Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/7FsYndCfamKUevqQtFan2ZS6mjQ.roa
File:                     7FsYndCfamKUevqQtFan2ZS6mjQ.roa (raw, json)
Hash identifier:          hK7hMzCGEyS1lVnIAPPIABj5Q32KqCEtpK483nya0/4=
Subject key identifier:   EC:5B:18:9D:D0:9F:6A:62:94:7A:FA:90:B4:56:A7:D9:94:BA:9A:34
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E8FF6F1C09562A9EE8004CEB57F29
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/7FsYndCfamKUevqQtFan2ZS6mjQ.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200451
IP address blocks:        84.207.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8f:f6:f1:c0:95:62:a9:ee:80:04:ce:b5:7f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec5b189dd09f6a62947afa90b456a7d994ba9a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c4:2d:08:43:1d:af:ce:b8:24:41:c9:60:0d:
                    05:2d:49:a7:a6:9f:32:c1:9c:b7:fd:56:69:8e:9d:
                    68:f7:5d:ed:54:11:52:f3:90:1e:ec:a4:05:d0:30:
                    83:2c:e3:be:87:34:ba:4f:cb:5b:bb:43:83:ab:9b:
                    26:f7:7b:2b:d4:4b:ed:7e:b2:a1:f7:18:52:cf:71:
                    14:db:fc:83:7e:5f:ba:4b:11:53:60:48:eb:38:55:
                    d6:79:a7:2f:32:98:75:4e:ef:3b:7f:fa:e5:8c:68:
                    83:c9:3e:90:bb:c1:15:b9:b4:80:8e:d9:7c:a1:ec:
                    ca:ba:7f:eb:68:12:42:17:72:a1:84:5d:eb:f1:15:
                    d1:37:4b:b0:f6:e4:70:48:ce:8c:95:d5:d5:ac:17:
                    52:0f:57:bd:46:ae:fe:95:46:5e:46:23:69:1c:0a:
                    ff:d0:4e:de:1a:04:23:7f:1a:56:1a:b9:73:ae:1b:
                    13:60:5a:2c:53:b9:61:63:70:55:cb:d2:8a:7f:23:
                    94:cf:62:fd:32:91:da:9a:40:7c:ae:63:2b:59:2e:
                    db:1a:49:d2:f2:16:c4:3e:ae:fd:c7:86:77:09:f7:
                    cf:6d:7f:61:47:1f:e0:12:03:9e:d8:78:8a:ff:b9:
                    8a:34:fa:c5:19:c3:69:f8:d7:26:50:21:72:17:a1:
                    6e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:5B:18:9D:D0:9F:6A:62:94:7A:FA:90:B4:56:A7:D9:94:BA:9A:34
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/7FsYndCfamKUevqQtFan2ZS6mjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.207.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:4a:44:f3:c0:0d:08:91:ad:d0:b2:ea:a3:3b:7d:32:8d:78:
         b7:71:70:1a:41:ec:58:f5:71:75:1b:f8:25:77:9f:6c:67:80:
         88:d3:58:2b:f4:3b:d3:a9:ed:13:5d:e1:bf:14:15:1c:4d:a2:
         53:70:05:d0:81:19:42:c2:e5:cb:41:d1:99:32:ab:18:19:49:
         70:91:1e:10:95:9d:06:ef:54:e9:56:6b:02:bc:f2:93:94:b0:
         03:6c:72:00:0c:ba:e6:cd:1d:7b:27:a1:f4:d0:12:d9:b7:7e:
         80:2b:64:4a:bd:76:12:86:6d:75:d9:ad:58:2e:f7:af:db:90:
         ba:00:c7:e4:8d:68:6c:f3:b7:e1:5e:cf:6d:e7:2d:88:4a:c3:
         00:dc:49:a0:44:1b:95:f7:37:5f:3b:0c:7a:cf:c1:48:3b:a2:
         7c:ae:90:ff:6a:b1:37:84:34:df:d7:dd:73:ae:3e:1d:52:ed:
         e0:63:94:5a:30:0b:31:e6:d6:aa:f9:f7:33:85:35:45:9b:d1:
         09:b6:80:dd:b1:91:94:7c:4a:41:50:4e:29:d4:73:23:77:ad:
         b5:82:fb:13:11:86:7f:2f:8b:82:9d:c7:35:e3:81:27:4c:6b:
         fe:89:48:e5:92:a9:af:2b:af:6d:a5:58:84:2d:b0:f6:ec:da:
         f8:c7:1c:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbo/28cCVYqnugATOtX8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzViMTg5ZGQwOWY2YTYyOTQ3YWZhOTBiNDU2YTdkOTk0YmE5YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMQtCEMdr864JEHJYA0FLUmnpp8y
wZy3/VZpjp1o913tVBFS85Ae7KQF0DCDLOO+hzS6T8tbu0ODq5sm93sr1EvtfrKh
9xhSz3EU2/yDfl+6SxFTYEjrOFXWeacvMph1Tu87f/rljGiDyT6Qu8EVubSAjtl8
oezKun/raBJCF3KhhF3r8RXRN0uw9uRwSM6MldXVrBdSD1e9Rq7+lUZeRiNpHAr/
0E7eGgQjfxpWGrlzrhsTYFosU7lhY3BVy9KKfyOUz2L9MpHamkB8rmMrWS7bGknS
8hbEPq79x4Z3CffPbX9hRx/gEgOe2HiK/7mKNPrFGcNp+NcmUCFyF6Fu/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxbGJ3Qn2pilHr6kLRWp9mUupo0MB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvN0ZzWW5kQ2ZhbUtVZXZxUXRGYW4yWlM2bWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVM/VMA0G
CSqGSIb3DQEBCwUAA4IBAQACSkTzwA0Ika3QsuqjO30yjXi3cXAaQexY9XF1G/gl
d59sZ4CI01gr9DvTqe0TXeG/FBUcTaJTcAXQgRlCwuXLQdGZMqsYGUlwkR4QlZ0G
71TpVmsCvPKTlLADbHIADLrmzR17J6H00BLZt36AK2RKvXYShm112a1YLvev25C6
AMfkjWhs87fhXs9t5y2ISsMA3EmgRBuV9zdfOwx6z8FIO6J8rpD/arE3hDTf191z
rj4dUu3gY5RaMAsx5taq+fczhTVFm9EJtoDdsZGUfEpBUE4p1HMjd621gvsTEYZ/
L4uCncc144EnTGv+iUjlkqmvK69tpViELbD27Nr4xxzL
-----END CERTIFICATE-----