Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/R76eFsK5xszjjxNUqOuPKz-X9vA.roa
File:                     R76eFsK5xszjjxNUqOuPKz-X9vA.roa (raw, json)
Hash identifier:          +imVCBnw6hAptaztnb4qSKXM66j8aFgpKX/o5vCBbO4=
Subject key identifier:   47:BE:9E:16:C2:B9:C6:CC:E3:8F:13:54:A8:EB:8F:2B:3F:97:F6:F0
Certificate issuer:       /CN=4ea65c7edba469d099d76aacd7dc263f4dfec5eb
Certificate serial:       018F4CDB1379771AE97079D04652FB70E4DE
Authority key identifier: 4E:A6:5C:7E:DB:A4:69:D0:99:D7:6A:AC:D7:DC:26:3F:4D:FE:C5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TqZcftukadCZ12qs19wmP03-xes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/R76eFsK5xszjjxNUqOuPKz-X9vA.roa
Signing time:             Mon 06 May 2024 07:42:56 +0000
ROA not before:           Mon 06 May 2024 07:42:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15704
IP address blocks:        93.156.192.0/21 maxlen: 21
                          93.156.200.0/21 maxlen: 21
                          93.156.208.0/21 maxlen: 21
                          93.156.216.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/TqZcftukadCZ12qs19wmP03-xes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/TqZcftukadCZ12qs19wmP03-xes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TqZcftukadCZ12qs19wmP03-xes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 01:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:db:13:79:77:1a:e9:70:79:d0:46:52:fb:70:e4:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ea65c7edba469d099d76aacd7dc263f4dfec5eb
        Validity
            Not Before: May  6 07:42:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47be9e16c2b9c6cce38f1354a8eb8f2b3f97f6f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0e:3a:de:82:4c:5b:9f:f7:2a:99:5a:86:20:
                    f9:f4:46:92:15:cd:e6:03:39:73:bd:fe:51:2e:62:
                    86:b6:b5:24:ab:7e:60:73:18:fe:8f:24:5e:40:6a:
                    ad:89:67:15:21:e8:14:aa:ff:69:58:86:e5:5a:c9:
                    bc:af:9b:3f:b1:81:76:1f:a4:fc:5f:c4:20:38:09:
                    76:f1:b0:a4:87:7b:f3:ce:8a:68:ab:44:3b:da:10:
                    96:71:fe:98:fa:ab:58:6a:78:d5:f4:ff:3c:e8:4e:
                    eb:d7:11:d2:97:54:7c:73:4f:d1:b3:0e:3a:3f:91:
                    2b:88:1f:0f:50:92:8e:ff:d8:c4:e3:1e:ac:a1:6f:
                    02:99:c2:5d:8b:bc:73:75:7d:ef:2b:74:e7:a8:e0:
                    83:8c:ec:fb:81:69:b1:90:d7:03:75:aa:52:03:88:
                    95:e0:89:17:b5:11:3e:02:29:43:f4:7d:54:90:d4:
                    8e:66:80:e3:a0:fa:74:aa:f3:fc:a7:1a:ba:35:0a:
                    54:aa:66:00:25:41:44:a0:62:3d:86:c4:0b:f2:15:
                    1a:1f:44:4e:f5:1e:d2:45:ab:1b:e5:8f:bd:a2:25:
                    b4:42:57:ae:39:1f:fc:28:16:c2:05:97:ac:bc:5f:
                    1b:74:a3:d6:86:75:12:93:dd:21:1d:1d:5f:d2:3d:
                    a6:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BE:9E:16:C2:B9:C6:CC:E3:8F:13:54:A8:EB:8F:2B:3F:97:F6:F0
            X509v3 Authority Key Identifier:
                keyid:4E:A6:5C:7E:DB:A4:69:D0:99:D7:6A:AC:D7:DC:26:3F:4D:FE:C5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TqZcftukadCZ12qs19wmP03-xes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/R76eFsK5xszjjxNUqOuPKz-X9vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/TqZcftukadCZ12qs19wmP03-xes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.156.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         90:59:dc:78:47:50:5e:7f:09:d0:6e:2b:a2:3a:3d:77:87:c3:
         0b:6e:21:68:f5:63:13:b3:93:f1:a1:28:22:a3:bf:56:7b:5d:
         ec:44:5f:ac:e0:b6:d4:6b:57:2e:72:5b:d3:cc:e0:a2:b8:d6:
         68:b1:74:fc:fc:eb:98:d3:19:68:ee:27:cf:5a:10:89:1d:28:
         8c:6f:ea:db:b4:ea:20:f5:69:d8:85:e5:5b:b0:84:03:8e:47:
         cc:3f:87:ce:3d:c3:9b:05:4d:8a:af:a1:14:70:8b:fd:52:0d:
         e3:7d:16:97:86:f6:94:b6:b0:f9:3a:0e:6c:30:d7:34:66:a0:
         17:bd:73:b1:3b:16:34:ed:aa:8c:7d:94:99:81:55:b5:1c:8d:
         93:2f:b5:21:74:d2:99:aa:49:f7:fe:6d:5d:97:f5:7d:91:85:
         73:3e:21:fd:86:30:32:07:86:1d:1f:c4:96:4e:62:54:f1:4b:
         ed:03:a8:06:85:f9:09:d8:aa:e6:66:ad:75:7e:8e:68:34:fa:
         63:f7:40:04:b8:04:ec:6d:a6:5d:bd:d6:4b:3b:b1:ea:88:6f:
         30:b7:3c:f5:31:ad:c8:50:53:37:36:79:79:d2:58:50:a6:45:
         f1:34:1c:63:b7:74:fc:8c:27:ac:98:3b:df:09:45:04:ac:7e:
         52:58:8d:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9M2xN5dxrpcHnQRlL7cOTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYTY1YzdlZGJhNDY5ZDA5OWQ3NmFhY2Q3ZGMyNjNmNGRm
ZWM1ZWIwHhcNMjQwNTA2MDc0MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JlOWUxNmMyYjljNmNjZTM4ZjEzNTRhOGViOGYyYjNmOTdmNmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQ463oJMW5/3KplahiD59EaSFc3m
Azlzvf5RLmKGtrUkq35gcxj+jyReQGqtiWcVIegUqv9pWIblWsm8r5s/sYF2H6T8
X8QgOAl28bCkh3vzzopoq0Q72hCWcf6Y+qtYanjV9P886E7r1xHSl1R8c0/Rsw46
P5EriB8PUJKO/9jE4x6soW8CmcJdi7xzdX3vK3TnqOCDjOz7gWmxkNcDdapSA4iV
4IkXtRE+AilD9H1UkNSOZoDjoPp0qvP8pxq6NQpUqmYAJUFEoGI9hsQL8hUaH0RO
9R7SRasb5Y+9oiW0QleuOR/8KBbCBZesvF8bdKPWhnUSk90hHR1f0j2mwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEe+nhbCucbM448TVKjrjys/l/bwMB8GA1UdIwQY
MBaAFE6mXH7bpGnQmddqrNfcJj9N/sXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHFaY2Z0dWthZENaMTJxczE5d21QMDMteGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8wN2YyNzAtYzZjYy00OWNkLWFlNDYt
NTEwMGEyNmQyNzRiLzEvUjc2ZUZzSzV4c3pqanhOVXFPdVBLei1YOXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8wN2YyNzAtYzZjYy00OWNkLWFlNDYtNTEwMGEyNmQyNzRi
LzEvVHFaY2Z0dWthZENaMTJxczE5d21QMDMteGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXZzAMA0G
CSqGSIb3DQEBCwUAA4IBAQCQWdx4R1BefwnQbiuiOj13h8MLbiFo9WMTs5PxoSgi
o79We13sRF+s4LbUa1cuclvTzOCiuNZosXT8/OuY0xlo7ifPWhCJHSiMb+rbtOog
9WnYheVbsIQDjkfMP4fOPcObBU2Kr6EUcIv9Ug3jfRaXhvaUtrD5Og5sMNc0ZqAX
vXOxOxY07aqMfZSZgVW1HI2TL7UhdNKZqkn3/m1dl/V9kYVzPiH9hjAyB4YdH8SW
TmJU8UvtA6gGhfkJ2KrmZq11fo5oNPpj90AEuATsbaZdvdZLO7HqiG8wtzz1Ma3I
UFM3Nnl50lhQpkXxNBxjt3T8jCesmDvfCUUErH5SWI0U
-----END CERTIFICATE-----