Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/e47JVDaYouE3e8Mzpb0cdpNrqTM.roa
File:                     e47JVDaYouE3e8Mzpb0cdpNrqTM.roa (raw, json)
Hash identifier:          TeK9hjIT9AWJrxOsNAQ92zKwigiqRVCBdbzJgr6m9bQ=
Subject key identifier:   7B:8E:C9:54:36:98:A2:E1:37:7B:C3:33:A5:BD:1C:76:93:6B:A9:33
Certificate issuer:       /CN=bfd09a87743817c56f8088007a5746eb69ff2e30
Certificate serial:       018CC79362C05F1F64C2FBC99B4BC970379E
Authority key identifier: BF:D0:9A:87:74:38:17:C5:6F:80:88:00:7A:57:46:EB:69:FF:2E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/e47JVDaYouE3e8Mzpb0cdpNrqTM.roa
Signing time:             Tue 02 Jan 2024 00:29:34 +0000
ROA not before:           Tue 02 Jan 2024 00:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3302
IP address blocks:        185.82.224.0/22 maxlen: 22
                          2a05:9540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:62:c0:5f:1f:64:c2:fb:c9:9b:4b:c9:70:37:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd09a87743817c56f8088007a5746eb69ff2e30
        Validity
            Not Before: Jan  2 00:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b8ec9543698a2e1377bc333a5bd1c76936ba933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8c:d1:42:fb:60:f9:35:06:b1:d4:09:57:c4:
                    a3:40:37:45:27:6f:70:6a:62:a9:c1:98:9d:40:0a:
                    2d:33:84:06:47:98:58:d9:2f:4c:5d:34:d3:3b:cc:
                    83:90:e1:87:46:69:7e:31:7d:7e:0f:02:e5:4a:e0:
                    69:5d:c1:59:78:50:a3:36:d4:d6:98:52:11:db:c8:
                    7a:19:c5:d5:d3:3f:e7:c1:25:7b:73:bb:15:18:11:
                    f4:53:e5:8c:11:1f:bb:03:02:8c:f3:33:50:21:90:
                    94:42:33:6e:82:92:ac:63:ac:ae:c7:b9:ac:18:ca:
                    38:ce:77:a8:25:f7:41:89:a9:e7:49:86:59:e2:55:
                    54:9c:57:f5:a4:c9:9f:de:a6:45:3d:19:fd:7a:3c:
                    18:ce:3a:e6:88:63:6e:1e:3c:37:d7:65:13:f8:aa:
                    c7:fc:50:1a:6a:c9:c5:1e:40:e1:ec:0f:7b:33:0d:
                    a1:92:7d:82:96:52:d2:62:22:2c:60:8b:9d:df:d9:
                    17:b0:e2:bd:cd:80:e0:c0:d6:ab:67:dd:33:b0:0b:
                    1a:1d:f2:35:d6:d7:c0:66:eb:21:dd:50:a7:5b:b4:
                    25:1f:0c:57:ae:9f:8b:90:f4:21:b9:ee:cd:dd:7d:
                    10:5a:cb:7b:94:b0:a7:b6:13:a5:5e:f2:2c:59:62:
                    93:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:8E:C9:54:36:98:A2:E1:37:7B:C3:33:A5:BD:1C:76:93:6B:A9:33
            X509v3 Authority Key Identifier:
                keyid:BF:D0:9A:87:74:38:17:C5:6F:80:88:00:7A:57:46:EB:69:FF:2E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9Cah3Q4F8VvgIgAeldG62n_LjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/e47JVDaYouE3e8Mzpb0cdpNrqTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/092570-512a-44fa-a4fe-dbca8c31ebc8/1/v9Cah3Q4F8VvgIgAeldG62n_LjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.224.0/22
                IPv6:
                  2a05:9540::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:74:fb:e3:5b:88:ca:71:6d:00:de:d0:78:14:b6:cb:62:b3:
         29:26:51:57:1e:e8:1a:92:1f:62:04:33:27:5a:aa:70:6d:bf:
         6c:01:fb:8a:3e:99:03:d7:4c:99:98:e6:5c:e6:b3:d0:1a:56:
         42:6f:09:0b:b3:d5:d4:c6:28:14:a7:bf:08:f9:c7:db:84:51:
         4e:8f:fe:72:49:b8:34:6b:26:52:1c:b3:37:5c:24:aa:f5:aa:
         3c:f9:75:02:48:fc:6b:fa:a1:05:1a:05:e0:bd:fa:05:c2:04:
         48:c5:7b:5e:bb:e4:af:77:ae:40:c1:e5:1d:7f:34:b4:d3:ce:
         a8:3f:0b:4a:80:97:71:bb:1e:79:11:bd:39:06:5d:58:a8:c7:
         40:03:01:eb:1c:29:81:22:83:74:bd:04:2e:c3:2d:1b:71:5e:
         ae:d0:75:5e:5d:e8:0b:f6:0d:e3:a5:ed:ca:33:1e:a3:9e:3d:
         11:14:af:db:3d:55:78:5d:e3:95:6a:72:71:c1:b0:1e:1b:dd:
         49:a2:cf:f6:56:bd:63:8c:7a:54:b6:62:45:38:89:47:7d:58:
         58:88:b9:45:31:55:7f:25:df:8b:c6:86:78:96:84:7f:16:5a:
         bd:3c:26:88:9f:e5:70:81:4e:ce:fb:2b:e6:c7:d5:2f:3b:67:
         cc:89:c4:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk2LAXx9kwvvJm0vJcDeeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA5YTg3NzQzODE3YzU2ZjgwODgwMDdhNTc0NmViNjlm
ZjJlMzAwHhcNMjQwMTAyMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjhlYzk1NDM2OThhMmUxMzc3YmMzMzNhNWJkMWM3NjkzNmJhOTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14zRQvtg+TUGsdQJV8SjQDdFJ29w
amKpwZidQAotM4QGR5hY2S9MXTTTO8yDkOGHRml+MX1+DwLlSuBpXcFZeFCjNtTW
mFIR28h6GcXV0z/nwSV7c7sVGBH0U+WMER+7AwKM8zNQIZCUQjNugpKsY6yux7ms
GMo4zneoJfdBiannSYZZ4lVUnFf1pMmf3qZFPRn9ejwYzjrmiGNuHjw312UT+KrH
/FAaasnFHkDh7A97Mw2hkn2CllLSYiIsYIud39kXsOK9zYDgwNarZ90zsAsaHfI1
1tfAZush3VCnW7QlHwxXrp+LkPQhue7N3X0QWst7lLCnthOlXvIsWWKTuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHuOyVQ2mKLhN3vDM6W9HHaTa6kzMB8GA1UdIwQY
MBaAFL/Qmod0OBfFb4CIAHpXRutp/y4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlDYWgzUTRGOFZ2Z0lnQWVsZEc2Mm5fTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wOTI1NzAtNTEyYS00NGZhLWE0ZmUt
ZGJjYThjMzFlYmM4LzEvZTQ3SlZEYVlvdUUzZThNenBiMGNkcE5ycVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wOTI1NzAtNTEyYS00NGZhLWE0ZmUtZGJjYThjMzFlYmM4
LzEvdjlDYWgzUTRGOFZ2Z0lnQWVsZEc2Mm5fTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVLgMA0E
AgACMAcDBQMqBZVAMA0GCSqGSIb3DQEBCwUAA4IBAQChdPvjW4jKcW0A3tB4FLbL
YrMpJlFXHugakh9iBDMnWqpwbb9sAfuKPpkD10yZmOZc5rPQGlZCbwkLs9XUxigU
p78I+cfbhFFOj/5ySbg0ayZSHLM3XCSq9ao8+XUCSPxr+qEFGgXgvfoFwgRIxXte
u+Svd65AweUdfzS0086oPwtKgJdxux55Eb05Bl1YqMdAAwHrHCmBIoN0vQQuwy0b
cV6u0HVeXegL9g3jpe3KMx6jnj0RFK/bPVV4XeOVanJxwbAeG91Jos/2Vr1jjHpU
tmJFOIlHfVhYiLlFMVV/Jd+LxoZ4loR/Flq9PCaIn+VwgU7O+yvmx9UvO2fMicTw
-----END CERTIFICATE-----