Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x7trKcvNQIlNW28xYhXMgxBeIO4.roa
File:                     x7trKcvNQIlNW28xYhXMgxBeIO4.roa (raw, json)
Hash identifier:          7eqZsw+DOBnGvYKg4rY0yMUrR6Eig2jWSd3Xw1VE//A=
Subject key identifier:   C7:BB:6B:29:CB:CD:40:89:4D:5B:6F:31:62:15:CC:83:10:5E:20:EE
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802851EE995F7660EB8E7F8A59C74D3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x7trKcvNQIlNW28xYhXMgxBeIO4.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        194.124.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:85:1e:e9:95:f7:66:0e:b8:e7:f8:a5:9c:74:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7bb6b29cbcd40894d5b6f316215cc83105e20ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:52:65:1d:f3:ea:04:bd:57:2f:34:06:ac:a4:
                    2e:2f:d6:ba:09:09:4c:42:27:06:f5:0e:ae:50:e6:
                    d6:28:f9:bc:89:a3:ff:e0:1c:5e:0b:b5:0e:d1:b9:
                    fe:54:57:dc:c1:e0:67:54:32:71:ec:f0:b5:df:38:
                    b3:79:be:06:96:96:77:ef:4c:55:97:f8:33:e1:89:
                    32:5c:17:ba:c2:3b:ae:34:69:2a:22:74:64:2f:9d:
                    2c:27:bf:92:d5:82:61:e0:4d:5f:01:33:f1:92:27:
                    fe:e7:6d:24:a7:96:9e:1d:fd:0d:17:b5:0e:a2:f9:
                    35:c1:04:b9:f7:d8:cb:e1:b9:41:7e:3b:1b:c6:cc:
                    a6:35:ca:05:2c:c0:83:e8:6b:e0:5e:9a:f9:83:b4:
                    8b:30:dd:0f:bd:6f:21:91:b1:b1:c4:31:36:af:a9:
                    e4:b6:6e:6f:87:f5:ed:68:cd:e4:8f:91:6e:0b:5d:
                    d4:cc:9d:39:68:6a:1e:59:5b:ea:1a:f6:ab:8b:8f:
                    c9:2b:10:71:b7:39:f1:9f:82:c6:f7:c4:46:a4:0d:
                    72:ba:42:ed:79:cc:07:52:0a:11:d4:26:90:0e:bd:
                    15:52:8b:46:29:4e:58:a3:4d:e9:6d:d8:80:88:e0:
                    02:59:55:67:4f:50:82:f8:75:a9:77:14:b7:2d:45:
                    8f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BB:6B:29:CB:CD:40:89:4D:5B:6F:31:62:15:CC:83:10:5E:20:EE
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x7trKcvNQIlNW28xYhXMgxBeIO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:80:5d:6a:f6:a6:39:4c:06:4e:cb:bd:cb:26:aa:19:b1:6a:
         31:32:0d:c7:21:1a:ac:c3:1d:d6:eb:b5:1f:9b:7c:fc:55:67:
         65:42:6b:b5:dd:5b:2d:92:5e:33:2a:60:b9:7e:5a:81:91:d4:
         66:94:fb:0d:85:36:6b:9c:24:a2:33:68:0d:4e:73:86:d7:3b:
         96:67:72:ea:ec:c6:fc:93:ea:7d:f8:ab:28:6d:33:b0:2b:89:
         60:cf:68:1c:b5:98:c8:9a:45:46:6b:09:61:0b:42:35:6f:01:
         d6:12:7e:0b:ca:3b:28:f6:39:ec:27:e8:bf:4c:d8:5e:05:27:
         db:1d:98:13:ee:14:a3:e3:3f:e2:9a:3f:21:7c:e1:17:fb:48:
         fa:6b:e3:08:94:b8:2b:ef:5f:f5:a1:f2:c0:6e:ff:b6:fb:88:
         73:08:0e:4b:24:0c:6d:1c:1a:e9:a6:fd:f2:d1:48:cb:09:21:
         39:2b:79:96:13:e6:c1:ae:b5:5f:94:e1:02:e3:5e:bf:0f:d3:
         2a:af:1f:76:05:78:38:78:92:fc:75:7c:8d:19:50:50:df:a9:
         db:3d:32:3a:76:33:38:8b:83:44:79:5b:82:4f:79:6a:28:6f:
         78:9f:d8:b2:52:25:3c:48:20:41:4e:cd:de:1e:c2:19:bb:c0:
         63:c1:a2:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoUe6ZX3Zg645/ilnHTTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JiNmIyOWNiY2Q0MDg5NGQ1YjZmMzE2MjE1Y2M4MzEwNWUyMGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglJlHfPqBL1XLzQGrKQuL9a6CQlM
QicG9Q6uUObWKPm8iaP/4BxeC7UO0bn+VFfcweBnVDJx7PC13zizeb4GlpZ370xV
l/gz4YkyXBe6wjuuNGkqInRkL50sJ7+S1YJh4E1fATPxkif+520kp5aeHf0NF7UO
ovk1wQS599jL4blBfjsbxsymNcoFLMCD6GvgXpr5g7SLMN0PvW8hkbGxxDE2r6nk
tm5vh/XtaM3kj5FuC13UzJ05aGoeWVvqGvari4/JKxBxtznxn4LG98RGpA1yukLt
ecwHUgoR1CaQDr0VUotGKU5Yo03pbdiAiOACWVVnT1CC+HWpdxS3LUWPwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMe7aynLzUCJTVtvMWIVzIMQXiDuMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveDd0cktjdk5RSWxOVzI4eFloWE1neEJlSU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnxFMA0G
CSqGSIb3DQEBCwUAA4IBAQCNgF1q9qY5TAZOy73LJqoZsWoxMg3HIRqswx3W67Uf
m3z8VWdlQmu13Vstkl4zKmC5flqBkdRmlPsNhTZrnCSiM2gNTnOG1zuWZ3Lq7Mb8
k+p9+KsobTOwK4lgz2gctZjImkVGawlhC0I1bwHWEn4Lyjso9jnsJ+i/TNheBSfb
HZgT7hSj4z/imj8hfOEX+0j6a+MIlLgr71/1ofLAbv+2+4hzCA5LJAxtHBrppv3y
0UjLCSE5K3mWE+bBrrVflOEC416/D9Mqrx92BXg4eJL8dXyNGVBQ36nbPTI6djM4
i4NEeVuCT3lqKG94n9iyUiU8SCBBTs3eHsIZu8BjwaIF
-----END CERTIFICATE-----