Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/95f479-b507-4edb-92f3-e2b58f5e4abb/1/UnsiNFwfkHpWXtKbJ_1qE42m9Vc.roa
File:                     UnsiNFwfkHpWXtKbJ_1qE42m9Vc.roa (raw, json)
Hash identifier:          rtpHEvW+XK+qlfA8t2ah6/0hzwaF0yUjzFhlKVRi+xQ=
Subject key identifier:   52:7B:22:34:5C:1F:90:7A:56:5E:D2:9B:27:FD:6A:13:8D:A6:F5:57
Certificate issuer:       /CN=4b7b73cd9bd1743f7d3f5ec6bd50a1935ef4801e
Certificate serial:       018FBF82AA367EF83314DE5F8CD909CFF454
Authority key identifier: 4B:7B:73:CD:9B:D1:74:3F:7D:3F:5E:C6:BD:50:A1:93:5E:F4:80:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3tzzZvRdD99P17GvVChk170gB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/95f479-b507-4edb-92f3-e2b58f5e4abb/1/UnsiNFwfkHpWXtKbJ_1qE42m9Vc.roa
Signing time:             Tue 28 May 2024 14:02:42 +0000
ROA not before:           Tue 28 May 2024 14:02:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        194.104.240.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/95f479-b507-4edb-92f3-e2b58f5e4abb/1/S3tzzZvRdD99P17GvVChk170gB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/95f479-b507-4edb-92f3-e2b58f5e4abb/1/S3tzzZvRdD99P17GvVChk170gB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3tzzZvRdD99P17GvVChk170gB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:82:aa:36:7e:f8:33:14:de:5f:8c:d9:09:cf:f4:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b7b73cd9bd1743f7d3f5ec6bd50a1935ef4801e
        Validity
            Not Before: May 28 14:02:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=527b22345c1f907a565ed29b27fd6a138da6f557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:dd:2a:d7:f6:f3:d2:58:dc:9d:1d:aa:7d:e6:
                    5a:25:4f:99:f2:b5:3a:d9:4b:70:76:e5:fa:a2:cc:
                    33:f6:9b:a3:29:df:f7:a5:ac:f6:cd:eb:1f:64:f5:
                    7f:3f:f1:7f:7b:71:5c:f9:52:88:c5:ce:35:a0:06:
                    59:16:97:9b:c4:7f:46:4c:a1:d0:7d:7a:6b:aa:55:
                    6c:5f:ec:73:7a:cb:ce:3d:b3:86:2e:38:de:dc:42:
                    74:9c:06:43:e3:83:41:2e:7c:78:97:e3:64:b6:51:
                    30:13:15:3b:3a:f8:0b:fe:db:32:83:84:2c:72:00:
                    56:ad:81:02:95:62:ed:8c:82:bb:1e:ed:e0:b6:25:
                    69:59:dd:7e:d6:dd:17:bc:6f:b4:64:71:7a:45:cb:
                    32:95:4c:68:2f:0f:5a:2d:1f:09:d7:f5:6f:e2:d0:
                    a8:93:c0:e4:2f:4e:ed:37:3c:c9:33:c0:0c:98:86:
                    5a:6e:c5:c2:50:ed:bc:dd:00:b2:1d:8d:86:d1:48:
                    cd:b8:72:e5:bb:ed:17:7f:b4:fe:32:5d:e7:7f:a5:
                    14:c9:fd:83:9a:ca:5a:45:f3:3d:47:15:2a:85:9a:
                    99:09:b0:22:b8:22:7d:56:b8:58:c5:b4:eb:4b:ce:
                    61:4e:80:6a:bb:72:ee:4c:4c:04:6a:3c:97:a7:c9:
                    20:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:7B:22:34:5C:1F:90:7A:56:5E:D2:9B:27:FD:6A:13:8D:A6:F5:57
            X509v3 Authority Key Identifier:
                keyid:4B:7B:73:CD:9B:D1:74:3F:7D:3F:5E:C6:BD:50:A1:93:5E:F4:80:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3tzzZvRdD99P17GvVChk170gB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/95f479-b507-4edb-92f3-e2b58f5e4abb/1/UnsiNFwfkHpWXtKbJ_1qE42m9Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/95f479-b507-4edb-92f3-e2b58f5e4abb/1/S3tzzZvRdD99P17GvVChk170gB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         44:d3:53:d1:fb:94:89:e3:f0:24:89:29:9c:29:e5:7a:9a:c3:
         e4:6d:8a:05:7b:56:8a:29:71:e8:f2:53:39:d8:a4:3f:6a:5a:
         0f:ba:43:97:51:fc:76:6b:46:1a:0d:33:1a:7b:26:fc:cd:58:
         a3:46:af:1c:dd:93:fc:8f:8c:f2:44:27:74:d0:9a:30:c2:95:
         bb:dc:ab:c2:1c:de:06:0b:c4:45:90:fa:bc:ff:2c:a1:b5:2e:
         ef:88:36:a3:0d:89:a8:49:db:ad:8b:69:eb:f8:cc:df:d4:f7:
         a7:69:80:5d:61:2f:0f:4f:36:13:13:1b:ae:fa:8f:1c:7e:2d:
         e9:ab:32:12:be:51:fe:b9:f1:1d:fe:25:68:80:00:19:85:6c:
         b1:e7:19:ae:85:b6:df:39:67:2c:25:2c:7c:cc:b7:d3:36:ce:
         f3:f2:90:7f:cc:f7:47:cb:09:bf:8e:d6:88:94:0b:e3:77:4a:
         ce:fc:35:8c:fc:d4:53:b5:f9:3c:45:0f:d6:f9:b6:3b:3d:b7:
         62:46:0a:63:d1:24:47:ec:58:84:9e:33:a2:24:10:a7:21:f5:
         6d:1d:51:98:f2:27:1b:b7:92:d2:16:f1:5e:92:19:29:2f:a8:
         5a:5e:3f:78:eb:33:de:1d:a8:c2:6a:53:d7:68:f7:29:d4:3c:
         8f:17:d6:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+/gqo2fvgzFN5fjNkJz/RUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiN2I3M2NkOWJkMTc0M2Y3ZDNmNWVjNmJkNTBhMTkzNWVm
NDgwMWUwHhcNMjQwNTI4MTQwMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjdiMjIzNDVjMWY5MDdhNTY1ZWQyOWIyN2ZkNmExMzhkYTZmNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN0q1/bz0ljcnR2qfeZaJU+Z8rU6
2UtwduX6oswz9pujKd/3paz2zesfZPV/P/F/e3Fc+VKIxc41oAZZFpebxH9GTKHQ
fXprqlVsX+xzesvOPbOGLjje3EJ0nAZD44NBLnx4l+NktlEwExU7OvgL/tsyg4Qs
cgBWrYEClWLtjIK7Hu3gtiVpWd1+1t0XvG+0ZHF6RcsylUxoLw9aLR8J1/Vv4tCo
k8DkL07tNzzJM8AMmIZabsXCUO283QCyHY2G0UjNuHLlu+0Xf7T+Ml3nf6UUyf2D
mspaRfM9RxUqhZqZCbAiuCJ9VrhYxbTrS85hToBqu3LuTEwEajyXp8kgUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJ7IjRcH5B6Vl7Smyf9ahONpvVXMB8GA1UdIwQY
MBaAFEt7c82b0XQ/fT9exr1QoZNe9IAeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzN0enpadlJkRDk5UDE3R3ZWQ2hrMTcwZ0I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85NWY0NzktYjUwNy00ZWRiLTkyZjMt
ZTJiNThmNWU0YWJiLzEvVW5zaU5Gd2ZrSHBXWHRLYkpfMXFFNDJtOVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85NWY0NzktYjUwNy00ZWRiLTkyZjMtZTJiNThmNWU0YWJi
LzEvUzN0enpadlJkRDk5UDE3R3ZWQ2hrMTcwZ0I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwmjwMA0G
CSqGSIb3DQEBCwUAA4IBAQBE01PR+5SJ4/AkiSmcKeV6msPkbYoFe1aKKXHo8lM5
2KQ/aloPukOXUfx2a0YaDTMaeyb8zVijRq8c3ZP8j4zyRCd00JowwpW73KvCHN4G
C8RFkPq8/yyhtS7viDajDYmoSduti2nr+Mzf1PenaYBdYS8PTzYTExuu+o8cfi3p
qzISvlH+ufEd/iVogAAZhWyx5xmuhbbfOWcsJSx8zLfTNs7z8pB/zPdHywm/jtaI
lAvjd0rO/DWM/NRTtfk8RQ/W+bY7PbdiRgpj0SRH7FiEnjOiJBCnIfVtHVGY8icb
t5LSFvFekhkpL6haXj946zPeHajCalPXaPcp1DyPF9Yj
-----END CERTIFICATE-----