Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/7GtHnuRSHdiBGK9BNS6fhWiGnrs.roa
File:                     7GtHnuRSHdiBGK9BNS6fhWiGnrs.roa (raw, json)
Hash identifier:          1xfi8JsZTjefG3U9aQmZ2wIKpPQtqFvMx/LJcPpYnf0=
Subject key identifier:   EC:6B:47:9E:E4:52:1D:D8:81:18:AF:41:35:2E:9F:85:68:86:9E:BB
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018CC80204AB8DF3821B8204E4A3ADAFDBBA
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/7GtHnuRSHdiBGK9BNS6fhWiGnrs.roa
Signing time:             Tue 02 Jan 2024 02:30:24 +0000
ROA not before:           Tue 02 Jan 2024 02:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34875
IP address blocks:        212.220.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:04:ab:8d:f3:82:1b:82:04:e4:a3:ad:af:db:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 02:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec6b479ee4521dd88118af41352e9f8568869ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ed:94:db:ac:7b:55:86:ff:8c:5c:88:a1:e6:
                    db:b7:a7:7f:39:f9:8a:16:56:6e:d2:e9:39:fe:89:
                    b3:2c:25:ee:13:86:5f:d0:b8:41:7e:6e:60:1f:7c:
                    61:25:f3:60:62:66:ec:3f:1c:1e:1f:50:10:54:48:
                    ce:ae:7f:5f:82:e4:55:a9:ab:9b:9d:ba:39:ec:0a:
                    a8:ef:f2:8e:b3:ba:69:98:3e:c8:05:f8:87:34:3b:
                    cd:7a:3b:55:d7:b1:5a:ea:ee:f4:b1:37:01:07:fc:
                    9d:73:50:f8:e4:b6:95:e4:45:43:ea:8d:21:ca:d2:
                    9f:35:41:4b:6f:1d:67:ae:bc:da:b7:39:28:f6:4b:
                    dd:58:14:ec:5d:fb:51:da:0b:00:12:c7:d5:f9:5f:
                    16:af:3b:7d:a5:d6:57:03:aa:ff:d9:bf:e0:f7:f4:
                    3f:ce:d1:6e:2d:cc:ed:ae:a0:6b:1d:0b:4c:f1:95:
                    06:72:5d:19:45:c3:97:ee:ea:43:df:e2:83:56:89:
                    3a:23:31:be:f7:8f:0b:a1:ac:7b:e7:57:b6:cf:b3:
                    0f:ca:61:eb:14:88:c8:eb:75:c4:36:35:19:2c:ec:
                    47:11:27:a9:ff:10:70:a9:db:f4:ec:e3:2e:c7:60:
                    bb:79:19:77:a2:3a:30:ea:55:dc:5c:a2:9b:92:2b:
                    62:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:6B:47:9E:E4:52:1D:D8:81:18:AF:41:35:2E:9F:85:68:86:9E:BB
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/7GtHnuRSHdiBGK9BNS6fhWiGnrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.220.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:cc:df:47:91:23:2a:ae:2a:6b:bb:86:72:0a:56:a0:39:c1:
         11:82:9d:b4:21:a4:0a:62:bf:0c:34:69:69:f4:e3:c0:d8:ad:
         04:54:29:a6:a8:3a:fb:56:35:12:c1:58:a0:77:34:02:65:26:
         35:25:da:33:6c:df:86:ff:51:d6:41:ea:b5:ff:9f:16:27:bb:
         1d:5b:a2:47:1a:10:0c:69:a8:00:85:c1:ff:49:10:6f:b0:0e:
         ad:71:73:94:91:64:a6:70:53:1c:78:47:3f:f3:99:0f:fc:e2:
         e2:ae:49:1e:72:75:24:99:24:14:d0:e4:93:2f:4f:39:b9:25:
         cf:46:80:d0:bd:5c:47:28:49:07:15:13:5c:67:c5:8e:22:09:
         ce:12:5a:6f:dc:66:46:32:41:14:e6:07:4c:c0:61:f7:e8:ef:
         af:7e:fe:da:1a:61:4d:8c:66:3e:27:d5:2e:6c:32:7b:a5:cb:
         ca:5f:24:4c:ff:e2:51:80:14:43:61:ee:fe:6a:dd:54:fb:80:
         ac:bc:a8:84:89:29:c1:2c:50:b3:97:7f:23:ac:4a:35:fe:10:
         20:60:b7:e6:82:9a:63:04:14:89:48:68:6a:bd:bc:be:47:9d:
         61:f4:e3:a2:b9:10:1b:8d:90:c3:a9:8b:1d:8a:e1:a3:d4:bf:
         d3:0e:28:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAgSrjfOCG4IE5KOtr9u6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMTAyMDIzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzZiNDc5ZWU0NTIxZGQ4ODExOGFmNDEzNTJlOWY4NTY4ODY5ZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu2U26x7VYb/jFyIoebbt6d/OfmK
FlZu0uk5/omzLCXuE4Zf0LhBfm5gH3xhJfNgYmbsPxweH1AQVEjOrn9fguRVqaub
nbo57Aqo7/KOs7ppmD7IBfiHNDvNejtV17Fa6u70sTcBB/ydc1D45LaV5EVD6o0h
ytKfNUFLbx1nrrzatzko9kvdWBTsXftR2gsAEsfV+V8Wrzt9pdZXA6r/2b/g9/Q/
ztFuLcztrqBrHQtM8ZUGcl0ZRcOX7upD3+KDVok6IzG+948Loax751e2z7MPymHr
FIjI63XENjUZLOxHESep/xBwqdv07OMux2C7eRl3ojow6lXcXKKbkitiPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxrR57kUh3YgRivQTUun4Vohp67MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvN0d0SG51UlNIZGlCR0s5Qk5TNmZoV2lHbnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1NwEMA0G
CSqGSIb3DQEBCwUAA4IBAQBHzN9HkSMqripru4ZyClagOcERgp20IaQKYr8MNGlp
9OPA2K0EVCmmqDr7VjUSwVigdzQCZSY1JdozbN+G/1HWQeq1/58WJ7sdW6JHGhAM
aagAhcH/SRBvsA6tcXOUkWSmcFMceEc/85kP/OLirkkecnUkmSQU0OSTL085uSXP
RoDQvVxHKEkHFRNcZ8WOIgnOElpv3GZGMkEU5gdMwGH36O+vfv7aGmFNjGY+J9Uu
bDJ7pcvKXyRM/+JRgBRDYe7+at1U+4CsvKiEiSnBLFCzl38jrEo1/hAgYLfmgppj
BBSJSGhqvby+R51h9OOiuRAbjZDDqYsdiuGj1L/TDigH
-----END CERTIFICATE-----