Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/7-gHl3fU2EXPAUwcLyq-LDpcQK0.roa
File:                     7-gHl3fU2EXPAUwcLyq-LDpcQK0.roa (raw, json)
Hash identifier:          mzu+LcoGVMNLRwVWczvbMvYQqFGt4Zzq0Cbx4ZlWzgk=
Subject key identifier:   EF:E8:07:97:77:D4:D8:45:CF:01:4C:1C:2F:2A:BE:2C:3A:5C:40:AD
Certificate issuer:       /CN=bd8f9c03e757f3db514ca38d15ada451fa2e9615
Certificate serial:       01917E8228473EEF99F40BA9B8534996BD4D
Authority key identifier: BD:8F:9C:03:E7:57:F3:DB:51:4C:A3:8D:15:AD:A4:51:FA:2E:96:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vY-cA-dX89tRTKONFa2kUfoulhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/7-gHl3fU2EXPAUwcLyq-LDpcQK0.roa
Signing time:             Fri 23 Aug 2024 09:12:24 +0000
ROA not before:           Fri 23 Aug 2024 09:12:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.109.96.0/22 maxlen: 24
                          2a04:a0c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/vY-cA-dX89tRTKONFa2kUfoulhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/vY-cA-dX89tRTKONFa2kUfoulhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vY-cA-dX89tRTKONFa2kUfoulhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7e:82:28:47:3e:ef:99:f4:0b:a9:b8:53:49:96:bd:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd8f9c03e757f3db514ca38d15ada451fa2e9615
        Validity
            Not Before: Aug 23 09:12:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efe8079777d4d845cf014c1c2f2abe2c3a5c40ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:86:ad:20:3a:cf:f5:b5:53:f2:4c:e6:af:66:
                    d3:1c:07:f9:4a:ea:48:74:f3:35:c7:ff:da:27:e3:
                    d8:c4:cd:22:48:7d:04:1a:e8:f6:a2:31:5e:64:fd:
                    c8:f2:13:a4:06:5a:5b:84:49:6a:23:14:cb:aa:b9:
                    28:bb:7e:41:2d:c3:e9:76:19:b5:27:95:cf:53:73:
                    61:32:99:16:45:be:ee:0d:30:66:8e:89:f0:65:1c:
                    e3:43:19:ae:cb:2b:4d:e7:b8:61:57:82:97:e3:36:
                    11:4d:0e:da:5a:49:7b:13:e9:47:0e:33:19:57:af:
                    5b:b2:58:d3:f4:d3:bd:e2:1a:e0:4d:db:85:56:b8:
                    5f:87:14:3f:a9:41:e1:d9:16:be:32:06:bc:7c:85:
                    b0:a9:1b:91:08:20:a4:28:e6:0a:bd:20:ba:80:77:
                    22:ed:cc:f3:6e:23:b9:f7:0c:29:60:ef:70:56:fe:
                    b7:04:e7:6a:5c:7c:d0:1f:f2:9f:00:73:55:b1:63:
                    ab:f6:9f:6a:c6:03:aa:5b:c7:3e:a3:42:5b:53:96:
                    07:d2:2d:a2:f9:6f:27:3d:6e:cb:4f:ca:fe:39:c8:
                    53:76:43:c8:79:d4:82:fe:3f:7e:d6:2f:b1:87:8e:
                    ec:c0:18:72:68:b5:92:63:73:97:d3:c7:c3:dd:89:
                    1c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E8:07:97:77:D4:D8:45:CF:01:4C:1C:2F:2A:BE:2C:3A:5C:40:AD
            X509v3 Authority Key Identifier:
                keyid:BD:8F:9C:03:E7:57:F3:DB:51:4C:A3:8D:15:AD:A4:51:FA:2E:96:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vY-cA-dX89tRTKONFa2kUfoulhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/7-gHl3fU2EXPAUwcLyq-LDpcQK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b83e47-bc04-492d-9a07-ecdd8174007a/1/vY-cA-dX89tRTKONFa2kUfoulhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.96.0/22
                IPv6:
                  2a04:a0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:51:57:4d:4b:c7:9f:2b:10:3d:e4:fc:70:1c:6c:50:ad:4c:
         bb:80:8e:29:ac:c0:a7:5c:69:ae:bf:73:34:4a:b8:2d:7e:9f:
         54:b0:03:b0:dd:2a:a2:5f:d7:be:5f:0a:6e:64:64:01:9b:76:
         a5:69:36:98:45:79:a9:99:4c:7e:1b:34:b8:1a:ae:99:de:83:
         be:9f:11:be:d8:ce:81:97:8b:c0:92:1b:47:4f:6c:54:d5:94:
         73:8a:ef:0d:fe:b0:40:81:20:15:87:b1:9d:b9:7a:40:79:97:
         ea:64:49:e9:79:c5:5c:d4:38:f6:e1:a5:bc:0d:4d:10:f8:6a:
         9a:f6:67:7c:e5:99:2e:65:a0:f8:7b:19:6a:a6:ab:6c:f8:c6:
         c9:d6:17:60:6f:66:bd:2b:b6:d5:07:e8:40:ed:ea:2e:7b:9c:
         ce:f9:36:8a:34:e5:3d:3f:d9:08:55:dd:7c:c0:ba:f4:2c:86:
         0a:fe:47:0d:f3:4d:e4:da:c0:ac:dd:db:37:f6:17:37:ee:bb:
         ed:57:b6:1e:a0:a4:ae:e4:43:c1:26:23:c4:38:3e:e2:f2:dc:
         16:10:9e:39:e5:9f:82:93:b2:ce:d6:85:6a:33:ea:02:48:e3:
         d8:a4:d6:92:6d:a0:a2:1f:df:14:25:27:b3:09:75:6a:e1:3d:
         3a:6b:19:b0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZF+gihHPu+Z9AupuFNJlr1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkOGY5YzAzZTc1N2YzZGI1MTRjYTM4ZDE1YWRhNDUxZmEy
ZTk2MTUwHhcNMjQwODIzMDkxMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmU4MDc5Nzc3ZDRkODQ1Y2YwMTRjMWMyZjJhYmUyYzNhNWM0MGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIatIDrP9bVT8kzmr2bTHAf5SupI
dPM1x//aJ+PYxM0iSH0EGuj2ojFeZP3I8hOkBlpbhElqIxTLqrkou35BLcPpdhm1
J5XPU3NhMpkWRb7uDTBmjonwZRzjQxmuyytN57hhV4KX4zYRTQ7aWkl7E+lHDjMZ
V69bsljT9NO94hrgTduFVrhfhxQ/qUHh2Ra+Mga8fIWwqRuRCCCkKOYKvSC6gHci
7czzbiO59wwpYO9wVv63BOdqXHzQH/KfAHNVsWOr9p9qxgOqW8c+o0JbU5YH0i2i
+W8nPW7LT8r+OchTdkPIedSC/j9+1i+xh47swBhyaLWSY3OX08fD3YkcKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO/oB5d31NhFzwFMHC8qviw6XECtMB8GA1UdIwQY
MBaAFL2PnAPnV/PbUUyjjRWtpFH6LpYVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlktY0EtZFg4OXRSVEtPTkZhMmtVZm91bGhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iODNlNDctYmMwNC00OTJkLTlhMDct
ZWNkZDgxNzQwMDdhLzEvNy1nSGwzZlUyRVhQQVV3Y0x5cS1MRHBjUUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iODNlNDctYmMwNC00OTJkLTlhMDctZWNkZDgxNzQwMDdh
LzEvdlktY0EtZFg4OXRSVEtPTkZhMmtVZm91bGhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW1gMA0E
AgACMAcDBQMqBKDAMA0GCSqGSIb3DQEBCwUAA4IBAQBgUVdNS8efKxA95PxwHGxQ
rUy7gI4prMCnXGmuv3M0Srgtfp9UsAOw3SqiX9e+XwpuZGQBm3alaTaYRXmpmUx+
GzS4Gq6Z3oO+nxG+2M6Bl4vAkhtHT2xU1ZRziu8N/rBAgSAVh7GduXpAeZfqZEnp
ecVc1Dj24aW8DU0Q+Gqa9md85ZkuZaD4exlqpqts+MbJ1hdgb2a9K7bVB+hA7eou
e5zO+TaKNOU9P9kIVd18wLr0LIYK/kcN803k2sCs3ds39hc37rvtV7YeoKSu5EPB
JiPEOD7i8twWEJ455Z+Ck7LO1oVqM+oCSOPYpNaSbaCiH98UJSezCXVq4T06axmw
-----END CERTIFICATE-----