Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/xn2dyFlj7zRLbS7Mvr78sSmYqWM.roa
File:                     xn2dyFlj7zRLbS7Mvr78sSmYqWM.roa (raw, json)
Hash identifier:          7QTkJ8maHkJJOSrP5efy/uXYArRAMxyYFL7K5+2xvKk=
Subject key identifier:   C6:7D:9D:C8:59:63:EF:34:4B:6D:2E:CC:BE:BE:FC:B1:29:98:A9:63
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018D556EC70482362335288C5FAA0787E8C0
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/xn2dyFlj7zRLbS7Mvr78sSmYqWM.roa
Signing time:             Mon 29 Jan 2024 13:35:39 +0000
ROA not before:           Mon 29 Jan 2024 13:35:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208312
IP address blocks:        109.196.166.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:55:6e:c7:04:82:36:23:35:28:8c:5f:aa:07:87:e8:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan 29 13:35:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c67d9dc85963ef344b6d2eccbebefcb12998a963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0a:7f:08:8b:0e:3a:59:54:16:a7:e8:06:aa:
                    1a:b6:44:4f:18:ab:90:de:d0:02:6a:c5:ca:f3:3d:
                    00:9b:df:29:6f:5d:d2:b8:dd:e0:55:d4:7d:96:e0:
                    38:4b:ff:9b:d4:52:2b:0f:57:8b:64:e7:e3:ec:2c:
                    ce:14:5e:eb:a4:e4:6a:ca:4b:12:d8:68:13:85:f7:
                    7f:30:0b:38:1c:87:be:37:e4:06:34:83:e5:18:af:
                    32:43:06:e0:f0:4d:e5:a5:02:d4:79:2b:22:b5:f7:
                    f9:82:cd:73:2a:9d:34:f1:69:58:4e:c2:f3:a0:77:
                    11:34:13:71:59:84:9e:30:b1:27:54:e5:ac:53:cc:
                    95:1a:82:35:95:3d:cb:7b:55:2e:af:71:79:7f:95:
                    0a:d1:05:1c:be:be:f4:e8:4a:66:82:a8:77:aa:c6:
                    85:81:59:35:42:06:fe:98:c0:03:17:d5:a5:e0:f7:
                    20:44:0f:9e:0c:9e:f1:bc:24:54:5e:93:4b:df:bd:
                    c2:5d:5e:c0:67:f1:89:a6:eb:ab:0d:f3:3d:43:85:
                    2a:87:67:ad:ee:d9:a4:5c:0e:a7:d6:bb:d3:25:da:
                    9b:ca:4f:56:d2:c2:b9:99:2c:f6:de:8d:3f:8c:88:
                    88:12:13:0f:27:3a:6f:17:cc:25:79:a0:50:2f:27:
                    c2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:7D:9D:C8:59:63:EF:34:4B:6D:2E:CC:BE:BE:FC:B1:29:98:A9:63
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/xn2dyFlj7zRLbS7Mvr78sSmYqWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.196.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8b:05:5a:9d:7f:46:58:a7:19:72:5d:3e:5f:74:43:26:89:71:
         46:92:82:c9:92:87:1f:93:5c:eb:e8:fc:cc:66:9c:31:5b:ae:
         24:60:01:cf:7f:4c:0f:e1:49:4b:d8:c6:36:39:d8:e2:84:00:
         c7:6c:f2:e9:27:53:d7:58:1a:99:3f:46:a8:2b:7b:df:53:c4:
         28:7f:0e:bd:37:e6:13:00:ae:8a:e9:fa:c7:49:f0:19:e8:b4:
         cf:02:e3:8d:7d:85:17:93:14:9f:ad:60:0a:5a:71:fb:69:18:
         2f:24:c3:19:a2:19:14:01:4d:f2:62:f3:70:dd:ca:90:80:2d:
         0b:bd:88:bc:9b:75:36:97:10:76:1f:f1:cb:6e:66:0a:50:4d:
         7a:5e:a7:17:1a:d8:29:b1:82:66:2e:8b:ac:fd:e4:0a:ce:6d:
         d3:39:31:01:cf:69:4b:fe:1c:ff:c3:da:ee:67:df:d0:aa:9c:
         dc:d7:d5:5b:a9:a2:73:54:e6:bc:37:5a:45:6d:74:9d:c1:d4:
         a5:48:ff:2c:76:0f:c9:eb:6c:2e:6c:15:f3:ac:60:7f:5b:45:
         e7:94:c7:33:54:ef:bd:d3:21:ef:8a:76:bf:3a:b0:39:72:10:
         21:31:91:2d:9f:0a:a6:b5:e0:1b:cf:8c:03:d0:95:95:90:50:
         2c:e8:3a:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1VbscEgjYjNSiMX6oHh+jAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTI5MTMzNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjdkOWRjODU5NjNlZjM0NGI2ZDJlY2NiZWJlZmNiMTI5OThhOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQp/CIsOOllUFqfoBqoatkRPGKuQ
3tACasXK8z0Am98pb13SuN3gVdR9luA4S/+b1FIrD1eLZOfj7CzOFF7rpORqyksS
2GgThfd/MAs4HIe+N+QGNIPlGK8yQwbg8E3lpQLUeSsitff5gs1zKp008WlYTsLz
oHcRNBNxWYSeMLEnVOWsU8yVGoI1lT3Le1Uur3F5f5UK0QUcvr706Epmgqh3qsaF
gVk1Qgb+mMADF9Wl4PcgRA+eDJ7xvCRUXpNL373CXV7AZ/GJpuurDfM9Q4Uqh2et
7tmkXA6n1rvTJdqbyk9W0sK5mSz23o0/jIiIEhMPJzpvF8wleaBQLyfCNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ9nchZY+80S20uzL6+/LEpmKljMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEveG4yZHlGbGo3elJMYlM3TXZyNzhzU21ZcVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbcSmMA0G
CSqGSIb3DQEBCwUAA4IBAQCLBVqdf0ZYpxlyXT5fdEMmiXFGkoLJkocfk1zr6PzM
ZpwxW64kYAHPf0wP4UlL2MY2OdjihADHbPLpJ1PXWBqZP0aoK3vfU8Qofw69N+YT
AK6K6frHSfAZ6LTPAuONfYUXkxSfrWAKWnH7aRgvJMMZohkUAU3yYvNw3cqQgC0L
vYi8m3U2lxB2H/HLbmYKUE16XqcXGtgpsYJmLous/eQKzm3TOTEBz2lL/hz/w9ru
Z9/Qqpzc19VbqaJzVOa8N1pFbXSdwdSlSP8sdg/J62wubBXzrGB/W0XnlMczVO+9
0yHvina/OrA5chAhMZEtnwqmteAbz4wD0JWVkFAs6Drv
-----END CERTIFICATE-----