Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/7dnCzTxsPRECBdbLH-hVl5yrUK4.roa
File:                     7dnCzTxsPRECBdbLH-hVl5yrUK4.roa (raw, json)
Hash identifier:          cnxhHM+pxtkasSIsZ5aLAd+LIKRNNOyt9IQGVg0QJ/8=
Subject key identifier:   ED:D9:C2:CD:3C:6C:3D:11:02:05:D6:CB:1F:E8:55:97:9C:AB:50:AE
Certificate issuer:       /CN=90f25e6a6893f466d2695e90670c047443643701
Certificate serial:       018CC8DD10CD57DA8E2440A9A40539A1F9CE
Authority key identifier: 90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/7dnCzTxsPRECBdbLH-hVl5yrUK4.roa
Signing time:             Tue 02 Jan 2024 06:29:40 +0000
ROA not before:           Tue 02 Jan 2024 06:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59776
IP address blocks:        185.72.120.0/22 maxlen: 24
                          2001:678:82c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:10:cd:57:da:8e:24:40:a9:a4:05:39:a1:f9:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f25e6a6893f466d2695e90670c047443643701
        Validity
            Not Before: Jan  2 06:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edd9c2cd3c6c3d110205d6cb1fe855979cab50ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b7:8e:ca:a3:b0:38:f2:b3:37:d5:9a:b0:a6:
                    fc:2f:d9:66:62:1b:55:77:ff:d8:fe:d0:67:e7:27:
                    30:a9:81:b7:d6:aa:4d:85:4b:b6:fc:00:12:ef:87:
                    06:07:8e:85:ca:ed:e1:eb:ce:4a:41:5b:66:1a:83:
                    f7:f0:a6:62:74:b4:c4:58:75:be:f2:ef:bb:b2:9a:
                    9b:a3:80:90:8f:22:8b:20:b2:51:22:c1:2b:9a:6e:
                    16:60:28:d6:31:11:b8:f3:55:5a:55:12:6d:a0:5c:
                    5e:14:4d:09:78:7e:3d:9f:d0:f2:d8:54:e4:cc:06:
                    2c:c4:22:58:90:50:3d:20:84:fc:bc:25:ce:e8:22:
                    cd:24:76:e0:58:77:0c:e7:06:e1:92:2e:af:d3:65:
                    7d:0b:b4:05:c0:da:9b:4b:b4:68:67:23:ba:9e:83:
                    0c:34:9e:d7:54:52:3e:ee:ce:ab:48:cb:14:06:ae:
                    60:27:5d:99:01:72:42:64:f3:54:76:1a:19:5c:f4:
                    8a:70:40:c9:73:cf:cc:f6:7a:8c:54:03:a8:dc:84:
                    76:b0:d0:94:73:ac:24:3b:05:bb:fd:00:40:ec:9f:
                    0a:2a:1a:55:a0:d0:ab:27:9d:b6:55:99:50:dd:fc:
                    54:3e:18:b6:2b:90:1d:fd:ce:7b:82:ee:15:d7:4a:
                    26:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:D9:C2:CD:3C:6C:3D:11:02:05:D6:CB:1F:E8:55:97:9C:AB:50:AE
            X509v3 Authority Key Identifier:
                keyid:90:F2:5E:6A:68:93:F4:66:D2:69:5E:90:67:0C:04:74:43:64:37:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPJeamiT9GbSaV6QZwwEdENkNwE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/7dnCzTxsPRECBdbLH-hVl5yrUK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04b162-7099-404d-8391-3b0b4b8a2983/1/kPJeamiT9GbSaV6QZwwEdENkNwE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.120.0/22
                IPv6:
                  2001:678:82c::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:03:53:71:49:7d:dd:a9:15:b2:03:16:bc:26:bf:1f:36:50:
         52:6a:f2:0b:a0:14:3f:b6:3a:1f:5d:f0:76:c5:6a:63:54:82:
         64:72:6c:6f:a6:5d:71:59:da:56:f8:84:8f:74:af:90:b2:2d:
         7e:07:c8:b9:71:c6:34:3b:0e:e4:ad:a8:58:37:29:ed:9d:30:
         63:fc:17:6f:81:49:5c:35:cb:4f:52:76:e4:d3:98:f7:84:49:
         31:9b:76:9e:f9:a6:cd:0d:90:80:e5:eb:92:31:e5:b5:5b:04:
         64:98:41:c6:d7:fc:34:57:28:ad:b9:43:d3:68:cc:5c:82:c8:
         0d:57:39:73:bd:11:dd:b1:f0:83:55:5a:ad:ca:f1:e5:e6:a7:
         dc:d1:00:b9:a1:01:49:c0:20:a3:8e:cd:b8:39:54:6d:fc:70:
         43:0b:31:ea:df:85:d0:5e:c8:7a:32:aa:0f:94:3b:05:96:7a:
         41:5f:ef:b8:5b:fd:81:c8:19:92:df:90:d3:32:fe:d9:6f:ea:
         9c:42:7a:fe:74:fa:7f:eb:61:63:4c:56:39:03:fa:c3:b8:c2:
         28:26:e1:cf:dd:d1:6d:45:4c:5c:91:d9:49:dd:57:4b:52:85:
         47:36:d2:f4:e0:74:48:76:e7:4f:8d:4b:c2:78:52:5f:e0:f3:
         45:d5:6c:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3RDNV9qOJECppAU5ofnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjI1ZTZhNjg5M2Y0NjZkMjY5NWU5MDY3MGMwNDc0NDM2
NDM3MDEwHhcNMjQwMTAyMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGQ5YzJjZDNjNmMzZDExMDIwNWQ2Y2IxZmU4NTU5NzljYWI1MGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7eOyqOwOPKzN9WasKb8L9lmYhtV
d//Y/tBn5ycwqYG31qpNhUu2/AAS74cGB46Fyu3h685KQVtmGoP38KZidLTEWHW+
8u+7spqbo4CQjyKLILJRIsErmm4WYCjWMRG481VaVRJtoFxeFE0JeH49n9Dy2FTk
zAYsxCJYkFA9IIT8vCXO6CLNJHbgWHcM5wbhki6v02V9C7QFwNqbS7RoZyO6noMM
NJ7XVFI+7s6rSMsUBq5gJ12ZAXJCZPNUdhoZXPSKcEDJc8/M9nqMVAOo3IR2sNCU
c6wkOwW7/QBA7J8KKhpVoNCrJ522VZlQ3fxUPhi2K5Ad/c57gu4V10om4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO3Zws08bD0RAgXWyx/oVZecq1CuMB8GA1UdIwQY
MBaAFJDyXmpok/Rm0mlekGcMBHRDZDcBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEt
M2IwYjRiOGEyOTgzLzEvN2RuQ3pUeHNQUkVDQmRiTEgtaFZsNXlyVUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGIxNjItNzA5OS00MDRkLTgzOTEtM2IwYjRiOGEyOTgz
LzEva1BKZWFtaVQ5R2JTYVY2UVp3d0VkRU5rTndFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuUh4MA8E
AgACMAkDBwAgAQZ4CCwwDQYJKoZIhvcNAQELBQADggEBAHADU3FJfd2pFbIDFrwm
vx82UFJq8gugFD+2Oh9d8HbFamNUgmRybG+mXXFZ2lb4hI90r5CyLX4HyLlxxjQ7
DuStqFg3Ke2dMGP8F2+BSVw1y09SduTTmPeESTGbdp75ps0NkIDl65Ix5bVbBGSY
QcbX/DRXKK25Q9NozFyCyA1XOXO9Ed2x8INVWq3K8eXmp9zRALmhAUnAIKOOzbg5
VG38cEMLMerfhdBeyHoyqg+UOwWWekFf77hb/YHIGZLfkNMy/tlv6pxCev50+n/r
YWNMVjkD+sO4wigm4c/d0W1FTFyR2UndV0tShUc20vTgdEh250+NS8J4Ul/g80XV
bAg=
-----END CERTIFICATE-----