Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/7ggA6fpjL9stGWTl7R8dFYUaH5s.roa
File:                     7ggA6fpjL9stGWTl7R8dFYUaH5s.roa (raw, json)
Hash identifier:          WfHd2QSlm/t+mb5GB9cWfQmkgp7Mxt9Z/Ras1O8SQTU=
Subject key identifier:   EE:08:00:E9:FA:63:2F:DB:2D:19:64:E5:ED:1F:1D:15:85:1A:1F:9B
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9A6EA7115522A4C367ED71A20F24
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/7ggA6fpjL9stGWTl7R8dFYUaH5s.roa
Signing time:             Tue 02 Jan 2024 06:32:26 +0000
ROA not before:           Tue 02 Jan 2024 06:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50040
IP address blocks:        213.108.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9a:6e:a7:11:55:22:a4:c3:67:ed:71:a2:0f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee0800e9fa632fdb2d1964e5ed1f1d15851a1f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6f:c0:f1:ba:d4:c9:d4:0d:dc:d2:17:9d:ac:
                    a5:1e:7c:18:73:cf:af:8e:84:78:a9:99:6d:33:31:
                    07:4b:b6:09:2d:6f:2c:9f:8b:cb:2f:d4:cf:4b:e8:
                    96:1b:38:0d:64:1e:6a:6e:f7:5e:db:5a:ec:fd:63:
                    c5:4f:71:eb:84:a3:ba:e2:58:67:98:ff:6e:b6:ac:
                    4b:0e:b8:81:6b:65:20:e9:52:68:e4:63:d3:bb:64:
                    c9:07:02:be:98:09:80:66:73:2e:79:6b:45:37:22:
                    07:b7:c5:fb:67:0e:18:15:aa:9c:b5:71:c1:d5:54:
                    d0:1c:42:e7:20:10:1e:8f:3d:a5:a3:4d:26:f9:0e:
                    a7:57:1d:f5:e9:63:4f:07:a7:b0:be:66:8a:85:37:
                    5c:71:eb:e9:57:ff:9a:79:1b:6e:40:3f:ca:9f:72:
                    91:73:0a:a4:c0:3a:50:08:ec:0a:3f:e6:9d:86:42:
                    b0:cc:3d:9f:7c:37:b3:69:4a:68:cf:d4:ff:ae:27:
                    6e:82:e6:b8:b6:cf:69:ca:dc:87:45:65:cd:6b:51:
                    d7:28:c6:4c:c4:f5:3f:90:e8:b8:02:79:47:60:cd:
                    f3:85:f7:73:6d:54:40:06:20:d6:03:55:fa:8b:bf:
                    68:25:26:77:ac:52:a7:82:76:2f:3b:cc:62:d8:67:
                    aa:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:08:00:E9:FA:63:2F:DB:2D:19:64:E5:ED:1F:1D:15:85:1A:1F:9B
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/7ggA6fpjL9stGWTl7R8dFYUaH5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:33:b3:e5:21:79:b3:4b:75:bf:25:1e:a8:77:b8:cf:ef:3e:
         22:e7:75:6e:86:35:99:3f:a0:2d:e9:3c:69:e7:4e:72:1c:a6:
         64:36:c0:25:bb:ae:59:8c:03:14:5d:14:4e:f8:df:c8:eb:e7:
         3c:1a:54:1f:b2:65:40:72:c5:08:bf:57:8e:eb:ad:3f:8e:5c:
         b7:cf:7b:09:11:e1:4e:55:18:fe:ec:80:52:df:de:a9:1f:4f:
         ec:86:7c:06:59:08:7f:29:55:30:6c:bc:51:43:29:a5:bc:67:
         36:dc:da:08:94:57:bd:a5:0a:a3:08:86:d3:73:ab:8f:85:7a:
         43:8b:9f:07:30:5a:26:0e:42:8e:88:40:c2:a7:e0:3e:85:c7:
         66:c8:73:80:39:aa:0d:c5:40:32:cb:e6:6b:cd:dd:04:ad:e5:
         dd:81:e1:e8:52:4c:55:4b:1e:aa:61:47:a2:57:d6:08:3a:ca:
         52:24:e4:f1:2c:c0:c1:cf:a9:b9:e7:88:2b:af:ba:d9:f9:b8:
         95:89:ea:c7:63:0a:cb:3e:dc:89:f0:fc:02:c3:d7:d3:eb:b1:
         7f:99:27:27:e2:d2:a8:5f:97:50:d5:d9:26:3a:30:07:9b:cc:
         77:b3:b3:6f:70:0b:f1:e6:4c:6b:9a:57:c4:d6:21:3d:ff:ba:
         9e:17:fd:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35pupxFVIqTDZ+1xog8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTA4MDBlOWZhNjMyZmRiMmQxOTY0ZTVlZDFmMWQxNTg1MWExZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1W/A8brUydQN3NIXnaylHnwYc8+v
joR4qZltMzEHS7YJLW8sn4vLL9TPS+iWGzgNZB5qbvde21rs/WPFT3HrhKO64lhn
mP9utqxLDriBa2Ug6VJo5GPTu2TJBwK+mAmAZnMueWtFNyIHt8X7Zw4YFaqctXHB
1VTQHELnIBAejz2lo00m+Q6nVx316WNPB6ewvmaKhTdccevpV/+aeRtuQD/Kn3KR
cwqkwDpQCOwKP+adhkKwzD2ffDezaUpoz9T/ridugua4ts9pytyHRWXNa1HXKMZM
xPU/kOi4AnlHYM3zhfdzbVRABiDWA1X6i79oJSZ3rFKngnYvO8xi2GeqQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4IAOn6Yy/bLRlk5e0fHRWFGh+bMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvN2dnQTZmcGpMOXN0R1dUbDdSOGRGWVVhSDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WzFMA0G
CSqGSIb3DQEBCwUAA4IBAQCCM7PlIXmzS3W/JR6od7jP7z4i53VuhjWZP6At6Txp
505yHKZkNsAlu65ZjAMUXRRO+N/I6+c8GlQfsmVAcsUIv1eO660/jly3z3sJEeFO
VRj+7IBS396pH0/shnwGWQh/KVUwbLxRQymlvGc23NoIlFe9pQqjCIbTc6uPhXpD
i58HMFomDkKOiEDCp+A+hcdmyHOAOaoNxUAyy+Zrzd0EreXdgeHoUkxVSx6qYUei
V9YIOspSJOTxLMDBz6m554grr7rZ+biVierHYwrLPtyJ8PwCw9fT67F/mScn4tKo
X5dQ1dkmOjAHm8x3s7NvcAvx5kxrmlfE1iE9/7qeF/0L
-----END CERTIFICATE-----