Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/7qdYD4lN9EwSOakdR5dgcN2pqE0.roa
File:                     7qdYD4lN9EwSOakdR5dgcN2pqE0.roa (raw, json)
Hash identifier:          wfRJ/6jIE4ufk9ZLk2OXNLcYwCI7HikdXXSBDHB3T7I=
Subject key identifier:   EE:A7:58:0F:89:4D:F4:4C:12:39:A9:1D:47:97:60:70:DD:A9:A8:4D
Certificate issuer:       /CN=69d731fa4dd292c0c0532eea6967cec0790745aa
Certificate serial:       018CC8DF1B0410AAE4D9CB3918BE0EB44B7E
Authority key identifier: 69:D7:31:FA:4D:D2:92:C0:C0:53:2E:EA:69:67:CE:C0:79:07:45:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/adcx-k3SksDAUy7qaWfOwHkHRao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/7qdYD4lN9EwSOakdR5dgcN2pqE0.roa
Signing time:             Tue 02 Jan 2024 06:31:53 +0000
ROA not before:           Tue 02 Jan 2024 06:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211809
IP address blocks:        185.96.32.0/22 maxlen: 24
                          2a13:eb00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/adcx-k3SksDAUy7qaWfOwHkHRao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/adcx-k3SksDAUy7qaWfOwHkHRao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/adcx-k3SksDAUy7qaWfOwHkHRao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 03:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:1b:04:10:aa:e4:d9:cb:39:18:be:0e:b4:4b:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69d731fa4dd292c0c0532eea6967cec0790745aa
        Validity
            Not Before: Jan  2 06:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eea7580f894df44c1239a91d47976070dda9a84d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5b:a0:38:f0:4f:2a:56:23:a1:7b:05:a9:e5:
                    54:e4:3d:ca:51:10:5f:05:d7:75:65:c6:a2:78:02:
                    d0:38:22:14:22:10:f2:ff:5b:b1:5a:39:f7:7d:6c:
                    88:e0:db:59:cc:fe:dd:a4:df:f3:c8:93:94:86:86:
                    c0:c0:70:b3:40:76:d1:f2:d4:dc:74:ef:8d:63:54:
                    8d:ba:21:57:00:5d:cd:ca:bc:8d:e7:ab:e0:c0:7a:
                    90:44:c7:2e:ef:1c:db:0b:61:b7:ad:b7:cb:00:e1:
                    30:e3:5d:5f:4e:70:6c:28:60:66:a3:c0:86:5f:92:
                    68:a1:be:f8:08:67:e3:af:ad:3e:56:83:18:69:b0:
                    99:cf:00:68:01:f7:03:57:77:a8:db:65:c7:0f:a0:
                    d7:e1:e5:aa:29:08:16:cf:b4:76:ae:64:2e:1f:c3:
                    9b:09:09:5b:b6:fe:45:14:28:2f:16:97:f4:fb:1c:
                    eb:3f:7f:b6:7a:8d:33:99:38:1f:fe:f0:ab:7d:61:
                    7f:d8:20:8f:88:c0:28:5c:6a:d1:58:6d:ac:ce:0f:
                    0a:02:f8:e3:b0:c6:5b:26:cd:cf:e5:e4:3b:0a:2f:
                    c7:1f:88:2e:4b:82:6f:55:04:f5:66:0b:b0:a9:04:
                    8e:48:f9:76:bf:26:61:4a:11:c8:df:ea:f5:2f:08:
                    6c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A7:58:0F:89:4D:F4:4C:12:39:A9:1D:47:97:60:70:DD:A9:A8:4D
            X509v3 Authority Key Identifier:
                keyid:69:D7:31:FA:4D:D2:92:C0:C0:53:2E:EA:69:67:CE:C0:79:07:45:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/adcx-k3SksDAUy7qaWfOwHkHRao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/7qdYD4lN9EwSOakdR5dgcN2pqE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/adcx-k3SksDAUy7qaWfOwHkHRao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.32.0/22
                IPv6:
                  2a13:eb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:a2:cd:03:0c:8c:0c:a6:97:6b:b1:78:21:49:0c:4f:c4:3c:
         b0:b4:c6:fe:bd:98:c4:cd:33:8f:31:77:3b:8a:54:1d:cb:c6:
         39:99:3c:dc:a8:6b:05:7b:5c:a9:75:78:e4:46:b7:8a:c2:af:
         f6:b3:ec:d1:72:ac:06:a4:db:63:4f:4f:d5:39:73:de:80:80:
         b7:b0:6d:ff:26:b4:4d:34:df:09:63:97:47:fa:a6:1b:3d:6f:
         52:a1:ef:1b:ac:6c:a5:ae:f0:38:35:cc:8f:c4:4b:4b:a9:56:
         5d:c0:f4:65:32:ea:17:8f:7d:a0:e0:1a:22:5c:28:8a:c5:60:
         9e:08:28:77:36:aa:f6:90:25:dd:32:af:6c:09:80:3d:54:59:
         a1:46:0a:61:f3:4b:9e:40:9b:05:5d:d7:f1:f1:a7:a2:03:de:
         e2:12:c0:42:71:23:1b:5b:dc:78:e3:c6:fc:a0:ce:75:58:82:
         aa:74:45:a2:b4:33:44:48:e8:0a:7d:bf:64:e0:bc:d5:69:f8:
         66:5f:e0:8f:b8:ab:d9:eb:93:e1:a2:38:d5:a4:f7:d4:67:f3:
         04:c5:6c:12:d9:a6:59:92:8d:06:39:68:db:f5:8c:dd:5a:93:
         ce:bf:8c:1b:62:31:ad:5e:f7:0e:fa:66:5d:a5:ed:83:83:9f:
         42:15:ae:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3xsEEKrk2cs5GL4OtEt+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZDczMWZhNGRkMjkyYzBjMDUzMmVlYTY5NjdjZWMwNzkw
NzQ1YWEwHhcNMjQwMTAyMDYzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWE3NTgwZjg5NGRmNDRjMTIzOWE5MWQ0Nzk3NjA3MGRkYTlhODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVugOPBPKlYjoXsFqeVU5D3KURBf
Bdd1ZcaieALQOCIUIhDy/1uxWjn3fWyI4NtZzP7dpN/zyJOUhobAwHCzQHbR8tTc
dO+NY1SNuiFXAF3NyryN56vgwHqQRMcu7xzbC2G3rbfLAOEw411fTnBsKGBmo8CG
X5Joob74CGfjr60+VoMYabCZzwBoAfcDV3eo22XHD6DX4eWqKQgWz7R2rmQuH8Ob
CQlbtv5FFCgvFpf0+xzrP3+2eo0zmTgf/vCrfWF/2CCPiMAoXGrRWG2szg8KAvjj
sMZbJs3P5eQ7Ci/HH4guS4JvVQT1ZguwqQSOSPl2vyZhShHI3+r1Lwhs8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO6nWA+JTfRMEjmpHUeXYHDdqahNMB8GA1UdIwQY
MBaAFGnXMfpN0pLAwFMu6mlnzsB5B0WqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWRjeC1rM1Nrc0RBVXk3cWFXZk93SGtIUmFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC85ZmI1ZTAtNTUwOC00OWY0LTlmOWUt
MzQzNjI0MTUxODJhLzEvN3FkWUQ0bE45RXdTT2FrZFI1ZGdjTjJwcUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC85ZmI1ZTAtNTUwOC00OWY0LTlmOWUtMzQzNjI0MTUxODJh
LzEvYWRjeC1rM1Nrc0RBVXk3cWFXZk93SGtIUmFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWAgMA0E
AgACMAcDBQMqE+sAMA0GCSqGSIb3DQEBCwUAA4IBAQAuos0DDIwMppdrsXghSQxP
xDywtMb+vZjEzTOPMXc7ilQdy8Y5mTzcqGsFe1ypdXjkRreKwq/2s+zRcqwGpNtj
T0/VOXPegIC3sG3/JrRNNN8JY5dH+qYbPW9Soe8brGylrvA4NcyPxEtLqVZdwPRl
MuoXj32g4BoiXCiKxWCeCCh3Nqr2kCXdMq9sCYA9VFmhRgph80ueQJsFXdfx8aei
A97iEsBCcSMbW9x448b8oM51WIKqdEWitDNESOgKfb9k4LzVafhmX+CPuKvZ65Ph
ojjVpPfUZ/MExWwS2aZZko0GOWjb9YzdWpPOv4wbYjGtXvcO+mZdpe2Dg59CFa64
-----END CERTIFICATE-----