Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/w7qjRYLQMubCHnQnX9o6vV2fBy0.roa
File:                     w7qjRYLQMubCHnQnX9o6vV2fBy0.roa (raw, json)
Hash identifier:          SIdCSUPlgPHvVrmdfBPpSjoDQ8cH30uBEp5S1+VFHCs=
Subject key identifier:   C3:BA:A3:45:82:D0:32:E6:C2:1E:74:27:5F:DA:3A:BD:5D:9F:07:2D
Certificate issuer:       /CN=a7aee67620d9c0ae63d295785c9d956f063c21c3
Certificate serial:       018CC56DE66827A75D756D7A8D7ABDDFCD83
Authority key identifier: A7:AE:E6:76:20:D9:C0:AE:63:D2:95:78:5C:9D:95:6F:06:3C:21:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/w7qjRYLQMubCHnQnX9o6vV2fBy0.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12437
IP address blocks:        212.101.192.0/19 maxlen: 24
                          2a06:7880::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e6:68:27:a7:5d:75:6d:7a:8d:7a:bd:df:cd:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7aee67620d9c0ae63d295785c9d956f063c21c3
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3baa34582d032e6c21e74275fda3abd5d9f072d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:69:91:2f:d5:2b:2a:9d:97:0a:b2:38:b6:5f:
                    d5:7c:77:2e:e9:8c:76:53:7b:22:61:e4:af:11:d9:
                    e6:82:03:50:a5:83:2d:62:4e:5b:e6:c7:76:c6:7e:
                    f8:10:05:c8:43:33:bf:6d:9f:ac:2d:6c:86:3e:5a:
                    52:59:ea:93:45:2e:67:20:e3:f2:42:fc:7a:b4:57:
                    39:e8:f6:3a:75:52:f7:ee:42:40:e3:86:34:5d:5a:
                    f9:5d:75:34:4f:3b:24:da:c3:82:75:98:7c:64:34:
                    d9:2e:bf:8e:85:58:71:21:24:a1:96:4b:fc:dc:cc:
                    eb:5f:e9:9f:b7:c2:94:49:ee:9d:19:ae:95:9e:72:
                    13:00:63:39:76:ad:22:35:ba:2e:98:2b:69:75:05:
                    ec:5e:cb:d0:56:87:da:b5:e9:0f:94:08:5c:2e:37:
                    fd:e4:00:ee:5d:62:c9:93:97:fa:4a:06:bb:6f:98:
                    5e:cf:39:37:04:97:19:53:e5:e3:9c:f3:db:52:e7:
                    d9:ac:12:d8:7e:d8:8f:0f:1f:e8:0f:a7:a1:7c:3b:
                    77:d2:86:da:24:5b:94:b9:3c:97:48:89:75:12:c8:
                    34:86:a6:a0:c9:4b:0e:d1:4f:b9:50:0d:56:a3:f9:
                    99:64:d0:2f:01:b5:be:3b:a6:98:e0:2b:6d:ee:f9:
                    79:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:BA:A3:45:82:D0:32:E6:C2:1E:74:27:5F:DA:3A:BD:5D:9F:07:2D
            X509v3 Authority Key Identifier:
                keyid:A7:AE:E6:76:20:D9:C0:AE:63:D2:95:78:5C:9D:95:6F:06:3C:21:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p67mdiDZwK5j0pV4XJ2VbwY8IcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/w7qjRYLQMubCHnQnX9o6vV2fBy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2ba25a-0abd-4550-bca4-0b7f15b509cb/1/p67mdiDZwK5j0pV4XJ2VbwY8IcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.101.192.0/19
                IPv6:
                  2a06:7880::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:43:71:67:7d:dc:be:14:2a:e0:be:cf:62:c6:85:6e:73:37:
         62:7c:3c:ed:ea:e8:bd:29:83:b4:3a:46:51:3c:9f:f1:bc:08:
         4a:ef:5a:b1:6f:d4:21:0a:f9:3f:c7:eb:27:2c:5d:0f:63:49:
         ba:6c:c9:a4:7a:c4:57:52:f6:02:33:8d:b6:01:87:0d:fe:0b:
         00:ca:31:95:cb:4d:b0:a8:87:53:c5:81:fc:56:b8:6a:ac:cb:
         de:1c:03:0b:d8:53:be:89:d6:6f:2d:d3:b5:6d:38:30:13:2b:
         48:ea:40:66:38:10:6b:35:fe:8a:21:40:4f:2e:34:0f:19:6f:
         d4:c7:75:d0:a2:e8:94:5e:fe:7e:cc:09:e9:0e:cf:80:a9:90:
         e9:d5:0f:36:bd:c6:8c:b9:87:df:df:b2:5d:6b:2b:b4:71:ae:
         77:f7:70:0e:0a:31:a4:c0:97:2c:3d:d0:83:c4:36:5d:44:1f:
         e4:ef:05:ca:46:22:23:fb:7d:64:37:b6:cf:8a:f1:8a:e4:bf:
         8d:7e:88:0f:82:32:a0:56:4d:f8:3a:31:a8:7a:55:d4:a7:0e:
         3a:b3:f0:1a:42:5f:92:53:4f:84:eb:10:80:aa:99:aa:93:aa:
         02:2e:ba:ce:34:f6:f9:3d:79:9f:51:05:86:2f:0f:72:b3:fa:
         d9:a8:4d:63
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbeZoJ6dddW16jXq9382DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YWVlNjc2MjBkOWMwYWU2M2QyOTU3ODVjOWQ5NTZmMDYz
YzIxYzMwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2JhYTM0NTgyZDAzMmU2YzIxZTc0Mjc1ZmRhM2FiZDVkOWYwNzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmmRL9UrKp2XCrI4tl/VfHcu6Yx2
U3siYeSvEdnmggNQpYMtYk5b5sd2xn74EAXIQzO/bZ+sLWyGPlpSWeqTRS5nIOPy
Qvx6tFc56PY6dVL37kJA44Y0XVr5XXU0Tzsk2sOCdZh8ZDTZLr+OhVhxISShlkv8
3MzrX+mft8KUSe6dGa6VnnITAGM5dq0iNboumCtpdQXsXsvQVofatekPlAhcLjf9
5ADuXWLJk5f6Sga7b5hezzk3BJcZU+XjnPPbUufZrBLYftiPDx/oD6ehfDt30oba
JFuUuTyXSIl1Esg0hqagyUsO0U+5UA1Wo/mZZNAvAbW+O6aY4Ctt7vl5uwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMO6o0WC0DLmwh50J1/aOr1dnwctMB8GA1UdIwQY
MBaAFKeu5nYg2cCuY9KVeFydlW8GPCHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDY3bWRpRFp3SzVqMHBWNFhKMlZid1k4SWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yYmEyNWEtMGFiZC00NTUwLWJjYTQt
MGI3ZjE1YjUwOWNiLzEvdzdxalJZTFFNdWJDSG5Rblg5bzZ2VjJmQnkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yYmEyNWEtMGFiZC00NTUwLWJjYTQtMGI3ZjE1YjUwOWNi
LzEvcDY3bWRpRFp3SzVqMHBWNFhKMlZid1k4SWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1GXAMA0E
AgACMAcDBQMqBniAMA0GCSqGSIb3DQEBCwUAA4IBAQAQQ3Fnfdy+FCrgvs9ixoVu
czdifDzt6ui9KYO0OkZRPJ/xvAhK71qxb9QhCvk/x+snLF0PY0m6bMmkesRXUvYC
M422AYcN/gsAyjGVy02wqIdTxYH8VrhqrMveHAML2FO+idZvLdO1bTgwEytI6kBm
OBBrNf6KIUBPLjQPGW/Ux3XQouiUXv5+zAnpDs+AqZDp1Q82vcaMuYff37Jdayu0
ca5393AOCjGkwJcsPdCDxDZdRB/k7wXKRiIj+31kN7bPivGK5L+NfogPgjKgVk34
OjGoelXUpw46s/AaQl+SU0+E6xCAqpmqk6oCLrrONPb5PXmfUQWGLw9ys/rZqE1j
-----END CERTIFICATE-----