Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/RxQepAM5X0kluzOrP6Szv5x-yg4.roa
File:                     RxQepAM5X0kluzOrP6Szv5x-yg4.roa (raw, json)
Hash identifier:          MA0xcOJo5ZCUxpFuJQG0u0rhJltdnZhVrq6CzHRrgtU=
Subject key identifier:   47:14:1E:A4:03:39:5F:49:25:BB:33:AB:3F:A4:B3:BF:9C:7E:CA:0E
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0190DBB4D22BE66B192C3450FDAFB108B6D3
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/RxQepAM5X0kluzOrP6Szv5x-yg4.roa
Signing time:             Mon 22 Jul 2024 18:29:38 +0000
ROA not before:           Mon 22 Jul 2024 18:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16611
IP address blocks:        213.145.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:b4:d2:2b:e6:6b:19:2c:34:50:fd:af:b1:08:b6:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jul 22 18:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47141ea403395f4925bb33ab3fa4b3bf9c7eca0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fc:51:99:99:45:a8:5a:5a:08:7d:92:35:ac:
                    28:80:a9:12:c0:03:f2:7f:ea:1d:dc:33:5e:ea:a9:
                    e5:0b:87:bf:41:f9:ce:46:3f:4f:cc:b4:d5:41:fb:
                    67:3f:e6:6b:ad:c2:b2:52:43:11:ae:ef:8b:40:94:
                    db:05:b8:95:ca:08:c1:2e:5b:5c:72:bd:b9:b1:95:
                    90:0e:26:d5:6b:0e:10:9e:f2:c6:2e:a4:55:ab:33:
                    10:23:80:08:cd:4a:70:c2:23:91:28:1f:27:30:7b:
                    88:7d:83:a8:c5:f3:6e:c1:f8:5d:99:bd:81:6c:20:
                    17:1c:54:57:4e:80:b5:5b:fe:70:64:a2:f7:ff:b6:
                    89:5f:79:b7:74:ec:47:9c:be:88:54:3e:eb:5a:60:
                    7f:b8:5a:13:44:81:00:3d:7a:45:c6:a6:d7:92:f2:
                    51:86:1a:95:a9:d0:97:12:db:38:d3:77:39:e3:34:
                    2a:a9:3d:b0:ba:71:9a:22:57:5c:f9:06:94:e8:08:
                    8e:6e:a1:c2:68:78:ee:1e:5d:c4:54:79:98:4c:ac:
                    0b:d7:3b:98:ae:20:1e:2b:66:b5:8c:f2:64:71:9e:
                    79:97:2a:17:a0:e4:71:a3:73:99:e1:2b:26:fc:ae:
                    bf:be:dc:5c:ee:11:c5:cc:43:87:1e:6f:c7:20:15:
                    64:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:14:1E:A4:03:39:5F:49:25:BB:33:AB:3F:A4:B3:BF:9C:7E:CA:0E
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/RxQepAM5X0kluzOrP6Szv5x-yg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:1b:a7:63:6a:a3:13:00:6e:b3:86:c2:57:2e:62:31:fd:4b:
         58:da:5a:ef:42:30:b7:44:e8:34:b8:85:75:97:9f:23:06:d1:
         48:e8:3b:b7:d3:f5:90:1d:ca:ad:88:6d:84:90:4d:f8:aa:a2:
         76:5e:8c:52:4c:9d:c3:1d:6e:1e:27:9a:c9:ce:46:bc:bc:c3:
         59:68:b9:c7:59:fd:40:cf:9d:5c:8b:20:60:72:28:21:2d:d0:
         3c:bb:ce:0e:36:c2:c1:6a:43:d8:a4:27:dc:2e:ce:9b:60:82:
         b6:5d:1f:81:03:69:4e:5e:28:f4:e8:39:89:a3:40:f7:bd:c3:
         e9:1a:d6:cd:6e:3a:a1:20:f5:9e:93:b1:24:16:37:bb:d8:1b:
         6a:5e:a3:2b:20:cc:ba:13:e6:f4:cf:5c:1c:71:24:f1:c3:a2:
         bd:0b:ae:62:89:2f:e6:4b:13:8a:5b:d1:65:a8:40:27:5d:48:
         4d:d5:f2:41:9e:69:f8:5c:2b:b5:e3:35:01:48:47:f5:62:52:
         f4:ef:47:94:c6:56:a4:ac:e5:67:14:55:20:8a:53:dd:f5:67:
         0a:9f:48:88:eb:bd:a8:45:c6:09:f1:2c:a8:49:7f:43:82:e7:
         f8:82:55:df:b3:0c:55:9e:50:e1:68:50:64:1e:f0:ce:3c:d0:
         45:d4:b9:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDbtNIr5msZLDRQ/a+xCLbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwNzIyMTgyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzE0MWVhNDAzMzk1ZjQ5MjViYjMzYWIzZmE0YjNiZjljN2VjYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPxRmZlFqFpaCH2SNawogKkSwAPy
f+od3DNe6qnlC4e/QfnORj9PzLTVQftnP+ZrrcKyUkMRru+LQJTbBbiVygjBLltc
cr25sZWQDibVaw4QnvLGLqRVqzMQI4AIzUpwwiORKB8nMHuIfYOoxfNuwfhdmb2B
bCAXHFRXToC1W/5wZKL3/7aJX3m3dOxHnL6IVD7rWmB/uFoTRIEAPXpFxqbXkvJR
hhqVqdCXEts403c54zQqqT2wunGaIldc+QaU6AiObqHCaHjuHl3EVHmYTKwL1zuY
riAeK2a1jPJkcZ55lyoXoORxo3OZ4Ssm/K6/vtxc7hHFzEOHHm/HIBVkBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcUHqQDOV9JJbszqz+ks7+cfsoOMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvUnhRZXBBTTVYMGtsdXpPclA2U3p2NXgteWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZFXMA0G
CSqGSIb3DQEBCwUAA4IBAQBjG6djaqMTAG6zhsJXLmIx/UtY2lrvQjC3ROg0uIV1
l58jBtFI6Du30/WQHcqtiG2EkE34qqJ2XoxSTJ3DHW4eJ5rJzka8vMNZaLnHWf1A
z51ciyBgcighLdA8u84ONsLBakPYpCfcLs6bYIK2XR+BA2lOXij06DmJo0D3vcPp
GtbNbjqhIPWek7EkFje72BtqXqMrIMy6E+b0z1wccSTxw6K9C65iiS/mSxOKW9Fl
qEAnXUhN1fJBnmn4XCu14zUBSEf1YlL070eUxlakrOVnFFUgilPd9WcKn0iI672o
RcYJ8SyoSX9Dguf4glXfswxVnlDhaFBkHvDOPNBF1Lnt
-----END CERTIFICATE-----