Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/T7Ptb1us0-lVeMJ34nEQreW66uo.roa
File:                     T7Ptb1us0-lVeMJ34nEQreW66uo.roa (raw, json)
Hash identifier:          DC9qQUVc3JSEP37khEVoqKXxnhK7CuJSgTUAe4IcHHY=
Subject key identifier:   4F:B3:ED:6F:5B:AC:D3:E9:55:78:C2:77:E2:71:10:AD:E5:BA:EA:EA
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018E8896C25D5D26CC6F770DFF783B8F9B71
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/T7Ptb1us0-lVeMJ34nEQreW66uo.roa
Signing time:             Fri 29 Mar 2024 05:02:45 +0000
ROA not before:           Fri 29 Mar 2024 05:02:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200121
IP address blocks:        176.211.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:88:96:c2:5d:5d:26:cc:6f:77:0d:ff:78:3b:8f:9b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Mar 29 05:02:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fb3ed6f5bacd3e95578c277e27110ade5baeaea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ad:89:35:10:b2:81:1a:f3:37:de:38:45:96:
                    3e:af:ff:bc:e9:36:13:19:54:0a:fe:c7:28:23:f3:
                    7d:84:2d:db:c9:48:d6:b5:1c:a3:5c:ac:a5:e8:41:
                    36:0f:27:89:ee:26:57:65:37:f3:bd:14:b6:30:30:
                    7d:56:c1:54:ee:66:6f:b4:24:5f:f7:02:40:52:52:
                    de:b1:3b:7b:63:05:25:ac:46:f0:41:e9:65:e1:ea:
                    fa:ef:c7:c5:18:bb:68:6f:bf:38:32:70:67:3a:31:
                    03:f2:b7:23:f5:1e:dc:c0:85:3a:68:1d:18:6b:37:
                    c6:8c:0e:a6:12:f4:66:6a:a3:1b:08:79:d4:96:a6:
                    1c:23:35:c6:95:aa:a7:83:b0:86:ca:7f:50:89:ba:
                    8e:49:db:06:0b:bb:6b:c4:d9:5b:ba:2c:b6:48:de:
                    40:24:b9:09:ad:05:4d:6d:4f:7d:22:78:3f:6e:63:
                    a0:5e:59:be:6a:4b:3e:e4:69:7b:26:12:47:76:4e:
                    1b:86:e3:98:51:1d:87:73:9e:f6:3b:dc:4b:14:c0:
                    c3:ea:75:1c:6b:ee:f0:a7:03:e5:08:23:f5:c8:cb:
                    bb:4f:86:01:0a:29:cb:65:b8:c7:94:39:78:d0:4d:
                    d9:83:4b:56:cd:1f:32:51:f0:a4:7b:4c:09:83:e1:
                    be:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B3:ED:6F:5B:AC:D3:E9:55:78:C2:77:E2:71:10:AD:E5:BA:EA:EA
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/T7Ptb1us0-lVeMJ34nEQreW66uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.211.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:30:c2:8e:8d:eb:9d:42:86:d2:d8:51:0f:06:a6:11:3c:02:
         38:c5:ac:f2:dc:77:fd:e4:b3:57:f1:41:90:c6:c3:c7:5c:e7:
         a2:2d:36:e2:89:f3:13:ec:20:86:28:87:01:79:0b:7f:51:75:
         cd:83:9b:a6:6a:53:3c:bb:a9:87:d6:f6:62:e8:17:5f:49:08:
         b5:b8:49:3d:82:c7:e4:90:f0:a8:d5:63:3f:ae:37:b0:85:43:
         2f:14:13:fe:6e:ec:8f:ec:c8:31:6c:3e:13:df:fe:96:7e:d9:
         5d:5d:36:6c:91:3b:5d:f0:7a:86:dd:5e:55:06:49:b1:80:7c:
         72:86:eb:a8:d2:4f:b7:62:b8:fa:a1:3f:1c:36:e2:94:52:f8:
         d2:f7:3d:fa:0d:80:2a:6e:31:a4:36:a1:60:de:c5:a1:d5:6d:
         c0:22:8b:c9:71:58:94:e9:e9:74:51:bc:c1:0a:a1:62:c3:36:
         5c:b2:16:a5:ff:41:b7:5a:b6:9a:bd:69:9e:ff:a4:92:b1:31:
         07:ba:ab:ca:44:65:65:e2:e2:06:a7:9b:69:a9:95:94:bd:14:
         98:24:49:b7:a3:6e:48:6f:65:23:55:53:65:8d:f8:ce:14:d4:
         ed:42:a6:a2:f5:fe:6a:86:e1:fc:45:fa:84:fa:ff:d9:e8:7b:
         c0:d3:c2:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6IlsJdXSbMb3cN/3g7j5txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMzI5MDUwMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmIzZWQ2ZjViYWNkM2U5NTU3OGMyNzdlMjcxMTBhZGU1YmFlYWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwq2JNRCygRrzN944RZY+r/+86TYT
GVQK/scoI/N9hC3byUjWtRyjXKyl6EE2DyeJ7iZXZTfzvRS2MDB9VsFU7mZvtCRf
9wJAUlLesTt7YwUlrEbwQell4er678fFGLtob784MnBnOjED8rcj9R7cwIU6aB0Y
azfGjA6mEvRmaqMbCHnUlqYcIzXGlaqng7CGyn9QibqOSdsGC7trxNlbuiy2SN5A
JLkJrQVNbU99Ing/bmOgXlm+aks+5Gl7JhJHdk4bhuOYUR2Hc572O9xLFMDD6nUc
a+7wpwPlCCP1yMu7T4YBCinLZbjHlDl40E3Zg0tWzR8yUfCke0wJg+G++QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+z7W9brNPpVXjCd+JxEK3luurqMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvVDdQdGIxdXMwLWxWZU1KMzRuRVFyZVc2NnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsNN8MA0G
CSqGSIb3DQEBCwUAA4IBAQA9MMKOjeudQobS2FEPBqYRPAI4xazy3Hf95LNX8UGQ
xsPHXOeiLTbiifMT7CCGKIcBeQt/UXXNg5umalM8u6mH1vZi6BdfSQi1uEk9gsfk
kPCo1WM/rjewhUMvFBP+buyP7MgxbD4T3/6WftldXTZskTtd8HqG3V5VBkmxgHxy
huuo0k+3Yrj6oT8cNuKUUvjS9z36DYAqbjGkNqFg3sWh1W3AIovJcViU6el0UbzB
CqFiwzZcshal/0G3WraavWme/6SSsTEHuqvKRGVl4uIGp5tpqZWUvRSYJEm3o25I
b2UjVVNljfjOFNTtQqai9f5qhuH8RfqE+v/Z6HvA08IO
-----END CERTIFICATE-----