Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Bx7q8Nl5vLyYAgPVzr_Q2fPFK-U.roa
File:                     Bx7q8Nl5vLyYAgPVzr_Q2fPFK-U.roa (raw, json)
Hash identifier:          oUDWBNI+oDXK42Gd7KjwKlI0A7iL/RI6vpBaqWBeyMs=
Subject key identifier:   07:1E:EA:F0:D9:79:BC:BC:98:02:03:D5:CE:BF:D0:D9:F3:C5:2B:E5
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       019147122FE3E49069E886CA95180C978697
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Bx7q8Nl5vLyYAgPVzr_Q2fPFK-U.roa
Signing time:             Mon 12 Aug 2024 14:50:59 +0000
ROA not before:           Mon 12 Aug 2024 14:50:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209428
IP address blocks:        194.180.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:47:12:2f:e3:e4:90:69:e8:86:ca:95:18:0c:97:86:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Aug 12 14:50:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=071eeaf0d979bcbc980203d5cebfd0d9f3c52be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:12:ba:20:fe:2f:82:5f:4c:4a:88:fc:8c:36:
                    08:12:b8:18:f0:63:87:37:98:7d:2b:0a:d8:51:de:
                    7e:dc:2e:db:8b:9c:73:35:f5:d9:85:23:a5:35:89:
                    5e:79:31:ce:6d:5f:24:91:50:b5:a7:7d:81:67:49:
                    15:94:fa:68:d1:04:38:22:0d:93:23:61:2f:0f:88:
                    1c:c8:3c:e2:ac:68:42:b5:2e:0c:37:bf:ed:4a:92:
                    cd:d1:14:cc:87:e5:8f:de:01:c9:e1:6b:e9:39:ad:
                    03:69:c6:d8:a3:19:20:c2:d6:fb:4f:c6:2d:99:fa:
                    cc:51:37:a3:48:56:2a:b2:eb:9e:a2:21:a6:f8:5f:
                    49:f9:5c:d9:e2:75:18:93:5c:a6:9f:23:bb:b7:62:
                    04:4a:55:8f:97:cb:d5:c0:dd:43:06:5c:81:61:e0:
                    1f:1e:20:42:76:81:69:b5:0c:bb:db:ff:b5:bb:07:
                    cb:c5:50:cb:03:6c:70:c7:a2:7c:67:51:d4:89:64:
                    be:91:79:45:f1:b3:d0:54:e9:28:ea:a4:84:e4:a6:
                    95:22:d7:b4:3a:eb:49:3a:74:28:99:5b:16:de:eb:
                    1e:cb:2b:18:24:1d:22:78:15:f4:f8:8a:0f:f8:9a:
                    ef:b8:2b:40:de:9d:a4:d5:d1:80:14:08:a6:35:3c:
                    fa:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:1E:EA:F0:D9:79:BC:BC:98:02:03:D5:CE:BF:D0:D9:F3:C5:2B:E5
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/Bx7q8Nl5vLyYAgPVzr_Q2fPFK-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:13:6e:a1:47:18:cf:fa:60:c8:5c:59:17:a6:84:6e:b1:26:
         a3:e5:a5:dd:1b:42:c7:68:aa:46:a1:c5:c0:d4:1a:34:5d:17:
         11:15:66:61:e2:80:f2:ca:e3:59:fc:78:df:8e:9d:34:df:a1:
         a2:2e:23:13:4e:46:f1:25:82:6d:57:24:e7:67:38:bb:81:43:
         d1:47:1e:e1:cb:b4:19:a7:7f:0b:42:41:57:0b:57:33:d6:a4:
         78:7c:29:5c:1d:ab:48:09:4c:c7:b4:b5:fb:63:76:c1:2e:3a:
         d5:6b:3c:85:7e:d4:38:6c:fd:04:bc:93:b0:b0:62:9c:e5:ad:
         5e:ea:38:83:2c:72:72:ed:2a:0a:07:09:97:8c:ce:37:40:a8:
         5a:16:3b:1c:e5:83:c8:99:e7:f1:11:f9:b8:68:03:fd:7b:ae:
         53:44:fc:07:f4:bd:33:25:70:b2:51:03:d8:80:00:12:0f:e4:
         a5:2b:0e:bd:00:e4:46:19:1f:d8:ac:5e:8d:c7:3a:51:f2:f0:
         f9:43:25:84:bd:5b:a2:9e:d9:32:9e:ce:14:65:5e:b1:73:57:
         c7:55:bf:61:7d:bb:48:0a:a8:7b:95:53:1b:7e:80:c8:6f:db:
         63:ec:7b:e2:4f:ac:f8:a0:1a:63:c1:b7:6f:53:4e:02:1c:90:
         b0:5f:33:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFHEi/j5JBp6IbKlRgMl4aXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjQwODEyMTQ1MDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzFlZWFmMGQ5NzliY2JjOTgwMjAzZDVjZWJmZDBkOWYzYzUyYmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxK6IP4vgl9MSoj8jDYIErgY8GOH
N5h9KwrYUd5+3C7bi5xzNfXZhSOlNYleeTHObV8kkVC1p32BZ0kVlPpo0QQ4Ig2T
I2EvD4gcyDzirGhCtS4MN7/tSpLN0RTMh+WP3gHJ4WvpOa0DacbYoxkgwtb7T8Yt
mfrMUTejSFYqsuueoiGm+F9J+VzZ4nUYk1ymnyO7t2IESlWPl8vVwN1DBlyBYeAf
HiBCdoFptQy72/+1uwfLxVDLA2xwx6J8Z1HUiWS+kXlF8bPQVOko6qSE5KaVIte0
OutJOnQomVsW3useyysYJB0ieBX0+IoP+JrvuCtA3p2k1dGAFAimNTz6EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAce6vDZeby8mAID1c6/0NnzxSvlMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvQng3cThObDV2THlZQWdQVnpyX1EyZlBGSy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrThMA0G
CSqGSIb3DQEBCwUAA4IBAQAME26hRxjP+mDIXFkXpoRusSaj5aXdG0LHaKpGocXA
1Bo0XRcRFWZh4oDyyuNZ/Hjfjp0036GiLiMTTkbxJYJtVyTnZzi7gUPRRx7hy7QZ
p38LQkFXC1cz1qR4fClcHatICUzHtLX7Y3bBLjrVazyFftQ4bP0EvJOwsGKc5a1e
6jiDLHJy7SoKBwmXjM43QKhaFjsc5YPImefxEfm4aAP9e65TRPwH9L0zJXCyUQPY
gAASD+SlKw69AORGGR/YrF6NxzpR8vD5QyWEvVuintkyns4UZV6xc1fHVb9hfbtI
Cqh7lVMbfoDIb9tj7HviT6z4oBpjwbdvU04CHJCwXzMj
-----END CERTIFICATE-----