Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f9ce9b-9059-49c5-a36d-a731ea51b20d/1/7pzAoG7hqyWbLaMHDRl7ZMs9Fy4.roa
File:                     7pzAoG7hqyWbLaMHDRl7ZMs9Fy4.roa (raw, json)
Hash identifier:          oYOlcEj3mmfzai5odCErQUAD7zXHmTmIrTcVVwzNvfg=
Subject key identifier:   EE:9C:C0:A0:6E:E1:AB:25:9B:2D:A3:07:0D:19:7B:64:CB:3D:17:2E
Certificate issuer:       /CN=4ba3fcdd87f456430cccb2d8638e6148cd3a12ec
Certificate serial:       018CC5000E48B4B85B852894D6C0F09DA884
Authority key identifier: 4B:A3:FC:DD:87:F4:56:43:0C:CC:B2:D8:63:8E:61:48:CD:3A:12:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S6P83Yf0VkMMzLLYY45hSM06Euw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f9ce9b-9059-49c5-a36d-a731ea51b20d/1/7pzAoG7hqyWbLaMHDRl7ZMs9Fy4.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205718
IP address blocks:        185.231.116.0/22 maxlen: 22
                          2a09:c740::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/f9ce9b-9059-49c5-a36d-a731ea51b20d/1/S6P83Yf0VkMMzLLYY45hSM06Euw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/f9ce9b-9059-49c5-a36d-a731ea51b20d/1/S6P83Yf0VkMMzLLYY45hSM06Euw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S6P83Yf0VkMMzLLYY45hSM06Euw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0e:48:b4:b8:5b:85:28:94:d6:c0:f0:9d:a8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ba3fcdd87f456430cccb2d8638e6148cd3a12ec
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee9cc0a06ee1ab259b2da3070d197b64cb3d172e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:1a:ff:4a:69:0e:2a:28:97:e7:a2:a6:86:da:
                    3b:ba:8d:ab:02:75:ed:0f:b8:6b:59:54:8a:81:a1:
                    84:0e:aa:d3:01:40:d4:e8:11:2a:96:78:8f:03:5c:
                    77:10:68:17:d0:d7:c1:3e:7d:d7:6d:fe:90:81:d1:
                    b6:95:8f:98:a6:c2:2f:9a:d5:ba:dc:5b:47:1e:36:
                    d0:84:a4:80:f9:b5:9d:c4:28:dc:46:fb:05:59:ec:
                    6c:51:c3:12:23:5e:43:6b:94:53:3d:8e:4e:11:82:
                    89:1d:6f:bd:97:b4:69:e7:b5:02:41:94:56:73:3f:
                    26:25:82:70:10:47:ec:7c:95:51:b7:de:bf:60:ae:
                    81:ca:ff:b0:26:ff:cc:71:0f:36:05:e1:03:26:43:
                    54:5f:90:04:57:40:63:ab:26:0e:b1:86:99:e6:cd:
                    38:4d:09:91:06:c8:69:7d:92:39:2a:78:1e:d3:72:
                    d0:b2:64:7d:5d:72:2e:58:c0:13:61:56:86:ed:e7:
                    74:5b:9e:53:70:1b:c4:d5:b3:e4:1e:6b:85:81:30:
                    ea:40:51:67:35:e3:b3:0f:c2:da:57:e7:6f:8d:47:
                    ca:a4:06:de:8f:27:c3:fe:29:78:83:83:ca:8e:d7:
                    ca:8f:34:11:02:07:da:32:9b:0c:3c:a9:c2:aa:46:
                    dc:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:9C:C0:A0:6E:E1:AB:25:9B:2D:A3:07:0D:19:7B:64:CB:3D:17:2E
            X509v3 Authority Key Identifier:
                keyid:4B:A3:FC:DD:87:F4:56:43:0C:CC:B2:D8:63:8E:61:48:CD:3A:12:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S6P83Yf0VkMMzLLYY45hSM06Euw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f9ce9b-9059-49c5-a36d-a731ea51b20d/1/7pzAoG7hqyWbLaMHDRl7ZMs9Fy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f9ce9b-9059-49c5-a36d-a731ea51b20d/1/S6P83Yf0VkMMzLLYY45hSM06Euw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.116.0/22
                IPv6:
                  2a09:c740::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:38:2d:9d:07:9d:b0:31:5b:07:6f:16:68:47:5b:99:a1:41:
         50:73:d8:a8:4c:30:9f:73:39:a7:2c:d0:98:17:88:42:6c:54:
         49:77:21:56:f8:d8:bb:1d:b1:ac:41:c1:d3:ff:f0:0d:4c:fc:
         6f:27:15:5d:28:23:ab:77:36:88:9d:51:0d:75:90:a6:80:20:
         ba:8b:27:17:e7:60:73:13:00:1d:6c:4e:40:8a:a0:96:ca:c5:
         a7:5e:b7:44:73:bf:30:fb:59:1e:a3:5c:43:79:2e:33:a4:01:
         45:12:71:3d:9a:e7:6b:b6:f5:3b:a9:5d:64:cf:24:11:26:0f:
         88:94:1f:55:6a:77:3a:9a:b3:df:97:8d:05:fa:51:99:e7:8f:
         e7:e4:99:9a:90:7d:c2:45:95:37:fe:da:7d:26:fa:ee:c2:0d:
         9e:71:51:e5:5d:63:ff:37:3a:f3:fc:5a:64:ed:cb:5f:d9:72:
         69:88:97:44:87:f7:61:07:8a:16:0d:8d:b0:57:9a:82:3d:4c:
         3c:d5:4e:6b:f1:73:26:54:9f:94:63:46:6a:a1:1e:2a:6f:78:
         89:b7:ff:98:2b:70:0f:ff:65:17:b8:33:f2:b9:fa:62:b1:b6:
         8e:d9:1e:d8:f0:b0:8d:d5:69:5b:ae:26:ba:38:bf:dd:c3:f3:
         68:a6:3c:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAA5ItLhbhSiU1sDwnaiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiYTNmY2RkODdmNDU2NDMwY2NjYjJkODYzOGU2MTQ4Y2Qz
YTEyZWMwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTljYzBhMDZlZTFhYjI1OWIyZGEzMDcwZDE5N2I2NGNiM2QxNzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Br/SmkOKiiX56Kmhto7uo2rAnXt
D7hrWVSKgaGEDqrTAUDU6BEqlniPA1x3EGgX0NfBPn3Xbf6QgdG2lY+YpsIvmtW6
3FtHHjbQhKSA+bWdxCjcRvsFWexsUcMSI15Da5RTPY5OEYKJHW+9l7Rp57UCQZRW
cz8mJYJwEEfsfJVRt96/YK6Byv+wJv/McQ82BeEDJkNUX5AEV0BjqyYOsYaZ5s04
TQmRBshpfZI5Knge03LQsmR9XXIuWMATYVaG7ed0W55TcBvE1bPkHmuFgTDqQFFn
NeOzD8LaV+dvjUfKpAbejyfD/il4g4PKjtfKjzQRAgfaMpsMPKnCqkbc2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO6cwKBu4aslmy2jBw0Ze2TLPRcuMB8GA1UdIwQY
MBaAFEuj/N2H9FZDDMyy2GOOYUjNOhLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzZQODNZZjBWa01NekxMWVk0NWhTTTA2RXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mOWNlOWItOTA1OS00OWM1LWEzNmQt
YTczMWVhNTFiMjBkLzEvN3B6QW9HN2hxeVdiTGFNSERSbDdaTXM5Rnk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mOWNlOWItOTA1OS00OWM1LWEzNmQtYTczMWVhNTFiMjBk
LzEvUzZQODNZZjBWa01NekxMWVk0NWhTTTA2RXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCued0MA0E
AgACMAcDBQAqCcdAMA0GCSqGSIb3DQEBCwUAA4IBAQB8OC2dB52wMVsHbxZoR1uZ
oUFQc9ioTDCfczmnLNCYF4hCbFRJdyFW+Ni7HbGsQcHT//ANTPxvJxVdKCOrdzaI
nVENdZCmgCC6iycX52BzEwAdbE5AiqCWysWnXrdEc78w+1keo1xDeS4zpAFFEnE9
mudrtvU7qV1kzyQRJg+IlB9Vanc6mrPfl40F+lGZ54/n5JmakH3CRZU3/tp9Jvru
wg2ecVHlXWP/Nzrz/Fpk7ctf2XJpiJdEh/dhB4oWDY2wV5qCPUw81U5r8XMmVJ+U
Y0ZqoR4qb3iJt/+YK3AP/2UXuDPyufpisbaO2R7Y8LCN1Wlbria6OL/dw/Nopjzb
-----END CERTIFICATE-----