Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/_B7DWoY_ZBOn2eh1bZFDVQBzmEA.roa
File:                     _B7DWoY_ZBOn2eh1bZFDVQBzmEA.roa (raw, json)
Hash identifier:          LC2CwXdYsicUkKJnkViXtC/2RAmxXS9l+guKiiLnBT8=
Subject key identifier:   FC:1E:C3:5A:86:3F:64:13:A7:D9:E8:75:6D:91:43:55:00:73:98:40
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A572694EA644AEDD4B2697D2E38B0
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/_B7DWoY_ZBOn2eh1bZFDVQBzmEA.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207537
IP address blocks:        185.133.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:26:94:ea:64:4a:ed:d4:b2:69:7d:2e:38:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc1ec35a863f6413a7d9e8756d91435500739840
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:16:04:80:c5:7c:14:d8:42:ca:62:4e:6f:1e:
                    14:6c:21:73:b4:f4:09:fe:ba:86:81:1e:c1:f0:e9:
                    2e:65:3b:34:fb:c4:c1:8c:c6:e8:3f:44:6e:72:ba:
                    a7:e8:e1:7a:98:80:09:3d:83:47:4c:ee:37:94:7d:
                    98:69:4a:f8:b7:61:9f:d5:bd:84:4c:c6:a1:62:99:
                    64:d8:db:21:03:23:38:bf:ce:16:10:3e:a2:7f:3c:
                    7a:a7:f2:0b:30:ba:01:96:07:ee:4f:c7:57:5b:cb:
                    33:49:47:c5:b4:65:04:25:02:ce:47:19:b2:b6:78:
                    50:4d:15:01:a9:e9:5e:5f:b3:01:2d:22:6e:4b:97:
                    f4:83:1c:75:15:81:ce:90:90:5c:76:90:98:e8:90:
                    c0:ba:b3:f5:b3:c2:f1:5f:4b:43:91:aa:06:52:d2:
                    2e:6f:ca:a8:b1:3c:68:fd:95:81:ee:9e:bb:e3:9f:
                    42:9c:93:0e:ac:72:55:51:c0:8b:72:64:35:05:3a:
                    45:6f:7c:5c:e8:f9:05:2b:fb:57:3a:13:23:7a:cf:
                    da:8b:83:73:07:bb:d5:3a:a6:fa:73:77:3d:35:72:
                    ea:c3:f2:75:01:51:35:42:06:83:0e:70:c0:53:b6:
                    a4:fa:db:d0:7c:b3:99:42:0f:8c:20:44:e9:37:99:
                    8a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:1E:C3:5A:86:3F:64:13:A7:D9:E8:75:6D:91:43:55:00:73:98:40
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/_B7DWoY_ZBOn2eh1bZFDVQBzmEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:ae:98:88:11:93:e3:87:db:97:a3:4d:95:3e:a6:c3:45:30:
         4e:25:73:26:2a:80:a3:c7:ef:85:f8:ad:c8:3c:9f:83:90:a2:
         0a:b6:df:8f:88:3f:bb:f0:b7:a1:1f:1a:a5:bd:74:da:c9:59:
         af:1b:15:31:a8:12:bd:57:38:a4:c4:41:1d:af:a0:aa:47:5b:
         f2:8e:b8:ac:92:3c:8a:01:83:7f:d1:6e:52:2c:7e:e7:80:00:
         21:54:e4:33:5b:b8:65:ea:8f:a3:54:22:0b:8c:fc:ae:47:16:
         76:45:09:43:a4:f4:95:1d:4c:fd:5a:e2:f0:8a:d3:00:62:d2:
         71:ef:e0:a3:6d:2c:e3:1b:d5:3c:6c:43:f7:84:16:63:db:9e:
         36:6d:1a:57:4a:21:cf:2b:b6:15:24:14:2e:06:bc:d7:f4:0b:
         63:09:a3:d0:57:de:15:fa:0b:b9:35:2a:ab:a0:42:6c:ef:13:
         40:c9:b3:c2:42:1b:75:32:66:e3:bc:56:39:9f:bc:80:03:78:
         19:05:94:26:33:7a:b4:45:19:a5:77:c3:d9:c9:c6:4e:a2:97:
         5b:cc:d8:1d:95:b5:5e:ce:eb:62:fc:cc:e0:51:be:11:75:68:
         46:73:1e:29:db:24:92:a9:c3:cd:f7:ff:e9:49:94:d7:d1:82:
         fa:d2:3c:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlcmlOpkSu3Usml9LjiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzFlYzM1YTg2M2Y2NDEzYTdkOWU4NzU2ZDkxNDM1NTAwNzM5ODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthYEgMV8FNhCymJObx4UbCFztPQJ
/rqGgR7B8OkuZTs0+8TBjMboP0Rucrqn6OF6mIAJPYNHTO43lH2YaUr4t2Gf1b2E
TMahYplk2NshAyM4v84WED6ifzx6p/ILMLoBlgfuT8dXW8szSUfFtGUEJQLORxmy
tnhQTRUBqeleX7MBLSJuS5f0gxx1FYHOkJBcdpCY6JDAurP1s8LxX0tDkaoGUtIu
b8qosTxo/ZWB7p67459CnJMOrHJVUcCLcmQ1BTpFb3xc6PkFK/tXOhMjes/ai4Nz
B7vVOqb6c3c9NXLqw/J1AVE1QgaDDnDAU7ak+tvQfLOZQg+MIETpN5mKuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwew1qGP2QTp9nodW2RQ1UAc5hAMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvX0I3RFdvWV9aQk9uMmVoMWJaRkRWUUJ6bUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYXTMA0G
CSqGSIb3DQEBCwUAA4IBAQChrpiIEZPjh9uXo02VPqbDRTBOJXMmKoCjx++F+K3I
PJ+DkKIKtt+PiD+78LehHxqlvXTayVmvGxUxqBK9VzikxEEdr6CqR1vyjriskjyK
AYN/0W5SLH7ngAAhVOQzW7hl6o+jVCILjPyuRxZ2RQlDpPSVHUz9WuLwitMAYtJx
7+CjbSzjG9U8bEP3hBZj2542bRpXSiHPK7YVJBQuBrzX9AtjCaPQV94V+gu5NSqr
oEJs7xNAybPCQht1MmbjvFY5n7yAA3gZBZQmM3q0RRmld8PZycZOopdbzNgdlbVe
zuti/MzgUb4RdWhGcx4p2ySSqcPN9//pSZTX0YL60jwP
-----END CERTIFICATE-----