Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/y7YRDPN0jlqnV_gAPr_Bqa8exBs.roa
File:                     y7YRDPN0jlqnV_gAPr_Bqa8exBs.roa (raw, json)
Hash identifier:          hNECRBNccd4wnRI4b1O3TrsYIORRTrdFi56IXBvSFJg=
Subject key identifier:   CB:B6:11:0C:F3:74:8E:5A:A7:57:F8:00:3E:BF:C1:A9:AF:1E:C4:1B
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802C53B90C0E1927092E4FE1634201B
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/y7YRDPN0jlqnV_gAPr_Bqa8exBs.roa
Signing time:             Tue 02 Jan 2024 02:31:13 +0000
ROA not before:           Tue 02 Jan 2024 02:31:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34358
IP address blocks:        188.212.111.0/24 maxlen: 24
                          91.250.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:c5:3b:90:c0:e1:92:70:92:e4:fe:16:34:20:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbb6110cf3748e5aa757f8003ebfc1a9af1ec41b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:23:2a:6c:57:1d:79:de:9d:a2:b4:fe:5c:84:
                    1d:f1:8a:4b:19:b4:c1:8c:4d:01:6b:e3:34:f6:d2:
                    58:00:37:d5:60:bf:3e:89:ae:43:ff:1a:a3:41:53:
                    6b:8f:9e:4c:1e:82:4e:72:8a:7a:b6:03:9e:47:e6:
                    16:48:46:24:9c:46:ca:22:66:2a:fd:a0:13:b1:4c:
                    2e:8c:c0:c7:2c:0e:7e:48:d5:ff:2a:37:c7:f0:b0:
                    ef:ad:18:99:88:dd:b2:ad:57:74:56:e7:73:1e:6c:
                    77:7b:79:33:1a:ec:d0:d5:12:9c:99:3a:33:67:d3:
                    64:a2:b1:89:2a:bc:33:eb:fa:a2:68:ea:20:db:92:
                    8b:61:53:de:10:81:fd:7b:32:f8:72:9b:cd:d5:af:
                    2f:04:b9:c0:22:e1:25:5f:11:f6:8d:ed:18:3b:53:
                    9b:32:10:55:ec:2c:f7:30:06:b2:1e:7a:44:b1:be:
                    b2:79:43:8b:bf:95:6b:49:48:a9:a9:ef:8a:88:d6:
                    9f:8f:9f:82:1d:fa:13:49:e9:04:4b:bd:d0:6d:03:
                    cd:48:8a:b5:90:d5:98:79:b9:df:e9:3f:0b:d3:67:
                    6d:22:3b:53:1a:48:75:26:4b:7e:00:be:dc:78:4f:
                    4d:2f:cc:e4:12:c0:47:ab:4f:aa:63:12:94:bf:14:
                    27:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B6:11:0C:F3:74:8E:5A:A7:57:F8:00:3E:BF:C1:A9:AF:1E:C4:1B
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/y7YRDPN0jlqnV_gAPr_Bqa8exBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.250.247.0/24
                  188.212.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f4:0e:88:e8:fe:c6:f0:2a:2a:ab:fa:2e:b2:4b:97:63:3a:
         e9:be:50:88:2f:9e:8d:cd:33:d5:33:e2:43:4d:e8:61:e0:f3:
         e9:24:c6:05:2f:a5:66:7b:e3:11:47:fd:55:65:4c:14:54:12:
         b5:a9:57:8e:e0:f2:00:0c:44:4b:fc:dd:8f:93:31:52:05:7a:
         85:82:41:86:db:cf:51:0f:c9:97:7d:97:4d:66:62:cf:29:9a:
         4e:ca:58:ff:90:44:92:d2:52:6e:39:23:1d:f5:78:ef:88:e0:
         85:dc:04:10:c1:70:3d:34:05:7b:26:54:b0:81:96:ff:ec:e4:
         6d:94:e2:17:6d:11:68:7c:9f:ee:b7:75:c8:ae:7e:84:76:d1:
         e1:88:39:bd:13:e3:81:39:06:14:ea:5b:e4:60:69:eb:3b:ad:
         f9:e0:4a:3b:c8:54:8a:80:59:55:59:35:71:8d:7b:be:ef:56:
         bf:b4:f8:c0:d8:29:c8:a8:44:dd:33:0a:d8:3e:5d:84:72:6c:
         7a:35:97:72:29:d7:48:78:46:1e:74:78:22:5a:38:92:48:63:
         9b:0d:79:d4:2b:af:17:9b:5f:01:2b:25:e0:10:b6:56:3d:9e:
         1c:62:e5:32:0a:e5:8a:ef:8d:d1:4b:1d:c1:62:54:4c:10:b5:
         83:47:6d:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAsU7kMDhknCS5P4WNCAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmI2MTEwY2YzNzQ4ZTVhYTc1N2Y4MDAzZWJmYzFhOWFmMWVjNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiMqbFcded6dorT+XIQd8YpLGbTB
jE0Ba+M09tJYADfVYL8+ia5D/xqjQVNrj55MHoJOcop6tgOeR+YWSEYknEbKImYq
/aATsUwujMDHLA5+SNX/KjfH8LDvrRiZiN2yrVd0VudzHmx3e3kzGuzQ1RKcmToz
Z9NkorGJKrwz6/qiaOog25KLYVPeEIH9ezL4cpvN1a8vBLnAIuElXxH2je0YO1Ob
MhBV7Cz3MAayHnpEsb6yeUOLv5VrSUipqe+KiNafj5+CHfoTSekES73QbQPNSIq1
kNWYebnf6T8L02dtIjtTGkh1Jkt+AL7ceE9NL8zkEsBHq0+qYxKUvxQnzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMu2EQzzdI5ap1f4AD6/wamvHsQbMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEveTdZUkRQTjBqbHFuVl9nQVByX0JxYThleEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/r3AwQA
vNRvMA0GCSqGSIb3DQEBCwUAA4IBAQAe9A6I6P7G8Coqq/ouskuXYzrpvlCIL56N
zTPVM+JDTehh4PPpJMYFL6Vme+MRR/1VZUwUVBK1qVeO4PIADERL/N2PkzFSBXqF
gkGG289RD8mXfZdNZmLPKZpOylj/kESS0lJuOSMd9XjviOCF3AQQwXA9NAV7JlSw
gZb/7ORtlOIXbRFofJ/ut3XIrn6EdtHhiDm9E+OBOQYU6lvkYGnrO6354Eo7yFSK
gFlVWTVxjXu+71a/tPjA2CnIqETdMwrYPl2Ecmx6NZdyKddIeEYedHgiWjiSSGOb
DXnUK68Xm18BKyXgELZWPZ4cYuUyCuWK743RSx3BYlRMELWDR22B
-----END CERTIFICATE-----