Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/a6076e-1510-488c-b7fb-c94fe4c971d4/1/QurFSvltLheI9wL9x6fybp6ZnV0.roa
File:                     QurFSvltLheI9wL9x6fybp6ZnV0.roa (raw, json)
Hash identifier:          ToFATAMTTnJUAUSrFpFLWGPBg40p/4wGP6XWPY9GL/0=
Subject key identifier:   42:EA:C5:4A:F9:6D:2E:17:88:F7:02:FD:C7:A7:F2:6E:9E:99:9D:5D
Certificate issuer:       /CN=7607ccc309291dc81b19143d4d3fe28d01c6bebd
Certificate serial:       018CC8DF1D35A0FAD709F723E46F592B46FB
Authority key identifier: 76:07:CC:C3:09:29:1D:C8:1B:19:14:3D:4D:3F:E2:8D:01:C6:BE:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dgfMwwkpHcgbGRQ9TT_ijQHGvr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/a6076e-1510-488c-b7fb-c94fe4c971d4/1/QurFSvltLheI9wL9x6fybp6ZnV0.roa
Signing time:             Tue 02 Jan 2024 06:31:54 +0000
ROA not before:           Tue 02 Jan 2024 06:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210728
IP address blocks:        194.26.103.0/24 maxlen: 24
                          2a11:2440::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/a6076e-1510-488c-b7fb-c94fe4c971d4/1/dgfMwwkpHcgbGRQ9TT_ijQHGvr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/a6076e-1510-488c-b7fb-c94fe4c971d4/1/dgfMwwkpHcgbGRQ9TT_ijQHGvr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dgfMwwkpHcgbGRQ9TT_ijQHGvr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:1d:35:a0:fa:d7:09:f7:23:e4:6f:59:2b:46:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7607ccc309291dc81b19143d4d3fe28d01c6bebd
        Validity
            Not Before: Jan  2 06:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42eac54af96d2e1788f702fdc7a7f26e9e999d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:35:b1:b8:7e:11:57:ad:37:23:8d:25:e0:e4:
                    bc:14:c0:50:48:dc:ae:0c:c0:86:6e:3c:31:91:81:
                    8a:47:5d:28:81:82:09:12:7c:e4:b2:c8:7c:89:ef:
                    7d:a7:25:53:98:2e:9a:a8:ae:be:07:8f:58:6f:a8:
                    48:5f:94:28:a3:c9:10:91:2d:fc:5b:8c:bb:ef:43:
                    5a:cc:fa:b3:e1:08:68:46:29:77:34:ff:54:80:39:
                    b4:e8:89:43:f4:4c:45:2d:98:a5:fa:f5:7e:9f:7f:
                    37:dc:9d:e5:af:09:4a:3d:10:68:cb:af:aa:43:51:
                    3c:d3:50:3a:51:16:63:4b:65:88:44:14:78:0c:ab:
                    ba:73:21:cf:2e:3f:bf:62:6a:af:23:12:6b:9b:d5:
                    ba:da:94:fb:fa:cd:b5:4d:32:a4:5e:3c:d3:66:6f:
                    57:aa:d3:4c:11:4f:19:39:e9:73:71:47:27:0b:e4:
                    4d:fa:0d:fd:cf:32:83:7e:8e:db:31:df:dc:91:54:
                    47:c4:f6:df:1b:d7:3d:93:e6:e3:d2:af:ed:d9:0f:
                    55:83:ca:db:88:dd:a3:02:47:eb:93:e7:d5:33:e3:
                    e1:33:b3:5c:5b:91:00:8a:da:f5:55:a8:f0:04:e8:
                    9b:1a:a1:85:b6:a2:ad:10:f3:ce:8b:31:3c:50:6e:
                    67:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:EA:C5:4A:F9:6D:2E:17:88:F7:02:FD:C7:A7:F2:6E:9E:99:9D:5D
            X509v3 Authority Key Identifier:
                keyid:76:07:CC:C3:09:29:1D:C8:1B:19:14:3D:4D:3F:E2:8D:01:C6:BE:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dgfMwwkpHcgbGRQ9TT_ijQHGvr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/a6076e-1510-488c-b7fb-c94fe4c971d4/1/QurFSvltLheI9wL9x6fybp6ZnV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/a6076e-1510-488c-b7fb-c94fe4c971d4/1/dgfMwwkpHcgbGRQ9TT_ijQHGvr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.103.0/24
                IPv6:
                  2a11:2440::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:cb:e2:97:1a:b0:2f:4b:5c:f4:16:7d:8d:34:ab:5e:91:db:
         bd:6a:fd:72:3d:0e:4e:0c:6b:7f:07:50:a3:ce:47:8b:61:71:
         2b:d3:92:a7:a3:88:76:1a:01:27:cc:76:fd:c3:81:73:78:37:
         4d:5d:c0:65:f4:6a:51:25:93:c9:0a:ab:68:92:6f:53:33:a7:
         04:36:bc:2e:f2:1b:e9:56:93:f2:75:fb:55:16:2f:16:71:e9:
         87:78:24:6d:e2:94:77:00:fc:35:fd:57:a5:dd:5e:ef:29:0a:
         9b:d7:64:7f:2e:7d:a0:04:37:86:78:36:60:d1:65:6c:d1:e2:
         ed:99:90:4a:90:36:fe:8d:40:29:23:ae:db:f7:77:d3:d0:fd:
         47:df:dc:c0:61:5d:d6:cf:bc:04:7b:4a:d1:fb:7f:88:65:61:
         70:0a:0e:d0:9e:fa:53:fe:ab:a6:70:c9:57:af:e7:89:4d:f2:
         b3:f4:50:08:29:db:98:36:45:7e:10:41:89:24:4f:0f:ac:bf:
         27:59:ec:78:1e:12:28:68:4a:f8:e5:50:b6:23:b1:dc:b7:09:
         af:9a:a0:f5:6c:78:ad:d6:99:28:09:c3:2c:2d:d9:29:0b:a9:
         f5:53:7f:eb:97:de:43:62:b5:bc:ff:75:c3:3a:66:22:eb:3e:
         91:57:58:ab
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3x01oPrXCfcj5G9ZK0b7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MDdjY2MzMDkyOTFkYzgxYjE5MTQzZDRkM2ZlMjhkMDFj
NmJlYmQwHhcNMjQwMTAyMDYzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmVhYzU0YWY5NmQyZTE3ODhmNzAyZmRjN2E3ZjI2ZTllOTk5ZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljWxuH4RV603I40l4OS8FMBQSNyu
DMCGbjwxkYGKR10ogYIJEnzkssh8ie99pyVTmC6aqK6+B49Yb6hIX5Qoo8kQkS38
W4y770NazPqz4QhoRil3NP9UgDm06IlD9ExFLZil+vV+n3833J3lrwlKPRBoy6+q
Q1E801A6URZjS2WIRBR4DKu6cyHPLj+/YmqvIxJrm9W62pT7+s21TTKkXjzTZm9X
qtNMEU8ZOelzcUcnC+RN+g39zzKDfo7bMd/ckVRHxPbfG9c9k+bj0q/t2Q9Vg8rb
iN2jAkfrk+fVM+PhM7NcW5EAitr1VajwBOibGqGFtqKtEPPOizE8UG5nJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFELqxUr5bS4XiPcC/cen8m6emZ1dMB8GA1UdIwQY
MBaAFHYHzMMJKR3IGxkUPU0/4o0Bxr69MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGdmTXd3a3BIY2diR1JROVRUX2lqUUhHdnIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9hNjA3NmUtMTUxMC00ODhjLWI3ZmIt
Yzk0ZmU0Yzk3MWQ0LzEvUXVyRlN2bHRMaGVJOXdMOXg2ZnlicDZablYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9hNjA3NmUtMTUxMC00ODhjLWI3ZmItYzk0ZmU0Yzk3MWQ0
LzEvZGdmTXd3a3BIY2diR1JROVRUX2lqUUhHdnIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwhpnMA0E
AgACMAcDBQAqESRAMA0GCSqGSIb3DQEBCwUAA4IBAQBdy+KXGrAvS1z0Fn2NNKte
kdu9av1yPQ5ODGt/B1CjzkeLYXEr05Kno4h2GgEnzHb9w4FzeDdNXcBl9GpRJZPJ
Cqtokm9TM6cENrwu8hvpVpPydftVFi8WcemHeCRt4pR3APw1/Vel3V7vKQqb12R/
Ln2gBDeGeDZg0WVs0eLtmZBKkDb+jUApI67b93fT0P1H39zAYV3Wz7wEe0rR+3+I
ZWFwCg7QnvpT/qumcMlXr+eJTfKz9FAIKduYNkV+EEGJJE8PrL8nWex4HhIoaEr4
5VC2I7HctwmvmqD1bHit1pkoCcMsLdkpC6n1U3/rl95DYrW8/3XDOmYi6z6RV1ir
-----END CERTIFICATE-----