Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/cJv7FApnKFTFkE-Ij2tA2zbH-qM.roa
File:                     cJv7FApnKFTFkE-Ij2tA2zbH-qM.roa (raw, json)
Hash identifier:          GJ0JiJ2Tc06wq3K0S6yGrMA63wzZVsfcMIB8DISnOr4=
Subject key identifier:   70:9B:FB:14:0A:67:28:54:C5:90:4F:88:8F:6B:40:DB:36:C7:FA:A3
Certificate issuer:       /CN=7e1167886da81524431bbf2efb0572914b686ebc
Certificate serial:       018CC2DAE9E1D4CE8BE6FA9922F09A8A7309
Authority key identifier: 7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/cJv7FApnKFTFkE-Ij2tA2zbH-qM.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13232
IP address blocks:        212.39.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e9:e1:d4:ce:8b:e6:fa:99:22:f0:9a:8a:73:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e1167886da81524431bbf2efb0572914b686ebc
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=709bfb140a672854c5904f888f6b40db36c7faa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b7:ad:70:05:38:61:02:5a:25:c8:3b:fd:f2:
                    3e:6b:27:05:bc:2d:f0:26:1a:19:1d:5d:e5:d1:da:
                    b7:07:bb:a5:cd:87:35:aa:0e:53:b5:01:27:2b:36:
                    f7:c4:bb:9f:42:29:3f:cb:ad:af:15:90:00:52:21:
                    fc:37:bd:d7:50:64:3c:24:2d:7f:fe:f0:67:08:ae:
                    08:bb:d9:26:db:2d:4d:0c:92:f9:af:73:29:67:01:
                    9c:ad:22:af:aa:e9:19:39:bd:e2:f6:0d:1c:a8:33:
                    c4:b5:c0:e9:d5:1b:6f:02:94:26:a2:f8:83:dc:dc:
                    97:76:ad:2f:b1:0e:9f:de:2d:76:8a:ba:7d:d0:83:
                    d0:ea:66:96:b6:bd:44:cc:d1:93:f0:92:2c:ce:ed:
                    c3:fe:0d:60:90:f2:ab:b7:df:4e:c5:aa:ea:66:b4:
                    42:67:a1:a6:7c:ea:96:04:3f:0f:84:18:e5:b9:62:
                    a6:b3:ec:b6:94:03:4f:77:b8:c5:bb:6a:46:f8:ac:
                    56:2a:ad:b0:57:12:5b:8c:89:7d:c9:c6:0c:45:b7:
                    47:0b:57:b8:59:65:33:e1:ac:82:f0:39:52:d3:5f:
                    1d:1a:aa:81:25:92:01:ef:9d:49:61:d3:66:d1:3e:
                    65:ea:57:7b:17:7f:a3:4d:60:14:5c:dd:df:97:8b:
                    84:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:9B:FB:14:0A:67:28:54:C5:90:4F:88:8F:6B:40:DB:36:C7:FA:A3
            X509v3 Authority Key Identifier:
                keyid:7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/cJv7FApnKFTFkE-Ij2tA2zbH-qM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.39.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:83:53:dd:5f:c6:0a:c1:0f:2c:b6:08:87:ef:2d:11:42:7e:
         ca:15:75:5c:26:5b:fd:ac:6d:c9:78:2e:70:ce:f0:db:5e:7a:
         d9:9e:e1:4e:eb:07:95:05:07:3c:3c:fd:a1:db:fc:bc:f1:d9:
         53:f6:b0:f5:84:d7:18:be:ae:23:c6:33:5e:f5:9e:5c:9b:42:
         39:0e:b5:9c:bf:9c:ee:33:9c:ac:db:50:04:4f:b9:e7:7a:fc:
         c9:96:b2:37:01:9d:fe:fc:c7:b8:83:c3:c3:eb:da:e1:8a:da:
         26:b7:8a:6a:59:65:9d:ed:86:25:68:ea:8e:6f:26:0a:51:d5:
         a9:3b:b7:9d:28:72:5d:90:69:24:de:67:aa:2a:94:d7:94:bf:
         46:60:cc:57:b6:6e:63:8a:50:95:d7:8e:3e:ae:91:ad:7a:9e:
         d9:1b:84:6f:fb:f1:ce:22:ee:d8:e0:b1:90:39:27:90:77:71:
         e2:95:fd:7c:2d:5d:28:6a:a0:46:d9:a6:02:fc:d4:61:a3:87:
         cd:6e:83:53:ac:b8:11:f6:10:48:65:e6:2c:4d:35:29:07:6e:
         19:8a:71:27:46:a7:aa:4a:8c:b4:47:3b:bb:aa:19:85:81:61:
         22:5a:fb:1f:c0:8d:1f:81:e5:09:2f:11:f4:0a:75:f4:5f:c5:
         36:39:3c:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2unh1M6L5vqZIvCainMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTE2Nzg4NmRhODE1MjQ0MzFiYmYyZWZiMDU3MjkxNGI2
ODZlYmMwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDliZmIxNDBhNjcyODU0YzU5MDRmODg4ZjZiNDBkYjM2YzdmYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLetcAU4YQJaJcg7/fI+aycFvC3w
JhoZHV3l0dq3B7ulzYc1qg5TtQEnKzb3xLufQik/y62vFZAAUiH8N73XUGQ8JC1/
/vBnCK4Iu9km2y1NDJL5r3MpZwGcrSKvqukZOb3i9g0cqDPEtcDp1RtvApQmoviD
3NyXdq0vsQ6f3i12irp90IPQ6maWtr1EzNGT8JIszu3D/g1gkPKrt99OxarqZrRC
Z6GmfOqWBD8PhBjluWKms+y2lANPd7jFu2pG+KxWKq2wVxJbjIl9ycYMRbdHC1e4
WWUz4ayC8DlS018dGqqBJZIB751JYdNm0T5l6ld7F3+jTWAUXN3fl4uEJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCb+xQKZyhUxZBPiI9rQNs2x/qjMB8GA1UdIwQY
MBaAFH4RZ4htqBUkQxu/LvsFcpFLaG68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYt
OWIyODJjNjQzMjU2LzEvY0p2N0ZBcG5LRlRGa0UtSWoydEEyemJILXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYtOWIyODJjNjQzMjU2
LzEvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CfkMA0G
CSqGSIb3DQEBCwUAA4IBAQACg1PdX8YKwQ8stgiH7y0RQn7KFXVcJlv9rG3JeC5w
zvDbXnrZnuFO6weVBQc8PP2h2/y88dlT9rD1hNcYvq4jxjNe9Z5cm0I5DrWcv5zu
M5ys21AET7nnevzJlrI3AZ3+/Me4g8PD69rhitomt4pqWWWd7YYlaOqObyYKUdWp
O7edKHJdkGkk3meqKpTXlL9GYMxXtm5jilCV144+rpGtep7ZG4Rv+/HOIu7Y4LGQ
OSeQd3Hilf18LV0oaqBG2aYC/NRho4fNboNTrLgR9hBIZeYsTTUpB24ZinEnRqeq
Soy0Rzu7qhmFgWEiWvsfwI0fgeUJLxH0CnX0X8U2OTx4
-----END CERTIFICATE-----