Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/7uxm31ZnUrQC2Mb2Lwa39wy7JNE.roa
File:                     7uxm31ZnUrQC2Mb2Lwa39wy7JNE.roa (raw, json)
Hash identifier:          JvtDlCzRmVu9oNu54G8cfMRAMUPSq8USNZ25mSiK8JY=
Subject key identifier:   EE:EC:66:DF:56:67:52:B4:02:D8:C6:F6:2F:06:B7:F7:0C:BB:24:D1
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E6BA0BD376FE998A886EF910CEC11
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/7uxm31ZnUrQC2Mb2Lwa39wy7JNE.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        149.126.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6b:a0:bd:37:6f:e9:98:a8:86:ef:91:0c:ec:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeec66df566752b402d8c6f62f06b7f70cbb24d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:13:4c:f7:6b:a3:18:85:75:8a:0d:7d:65:18:
                    0f:ec:b7:30:b3:cd:c0:a1:aa:d4:6e:3b:c1:fb:b6:
                    95:91:44:1a:0d:e0:50:06:f2:dc:cc:c5:b8:4d:82:
                    8f:34:1e:5c:02:cb:18:4b:f3:4e:b6:b1:63:68:2f:
                    56:80:2a:00:f6:4d:10:46:31:34:80:7c:ec:95:93:
                    03:df:94:4d:cf:b8:e3:76:1f:df:87:02:3c:61:84:
                    a6:02:5b:6d:a6:41:47:80:47:99:91:5d:aa:17:82:
                    ca:3a:e3:c6:12:d5:e1:dd:5f:03:57:45:29:57:1a:
                    dd:93:08:1e:6a:79:27:3f:ea:9d:7a:83:12:11:69:
                    a6:99:b0:fa:9d:6e:4e:44:58:79:49:46:f6:cb:c9:
                    e7:3b:1c:d8:f9:72:7b:97:6b:98:f5:52:b0:85:df:
                    d4:44:0b:bf:4e:81:4c:21:7e:b2:d7:46:81:ff:ed:
                    75:73:a4:35:8b:11:78:56:1a:15:4c:ce:dc:8d:34:
                    89:fe:fd:a9:d5:0e:d0:83:6e:2f:31:f6:5c:4f:38:
                    1c:17:e2:fb:35:f9:35:83:1f:6f:5d:85:8e:f9:6e:
                    e5:fc:9a:60:4c:1b:85:82:a1:90:6d:9d:de:31:dc:
                    ab:22:7e:b5:c8:c2:04:5a:23:81:64:a7:44:96:54:
                    2f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:EC:66:DF:56:67:52:B4:02:D8:C6:F6:2F:06:B7:F7:0C:BB:24:D1
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/7uxm31ZnUrQC2Mb2Lwa39wy7JNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:4c:0c:70:fe:83:a6:d7:87:4b:a7:ae:5b:74:54:a6:a9:1a:
         62:88:e2:0f:ce:06:b5:8c:4b:7f:3a:13:7e:b8:05:99:78:7d:
         05:21:1e:ed:78:54:ac:b9:cd:be:8d:ac:d0:f2:e5:ea:a2:c2:
         53:19:9d:49:4b:9f:12:4a:ec:1a:22:fc:12:21:25:15:89:54:
         4e:55:d9:5b:41:af:c7:a3:bf:d2:39:74:72:91:34:0a:e0:20:
         d9:94:dd:c7:59:66:10:b4:e4:96:25:0a:e5:fe:05:fd:73:b7:
         00:d3:1e:8f:53:66:c2:6f:a5:94:49:85:ba:c9:be:36:d8:55:
         f0:57:14:e2:59:4b:7b:a9:b3:2e:a7:91:11:e4:ca:e1:e0:8d:
         48:ed:03:c5:76:ec:e9:05:ad:fe:96:fd:6c:de:9c:26:89:18:
         93:3a:d6:cc:01:fa:1a:46:60:07:f8:f7:d9:ef:fb:79:8c:c1:
         ca:ca:48:77:be:98:3c:ba:10:74:04:7b:43:ad:d1:54:2c:05:
         57:d6:78:77:fc:dc:63:fe:04:7b:cd:93:f7:e3:83:df:84:ed:
         85:08:36:cb:42:77:54:8e:99:ed:7a:31:3f:2b:c5:42:d5:82:
         7f:c4:6b:8a:b8:c7:dc:67:0b:3e:65:48:71:33:19:f2:55:2f:
         28:bd:06:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmugvTdv6Ziohu+RDOwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWVjNjZkZjU2Njc1MmI0MDJkOGM2ZjYyZjA2YjdmNzBjYmIyNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhNM92ujGIV1ig19ZRgP7Lcws83A
oarUbjvB+7aVkUQaDeBQBvLczMW4TYKPNB5cAssYS/NOtrFjaC9WgCoA9k0QRjE0
gHzslZMD35RNz7jjdh/fhwI8YYSmAlttpkFHgEeZkV2qF4LKOuPGEtXh3V8DV0Up
VxrdkwgeanknP+qdeoMSEWmmmbD6nW5ORFh5SUb2y8nnOxzY+XJ7l2uY9VKwhd/U
RAu/ToFMIX6y10aB/+11c6Q1ixF4VhoVTM7cjTSJ/v2p1Q7Qg24vMfZcTzgcF+L7
Nfk1gx9vXYWO+W7l/JpgTBuFgqGQbZ3eMdyrIn61yMIEWiOBZKdEllQv3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7sZt9WZ1K0AtjG9i8Gt/cMuyTRMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvN3V4bTMxWm5VclFDMk1iMkx3YTM5d3k3Sk5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlX7PMA0G
CSqGSIb3DQEBCwUAA4IBAQBeTAxw/oOm14dLp65bdFSmqRpiiOIPzga1jEt/OhN+
uAWZeH0FIR7teFSsuc2+jazQ8uXqosJTGZ1JS58SSuwaIvwSISUViVROVdlbQa/H
o7/SOXRykTQK4CDZlN3HWWYQtOSWJQrl/gX9c7cA0x6PU2bCb6WUSYW6yb422FXw
VxTiWUt7qbMup5ER5Mrh4I1I7QPFduzpBa3+lv1s3pwmiRiTOtbMAfoaRmAH+PfZ
7/t5jMHKykh3vpg8uhB0BHtDrdFULAVX1nh3/Nxj/gR7zZP344PfhO2FCDbLQndU
jpntejE/K8VC1YJ/xGuKuMfcZws+ZUhxMxnyVS8ovQbk
-----END CERTIFICATE-----