Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/99ef87-f86c-4fac-84b6-316b03d502cc/1/7njUTwoSyXJyEhxQsw7-PJsFbfc.roa
File:                     7njUTwoSyXJyEhxQsw7-PJsFbfc.roa (raw, json)
Hash identifier:          e9Yz3qtxZvziD2qgKIQInTG+qh78EeELmoa2kN5lXFY=
Subject key identifier:   EE:78:D4:4F:0A:12:C9:72:72:12:1C:50:B3:0E:FE:3C:9B:05:6D:F7
Certificate issuer:       /CN=9de05733efb8b3764ca93ee340988869d96603aa
Certificate serial:       018F588BEEDC2370F7CC2905498FF1972488
Authority key identifier: 9D:E0:57:33:EF:B8:B3:76:4C:A9:3E:E3:40:98:88:69:D9:66:03:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/neBXM--4s3ZMqT7jQJiIadlmA6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/99ef87-f86c-4fac-84b6-316b03d502cc/1/7njUTwoSyXJyEhxQsw7-PJsFbfc.roa
Signing time:             Wed 08 May 2024 14:11:56 +0000
ROA not before:           Wed 08 May 2024 14:11:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215328
IP address blocks:        188.65.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/99ef87-f86c-4fac-84b6-316b03d502cc/1/neBXM--4s3ZMqT7jQJiIadlmA6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/99ef87-f86c-4fac-84b6-316b03d502cc/1/neBXM--4s3ZMqT7jQJiIadlmA6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/neBXM--4s3ZMqT7jQJiIadlmA6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:8b:ee:dc:23:70:f7:cc:29:05:49:8f:f1:97:24:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9de05733efb8b3764ca93ee340988869d96603aa
        Validity
            Not Before: May  8 14:11:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee78d44f0a12c97272121c50b30efe3c9b056df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:38:f1:46:6e:b6:8b:1e:47:10:2d:fd:e4:2a:
                    d5:31:fb:7f:0a:20:b0:45:38:c0:3c:bd:8d:4b:ea:
                    3a:60:aa:f4:2f:32:c1:4d:c7:7b:a2:07:0b:90:a7:
                    70:04:06:7c:3c:e1:41:27:6d:98:e7:8c:ed:54:63:
                    43:b8:07:00:5e:0a:f9:d2:05:15:18:97:3e:83:72:
                    c7:fb:a1:69:59:7f:2f:18:3a:82:09:95:a0:ba:02:
                    87:b7:44:0b:61:0e:be:cd:87:31:1c:06:21:98:42:
                    e0:0a:d1:f7:ae:32:a1:09:4a:60:c6:96:5e:a4:3b:
                    d5:90:7f:62:59:05:ca:35:ae:45:cd:b7:cd:b1:2a:
                    4b:ca:4b:52:22:8c:be:20:f8:ae:84:76:cb:6f:ce:
                    28:66:cd:1e:49:69:83:29:01:4a:2d:d9:ff:06:94:
                    10:39:10:94:a7:57:a8:c6:d4:70:c9:87:a9:72:3e:
                    f6:df:23:8f:16:a8:74:69:64:de:c2:7a:79:f6:35:
                    8d:52:fb:af:35:3a:69:8a:9c:b8:ac:73:a6:c3:38:
                    a0:f9:86:1a:64:33:f3:82:2e:58:2c:10:8d:5b:8f:
                    fa:14:52:7b:14:ad:ce:90:c6:5e:07:9c:22:fc:f5:
                    a8:06:5a:25:30:0d:c8:72:92:d5:62:35:47:02:ea:
                    e5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:78:D4:4F:0A:12:C9:72:72:12:1C:50:B3:0E:FE:3C:9B:05:6D:F7
            X509v3 Authority Key Identifier:
                keyid:9D:E0:57:33:EF:B8:B3:76:4C:A9:3E:E3:40:98:88:69:D9:66:03:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/neBXM--4s3ZMqT7jQJiIadlmA6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/99ef87-f86c-4fac-84b6-316b03d502cc/1/7njUTwoSyXJyEhxQsw7-PJsFbfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/99ef87-f86c-4fac-84b6-316b03d502cc/1/neBXM--4s3ZMqT7jQJiIadlmA6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.65.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:a7:6d:cd:bf:3a:ce:0b:ab:56:77:bd:24:15:00:4c:ad:59:
         79:f9:d6:c8:24:5d:ce:ea:7d:e7:13:75:f4:23:76:e7:a3:76:
         3f:21:07:58:3a:8b:d0:66:f1:d3:c9:52:56:0b:d6:b0:4c:65:
         9e:45:0f:d9:30:af:ae:80:6d:67:25:b8:b4:77:ba:dc:09:e9:
         77:c3:9c:ab:07:93:06:26:57:c4:21:7b:1b:bd:c6:eb:e4:a3:
         2a:29:30:12:82:42:c0:90:28:c6:30:04:85:a4:8a:5b:b5:9b:
         d2:9a:5e:40:4c:c9:42:f6:a9:4a:89:e8:79:7a:f4:98:d7:11:
         54:42:d7:5f:5a:f7:e9:42:4e:f7:61:0f:7a:43:ad:95:3b:c5:
         b2:d9:9f:79:4d:32:4d:99:4a:23:77:f5:09:9b:89:39:5d:4a:
         a1:f3:36:5e:4f:e7:b0:72:6e:94:1b:ef:1c:b6:eb:eb:f7:e8:
         1a:1d:95:fa:e6:37:24:1c:06:d3:85:8e:e7:e2:5c:e1:f2:96:
         e9:c4:6a:43:7f:1c:d6:4a:cf:96:17:67:85:54:b1:93:16:f4:
         34:25:94:33:76:92:94:fe:32:00:91:ce:4a:ec:af:5d:c3:9e:
         db:11:45:08:9d:5d:c7:ab:28:c3:4a:ad:92:c5:25:2f:29:1d:
         f2:cf:ae:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9Yi+7cI3D3zCkFSY/xlySIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZTA1NzMzZWZiOGIzNzY0Y2E5M2VlMzQwOTg4ODY5ZDk2
NjAzYWEwHhcNMjQwNTA4MTQxMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTc4ZDQ0ZjBhMTJjOTcyNzIxMjFjNTBiMzBlZmUzYzliMDU2ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTjxRm62ix5HEC395CrVMft/CiCw
RTjAPL2NS+o6YKr0LzLBTcd7ogcLkKdwBAZ8POFBJ22Y54ztVGNDuAcAXgr50gUV
GJc+g3LH+6FpWX8vGDqCCZWgugKHt0QLYQ6+zYcxHAYhmELgCtH3rjKhCUpgxpZe
pDvVkH9iWQXKNa5FzbfNsSpLyktSIoy+IPiuhHbLb84oZs0eSWmDKQFKLdn/BpQQ
ORCUp1eoxtRwyYepcj723yOPFqh0aWTewnp59jWNUvuvNTppipy4rHOmwzig+YYa
ZDPzgi5YLBCNW4/6FFJ7FK3OkMZeB5wi/PWoBlolMA3IcpLVYjVHAurl3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO541E8KEslychIcULMO/jybBW33MB8GA1UdIwQY
MBaAFJ3gVzPvuLN2TKk+40CYiGnZZgOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmVCWE0tLTRzM1pNcVQ3alFKaUlhZGxtQTZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC85OWVmODctZjg2Yy00ZmFjLTg0YjYt
MzE2YjAzZDUwMmNjLzEvN25qVVR3b1N5WEp5RWh4UXN3Ny1QSnNGYmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC85OWVmODctZjg2Yy00ZmFjLTg0YjYtMzE2YjAzZDUwMmNj
LzEvbmVCWE0tLTRzM1pNcVQ3alFKaUlhZGxtQTZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEGiMA0G
CSqGSIb3DQEBCwUAA4IBAQACp23NvzrOC6tWd70kFQBMrVl5+dbIJF3O6n3nE3X0
I3bno3Y/IQdYOovQZvHTyVJWC9awTGWeRQ/ZMK+ugG1nJbi0d7rcCel3w5yrB5MG
JlfEIXsbvcbr5KMqKTASgkLAkCjGMASFpIpbtZvSml5ATMlC9qlKieh5evSY1xFU
QtdfWvfpQk73YQ96Q62VO8Wy2Z95TTJNmUojd/UJm4k5XUqh8zZeT+ewcm6UG+8c
tuvr9+gaHZX65jckHAbThY7n4lzh8pbpxGpDfxzWSs+WF2eFVLGTFvQ0JZQzdpKU
/jIAkc5K7K9dw57bEUUInV3HqyjDSq2SxSUvKR3yz648
-----END CERTIFICATE-----