Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/7mvpuGkLGi8WH9__DZ1OymKUSWg.roa
File:                     7mvpuGkLGi8WH9__DZ1OymKUSWg.roa (raw, json)
Hash identifier:          TLJouhDB2DVdMvtc6OhT5e98iU/YSIV4kP2INBciw4U=
Subject key identifier:   EE:6B:E9:B8:69:0B:1A:2F:16:1F:DF:FF:0D:9D:4E:CA:62:94:49:68
Certificate issuer:       /CN=a316c7659af1d56bc718faf614f092758f5edc7f
Certificate serial:       018CC79431246ED7C2B0F1DEFF99F4472D3D
Authority key identifier: A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/7mvpuGkLGi8WH9__DZ1OymKUSWg.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.221.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:31:24:6e:d7:c2:b0:f1:de:ff:99:f4:47:2d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a316c7659af1d56bc718faf614f092758f5edc7f
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee6be9b8690b1a2f161fdfff0d9d4eca62944968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:32:93:7e:7a:4f:08:58:11:4d:d3:88:3b:81:
                    7f:13:bc:17:4a:8f:25:a1:b7:33:75:e5:2c:43:60:
                    0f:49:cd:24:88:c1:b8:10:97:76:5b:e4:8f:9d:49:
                    1b:de:42:51:3c:0b:82:16:61:8d:e4:cf:8d:43:48:
                    95:f7:92:44:c4:52:c4:8e:97:b8:cf:e8:65:a3:25:
                    f6:03:20:a0:50:83:e6:1f:95:eb:3e:4b:f0:54:b7:
                    b1:2d:f9:2d:28:8f:fa:f5:7f:bb:90:68:b1:81:62:
                    66:ae:73:a0:6d:34:ea:ff:3b:c0:50:6a:6f:d1:89:
                    43:b1:17:13:3b:c8:08:5c:29:91:d4:2f:48:1f:db:
                    1b:7f:f2:93:ea:5b:2a:30:d7:43:3b:29:87:30:62:
                    5f:5e:be:ae:c5:c9:26:3b:bc:85:f0:90:13:2a:68:
                    c0:56:26:50:82:c6:8b:5e:a1:19:a4:ed:91:af:06:
                    7d:2e:fd:f0:b7:b7:3b:1a:da:21:26:79:b1:a4:b1:
                    e4:f1:4e:b0:0d:fe:31:b8:34:69:f6:46:a3:e8:11:
                    b2:1d:a7:c6:a5:2d:de:3a:27:51:98:9e:c9:13:6a:
                    14:95:91:eb:d8:ca:44:60:d3:a1:ec:93:de:cc:80:
                    0a:1e:a4:b7:62:c8:fd:96:91:0f:47:05:8d:44:b9:
                    51:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:6B:E9:B8:69:0B:1A:2F:16:1F:DF:FF:0D:9D:4E:CA:62:94:49:68
            X509v3 Authority Key Identifier:
                keyid:A3:16:C7:65:9A:F1:D5:6B:C7:18:FA:F6:14:F0:92:75:8F:5E:DC:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oxbHZZrx1WvHGPr2FPCSdY9e3H8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/7mvpuGkLGi8WH9__DZ1OymKUSWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/30d4e8-e090-4bf2-8185-3687c818ede5/1/oxbHZZrx1WvHGPr2FPCSdY9e3H8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:32:e1:4d:bb:bc:79:fb:3c:c2:ec:0b:c8:7f:78:83:d2:4a:
         1d:58:80:5f:92:6b:e4:58:b3:e3:28:e6:a7:9d:46:55:9a:f6:
         dd:e7:cc:54:7d:98:58:55:79:02:57:ad:ed:2e:a6:4b:b5:2e:
         98:1c:b4:60:1a:b2:4e:d9:01:fa:11:1f:c9:e1:89:74:6e:b8:
         23:5f:1d:0c:fe:50:d6:4f:74:63:9e:ab:6a:f2:ca:d5:8e:fc:
         2f:b8:cb:be:b8:0c:e7:77:02:ca:00:fa:ce:03:04:76:86:ef:
         74:c3:29:72:bf:91:82:50:78:5d:76:b3:e0:b6:de:5b:95:b3:
         34:a9:41:58:43:6f:dd:8d:ff:04:5b:92:75:77:a8:82:a6:9b:
         e1:85:6e:c7:81:7f:60:5e:a6:99:c9:d5:fd:59:9f:ae:d4:de:
         69:d7:f0:51:39:a6:23:1e:29:bf:b5:62:f6:51:63:02:32:e1:
         7c:45:60:0f:07:5e:0c:b5:bb:f2:3e:e4:4e:26:98:b9:77:56:
         a6:26:45:38:ea:a6:24:68:97:78:aa:73:1e:70:3b:fd:1e:28:
         f8:52:98:d1:d5:66:8d:4c:89:53:e1:9c:30:45:2a:6f:37:f4:
         79:b7:d9:c2:52:12:31:1e:bb:5f:19:58:40:ee:2c:c2:e8:69:
         50:b8:22:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDEkbtfCsPHe/5n0Ry09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMTZjNzY1OWFmMWQ1NmJjNzE4ZmFmNjE0ZjA5Mjc1OGY1
ZWRjN2YwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTZiZTliODY5MGIxYTJmMTYxZmRmZmYwZDlkNGVjYTYyOTQ0OTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzKTfnpPCFgRTdOIO4F/E7wXSo8l
obczdeUsQ2APSc0kiMG4EJd2W+SPnUkb3kJRPAuCFmGN5M+NQ0iV95JExFLEjpe4
z+hloyX2AyCgUIPmH5XrPkvwVLexLfktKI/69X+7kGixgWJmrnOgbTTq/zvAUGpv
0YlDsRcTO8gIXCmR1C9IH9sbf/KT6lsqMNdDOymHMGJfXr6uxckmO7yF8JATKmjA
ViZQgsaLXqEZpO2RrwZ9Lv3wt7c7GtohJnmxpLHk8U6wDf4xuDRp9kaj6BGyHafG
pS3eOidRmJ7JE2oUlZHr2MpEYNOh7JPezIAKHqS3Ysj9lpEPRwWNRLlRiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5r6bhpCxovFh/f/w2dTspilEloMB8GA1UdIwQY
MBaAFKMWx2Wa8dVrxxj69hTwknWPXtx/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUt
MzY4N2M4MThlZGU1LzEvN212cHVHa0xHaThXSDlfX0RaMU95bUtVU1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMGQ0ZTgtZTA5MC00YmYyLTgxODUtMzY4N2M4MThlZGU1
LzEvb3hiSFpacngxV3ZIR1ByMkZQQ1NkWTllM0g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud1UMA0G
CSqGSIb3DQEBCwUAA4IBAQAnMuFNu7x5+zzC7AvIf3iD0kodWIBfkmvkWLPjKOan
nUZVmvbd58xUfZhYVXkCV63tLqZLtS6YHLRgGrJO2QH6ER/J4Yl0brgjXx0M/lDW
T3Rjnqtq8srVjvwvuMu+uAzndwLKAPrOAwR2hu90wylyv5GCUHhddrPgtt5blbM0
qUFYQ2/djf8EW5J1d6iCppvhhW7HgX9gXqaZydX9WZ+u1N5p1/BROaYjHim/tWL2
UWMCMuF8RWAPB14MtbvyPuROJpi5d1amJkU46qYkaJd4qnMecDv9Hij4UpjR1WaN
TIlT4ZwwRSpvN/R5t9nCUhIxHrtfGVhA7izC6GlQuCLd
-----END CERTIFICATE-----