Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/5140ff-090e-43da-b7c8-59e818c6b71b/1/n7Ehr3QdD_NucZRZQWOJHB4xgGo.roa
File:                     n7Ehr3QdD_NucZRZQWOJHB4xgGo.roa (raw, json)
Hash identifier:          A9YPmsu4cLdQoCSCB0URzsu51gDu0jxzKcukhG6m8bw=
Subject key identifier:   9F:B1:21:AF:74:1D:0F:F3:6E:71:94:59:41:63:89:1C:1E:31:80:6A
Certificate issuer:       /CN=863589feecbe4c4ab444d93864454dbcd7cd0de7
Certificate serial:       018CC94D634F5A54577A84BC518232B7DEB6
Authority key identifier: 86:35:89:FE:EC:BE:4C:4A:B4:44:D9:38:64:45:4D:BC:D7:CD:0D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hjWJ_uy-TEq0RNk4ZEVNvNfNDec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/5140ff-090e-43da-b7c8-59e818c6b71b/1/n7Ehr3QdD_NucZRZQWOJHB4xgGo.roa
Signing time:             Tue 02 Jan 2024 08:32:21 +0000
ROA not before:           Tue 02 Jan 2024 08:32:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9021
IP address blocks:        185.66.124.0/24 maxlen: 24
                          185.66.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/5140ff-090e-43da-b7c8-59e818c6b71b/1/hjWJ_uy-TEq0RNk4ZEVNvNfNDec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/5140ff-090e-43da-b7c8-59e818c6b71b/1/hjWJ_uy-TEq0RNk4ZEVNvNfNDec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hjWJ_uy-TEq0RNk4ZEVNvNfNDec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:63:4f:5a:54:57:7a:84:bc:51:82:32:b7:de:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=863589feecbe4c4ab444d93864454dbcd7cd0de7
        Validity
            Not Before: Jan  2 08:32:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fb121af741d0ff36e7194594163891c1e31806a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:71:a1:05:b0:7e:0e:1c:bb:9b:ab:a3:45:8e:
                    34:b6:87:87:12:a8:f5:a4:e1:d0:c9:68:e9:67:2c:
                    97:73:85:b8:35:f2:71:b4:17:8f:75:f0:be:b6:82:
                    2b:8a:10:db:9a:d4:d4:4f:b7:b1:df:74:a8:59:b3:
                    9a:fe:b3:03:37:55:dd:37:a1:8d:20:eb:5b:fd:7b:
                    31:ef:5a:1a:6c:60:2b:15:59:fc:f0:bb:8d:fd:45:
                    46:ac:b3:d1:c3:61:9b:c7:04:8d:64:e8:3a:c0:b1:
                    5c:3b:eb:48:fa:4b:92:be:21:04:d1:ed:74:63:08:
                    20:5a:c2:d5:28:44:eb:94:5f:9b:4f:dd:98:d3:44:
                    02:ff:ec:97:6c:26:0b:0f:b5:ee:4b:64:17:bd:c6:
                    4a:f4:05:5a:fa:68:00:08:e7:7b:aa:7c:00:a0:83:
                    25:ed:fa:ab:06:bb:34:3a:3a:c7:b7:f5:15:4b:a7:
                    16:0d:ed:cf:74:80:9d:39:21:0c:2a:90:55:2a:9a:
                    27:4f:83:c2:00:b1:3d:c6:2f:7a:dd:c5:8a:a5:0e:
                    41:87:3b:7b:c8:a9:2a:9b:45:f7:73:c0:34:f0:fe:
                    c7:55:f2:88:5d:4d:94:68:28:07:fc:5a:18:84:95:
                    d3:8c:2f:0c:20:ca:af:c1:db:7b:b9:92:b4:39:10:
                    fa:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:B1:21:AF:74:1D:0F:F3:6E:71:94:59:41:63:89:1C:1E:31:80:6A
            X509v3 Authority Key Identifier:
                keyid:86:35:89:FE:EC:BE:4C:4A:B4:44:D9:38:64:45:4D:BC:D7:CD:0D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hjWJ_uy-TEq0RNk4ZEVNvNfNDec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5140ff-090e-43da-b7c8-59e818c6b71b/1/n7Ehr3QdD_NucZRZQWOJHB4xgGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5140ff-090e-43da-b7c8-59e818c6b71b/1/hjWJ_uy-TEq0RNk4ZEVNvNfNDec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:9c:54:4a:50:48:50:97:b7:3c:2d:44:c5:66:71:44:fa:55:
         b3:4d:6c:3a:48:30:6d:b1:87:7d:e5:a1:3b:a5:c1:7e:41:7b:
         35:90:b0:bd:3a:25:e2:50:b2:ad:15:6b:21:21:40:e9:6a:ea:
         03:06:3c:7c:18:a8:10:52:47:2d:73:10:89:3b:02:47:4c:f9:
         45:7a:49:1a:b4:95:03:c3:69:da:83:ca:99:68:e4:aa:19:2c:
         21:07:1e:a7:ac:73:d1:a7:99:fd:e7:07:c4:39:90:fe:1a:04:
         e8:96:9c:05:b4:5b:14:5f:97:30:92:6d:37:3e:1c:36:ba:f1:
         11:14:89:a7:ee:92:02:50:ca:bc:48:04:d4:20:17:d8:94:df:
         0e:6f:59:86:26:8a:7e:51:aa:b4:64:20:c9:9c:17:e8:66:0d:
         0f:2c:1b:e1:d2:5e:73:2d:11:3b:70:ea:37:ba:34:9d:18:bb:
         85:2a:99:39:1f:37:86:0a:8a:dd:cd:75:f1:ec:26:f6:60:cd:
         73:96:a1:5d:8e:7b:1d:a6:f6:84:51:5f:40:c0:59:18:20:4b:
         e1:af:5d:aa:7e:32:a8:20:3d:a6:35:7b:4c:34:e0:b6:f3:92:
         0e:ec:06:b1:1e:f6:fe:cd:5e:8a:b6:47:5a:b4:4d:b1:4f:d6:
         a2:45:94:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTWNPWlRXeoS8UYIyt962MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MzU4OWZlZWNiZTRjNGFiNDQ0ZDkzODY0NDU0ZGJjZDdj
ZDBkZTcwHhcNMjQwMTAyMDgzMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmIxMjFhZjc0MWQwZmYzNmU3MTk0NTk0MTYzODkxYzFlMzE4MDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnGhBbB+Dhy7m6ujRY40toeHEqj1
pOHQyWjpZyyXc4W4NfJxtBePdfC+toIrihDbmtTUT7ex33SoWbOa/rMDN1XdN6GN
IOtb/Xsx71oabGArFVn88LuN/UVGrLPRw2GbxwSNZOg6wLFcO+tI+kuSviEE0e10
YwggWsLVKETrlF+bT92Y00QC/+yXbCYLD7XuS2QXvcZK9AVa+mgACOd7qnwAoIMl
7fqrBrs0OjrHt/UVS6cWDe3PdICdOSEMKpBVKponT4PCALE9xi963cWKpQ5Bhzt7
yKkqm0X3c8A08P7HVfKIXU2UaCgH/FoYhJXTjC8MIMqvwdt7uZK0ORD6dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+xIa90HQ/zbnGUWUFjiRweMYBqMB8GA1UdIwQY
MBaAFIY1if7svkxKtETZOGRFTbzXzQ3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGpXSl91eS1URXEwUk5rNFpFVk52TmZORGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC81MTQwZmYtMDkwZS00M2RhLWI3Yzgt
NTllODE4YzZiNzFiLzEvbjdFaHIzUWREX051Y1pSWlFXT0pIQjR4Z0dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC81MTQwZmYtMDkwZS00M2RhLWI3YzgtNTllODE4YzZiNzFi
LzEvaGpXSl91eS1URXEwUk5rNFpFVk52TmZORGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUJ8MA0G
CSqGSIb3DQEBCwUAA4IBAQB7nFRKUEhQl7c8LUTFZnFE+lWzTWw6SDBtsYd95aE7
pcF+QXs1kLC9OiXiULKtFWshIUDpauoDBjx8GKgQUkctcxCJOwJHTPlFekkatJUD
w2nag8qZaOSqGSwhBx6nrHPRp5n95wfEOZD+GgTolpwFtFsUX5cwkm03Phw2uvER
FImn7pICUMq8SATUIBfYlN8Ob1mGJop+Uaq0ZCDJnBfoZg0PLBvh0l5zLRE7cOo3
ujSdGLuFKpk5HzeGCordzXXx7Cb2YM1zlqFdjnsdpvaEUV9AwFkYIEvhr12qfjKo
ID2mNXtMNOC285IO7AaxHvb+zV6KtkdatE2xT9aiRZRL
-----END CERTIFICATE-----