OWQyNDQyMmMxMTcwZDdkY2FmNTZkYzBkM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArH0l7TfR3s+tiVQzcrTnpPAADNoV
SYB0hKO3vQE6/yi/n2xiPKJ4SjGFPDdp1mGsVZ2haAOIeYQ31r8OzzgTbVqoT4Eu
9AjduhOQrz/jDEFm7rq3T+IClMC5PUv3VGGHIAZsA5Yu0uQacyEj3SIn7HArTFYE
NkZSno+kDooM8Px2o0E2DiucbHJ/xJ7FjE9/w/Y066OkhQupfKnkv/vGREAqeSFn
5QDTiNUV3FggS/cxlhnDuTEdigIV2iOLLi5BQMoKjDLUXVhYqoXsUza0lV9W4PmE
cGHW4zfFy1JR+Rd0kump5OwYwKITZepyBDo+Gp8WUYELhEzU4U2TW19N9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+8Ztky9nnSRCLBFw19yvVtwNO7MB8GA1UdIwQY
MBaAFAYeJVTlIDd4HRB8j4MZyT5ZmG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmg0bFZPVWdOM2dkRUh5UGd4bkpQbG1ZYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mYTZmNDMtN2RkMS00MDViLThkY2Ut
MjliMDM4MDg0YWE2LzEvajd4bTJUTDJlZEpFSXNFWERYM0s5VzNBMDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mYTZmNDMtN2RkMS00MDViLThkY2UtMjliMDM4MDg0YWE2
LzEvQmg0bFZPVWdOM2dkRUh5UGd4bkpQbG1ZYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYmmMA0G
CSqGSIb3DQEBCwUAA4IBAQBd39nVVfEorfA7u8+0vVL596Mwt6cIFDILmCrmWwtI
hEeuEgDiPjwEX0FSEXgVG8xhpoEMGzcMDGUfnKgpMH7Ac37/OeMVkcP7WP5yF/km
ct/2J5uUKUY3B563J+ICrjhEk8rmjtr7Uxpt3uqXVp84sqtclAsnPC/ExZ/jZpH6
TSLzdtGVHdakhIjIzrfu3lAtCSmcLMYaEXb2IVaNiuyjl/xN+ZOq1rCgMV7drXbB
e0wX6D17Mdzo51ffpnXDs35VdcWsEupaHFqb3E6D1Le3CU8gr2qIVX9GUa8Cu3Eo
JWaXqVzdQl7jjuN7GCTGGP9uZ+n0bGebt2ZRfO+2N7//
-----END CERTIFICATE-----