Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/H3nHw8z8666-L8U-_uxrwIJLMnY.roa
File:                     H3nHw8z8666-L8U-_uxrwIJLMnY.roa (raw, json)
Hash identifier:          MT6hy3SNloMEpBDAwfopc8db/vq7t+BAHUj/AXpHzkc=
Subject key identifier:   1F:79:C7:C3:CC:FC:EB:AE:BE:2F:C5:3E:FE:EC:6B:C0:82:4B:32:76
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DCA135516B2F010A95AE441C9FA13A
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/H3nHw8z8666-L8U-_uxrwIJLMnY.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216150
IP address blocks:        164.215.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a1:35:51:6b:2f:01:0a:95:ae:44:1c:9f:a1:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f79c7c3ccfcebaebe2fc53efeec6bc0824b3276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:69:ca:1e:da:aa:7b:01:8d:4e:c0:02:c0:00:
                    d2:a8:f3:94:c7:81:91:83:74:8e:c1:27:a5:54:76:
                    db:2c:8b:e3:9b:27:82:c4:d3:6d:a5:d9:e0:4c:1f:
                    73:97:03:1d:d6:85:7c:ef:a5:8f:4e:10:cc:76:ca:
                    92:26:ce:49:34:ea:c9:8a:16:eb:3c:22:27:8a:95:
                    f7:78:8b:76:fd:e8:a8:fd:d5:de:37:56:78:5e:06:
                    a7:12:b5:4a:b8:12:dd:b9:d9:ba:d1:b2:36:fd:db:
                    b3:c3:53:50:1b:4c:34:0e:ae:d9:10:6c:77:a6:ef:
                    20:29:82:8c:60:50:43:d1:19:fa:88:54:5a:82:f7:
                    c7:df:c5:fd:99:e6:93:55:6b:f9:55:6d:c7:f6:4c:
                    52:8a:fc:73:ab:21:c4:d3:7a:5c:2c:28:9c:0f:a1:
                    89:f3:19:46:9d:bb:53:56:81:c2:4e:ae:d9:47:da:
                    3b:c1:6d:95:58:5e:e8:a1:d7:3f:17:a2:25:77:fb:
                    5e:c6:d8:86:40:87:9e:ba:29:34:14:2c:2d:35:c0:
                    95:c5:9a:01:ae:9f:62:1e:c3:10:83:a1:81:49:d4:
                    66:1a:43:cd:05:c0:3e:61:66:9d:80:23:b8:a1:0c:
                    b8:31:f8:ba:cf:72:eb:b6:74:f4:14:18:92:45:c0:
                    4d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:79:C7:C3:CC:FC:EB:AE:BE:2F:C5:3E:FE:EC:6B:C0:82:4B:32:76
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/H3nHw8z8666-L8U-_uxrwIJLMnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.215.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:57:d8:f6:a8:99:30:95:e7:cf:18:8f:f5:1c:6e:73:92:d8:
         ca:f6:90:a0:aa:4b:22:b5:2a:3c:f3:d8:e3:a5:8d:25:8d:23:
         4c:cf:e7:45:a7:0b:e5:ee:28:97:0b:81:f7:8f:a3:20:11:2b:
         df:ef:5e:ad:bf:82:d7:d4:36:de:0b:c5:43:33:5f:f9:68:73:
         52:fa:bb:31:0e:61:66:ef:35:e6:85:7c:d7:5e:37:37:e1:37:
         45:5f:2a:50:a2:26:db:38:1f:b2:98:5f:d9:ce:04:dc:4d:51:
         f8:db:48:5f:f7:94:53:b6:43:57:a0:25:73:b0:fe:36:a8:4b:
         5c:83:7d:71:72:ce:d5:c6:17:b2:3d:90:6d:89:35:88:b3:1c:
         0b:c0:54:31:c5:12:8d:4d:7f:4b:87:66:db:b5:c2:0c:1c:da:
         f3:d4:cc:cb:7c:1e:0f:70:41:74:ff:33:c6:f1:bf:bf:f9:f8:
         47:95:c9:80:1e:41:b6:ba:0f:76:29:35:45:05:96:5d:bd:34:
         02:dd:cc:b0:46:16:86:e8:8b:83:bd:cc:4b:d5:07:b0:5d:99:
         45:e4:6f:e9:c6:bc:5b:d8:3f:cc:be:f2:5c:2b:7a:f5:c4:82:
         a6:3b:ce:30:08:c8:b2:d0:2d:d3:19:40:a3:91:2e:25:bb:a2:
         95:2f:7c:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KE1UWsvAQqVrkQcn6E6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjc5YzdjM2NjZmNlYmFlYmUyZmM1M2VmZWVjNmJjMDgyNGIzMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimnKHtqqewGNTsACwADSqPOUx4GR
g3SOwSelVHbbLIvjmyeCxNNtpdngTB9zlwMd1oV876WPThDMdsqSJs5JNOrJihbr
PCInipX3eIt2/eio/dXeN1Z4XganErVKuBLdudm60bI2/duzw1NQG0w0Dq7ZEGx3
pu8gKYKMYFBD0Rn6iFRagvfH38X9meaTVWv5VW3H9kxSivxzqyHE03pcLCicD6GJ
8xlGnbtTVoHCTq7ZR9o7wW2VWF7oodc/F6Ild/textiGQIeeuik0FCwtNcCVxZoB
rp9iHsMQg6GBSdRmGkPNBcA+YWadgCO4oQy4Mfi6z3LrtnT0FBiSRcBNGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB95x8PM/Ouuvi/FPv7sa8CCSzJ2MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvSDNuSHc4ejg2NjYtTDhVLV91eHJ3SUpMTW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApNdgMA0G
CSqGSIb3DQEBCwUAA4IBAQDEV9j2qJkwlefPGI/1HG5zktjK9pCgqksitSo889jj
pY0ljSNMz+dFpwvl7iiXC4H3j6MgESvf716tv4LX1DbeC8VDM1/5aHNS+rsxDmFm
7zXmhXzXXjc34TdFXypQoibbOB+ymF/ZzgTcTVH420hf95RTtkNXoCVzsP42qEtc
g31xcs7VxheyPZBtiTWIsxwLwFQxxRKNTX9Lh2bbtcIMHNrz1MzLfB4PcEF0/zPG
8b+/+fhHlcmAHkG2ug92KTVFBZZdvTQC3cywRhaG6IuDvcxL1QewXZlF5G/pxrxb
2D/MvvJcK3r1xIKmO84wCMiy0C3TGUCjkS4lu6KVL3x5
-----END CERTIFICATE-----