Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/x7wHDvFP4yEZZk3RBss4RjWxqwQ.roa
File:                     x7wHDvFP4yEZZk3RBss4RjWxqwQ.roa (raw, json)
Hash identifier:          VjfjU4W0jebgkCso9AoUff6fUNr2DERlC6IFoILLePY=
Subject key identifier:   C7:BC:07:0E:F1:4F:E3:21:19:66:4D:D1:06:CB:38:46:35:B1:AB:04
Certificate issuer:       /CN=b464b4523a8972b9e2f46a4f4a1634e97027aedf
Certificate serial:       018D69DDBFEFEFEAFD6D19A6D2BFEC443FB3
Authority key identifier: B4:64:B4:52:3A:89:72:B9:E2:F4:6A:4F:4A:16:34:E9:70:27:AE:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/x7wHDvFP4yEZZk3RBss4RjWxqwQ.roa
Signing time:             Fri 02 Feb 2024 12:49:16 +0000
ROA not before:           Fri 02 Feb 2024 12:49:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199373
IP address blocks:        5.61.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:dd:bf:ef:ef:ea:fd:6d:19:a6:d2:bf:ec:44:3f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b464b4523a8972b9e2f46a4f4a1634e97027aedf
        Validity
            Not Before: Feb  2 12:49:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7bc070ef14fe32119664dd106cb384635b1ab04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:36:ee:30:57:75:89:33:14:6f:c3:0b:5b:5f:
                    48:a9:d1:f9:75:90:b7:c7:cf:a3:91:ba:60:21:78:
                    a3:6c:85:d1:67:87:f5:74:9e:02:65:33:26:83:54:
                    77:c0:53:0d:e9:ec:bd:84:83:51:53:53:7c:dc:76:
                    28:5d:1e:dd:33:4a:67:9b:e3:9b:fd:d7:6a:fe:eb:
                    40:0e:bc:54:68:c6:a5:25:8f:c6:fe:cd:da:5b:e9:
                    45:52:26:90:0e:e4:d1:98:92:fd:7c:1d:14:22:78:
                    92:86:77:00:da:d9:95:f9:d3:10:c5:0c:3f:f8:6a:
                    4a:71:14:7f:bf:bb:98:27:66:c8:18:b9:7d:ed:b8:
                    9f:b5:ef:3a:dc:18:dd:f4:c2:02:a9:34:40:68:7f:
                    e0:27:41:7f:c9:f0:df:1b:29:9a:e1:19:fd:06:37:
                    9e:db:74:f7:22:bd:85:0c:61:67:95:11:23:d7:c8:
                    d5:80:5a:06:91:62:f3:13:eb:a3:ce:7d:4c:ec:ef:
                    69:1a:6b:d0:16:00:bb:c2:cd:87:0c:97:f4:9e:86:
                    18:41:64:fa:05:b7:c5:45:c2:ea:8e:3a:a1:16:a5:
                    a3:40:03:12:41:17:cb:e8:0e:67:c6:4c:8f:a8:95:
                    82:80:82:51:47:b4:9b:a7:51:b2:fd:ea:25:f1:0b:
                    e6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BC:07:0E:F1:4F:E3:21:19:66:4D:D1:06:CB:38:46:35:B1:AB:04
            X509v3 Authority Key Identifier:
                keyid:B4:64:B4:52:3A:89:72:B9:E2:F4:6A:4F:4A:16:34:E9:70:27:AE:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGS0UjqJcrni9GpPShY06XAnrt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/x7wHDvFP4yEZZk3RBss4RjWxqwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/c7caf3-eb08-4556-a5b7-fc6e77884054/1/tGS0UjqJcrni9GpPShY06XAnrt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:0d:39:b1:66:cb:f4:9a:b4:5d:81:43:82:e9:ec:10:4d:db:
         98:6a:1b:22:bb:8a:35:43:0a:70:bb:7f:bd:3d:d3:a0:fa:4f:
         ca:88:23:c3:1b:d1:cc:36:88:4c:90:61:3d:33:7c:4c:8f:70:
         2c:4e:74:aa:a0:a7:f6:2b:6b:7a:29:b9:ab:b2:1a:e0:5b:0e:
         26:95:21:c0:74:a3:68:23:a6:5f:bb:94:86:4d:8d:ef:db:9e:
         21:40:17:60:55:dd:c0:99:65:cc:72:9b:70:15:1e:f2:d1:73:
         61:34:d3:81:76:2f:c4:69:5b:6c:40:99:c4:74:da:8b:c6:58:
         d8:f3:4a:5e:1f:ce:96:50:56:a9:10:e0:02:ec:62:4c:00:cc:
         0c:b8:b9:da:ee:11:91:9f:af:69:58:1b:4e:42:c1:4c:80:02:
         14:83:da:8c:d4:ab:10:24:16:6a:83:37:2a:37:a3:bb:2e:fb:
         62:f4:ab:fc:69:6e:ef:cc:1f:b9:d1:28:8d:8b:f8:6e:05:59:
         ab:48:97:3c:4d:19:43:9a:80:76:19:af:59:74:1e:7b:ae:94:
         0b:f5:46:56:16:e7:58:68:15:7f:d5:17:27:52:42:cc:20:3f:
         d0:9a:d8:be:57:94:5a:2c:b7:ed:82:5f:57:f6:fc:4f:5a:51:
         74:8d:4e:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1p3b/v7+r9bRmm0r/sRD+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjRiNDUyM2E4OTcyYjllMmY0NmE0ZjRhMTYzNGU5NzAy
N2FlZGYwHhcNMjQwMjAyMTI0OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JjMDcwZWYxNGZlMzIxMTk2NjRkZDEwNmNiMzg0NjM1YjFhYjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTbuMFd1iTMUb8MLW19IqdH5dZC3
x8+jkbpgIXijbIXRZ4f1dJ4CZTMmg1R3wFMN6ey9hINRU1N83HYoXR7dM0pnm+Ob
/ddq/utADrxUaMalJY/G/s3aW+lFUiaQDuTRmJL9fB0UIniShncA2tmV+dMQxQw/
+GpKcRR/v7uYJ2bIGLl97bifte863Bjd9MICqTRAaH/gJ0F/yfDfGyma4Rn9Bjee
23T3Ir2FDGFnlREj18jVgFoGkWLzE+ujzn1M7O9pGmvQFgC7ws2HDJf0noYYQWT6
BbfFRcLqjjqhFqWjQAMSQRfL6A5nxkyPqJWCgIJRR7Sbp1Gy/eol8QvmgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMe8Bw7xT+MhGWZN0QbLOEY1sasEMB8GA1UdIwQY
MBaAFLRktFI6iXK54vRqT0oWNOlwJ67fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdTMFVqcUpjcm5pOUdwUFNoWTA2WEFucnQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jN2NhZjMtZWIwOC00NTU2LWE1Yjct
ZmM2ZTc3ODg0MDU0LzEveDd3SER2RlA0eUVaWmszUkJzczRSald4cXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jN2NhZjMtZWIwOC00NTU2LWE1YjctZmM2ZTc3ODg0MDU0
LzEvdEdTMFVqcUpjcm5pOUdwUFNoWTA2WEFucnQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT13MA0G
CSqGSIb3DQEBCwUAA4IBAQB7DTmxZsv0mrRdgUOC6ewQTduYahsiu4o1Qwpwu3+9
PdOg+k/KiCPDG9HMNohMkGE9M3xMj3AsTnSqoKf2K2t6KbmrshrgWw4mlSHAdKNo
I6Zfu5SGTY3v254hQBdgVd3AmWXMcptwFR7y0XNhNNOBdi/EaVtsQJnEdNqLxljY
80peH86WUFapEOAC7GJMAMwMuLna7hGRn69pWBtOQsFMgAIUg9qM1KsQJBZqgzcq
N6O7Lvti9Kv8aW7vzB+50SiNi/huBVmrSJc8TRlDmoB2Ga9ZdB57rpQL9UZWFudY
aBV/1RcnUkLMID/Qmti+V5RaLLftgl9X9vxPWlF0jU4N
-----END CERTIFICATE-----