Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/28519f-dc48-4f31-a35e-99ee4a8985c3/1/7-zYrwfartn6vrVMVZIZeBDDio4.roa
File:                     7-zYrwfartn6vrVMVZIZeBDDio4.roa (raw, json)
Hash identifier:          PoKuDwfCKAcOHSMbuuwgqLt97WHROgjd93iCm0uM9B8=
Subject key identifier:   EF:EC:D8:AF:07:DA:AE:D9:FA:BE:B5:4C:55:92:19:78:10:C3:8A:8E
Certificate issuer:       /CN=ef739c0c04a4271b5aad62c119229e18fada5fd3
Certificate serial:       018CCA2BD3EEC3AADF91061DD3A3B638378D
Authority key identifier: EF:73:9C:0C:04:A4:27:1B:5A:AD:62:C1:19:22:9E:18:FA:DA:5F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73OcDASkJxtarWLBGSKeGPraX9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/28519f-dc48-4f31-a35e-99ee4a8985c3/1/7-zYrwfartn6vrVMVZIZeBDDio4.roa
Signing time:             Tue 02 Jan 2024 12:35:19 +0000
ROA not before:           Tue 02 Jan 2024 12:35:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        193.5.56.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/28519f-dc48-4f31-a35e-99ee4a8985c3/1/73OcDASkJxtarWLBGSKeGPraX9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/28519f-dc48-4f31-a35e-99ee4a8985c3/1/73OcDASkJxtarWLBGSKeGPraX9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73OcDASkJxtarWLBGSKeGPraX9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d3:ee:c3:aa:df:91:06:1d:d3:a3:b6:38:37:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef739c0c04a4271b5aad62c119229e18fada5fd3
        Validity
            Not Before: Jan  2 12:35:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efecd8af07daaed9fabeb54c5592197810c38a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:38:7b:59:65:9a:50:75:46:c1:e3:86:20:49:
                    0c:7e:76:45:75:75:c5:5a:03:3c:10:d9:e8:98:86:
                    be:65:67:e9:3b:67:95:27:14:02:5d:d6:ba:89:63:
                    0e:76:a6:95:7e:57:4d:92:10:6e:b7:36:1e:76:9e:
                    61:69:a0:0a:f2:da:7d:f0:80:e5:dc:70:f0:76:87:
                    f3:ab:e4:df:ed:05:8a:ad:25:3e:46:85:cf:1f:e6:
                    19:2d:e6:f9:3c:c7:87:86:8b:90:b5:bf:3f:e2:a3:
                    96:14:9c:cb:97:c6:ae:b2:32:a7:10:e4:88:a1:03:
                    8e:c8:91:fb:0d:eb:4f:1f:cd:be:03:5d:61:19:50:
                    fb:9a:78:3e:7a:80:de:37:20:17:bd:14:33:cd:48:
                    83:d4:a4:31:1a:82:94:14:8a:0a:3b:3c:11:1e:02:
                    55:52:87:39:12:8f:31:f3:9c:54:6f:d0:c6:0a:a5:
                    11:ea:aa:c9:bb:c3:d8:4f:22:e5:7e:9f:77:10:79:
                    50:a2:ba:ad:48:f6:6a:48:fc:b6:c4:dc:ac:d7:82:
                    df:cc:6f:2b:fe:87:6c:ed:aa:30:d4:05:ab:3d:ba:
                    63:1d:88:1a:a6:19:9e:1b:00:33:e4:68:2f:25:e1:
                    ea:4b:fd:a4:27:00:a5:2a:65:06:e7:60:25:24:ec:
                    1b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:EC:D8:AF:07:DA:AE:D9:FA:BE:B5:4C:55:92:19:78:10:C3:8A:8E
            X509v3 Authority Key Identifier:
                keyid:EF:73:9C:0C:04:A4:27:1B:5A:AD:62:C1:19:22:9E:18:FA:DA:5F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73OcDASkJxtarWLBGSKeGPraX9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/28519f-dc48-4f31-a35e-99ee4a8985c3/1/7-zYrwfartn6vrVMVZIZeBDDio4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/28519f-dc48-4f31-a35e-99ee4a8985c3/1/73OcDASkJxtarWLBGSKeGPraX9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:23:02:be:e1:2e:7b:84:ef:0c:71:a1:1e:97:80:0c:af:f3:
         bb:10:17:f8:29:48:64:bc:59:b7:17:aa:80:ea:88:1a:b2:67:
         20:ea:61:b5:8b:7a:5a:a1:df:6e:d2:ff:4b:fb:e0:de:c2:41:
         f3:54:9b:74:eb:dc:4d:d3:5c:e4:2a:99:77:16:4a:af:45:60:
         c2:55:b0:4b:7e:01:4c:56:81:88:73:17:40:03:9e:2e:14:37:
         aa:1c:67:b9:28:09:78:d8:ea:07:e3:f5:7d:5e:de:4b:7f:96:
         c3:39:36:b1:73:8d:1a:d5:03:4a:bc:92:0c:bb:b7:bd:a2:a9:
         76:be:fe:f3:2e:4b:b8:1c:3d:0b:e1:e4:4b:56:23:c4:f2:3c:
         55:ca:04:ca:ce:a3:05:82:38:98:dc:0d:1a:8b:cb:93:df:9b:
         33:2e:83:35:16:25:42:05:c2:4b:14:8e:69:15:f9:0b:3c:97:
         67:f8:d6:8c:5c:cb:22:6a:46:1b:b2:c5:6b:25:1e:a5:25:96:
         e9:ae:b7:90:c7:67:ef:d7:13:e7:2f:08:3a:25:74:97:1a:f9:
         a9:7b:fe:17:16:8b:5e:ae:e1:a8:5d:3f:10:5d:fe:47:4d:88:
         45:bc:59:6a:1b:42:48:5f:f1:36:ec:27:3d:2c:6b:6b:b1:45:
         b1:c0:fd:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK9Puw6rfkQYd06O2ODeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNzM5YzBjMDRhNDI3MWI1YWFkNjJjMTE5MjI5ZTE4ZmFk
YTVmZDMwHhcNMjQwMTAyMTIzNTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmVjZDhhZjA3ZGFhZWQ5ZmFiZWI1NGM1NTkyMTk3ODEwYzM4YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Dh7WWWaUHVGweOGIEkMfnZFdXXF
WgM8ENnomIa+ZWfpO2eVJxQCXda6iWMOdqaVfldNkhButzYedp5haaAK8tp98IDl
3HDwdofzq+Tf7QWKrSU+RoXPH+YZLeb5PMeHhouQtb8/4qOWFJzLl8ausjKnEOSI
oQOOyJH7DetPH82+A11hGVD7mng+eoDeNyAXvRQzzUiD1KQxGoKUFIoKOzwRHgJV
Uoc5Eo8x85xUb9DGCqUR6qrJu8PYTyLlfp93EHlQorqtSPZqSPy2xNys14LfzG8r
/ods7aow1AWrPbpjHYgaphmeGwAz5GgvJeHqS/2kJwClKmUG52AlJOwb8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/s2K8H2q7Z+r61TFWSGXgQw4qOMB8GA1UdIwQY
MBaAFO9znAwEpCcbWq1iwRkinhj62l/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNPY0RBU2tKeHRhcldMQkdTS2VHUHJhWDlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8yODUxOWYtZGM0OC00ZjMxLWEzNWUt
OTllZTRhODk4NWMzLzEvNy16WXJ3ZmFydG42dnJWTVZaSVplQkREaW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8yODUxOWYtZGM0OC00ZjMxLWEzNWUtOTllZTRhODk4NWMz
LzEvNzNPY0RBU2tKeHRhcldMQkdTS2VHUHJhWDlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwQU4MA0G
CSqGSIb3DQEBCwUAA4IBAQCHIwK+4S57hO8McaEel4AMr/O7EBf4KUhkvFm3F6qA
6ogasmcg6mG1i3paod9u0v9L++DewkHzVJt069xN01zkKpl3FkqvRWDCVbBLfgFM
VoGIcxdAA54uFDeqHGe5KAl42OoH4/V9Xt5Lf5bDOTaxc40a1QNKvJIMu7e9oql2
vv7zLku4HD0L4eRLViPE8jxVygTKzqMFgjiY3A0ai8uT35szLoM1FiVCBcJLFI5p
FfkLPJdn+NaMXMsiakYbssVrJR6lJZbprreQx2fv1xPnLwg6JXSXGvmpe/4XFote
ruGoXT8QXf5HTYhFvFlqG0JIX/E27Cc9LGtrsUWxwP3V
-----END CERTIFICATE-----