Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/7-ly6BhVGc20VAsisPVpGTjKQvo.roa
File:                     7-ly6BhVGc20VAsisPVpGTjKQvo.roa (raw, json)
Hash identifier:          dkfHEJO+upO8jidpQvQww6cwPA7yH45J+2neaiz1Wx8=
Subject key identifier:   EF:E9:72:E8:18:55:19:CD:B4:54:0B:22:B0:F5:69:19:38:CA:42:FA
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018ECC61D40E7278ADF83F9132851C9485ED
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/7-ly6BhVGc20VAsisPVpGTjKQvo.roa
Signing time:             Thu 11 Apr 2024 08:59:07 +0000
ROA not before:           Thu 11 Apr 2024 08:59:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12685
IP address blocks:        212.76.160.0/19 maxlen: 19
                          2a02:5a60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:61:d4:0e:72:78:ad:f8:3f:91:32:85:1c:94:85:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Apr 11 08:59:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efe972e8185519cdb4540b22b0f5691938ca42fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0c:ab:a0:2e:48:35:2c:12:e3:9f:d5:75:e4:
                    73:f3:f8:05:fd:14:6c:d6:3d:a1:bd:bb:1e:e4:a4:
                    ea:56:00:9e:62:83:98:2a:b6:53:ef:59:ff:e6:a3:
                    3f:a4:3c:60:a1:7b:e3:b8:93:3a:b0:6b:0c:1a:51:
                    5a:f9:ba:cf:5f:47:34:cf:77:27:1a:6c:a1:0f:c5:
                    ce:13:e8:2e:30:41:39:e8:aa:ec:ad:7b:91:ad:cf:
                    c8:41:bc:71:63:25:75:31:5e:f7:23:62:89:b7:c6:
                    57:17:5c:75:a7:37:bb:24:a4:4c:42:82:63:af:0a:
                    14:0c:cd:f3:81:0c:47:df:2e:5c:46:44:b5:47:09:
                    f6:a4:a8:00:84:bc:cf:6f:14:16:f7:e9:43:62:95:
                    89:c6:ba:5e:e0:c4:2f:49:d2:d5:91:d4:31:36:1d:
                    ce:76:74:1f:a5:c6:27:3f:10:90:38:3d:b8:e6:7b:
                    1f:98:e8:90:05:50:d5:6e:8f:13:a9:63:88:8a:4f:
                    71:0e:7f:71:6b:68:4d:dd:15:1c:23:40:b2:88:04:
                    11:87:06:f0:47:62:0d:39:74:32:31:7c:58:bc:60:
                    41:13:a6:f1:12:eb:31:2c:09:03:f5:1b:a8:8f:a3:
                    37:0f:f3:ba:9c:59:a2:3a:03:9e:f0:94:35:6a:12:
                    b4:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E9:72:E8:18:55:19:CD:B4:54:0B:22:B0:F5:69:19:38:CA:42:FA
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/7-ly6BhVGc20VAsisPVpGTjKQvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.76.160.0/19
                IPv6:
                  2a02:5a60::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:14:a1:3a:a7:b1:45:3f:54:b5:6d:79:7d:a2:12:f8:8a:fc:
         68:3d:5a:2e:2c:73:53:ea:28:be:07:a3:6f:4a:f8:07:b3:83:
         72:74:79:3a:23:41:42:56:8e:67:92:94:cb:01:c4:49:cb:23:
         7b:af:83:3c:be:ed:f0:c6:df:57:ee:b1:48:46:be:4e:be:0d:
         78:f3:65:5b:b1:b4:e6:f0:d0:2c:6e:2a:18:34:00:01:9f:ca:
         0e:54:78:ae:26:ce:0b:99:35:62:d6:9b:11:63:34:32:86:c4:
         f4:f5:f3:7a:d8:5e:58:23:1a:51:73:01:48:3c:80:3d:3e:6b:
         39:b8:4f:b6:46:20:15:d9:7e:c6:fd:67:56:22:ad:89:51:c1:
         2e:7c:b3:9c:38:a2:cb:1c:c7:e1:6a:dd:91:ef:77:cc:0b:12:
         2b:f0:01:6b:a9:21:b9:d2:6e:5a:df:cb:3a:e9:b4:2b:d6:32:
         f1:9b:36:14:0d:a1:66:0c:0f:94:1e:0d:36:30:5e:76:f2:64:
         ba:af:9e:b1:65:ca:f4:1b:3f:a5:4b:28:84:c8:ef:91:a5:7d:
         c9:7f:f3:81:b5:91:e1:77:4f:4b:24:af:1c:70:31:5e:47:16:
         4e:db:80:37:ab:ed:07:a3:7a:f1:6b:5d:13:17:b5:52:0f:fd:
         66:89:8f:f1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7MYdQOcnit+D+RMoUclIXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwNDExMDg1OTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmU5NzJlODE4NTUxOWNkYjQ1NDBiMjJiMGY1NjkxOTM4Y2E0MmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwyroC5INSwS45/VdeRz8/gF/RRs
1j2hvbse5KTqVgCeYoOYKrZT71n/5qM/pDxgoXvjuJM6sGsMGlFa+brPX0c0z3cn
GmyhD8XOE+guMEE56KrsrXuRrc/IQbxxYyV1MV73I2KJt8ZXF1x1pze7JKRMQoJj
rwoUDM3zgQxH3y5cRkS1Rwn2pKgAhLzPbxQW9+lDYpWJxrpe4MQvSdLVkdQxNh3O
dnQfpcYnPxCQOD245nsfmOiQBVDVbo8TqWOIik9xDn9xa2hN3RUcI0CyiAQRhwbw
R2INOXQyMXxYvGBBE6bxEusxLAkD9Ruoj6M3D/O6nFmiOgOe8JQ1ahK0yQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO/pcugYVRnNtFQLIrD1aRk4ykL6MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvNy1seTZCaFZHYzIwVkFzaXNQVnBHVGpLUXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1EygMA0E
AgACMAcDBQAqAlpgMA0GCSqGSIb3DQEBCwUAA4IBAQAFFKE6p7FFP1S1bXl9ohL4
ivxoPVouLHNT6ii+B6NvSvgHs4NydHk6I0FCVo5nkpTLAcRJyyN7r4M8vu3wxt9X
7rFIRr5Ovg1482VbsbTm8NAsbioYNAABn8oOVHiuJs4LmTVi1psRYzQyhsT09fN6
2F5YIxpRcwFIPIA9Pms5uE+2RiAV2X7G/WdWIq2JUcEufLOcOKLLHMfhat2R73fM
CxIr8AFrqSG50m5a38s66bQr1jLxmzYUDaFmDA+UHg02MF528mS6r56xZcr0Gz+l
SyiEyO+RpX3Jf/OBtZHhd09LJK8ccDFeRxZO24A3q+0Ho3rxa10TF7VSD/1miY/x
-----END CERTIFICATE-----