Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/1-srvbYhDuAmy-u4iNggk7lCc2mg.roa
File:                     1-srvbYhDuAmy-u4iNggk7lCc2mg.roa (raw, json)
Hash identifier:          tWsPwUrJSFdHdF9AmPojoW3nGZKXtNB7G3ILT5foEYQ=
Subject key identifier:   FA:CA:EF:6D:88:43:B8:09:B2:FA:EE:22:36:08:24:EE:50:9C:DA:68
Certificate issuer:       /CN=e7f9a8a239683263e755e12c97d2d7a432d0b377
Certificate serial:       019423D6D4ADD5443318708D61B25BDF4B45
Authority key identifier: E7:F9:A8:A2:39:68:32:63:E7:55:E1:2C:97:D2:D7:A4:32:D0:B3:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_moojloMmPnVeEsl9LXpDLQs3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/1-srvbYhDuAmy-u4iNggk7lCc2mg.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        217.198.72.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/5_moojloMmPnVeEsl9LXpDLQs3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/5_moojloMmPnVeEsl9LXpDLQs3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_moojloMmPnVeEsl9LXpDLQs3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d4:ad:d5:44:33:18:70:8d:61:b2:5b:df:4b:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f9a8a239683263e755e12c97d2d7a432d0b377
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=facaef6d8843b809b2faee22360824ee509cda68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:86:a9:cf:0b:11:2d:a6:e4:76:b9:2b:cd:
                    64:71:2c:2d:81:bc:7b:d7:46:82:e1:5f:82:ea:7e:
                    07:ab:f0:83:3d:ee:e9:c6:21:dc:ab:28:18:c7:cf:
                    bc:10:6e:53:82:34:6c:8a:aa:68:e6:7c:b9:b9:15:
                    e5:5c:e7:c8:4e:0c:cf:0f:19:e5:5c:eb:30:ca:a8:
                    93:11:54:21:bb:74:d4:97:86:a6:98:5a:13:94:c6:
                    8e:96:60:b8:e9:a3:76:97:df:c5:4a:b3:59:c2:64:
                    29:f1:e3:62:2c:5d:fa:35:f7:2c:67:ab:b2:8f:f6:
                    96:a6:6b:67:c5:64:d1:63:d5:96:92:3b:43:eb:98:
                    66:d0:a8:c6:09:69:8f:2a:55:dd:27:f7:ae:ef:e9:
                    ff:c2:c2:45:0c:4a:e4:6d:53:5c:bb:7e:a9:44:68:
                    4a:c8:9f:77:9a:86:9f:77:99:aa:10:b3:bd:02:7d:
                    95:bb:6d:75:96:f9:2c:1c:59:53:11:27:8d:56:c9:
                    8a:bf:8e:a9:e7:93:21:be:3b:41:b0:e7:6e:87:c8:
                    f2:2d:ae:f7:d4:e1:51:4b:47:ec:c1:96:59:86:85:
                    4f:c3:d3:9a:5e:6c:95:0b:59:25:dd:e3:5d:13:77:
                    73:06:d8:53:dc:a6:f3:f6:92:be:ad:da:73:1a:bd:
                    e0:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:CA:EF:6D:88:43:B8:09:B2:FA:EE:22:36:08:24:EE:50:9C:DA:68
            X509v3 Authority Key Identifier:
                keyid:E7:F9:A8:A2:39:68:32:63:E7:55:E1:2C:97:D2:D7:A4:32:D0:B3:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_moojloMmPnVeEsl9LXpDLQs3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/1-srvbYhDuAmy-u4iNggk7lCc2mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/5_moojloMmPnVeEsl9LXpDLQs3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0c:47:c6:be:c5:98:35:26:30:6a:6c:ed:70:72:dc:9d:11:fe:
         44:33:b7:0a:33:8c:d4:8a:fd:dc:90:84:4a:eb:3f:52:49:4a:
         0a:e8:16:69:98:2a:84:1d:03:30:31:f2:2d:dc:8c:d7:d9:4b:
         8c:f2:28:5e:36:a1:d3:f1:19:e1:8d:9d:28:dd:d7:03:0d:b2:
         e1:55:8f:9e:d4:12:bf:61:7e:ef:09:cb:de:fa:07:0b:b3:40:
         9d:66:e9:23:aa:44:4c:ed:6a:70:17:5a:8d:5f:95:84:30:18:
         3b:4e:71:ac:30:14:d7:ca:95:37:c4:7b:9b:35:10:ba:ec:36:
         3a:c7:36:02:98:67:b9:1e:d4:89:bd:5e:59:d6:e5:c6:df:3c:
         28:2f:69:17:73:7c:2f:b6:c3:f3:fc:bd:b3:c9:c0:b8:a3:5d:
         69:0a:ac:ea:69:3f:4c:ea:b1:d8:52:fb:6d:e9:18:0f:2c:b4:
         a5:10:bd:d3:e5:f4:3b:b4:a2:1e:5a:7d:04:f4:dd:c6:77:ac:
         d7:a8:bb:cd:8e:55:c8:c5:f1:80:56:b0:4d:97:ec:a2:54:a3:
         f4:a7:48:81:2c:62:3b:3e:76:69:61:d4:09:44:bc:ef:94:d2:
         f0:9f:ec:bb:e0:8a:e3:7a:18:28:85:57:4c:71:40:e2:0b:ee:
         0f:7c:de:82
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj1tSt1UQzGHCNYbJb30tFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZjlhOGEyMzk2ODMyNjNlNzU1ZTEyYzk3ZDJkN2E0MzJk
MGIzNzcwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWNhZWY2ZDg4NDNiODA5YjJmYWVlMjIzNjA4MjRlZTUwOWNkYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIGGqc8LES2m5Ha5K81kcSwtgbx7
10aC4V+C6n4Hq/CDPe7pxiHcqygYx8+8EG5TgjRsiqpo5ny5uRXlXOfITgzPDxnl
XOswyqiTEVQhu3TUl4ammFoTlMaOlmC46aN2l9/FSrNZwmQp8eNiLF36NfcsZ6uy
j/aWpmtnxWTRY9WWkjtD65hm0KjGCWmPKlXdJ/eu7+n/wsJFDErkbVNcu36pRGhK
yJ93moafd5mqELO9An2Vu211lvksHFlTESeNVsmKv46p55MhvjtBsOduh8jyLa73
1OFRS0fswZZZhoVPw9OaXmyVC1kl3eNdE3dzBthT3Kbz9pK+rdpzGr3gpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrK722IQ7gJsvruIjYIJO5QnNpoMB8GA1UdIwQY
MBaAFOf5qKI5aDJj51XhLJfS16Qy0LN3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9tb29qbG9NbVBuVmVFc2w5TFhwRExRczNjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8yNTQ4YTQtNzcxNS00MTM0LTgxMzIt
MmJmMGEzYmNjNGYxLzEvMS1zcnZiWWhEdUFteS11NGlOZ2drN2xDYzJtZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTcvMjU0OGE0LTc3MTUtNDEzNC04MTMyLTJiZjBhM2JjYzRm
MS8xLzVfbW9vamxvTW1QblZlRXNsOUxYcERMUXMzYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA9nGSDAN
BgkqhkiG9w0BAQsFAAOCAQEADEfGvsWYNSYwamztcHLcnRH+RDO3CjOM1Ir93JCE
Sus/UklKCugWaZgqhB0DMDHyLdyM19lLjPIoXjah0/EZ4Y2dKN3XAw2y4VWPntQS
v2F+7wnL3voHC7NAnWbpI6pETO1qcBdajV+VhDAYO05xrDAU18qVN8R7mzUQuuw2
Osc2AphnuR7Uib1eWdblxt88KC9pF3N8L7bD8/y9s8nAuKNdaQqs6mk/TOqx2FL7
bekYDyy0pRC90+X0O7SiHlp9BPTdxnes16i7zY5VyMXxgFawTZfsolSj9KdIgSxi
Oz52aWHUCUS875TS8J/su+CK43oYKIVXTHFA4gvuD3zegg==
-----END CERTIFICATE-----