Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/L7i9jquUVEN12XY-7DmAhnrvaCU.roa
File:                     L7i9jquUVEN12XY-7DmAhnrvaCU.roa (raw, json)
Hash identifier:          AzWUqaeQ23SOdwPtbdpmRs+1Krdd11heZcjcVWPjF6Q=
Subject key identifier:   2F:B8:BD:8E:AB:94:54:43:75:D9:76:3E:EC:39:80:86:7A:EF:68:25
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       018CC3B678B34ABBD93C67905BF3FF54C667
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/L7i9jquUVEN12XY-7DmAhnrvaCU.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        85.117.242.0/24 maxlen: 24
                          2a09:ff00:200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:78:b3:4a:bb:d9:3c:67:90:5b:f3:ff:54:c6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fb8bd8eab94544375d9763eec3980867aef6825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:60:32:e7:8a:b2:0d:3d:08:aa:c9:42:97:38:
                    14:c3:98:0c:52:fb:e8:fa:94:b3:d9:7e:dd:07:e5:
                    f5:84:2c:c4:4c:fb:b7:1e:4e:77:18:f3:0d:2a:0a:
                    90:1d:31:43:fc:ff:51:66:e0:c4:6a:a3:57:53:95:
                    e3:35:2e:af:14:f8:93:04:54:56:72:93:0a:e2:b6:
                    75:0d:0e:6e:9a:37:c9:d3:32:00:e1:50:84:99:53:
                    53:41:79:16:6f:0d:e1:04:d4:9c:33:b7:93:0f:8b:
                    91:62:14:a4:88:1b:7a:d2:d3:9e:7b:de:d3:be:ba:
                    c7:32:ed:7f:88:6a:a3:57:dd:6d:44:20:02:60:19:
                    7b:43:82:a9:69:92:ab:20:d2:1e:6c:8a:bc:1c:b2:
                    a1:82:96:99:fc:03:a5:53:eb:31:b2:22:e8:b6:5c:
                    b8:1f:0b:a1:77:c0:47:da:d3:55:e6:9c:16:42:59:
                    2c:f2:7c:9f:fa:cc:53:30:db:89:73:45:4a:5f:32:
                    48:6f:ef:9b:93:2c:58:b6:13:d4:2f:94:f9:b7:af:
                    75:0f:05:05:e7:3c:98:13:ad:b9:64:2e:4d:40:5d:
                    24:6e:86:2d:65:53:7b:4d:e8:a9:99:33:e1:e0:e8:
                    6c:fe:9f:fa:94:29:3c:60:e5:75:ac:cc:76:f4:e8:
                    bb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B8:BD:8E:AB:94:54:43:75:D9:76:3E:EC:39:80:86:7A:EF:68:25
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/L7i9jquUVEN12XY-7DmAhnrvaCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.117.242.0/24
                IPv6:
                  2a09:ff00:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:e2:34:45:29:73:0c:70:fc:0a:50:4e:0b:5d:50:ec:22:dc:
         20:18:b4:3b:a0:60:1f:28:d3:65:4f:53:a8:a9:e8:91:32:1c:
         53:36:c7:56:68:4f:98:9f:bd:af:52:78:52:1f:54:e2:b9:b3:
         87:b5:e7:e1:03:0e:e3:45:cd:92:c9:ea:7c:8c:48:1f:b7:81:
         e0:f3:1d:8e:d7:35:2a:5a:57:be:0c:51:89:44:64:68:54:c4:
         93:0b:d8:b7:f4:05:70:4a:11:fa:fd:bd:87:81:a8:ed:6b:d4:
         27:f6:21:93:5e:82:f7:87:8b:14:c4:ed:cb:10:6f:f5:24:4e:
         cf:56:13:d0:9f:b8:47:68:ed:0f:fb:cd:0e:95:36:a0:e3:a4:
         67:00:ad:39:90:59:1c:eb:03:ae:e0:e9:e1:72:66:93:48:ad:
         83:a0:46:12:80:07:17:09:7a:ec:15:99:2f:91:f3:bb:07:27:
         a5:da:c5:7f:21:1d:7f:12:31:82:d0:92:6b:2f:c3:49:ac:07:
         9c:9b:dd:53:cf:95:48:79:59:99:c4:d8:a8:b0:aa:60:86:6f:
         6a:44:52:2f:21:8d:f5:7e:2e:99:11:37:09:16:14:9e:ab:1e:
         af:b2:1b:c9:01:e8:b9:76:6c:dc:88:66:6a:c8:9e:18:87:ad:
         5f:53:99:7a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDtnizSrvZPGeQW/P/VMZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmI4YmQ4ZWFiOTQ1NDQzNzVkOTc2M2VlYzM5ODA4NjdhZWY2ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWAy54qyDT0IqslClzgUw5gMUvvo
+pSz2X7dB+X1hCzETPu3Hk53GPMNKgqQHTFD/P9RZuDEaqNXU5XjNS6vFPiTBFRW
cpMK4rZ1DQ5umjfJ0zIA4VCEmVNTQXkWbw3hBNScM7eTD4uRYhSkiBt60tOee97T
vrrHMu1/iGqjV91tRCACYBl7Q4KpaZKrINIebIq8HLKhgpaZ/AOlU+sxsiLotly4
Hwuhd8BH2tNV5pwWQlks8nyf+sxTMNuJc0VKXzJIb++bkyxYthPUL5T5t691DwUF
5zyYE625ZC5NQF0kboYtZVN7TeipmTPh4Ohs/p/6lCk8YOV1rMx29Oi78wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC+4vY6rlFRDddl2Puw5gIZ672glMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvTDdpOWpxdVVWRU4xMlhZLTdEbUFobnJ2YUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAVXXyMA8E
AgACMAkDBwQqCf8AAgAwDQYJKoZIhvcNAQELBQADggEBABHiNEUpcwxw/ApQTgtd
UOwi3CAYtDugYB8o02VPU6ip6JEyHFM2x1ZoT5ifva9SeFIfVOK5s4e15+EDDuNF
zZLJ6nyMSB+3geDzHY7XNSpaV74MUYlEZGhUxJML2Lf0BXBKEfr9vYeBqO1r1Cf2
IZNegveHixTE7csQb/UkTs9WE9CfuEdo7Q/7zQ6VNqDjpGcArTmQWRzrA67g6eFy
ZpNIrYOgRhKABxcJeuwVmS+R87sHJ6XaxX8hHX8SMYLQkmsvw0msB5yb3VPPlUh5
WZnE2KiwqmCGb2pEUi8hjfV+LpkRNwkWFJ6rHq+yG8kB6Ll2bNyIZmrInhiHrV9T
mXo=
-----END CERTIFICATE-----