Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/7sqWqdAoxsqMs1S6hKM_rdiAPRM.roa
File:                     7sqWqdAoxsqMs1S6hKM_rdiAPRM.roa (raw, json)
Hash identifier:          BISJWkDFYxXY09pYg1pEVV6PmOKFGDZXkTcmjBq7D70=
Subject key identifier:   EE:CA:96:A9:D0:28:C6:CA:8C:B3:54:BA:84:A3:3F:AD:D8:80:3D:13
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018EA3B35E97C542A3E312A4F1CB753861C4
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/7sqWqdAoxsqMs1S6hKM_rdiAPRM.roa
Signing time:             Wed 03 Apr 2024 11:23:45 +0000
ROA not before:           Wed 03 Apr 2024 11:23:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204707
IP address blocks:        94.131.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:b3:5e:97:c5:42:a3:e3:12:a4:f1:cb:75:38:61:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Apr  3 11:23:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeca96a9d028c6ca8cb354ba84a33fadd8803d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:62:27:24:28:49:b2:03:45:aa:4e:d7:db:6b:
                    46:a9:ea:69:77:be:6a:3c:23:5a:bc:1f:c9:e4:bf:
                    89:7b:2c:23:4e:9d:aa:c5:f5:9b:55:35:7d:30:d3:
                    64:ae:54:61:10:37:66:90:65:b2:99:9e:14:1e:7b:
                    3d:c9:44:c7:92:e3:c5:32:dc:4e:ec:3c:9d:29:84:
                    91:30:32:2f:3c:93:e9:5e:69:fb:f5:fa:45:d0:27:
                    0e:fd:ac:3c:4c:bc:dd:6a:e8:0c:98:60:e3:45:1b:
                    10:0b:24:95:66:6b:be:77:5e:e5:cd:b6:1b:06:35:
                    4e:95:28:26:e0:9b:5a:b6:00:d6:c8:55:f1:15:b7:
                    21:53:6a:55:72:1b:4c:82:ec:ed:72:07:44:71:f8:
                    4f:c7:ad:0c:4e:e3:89:f4:fe:21:26:0b:ea:57:54:
                    cf:e9:45:3e:5a:0e:be:0f:8a:8e:f7:03:40:28:e3:
                    8b:43:26:b5:48:92:45:92:08:4b:86:05:ba:e8:77:
                    7d:09:03:68:75:63:b1:52:46:62:55:4a:02:a2:a7:
                    63:f2:0f:f5:e4:3c:f6:f8:7a:dc:01:11:41:ec:90:
                    6d:f1:f4:95:37:a3:30:63:cb:61:5b:5c:23:4b:5f:
                    a0:48:51:9f:2c:6d:89:dc:bc:e9:a9:8f:9c:87:68:
                    24:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:CA:96:A9:D0:28:C6:CA:8C:B3:54:BA:84:A3:3F:AD:D8:80:3D:13
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/7sqWqdAoxsqMs1S6hKM_rdiAPRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:12:2f:be:74:dd:1c:92:8b:6d:4c:fa:f9:85:c3:ca:b0:b4:
         92:f8:22:f5:5b:e7:ca:91:49:06:64:59:86:39:01:33:5f:59:
         30:e7:a6:79:55:22:cb:ed:73:77:79:6c:92:d2:11:c6:41:77:
         a2:27:8b:7a:ad:a0:23:e3:e9:8a:d3:0c:70:cc:b0:f7:c0:60:
         13:7b:58:7d:50:31:c2:db:c2:3f:2a:ff:d4:7f:73:6c:e4:80:
         28:f6:f4:d1:0b:b6:9f:f7:b6:cc:98:c5:7a:2e:a9:7c:58:e4:
         08:b7:b8:86:bd:f7:07:be:3a:ca:ab:a7:2f:20:52:71:1c:73:
         cd:31:fc:b0:7a:9b:b3:69:53:cc:96:f2:7c:62:2b:d9:0e:23:
         9b:6b:9a:fa:e4:46:83:2a:31:1a:74:53:5e:8b:f2:28:35:66:
         21:56:5c:85:76:a3:18:c2:50:1f:bb:39:f0:89:02:20:20:b3:
         45:cd:1f:2d:a6:a3:02:84:d3:98:60:75:12:44:86:a9:3d:e5:
         73:6f:91:e9:da:2b:a4:47:18:c3:23:a6:a0:ef:c8:25:df:ea:
         6f:a3:9d:56:37:a9:bc:f8:96:48:2f:53:41:7f:66:f5:20:18:
         28:97:a3:c1:14:73:60:6a:c2:2e:9a:18:b1:73:cc:56:7c:59:
         0e:31:69:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6js16XxUKj4xKk8ct1OGHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNDAzMTEyMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWNhOTZhOWQwMjhjNmNhOGNiMzU0YmE4NGEzM2ZhZGQ4ODAzZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmInJChJsgNFqk7X22tGqeppd75q
PCNavB/J5L+JeywjTp2qxfWbVTV9MNNkrlRhEDdmkGWymZ4UHns9yUTHkuPFMtxO
7DydKYSRMDIvPJPpXmn79fpF0CcO/aw8TLzdaugMmGDjRRsQCySVZmu+d17lzbYb
BjVOlSgm4JtatgDWyFXxFbchU2pVchtMguztcgdEcfhPx60MTuOJ9P4hJgvqV1TP
6UU+Wg6+D4qO9wNAKOOLQya1SJJFkghLhgW66Hd9CQNodWOxUkZiVUoCoqdj8g/1
5Dz2+HrcARFB7JBt8fSVN6MwY8thW1wjS1+gSFGfLG2J3LzpqY+ch2gkPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7KlqnQKMbKjLNUuoSjP63YgD0TMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvN3NxV3FkQW94c3FNczFTNmhLTV9yZGlBUFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoPMMA0G
CSqGSIb3DQEBCwUAA4IBAQA5Ei++dN0ckottTPr5hcPKsLSS+CL1W+fKkUkGZFmG
OQEzX1kw56Z5VSLL7XN3eWyS0hHGQXeiJ4t6raAj4+mK0wxwzLD3wGATe1h9UDHC
28I/Kv/Uf3Ns5IAo9vTRC7af97bMmMV6Lql8WOQIt7iGvfcHvjrKq6cvIFJxHHPN
MfywepuzaVPMlvJ8YivZDiOba5r65EaDKjEadFNei/IoNWYhVlyFdqMYwlAfuznw
iQIgILNFzR8tpqMChNOYYHUSRIapPeVzb5Hp2iukRxjDI6ag78gl3+pvo51WN6m8
+JZIL1NBf2b1IBgol6PBFHNgasIumhixc8xWfFkOMWk4
-----END CERTIFICATE-----