Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/7XLY1mk3sVQTp8lPI_XekeZ6xmA.roa
File:                     7XLY1mk3sVQTp8lPI_XekeZ6xmA.roa (raw, json)
Hash identifier:          2JK9dyjgn7WMvsSZBWNkYPGkVFn8sDtCyJU60ov12cg=
Subject key identifier:   ED:72:D8:D6:69:37:B1:54:13:A7:C9:4F:23:F5:DE:91:E6:7A:C6:60
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCBFFD6992AAEFC3C438A31300FE6A
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/7XLY1mk3sVQTp8lPI_XekeZ6xmA.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206252
IP address blocks:        213.99.42.0/24 maxlen: 24
                          217.124.172.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:bf:fd:69:92:aa:ef:c3:c4:38:a3:13:00:fe:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed72d8d66937b15413a7c94f23f5de91e67ac660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ae:74:76:87:71:40:c0:25:08:4f:f4:c6:e6:
                    c5:23:40:52:52:d6:eb:01:02:75:9a:79:d8:ef:bc:
                    fb:c4:5e:b2:66:df:f3:c7:f5:7b:25:89:b3:84:6a:
                    02:5f:9a:bc:f0:4c:c5:07:b1:b9:08:f9:5f:a8:87:
                    f8:8a:82:85:8a:2f:43:ac:e6:da:f9:d6:5c:f7:c7:
                    32:5b:2f:e2:b7:2b:54:4b:95:ac:e0:5b:b4:b7:6f:
                    20:1e:ac:4f:0a:8f:c2:0a:b3:87:69:fa:bb:a2:6a:
                    41:f7:7d:a3:e1:7d:bb:b8:9c:89:59:10:97:e4:74:
                    03:2c:43:b9:34:4f:b5:95:d7:ad:40:61:92:2a:66:
                    50:62:0d:7e:2d:d9:3e:5d:76:fc:f9:85:46:24:62:
                    85:91:41:bc:41:98:ec:b3:8d:a6:88:64:e7:7c:6e:
                    d9:7c:a8:61:b9:1b:a4:38:4a:a3:6e:c2:80:cc:0e:
                    de:a7:10:63:bf:55:29:9f:6d:c3:52:60:33:d5:e6:
                    d5:22:cc:78:8f:3f:e0:06:6a:0b:39:7f:d2:14:64:
                    a4:b1:a6:b7:8d:94:88:93:88:aa:ce:76:07:1c:3a:
                    96:c4:34:c7:b5:c1:8e:39:e7:fd:38:89:f1:88:d1:
                    b8:89:1c:dd:a6:80:76:c0:98:b5:ed:24:1b:ad:a1:
                    64:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:72:D8:D6:69:37:B1:54:13:A7:C9:4F:23:F5:DE:91:E6:7A:C6:60
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/7XLY1mk3sVQTp8lPI_XekeZ6xmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.99.42.0/24
                  217.124.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ef:13:da:bd:4a:6a:3f:77:79:c5:22:d9:59:f8:d5:3f:a1:ff:
         fc:05:e6:44:0d:54:ff:ea:47:92:ce:c6:b0:58:77:b9:43:ca:
         4f:33:80:d6:b2:31:f8:5a:2d:93:ed:7e:2d:3c:ce:8c:54:f2:
         58:38:31:8b:f6:55:5b:29:29:23:39:ae:4c:45:05:f9:a0:5a:
         3d:eb:8e:50:a2:3e:97:cb:ec:10:aa:5e:76:91:b5:68:fa:71:
         8c:3d:a5:6a:47:09:e5:72:c2:21:b1:61:1d:ed:4b:a4:0f:db:
         73:69:2a:77:ef:0f:de:cc:79:b1:79:0b:d0:49:e7:99:68:93:
         fb:74:c0:81:70:78:ca:6b:e6:dd:fe:fb:a4:bb:9a:e5:f7:50:
         b3:e6:b0:0e:4c:bf:e5:20:df:f5:a4:f2:f9:86:23:6f:27:af:
         73:a2:13:6c:70:1e:2c:b1:69:c6:44:d1:c0:07:42:ef:d5:65:
         d4:9f:25:db:0d:7d:c3:9d:ff:9f:60:a9:0e:fe:35:b4:d4:97:
         7c:e1:f8:41:fa:53:e6:e6:a2:4c:97:b9:43:b2:b2:20:f2:9f:
         84:39:e0:a9:32:e8:17:c3:98:9a:07:2a:de:75:01:ac:8f:3f:
         95:9a:9e:80:8b:fd:f1:6b:79:47:50:15:bf:90:b3:95:15:3c:
         dd:c6:ae:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvL/9aZKq78PEOKMTAP5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDcyZDhkNjY5MzdiMTU0MTNhN2M5NGYyM2Y1ZGU5MWU2N2FjNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5q50dodxQMAlCE/0xubFI0BSUtbr
AQJ1mnnY77z7xF6yZt/zx/V7JYmzhGoCX5q88EzFB7G5CPlfqIf4ioKFii9DrOba
+dZc98cyWy/itytUS5Ws4Fu0t28gHqxPCo/CCrOHafq7ompB932j4X27uJyJWRCX
5HQDLEO5NE+1ldetQGGSKmZQYg1+Ldk+XXb8+YVGJGKFkUG8QZjss42miGTnfG7Z
fKhhuRukOEqjbsKAzA7epxBjv1Upn23DUmAz1ebVIsx4jz/gBmoLOX/SFGSksaa3
jZSIk4iqznYHHDqWxDTHtcGOOef9OInxiNG4iRzdpoB2wJi17SQbraFk3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO1y2NZpN7FUE6fJTyP13pHmesZgMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvN1hMWTFtazNzVlFUcDhsUElfWGVrZVo2eG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1WMqAwQB
2XysMA0GCSqGSIb3DQEBCwUAA4IBAQDvE9q9Smo/d3nFItlZ+NU/of/8BeZEDVT/
6keSzsawWHe5Q8pPM4DWsjH4Wi2T7X4tPM6MVPJYODGL9lVbKSkjOa5MRQX5oFo9
645Qoj6Xy+wQql52kbVo+nGMPaVqRwnlcsIhsWEd7UukD9tzaSp37w/ezHmxeQvQ
SeeZaJP7dMCBcHjKa+bd/vuku5rl91Cz5rAOTL/lIN/1pPL5hiNvJ69zohNscB4s
sWnGRNHAB0Lv1WXUnyXbDX3Dnf+fYKkO/jW01Jd84fhB+lPm5qJMl7lDsrIg8p+E
OeCpMugXw5iaByredQGsjz+Vmp6Ai/3xa3lHUBW/kLOVFTzdxq5L
-----END CERTIFICATE-----