Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/6RjNurkHSQCDpgbPYOYat8oXbQs.roa
File:                     6RjNurkHSQCDpgbPYOYat8oXbQs.roa (raw, json)
Hash identifier:          W8kndSQu66ud0D+s4W/xl2i0K1qhkfQ4FumgfXsO/II=
Subject key identifier:   E9:18:CD:BA:B9:07:49:00:83:A6:06:CF:60:E6:1A:B7:CA:17:6D:0B
Certificate issuer:       /CN=e7f9a8a239683263e755e12c97d2d7a432d0b377
Certificate serial:       018CC79404DE12FFA0F98C6F607D35518B50
Authority key identifier: E7:F9:A8:A2:39:68:32:63:E7:55:E1:2C:97:D2:D7:A4:32:D0:B3:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_moojloMmPnVeEsl9LXpDLQs3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/6RjNurkHSQCDpgbPYOYat8oXbQs.roa
Signing time:             Tue 02 Jan 2024 00:30:15 +0000
ROA not before:           Tue 02 Jan 2024 00:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48220
IP address blocks:        217.198.64.0/21 maxlen: 21
                          217.198.72.0/21 maxlen: 21
                          2a00:1de8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/5_moojloMmPnVeEsl9LXpDLQs3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/5_moojloMmPnVeEsl9LXpDLQs3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_moojloMmPnVeEsl9LXpDLQs3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 00:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:04:de:12:ff:a0:f9:8c:6f:60:7d:35:51:8b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f9a8a239683263e755e12c97d2d7a432d0b377
        Validity
            Not Before: Jan  2 00:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e918cdbab907490083a606cf60e61ab7ca176d0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:38:47:ee:a4:7c:29:f2:24:7e:85:fc:53:98:
                    ec:a9:80:e6:e0:8e:03:71:d4:22:25:fc:97:c1:17:
                    eb:57:10:7e:9b:52:5f:d3:20:04:84:90:84:b7:d5:
                    d7:6e:6d:c6:8e:25:a6:c5:a6:b3:ff:48:7d:32:10:
                    68:61:ee:00:f5:7f:3c:fc:15:8f:b7:f4:89:b6:d9:
                    9f:ae:f2:82:8f:a9:f3:13:66:af:bd:cb:b2:f0:a2:
                    9b:83:22:8d:5d:6b:23:2c:1c:4e:ae:a4:25:0c:3f:
                    31:80:78:73:8d:1a:10:af:6a:d2:bc:b4:79:8d:28:
                    8c:58:92:38:b1:b7:e5:2d:98:aa:55:51:2c:1d:b7:
                    d3:ef:b3:57:24:54:66:93:9a:f0:a0:8e:89:70:55:
                    6c:3c:b4:fd:84:c6:98:0b:ca:43:ae:1f:33:3a:a3:
                    23:64:1c:0a:7c:7c:9f:42:5a:95:f7:10:5b:75:cc:
                    ba:8e:b2:08:44:ab:e2:70:36:5d:fc:e9:9d:95:16:
                    4a:a0:1c:21:0b:e5:fd:7a:99:be:57:3c:00:a8:8f:
                    92:1c:45:c3:37:d9:14:99:50:d5:b7:9a:d4:17:34:
                    b2:8e:ac:8b:eb:1b:25:2c:69:0a:81:5c:d6:fe:3b:
                    07:9c:ce:3f:88:a1:95:d7:67:1e:df:08:40:43:aa:
                    d9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:18:CD:BA:B9:07:49:00:83:A6:06:CF:60:E6:1A:B7:CA:17:6D:0B
            X509v3 Authority Key Identifier:
                keyid:E7:F9:A8:A2:39:68:32:63:E7:55:E1:2C:97:D2:D7:A4:32:D0:B3:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_moojloMmPnVeEsl9LXpDLQs3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/6RjNurkHSQCDpgbPYOYat8oXbQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/2548a4-7715-4134-8132-2bf0a3bcc4f1/1/5_moojloMmPnVeEsl9LXpDLQs3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.64.0/20
                IPv6:
                  2a00:1de8::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:ec:fb:fa:07:1a:17:8d:d7:81:01:d1:41:10:ca:8b:3d:10:
         78:bc:a8:0e:bf:00:9b:a3:78:3f:9c:a8:a6:b6:2a:1c:3f:0b:
         61:dc:c5:a5:84:e3:02:f3:73:7a:42:b5:e1:23:6d:ae:b6:1a:
         76:81:06:aa:ee:cd:3f:f0:9e:b6:17:b8:fc:8e:64:e2:b6:5f:
         a9:e0:d5:12:24:16:47:ff:dc:be:39:4c:ed:9b:e2:50:16:a5:
         73:c6:43:17:ac:a9:c4:63:f3:44:c9:de:fc:f9:45:3a:9b:af:
         e1:de:09:8a:a1:20:85:cf:94:83:87:9e:60:ed:88:6f:ec:36:
         2b:55:6e:9d:e4:01:b7:c4:ad:b2:44:5e:08:70:6f:b7:9e:30:
         72:b4:bf:af:b9:d8:b1:0c:b4:1e:a2:7a:6f:be:92:76:03:b0:
         40:a7:00:cb:c0:6d:c9:ea:a4:48:50:cf:33:1d:c7:0e:78:cc:
         b3:a0:83:34:b8:67:76:f8:ac:02:59:ef:8d:b7:12:c3:12:ae:
         f3:81:eb:b5:1b:18:9e:b8:ab:1c:e1:06:a9:ff:f8:87:8f:34:
         4e:b1:2b:09:4c:f7:95:63:9b:98:08:82:26:fe:a8:eb:70:f5:
         97:00:11:4d:40:99:36:df:bf:00:77:a5:ac:a9:5a:c7:42:1c:
         1d:1b:ec:99
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlATeEv+g+YxvYH01UYtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZjlhOGEyMzk2ODMyNjNlNzU1ZTEyYzk3ZDJkN2E0MzJk
MGIzNzcwHhcNMjQwMTAyMDAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTE4Y2RiYWI5MDc0OTAwODNhNjA2Y2Y2MGU2MWFiN2NhMTc2ZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zhH7qR8KfIkfoX8U5jsqYDm4I4D
cdQiJfyXwRfrVxB+m1Jf0yAEhJCEt9XXbm3GjiWmxaaz/0h9MhBoYe4A9X88/BWP
t/SJttmfrvKCj6nzE2avvcuy8KKbgyKNXWsjLBxOrqQlDD8xgHhzjRoQr2rSvLR5
jSiMWJI4sbflLZiqVVEsHbfT77NXJFRmk5rwoI6JcFVsPLT9hMaYC8pDrh8zOqMj
ZBwKfHyfQlqV9xBbdcy6jrIIRKvicDZd/OmdlRZKoBwhC+X9epm+VzwAqI+SHEXD
N9kUmVDVt5rUFzSyjqyL6xslLGkKgVzW/jsHnM4/iKGV12ce3whAQ6rZQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOkYzbq5B0kAg6YGz2DmGrfKF20LMB8GA1UdIwQY
MBaAFOf5qKI5aDJj51XhLJfS16Qy0LN3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9tb29qbG9NbVBuVmVFc2w5TFhwRExRczNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8yNTQ4YTQtNzcxNS00MTM0LTgxMzIt
MmJmMGEzYmNjNGYxLzEvNlJqTnVya0hTUUNEcGdiUFlPWWF0OG9YYlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8yNTQ4YTQtNzcxNS00MTM0LTgxMzItMmJmMGEzYmNjNGYx
LzEvNV9tb29qbG9NbVBuVmVFc2w5TFhwRExRczNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2cZAMA0E
AgACMAcDBQAqAB3oMA0GCSqGSIb3DQEBCwUAA4IBAQAS7Pv6BxoXjdeBAdFBEMqL
PRB4vKgOvwCbo3g/nKimtiocPwth3MWlhOMC83N6QrXhI22uthp2gQaq7s0/8J62
F7j8jmTitl+p4NUSJBZH/9y+OUztm+JQFqVzxkMXrKnEY/NEyd78+UU6m6/h3gmK
oSCFz5SDh55g7Yhv7DYrVW6d5AG3xK2yRF4IcG+3njBytL+vudixDLQeonpvvpJ2
A7BApwDLwG3J6qRIUM8zHccOeMyzoIM0uGd2+KwCWe+NtxLDEq7zgeu1GxieuKsc
4Qap//iHjzROsSsJTPeVY5uYCIIm/qjrcPWXABFNQJk2378Ad6WsqVrHQhwdG+yZ
-----END CERTIFICATE-----