Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/ej7pzA6aQoPaEZik6tEGhdVbct8.roa
File:                     ej7pzA6aQoPaEZik6tEGhdVbct8.roa (raw, json)
Hash identifier:          rGwSboo37gjMnfA68/jsoiinykV+Pv2wK3l5y0wBJ6M=
Subject key identifier:   7A:3E:E9:CC:0E:9A:42:83:DA:11:98:A4:EA:D1:06:85:D5:5B:72:DF
Certificate issuer:       /CN=d1113af3f36bb92a0f2fbdafe3b671f6b9fcefa8
Certificate serial:       018CCA295554767AF2B6EAB33AB2E82BAE97
Authority key identifier: D1:11:3A:F3:F3:6B:B9:2A:0F:2F:BD:AF:E3:B6:71:F6:B9:FC:EF:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0RE68_NruSoPL72v47Zx9rn876g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/ej7pzA6aQoPaEZik6tEGhdVbct8.roa
Signing time:             Tue 02 Jan 2024 12:32:35 +0000
ROA not before:           Tue 02 Jan 2024 12:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30815
IP address blocks:        193.25.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/0RE68_NruSoPL72v47Zx9rn876g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/0RE68_NruSoPL72v47Zx9rn876g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0RE68_NruSoPL72v47Zx9rn876g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:55:54:76:7a:f2:b6:ea:b3:3a:b2:e8:2b:ae:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1113af3f36bb92a0f2fbdafe3b671f6b9fcefa8
        Validity
            Not Before: Jan  2 12:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a3ee9cc0e9a4283da1198a4ead10685d55b72df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5d:91:61:62:7d:91:92:3a:72:77:b4:60:22:
                    8e:3b:26:45:5f:46:86:0d:0e:5f:79:82:d8:d0:35:
                    6d:63:62:04:86:0d:ef:d9:2b:5b:51:ee:3e:fb:f1:
                    46:54:db:35:27:d0:9e:a7:2e:30:eb:12:ce:92:f5:
                    e1:7c:6b:fc:ef:cb:39:79:31:3d:8b:da:33:61:ae:
                    8b:2f:27:e9:47:d3:7f:b6:5d:e8:01:1b:bc:15:8e:
                    34:d0:7c:4c:77:7a:2b:0c:51:20:94:65:5d:ab:30:
                    90:48:e4:8e:bd:f9:4b:d3:53:31:86:e2:5d:97:b1:
                    f0:2f:98:e6:e3:d1:ed:44:8e:d3:57:77:83:8b:7d:
                    09:9e:a4:12:03:9a:e3:c8:62:32:c3:87:fd:64:0e:
                    7b:0d:b0:83:4e:a7:80:01:bc:28:ef:a9:84:ce:06:
                    6c:cd:d5:c8:7b:20:64:16:cb:06:05:cc:74:0c:90:
                    fd:7f:b0:fc:48:2a:e5:4a:45:e9:24:06:21:9f:0a:
                    b0:15:2e:d2:3c:85:a1:c9:e2:a6:ee:67:6e:05:2b:
                    c8:4c:04:ec:cf:60:bd:f6:94:fc:74:f5:c0:90:cc:
                    1a:0f:bc:d8:10:49:8e:07:9e:a2:6a:ea:42:44:0d:
                    3d:29:8e:a3:77:69:44:5d:e0:85:d9:6d:d1:f3:2c:
                    a9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:3E:E9:CC:0E:9A:42:83:DA:11:98:A4:EA:D1:06:85:D5:5B:72:DF
            X509v3 Authority Key Identifier:
                keyid:D1:11:3A:F3:F3:6B:B9:2A:0F:2F:BD:AF:E3:B6:71:F6:B9:FC:EF:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0RE68_NruSoPL72v47Zx9rn876g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/ej7pzA6aQoPaEZik6tEGhdVbct8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/88f926-895c-46ce-9e6b-00ce9f08ad83/1/0RE68_NruSoPL72v47Zx9rn876g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:81:ec:f8:0f:e5:cb:23:92:39:7c:08:82:f3:e7:9c:d3:05:
         d0:7c:0d:19:75:5f:16:b1:9e:31:d6:44:2e:04:e4:28:d0:e3:
         48:a5:f4:8e:e9:ab:eb:ce:fe:54:8a:53:23:56:a3:0a:97:d5:
         a0:00:99:bb:19:53:ed:40:d9:29:ad:9c:da:bc:1c:8e:7a:c9:
         86:4f:41:3d:c1:63:18:c9:8c:93:4c:0b:4a:19:f9:03:49:e6:
         fe:c0:37:3d:fb:ca:2b:7b:aa:c7:0e:d9:11:5a:19:a4:73:07:
         02:2f:cb:d1:32:e0:ac:3e:39:1e:7c:c3:08:a4:f9:dd:6a:c2:
         3f:64:99:96:48:f5:6d:7e:e5:7c:b9:97:eb:74:25:ca:31:97:
         b3:6f:41:81:85:3b:24:43:af:86:17:f6:96:a0:c2:85:75:35:
         99:50:1e:3b:81:62:49:d5:33:ed:59:9f:35:83:d1:2e:6d:00:
         b7:3d:cc:b6:15:29:1b:11:05:f5:47:e9:5c:79:75:17:b2:1a:
         f6:72:4d:47:ce:6c:4e:34:28:21:b7:c1:b3:54:50:37:f2:3c:
         7e:f9:3f:43:5d:64:69:62:7a:a5:a0:91:eb:6c:21:14:e8:0e:
         67:94:74:f8:22:9d:d3:86:d8:93:77:67:0c:8a:ab:61:b3:b5:
         91:35:66:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKVVUdnrytuqzOrLoK66XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMTEzYWYzZjM2YmI5MmEwZjJmYmRhZmUzYjY3MWY2Yjlm
Y2VmYTgwHhcNMjQwMTAyMTIzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTNlZTljYzBlOWE0MjgzZGExMTk4YTRlYWQxMDY4NWQ1NWI3MmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgV2RYWJ9kZI6cne0YCKOOyZFX0aG
DQ5feYLY0DVtY2IEhg3v2StbUe4++/FGVNs1J9Cepy4w6xLOkvXhfGv878s5eTE9
i9ozYa6LLyfpR9N/tl3oARu8FY400HxMd3orDFEglGVdqzCQSOSOvflL01MxhuJd
l7HwL5jm49HtRI7TV3eDi30JnqQSA5rjyGIyw4f9ZA57DbCDTqeAAbwo76mEzgZs
zdXIeyBkFssGBcx0DJD9f7D8SCrlSkXpJAYhnwqwFS7SPIWhyeKm7mduBSvITATs
z2C99pT8dPXAkMwaD7zYEEmOB56iaupCRA09KY6jd2lEXeCF2W3R8yyp0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHo+6cwOmkKD2hGYpOrRBoXVW3LfMB8GA1UdIwQY
MBaAFNEROvPza7kqDy+9r+O2cfa5/O+oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFJFNjhfTnJ1U29QTDcydjQ3Wng5cm44NzZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84OGY5MjYtODk1Yy00NmNlLTllNmIt
MDBjZTlmMDhhZDgzLzEvZWo3cHpBNmFRb1BhRVppazZ0RUdoZFZiY3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84OGY5MjYtODk1Yy00NmNlLTllNmItMDBjZTlmMDhhZDgz
LzEvMFJFNjhfTnJ1U29QTDcydjQ3Wng5cm44NzZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRnNMA0G
CSqGSIb3DQEBCwUAA4IBAQBdgez4D+XLI5I5fAiC8+ec0wXQfA0ZdV8WsZ4x1kQu
BOQo0ONIpfSO6avrzv5UilMjVqMKl9WgAJm7GVPtQNkprZzavByOesmGT0E9wWMY
yYyTTAtKGfkDSeb+wDc9+8ore6rHDtkRWhmkcwcCL8vRMuCsPjkefMMIpPndasI/
ZJmWSPVtfuV8uZfrdCXKMZezb0GBhTskQ6+GF/aWoMKFdTWZUB47gWJJ1TPtWZ81
g9EubQC3Pcy2FSkbEQX1R+lceXUXshr2ck1HzmxONCght8GzVFA38jx++T9DXWRp
YnqloJHrbCEU6A5nlHT4Ip3ThtiTd2cMiqths7WRNWZ6
-----END CERTIFICATE-----