Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/7psPN-x2LTqvnr8bs6LBsIXmDQc.roa
File:                     7psPN-x2LTqvnr8bs6LBsIXmDQc.roa (raw, json)
Hash identifier:          AU6e8jpQj9qchnVXk2bCAMZLakWMPDeLPIrSrmWaE70=
Subject key identifier:   EE:9B:0F:37:EC:76:2D:3A:AF:9E:BF:1B:B3:A2:C1:B0:85:E6:0D:07
Certificate issuer:       /CN=d0e2da8e891690e71e9b8595097da7c6064da602
Certificate serial:       018FBE984B11375ABBED593B3F2F1C1FD142
Authority key identifier: D0:E2:DA:8E:89:16:90:E7:1E:9B:85:95:09:7D:A7:C6:06:4D:A6:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0OLajokWkOcem4WVCX2nxgZNpgI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/7psPN-x2LTqvnr8bs6LBsIXmDQc.roa
Signing time:             Tue 28 May 2024 09:46:42 +0000
ROA not before:           Tue 28 May 2024 09:46:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201715
IP address blocks:        185.32.109.0/24 maxlen: 24
                          185.32.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/0OLajokWkOcem4WVCX2nxgZNpgI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/0OLajokWkOcem4WVCX2nxgZNpgI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0OLajokWkOcem4WVCX2nxgZNpgI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:98:4b:11:37:5a:bb:ed:59:3b:3f:2f:1c:1f:d1:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0e2da8e891690e71e9b8595097da7c6064da602
        Validity
            Not Before: May 28 09:46:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee9b0f37ec762d3aaf9ebf1bb3a2c1b085e60d07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ac:ea:2f:2c:a7:62:01:d1:0c:24:73:a9:18:
                    76:a0:62:7f:0c:41:20:f7:7f:1d:1f:cc:a0:45:f6:
                    29:41:cd:9b:33:69:c7:ec:2b:4d:95:5c:4d:cd:8e:
                    92:9a:d4:67:dd:5c:76:24:80:13:bd:26:37:77:c1:
                    3c:4a:b4:64:29:84:55:2a:5d:b4:db:69:f4:c2:30:
                    e7:f9:66:bf:14:ac:ba:05:30:fc:32:0a:68:05:90:
                    7e:6e:16:b3:88:12:f6:53:02:12:ac:6e:07:5f:b3:
                    7d:20:d4:ac:3f:6e:b3:fb:a3:25:07:c3:86:ae:95:
                    c5:a8:8e:07:19:e0:62:61:cb:7c:1e:04:b9:ad:4c:
                    f3:f0:99:93:41:c8:a1:f1:0f:3e:b8:fd:6e:f9:6e:
                    6f:84:76:d4:f2:61:3a:ec:1b:ca:94:eb:8c:08:1c:
                    5c:b3:7b:f6:33:67:35:f2:b5:45:dd:b6:70:d6:ef:
                    8a:be:fe:08:90:1e:15:8a:3f:7c:01:c1:bd:07:34:
                    ca:4d:fa:0d:bb:ff:03:f5:26:50:73:93:09:57:97:
                    ee:40:6f:83:b6:9e:c7:36:6d:db:87:aa:13:68:d7:
                    bb:61:24:fe:3f:53:62:dc:5a:2c:c8:f4:a4:a6:6b:
                    2d:cb:3b:0d:b2:04:e8:87:63:77:09:da:eb:ab:da:
                    0a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:9B:0F:37:EC:76:2D:3A:AF:9E:BF:1B:B3:A2:C1:B0:85:E6:0D:07
            X509v3 Authority Key Identifier:
                keyid:D0:E2:DA:8E:89:16:90:E7:1E:9B:85:95:09:7D:A7:C6:06:4D:A6:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0OLajokWkOcem4WVCX2nxgZNpgI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/7psPN-x2LTqvnr8bs6LBsIXmDQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/0OLajokWkOcem4WVCX2nxgZNpgI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.109.0-185.32.110.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:9b:d9:be:93:d4:6c:3e:2a:b0:66:48:10:b0:aa:03:f1:9c:
         d6:71:1e:24:84:a3:f4:bf:d6:7c:77:16:3c:01:1f:ea:7c:9d:
         7f:dd:b3:9e:e0:66:01:09:0c:b0:10:3e:86:29:58:cf:78:5e:
         01:e3:09:57:4c:4a:9f:b8:d9:38:ee:d0:1c:a8:5a:89:8b:f8:
         3c:44:70:46:cb:e5:8c:00:ae:53:b6:93:03:9b:7d:db:34:37:
         50:63:a6:70:3a:88:71:d2:5a:8d:17:0f:7a:c8:47:04:5a:dd:
         61:9c:75:a0:67:06:be:7a:b2:2a:f6:58:23:f4:7e:eb:6e:ee:
         44:b6:42:e3:c6:9a:ef:a8:8c:a5:a9:40:d8:4a:19:25:8c:e9:
         ba:42:36:0b:38:4b:47:90:4d:07:a5:7c:86:87:8e:fa:f6:97:
         e0:de:9b:8f:c3:5b:d0:00:08:24:9b:3e:00:91:42:05:a0:1f:
         e8:91:88:53:ec:9e:02:95:2d:64:22:18:32:23:1b:49:8d:ca:
         7f:3f:4a:e9:4d:93:86:5b:21:c7:b5:97:cd:37:11:33:55:75:
         19:23:54:19:29:73:0f:c8:0e:23:77:bf:d9:d8:35:b6:dd:06:
         3d:b0:01:4f:b0:14:48:42:55:ac:1d:09:a6:76:3f:fe:72:1f:
         63:81:5a:8d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY++mEsRN1q77Vk7Py8cH9FCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZTJkYThlODkxNjkwZTcxZTliODU5NTA5N2RhN2M2MDY0
ZGE2MDIwHhcNMjQwNTI4MDk0NjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTliMGYzN2VjNzYyZDNhYWY5ZWJmMWJiM2EyYzFiMDg1ZTYwZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2KzqLyynYgHRDCRzqRh2oGJ/DEEg
938dH8ygRfYpQc2bM2nH7CtNlVxNzY6SmtRn3Vx2JIATvSY3d8E8SrRkKYRVKl20
22n0wjDn+Wa/FKy6BTD8MgpoBZB+bhaziBL2UwISrG4HX7N9INSsP26z+6MlB8OG
rpXFqI4HGeBiYct8HgS5rUzz8JmTQcih8Q8+uP1u+W5vhHbU8mE67BvKlOuMCBxc
s3v2M2c18rVF3bZw1u+Kvv4IkB4Vij98AcG9BzTKTfoNu/8D9SZQc5MJV5fuQG+D
tp7HNm3bh6oTaNe7YST+P1Ni3FosyPSkpmstyzsNsgToh2N3Cdrrq9oKkQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO6bDzfsdi06r56/G7OiwbCF5g0HMB8GA1UdIwQY
MBaAFNDi2o6JFpDnHpuFlQl9p8YGTaYCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME9MYWpva1drT2NlbTRXVkNYMm54Z1pOcGdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mMDZlMmMtOTdiNy00NjI4LThiNjkt
ZWMyZmJhZmU0ZDkxLzEvN3BzUE4teDJMVHF2bnI4YnM2TEJzSVhtRFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mMDZlMmMtOTdiNy00NjI4LThiNjktZWMyZmJhZmU0ZDkx
LzEvME9MYWpva1drT2NlbTRXVkNYMm54Z1pOcGdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5IG0D
BAC5IG4wDQYJKoZIhvcNAQELBQADggEBAHqb2b6T1Gw+KrBmSBCwqgPxnNZxHiSE
o/S/1nx3FjwBH+p8nX/ds57gZgEJDLAQPoYpWM94XgHjCVdMSp+42Tju0ByoWomL
+DxEcEbL5YwArlO2kwObfds0N1BjpnA6iHHSWo0XD3rIRwRa3WGcdaBnBr56sir2
WCP0futu7kS2QuPGmu+ojKWpQNhKGSWM6bpCNgs4S0eQTQelfIaHjvr2l+Dem4/D
W9AACCSbPgCRQgWgH+iRiFPsngKVLWQiGDIjG0mNyn8/SulNk4ZbIce1l803ETNV
dRkjVBkpcw/IDiN3v9nYNbbdBj2wAU+wFEhCVawdCaZ2P/5yH2OBWo0=
-----END CERTIFICATE-----