Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/fj7Ivk3oYztIzO4QzPFqo0Tp46k.roa
File:                     fj7Ivk3oYztIzO4QzPFqo0Tp46k.roa (raw, json)
Hash identifier:          SRwRepRiTkoV38gDUuhtoMVY91jk/mTT+RopAAUDew0=
Subject key identifier:   7E:3E:C8:BE:4D:E8:63:3B:48:CC:EE:10:CC:F1:6A:A3:44:E9:E3:A9
Certificate issuer:       /CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
Certificate serial:       018CC4938B8B31C99CD2F412BA5C13B399BA
Authority key identifier: 04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/fj7Ivk3oYztIzO4QzPFqo0Tp46k.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13101
IP address blocks:        185.60.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8b:8b:31:c9:9c:d2:f4:12:ba:5c:13:b3:99:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a5ec5f52668be50b4518b687cf8bd95930ae39
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e3ec8be4de8633b48ccee10ccf16aa344e9e3a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8c:2e:97:db:3b:1b:3d:56:5c:a9:2f:82:e1:
                    dd:81:a0:ed:42:65:ca:89:ad:59:48:99:95:cc:71:
                    32:d4:4a:0f:23:0c:82:f6:43:ba:37:87:ea:93:15:
                    30:b0:44:84:58:20:73:ff:16:2a:04:d5:ef:c2:5e:
                    35:49:13:ea:6c:4e:94:fc:e5:e1:c1:58:61:70:77:
                    b6:9f:c7:9e:1c:3f:16:59:a6:e9:73:82:3f:c0:3a:
                    17:7c:e2:87:f9:a9:a8:25:0f:c4:34:cc:c6:15:2f:
                    57:c9:fd:be:99:2d:e3:30:3e:d9:76:cf:c6:a6:58:
                    eb:ea:b4:90:d1:00:67:1d:c5:10:3b:6e:e7:eb:c3:
                    3f:be:b2:7e:78:dd:9e:46:0a:51:4e:f3:2f:81:25:
                    0e:f3:18:65:ff:c5:bb:d0:78:09:d9:cc:26:2d:54:
                    87:6f:17:24:0e:54:c9:1b:58:d0:11:4d:24:af:ee:
                    8b:84:9a:71:47:c7:75:e8:25:66:5a:55:54:4e:b3:
                    ce:a5:1e:58:f8:05:64:da:3e:47:f7:e3:bb:1e:6d:
                    9f:4e:94:06:3f:2e:7d:ac:e3:05:aa:df:01:18:54:
                    1f:a9:60:f8:47:9f:b0:86:9a:0f:e6:04:ec:86:47:
                    57:bc:b0:a7:b4:44:a3:ef:d6:a7:f6:fc:6c:f3:db:
                    6c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:3E:C8:BE:4D:E8:63:3B:48:CC:EE:10:CC:F1:6A:A3:44:E9:E3:A9
            X509v3 Authority Key Identifier:
                keyid:04:A5:EC:5F:52:66:8B:E5:0B:45:18:B6:87:CF:8B:D9:59:30:AE:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/fj7Ivk3oYztIzO4QzPFqo0Tp46k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/00e33e-fd74-4583-984e-c6b84cc58610/1/BKXsX1Jmi-ULRRi2h8-L2Vkwrjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:10:dd:f3:87:ba:d4:66:06:b6:70:dc:3a:a2:ec:8f:39:e5:
         5c:47:6a:72:04:ec:42:6c:b3:8a:8b:88:6a:6a:fd:1d:88:56:
         20:3d:26:2a:8e:76:b0:a6:bc:80:2d:f3:ee:5c:24:02:66:29:
         6e:b1:09:1a:8b:1e:c6:ef:20:c3:87:1f:c1:8d:73:ce:b1:99:
         d3:e5:02:59:d9:00:75:e6:57:6f:c3:61:04:7d:0f:9f:82:4d:
         03:04:fe:a0:03:2e:63:f2:7c:bb:8b:f4:d4:c0:b5:b0:58:eb:
         fc:56:0e:58:96:09:34:7a:0a:f4:a2:a3:4c:0a:88:b7:be:4d:
         33:9e:c4:c4:3c:33:ba:dc:d2:b7:23:23:21:1e:19:c4:eb:88:
         ee:3f:1a:d7:5b:07:9c:75:7d:19:8e:e2:58:1e:16:b1:f3:99:
         2e:2f:53:ed:bc:f2:0d:b6:ef:c9:d3:d8:ae:33:48:23:c1:f9:
         b6:54:3f:4f:81:ef:d3:a3:71:42:11:dd:de:23:b4:a4:ee:fc:
         29:f8:db:7b:46:2e:e0:2d:0d:28:39:d6:b3:96:06:bc:8e:7b:
         d6:f6:01:86:d6:55:f8:dc:08:3a:39:17:a7:71:05:cc:43:c7:
         8c:34:2b:75:c4:98:16:39:40:95:3b:10:31:b7:da:bb:b2:0d:
         e1:d7:32:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4uLMcmc0vQSulwTs5m6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTVlYzVmNTI2NjhiZTUwYjQ1MThiNjg3Y2Y4YmQ5NTkz
MGFlMzkwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTNlYzhiZTRkZTg2MzNiNDhjY2VlMTBjY2YxNmFhMzQ0ZTllM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYwul9s7Gz1WXKkvguHdgaDtQmXK
ia1ZSJmVzHEy1EoPIwyC9kO6N4fqkxUwsESEWCBz/xYqBNXvwl41SRPqbE6U/OXh
wVhhcHe2n8eeHD8WWabpc4I/wDoXfOKH+amoJQ/ENMzGFS9Xyf2+mS3jMD7Zds/G
pljr6rSQ0QBnHcUQO27n68M/vrJ+eN2eRgpRTvMvgSUO8xhl/8W70HgJ2cwmLVSH
bxckDlTJG1jQEU0kr+6LhJpxR8d16CVmWlVUTrPOpR5Y+AVk2j5H9+O7Hm2fTpQG
Py59rOMFqt8BGFQfqWD4R5+whpoP5gTshkdXvLCntESj79an9vxs89tsZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4+yL5N6GM7SMzuEMzxaqNE6eOpMB8GA1UdIwQY
MBaAFASl7F9SZovlC0UYtofPi9lZMK45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUt
YzZiODRjYzU4NjEwLzEvZmo3SXZrM29ZenRJek80UXpQRnFvMFRwNDZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMGUzM2UtZmQ3NC00NTgzLTk4NGUtYzZiODRjYzU4NjEw
LzEvQktYc1gxSm1pLVVMUlJpMmg4LUwyVmt3cmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTwVMA0G
CSqGSIb3DQEBCwUAA4IBAQB9EN3zh7rUZga2cNw6ouyPOeVcR2pyBOxCbLOKi4hq
av0diFYgPSYqjnawpryALfPuXCQCZilusQkaix7G7yDDhx/BjXPOsZnT5QJZ2QB1
5ldvw2EEfQ+fgk0DBP6gAy5j8ny7i/TUwLWwWOv8Vg5Ylgk0egr0oqNMCoi3vk0z
nsTEPDO63NK3IyMhHhnE64juPxrXWwecdX0ZjuJYHhax85kuL1PtvPINtu/J09iu
M0gjwfm2VD9Pge/To3FCEd3eI7Sk7vwp+Nt7Ri7gLQ0oOdazlga8jnvW9gGG1lX4
3Ag6ORencQXMQ8eMNCt1xJgWOUCVOxAxt9q7sg3h1zLy
-----END CERTIFICATE-----