Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/7gH_SvDbI1yZlOsPvBHhN34RP14.roa
File:                     7gH_SvDbI1yZlOsPvBHhN34RP14.roa (raw, json)
Hash identifier:          BOmuntwbCzHhITNJG7ctsk77wIJN9fs6Mo2YHXfbZAg=
Subject key identifier:   EE:01:FF:4A:F0:DB:23:5C:99:94:EB:0F:BC:11:E1:37:7E:11:3F:5E
Certificate issuer:       /CN=9145ead8d3f1284402b6f75614a87257503ce1bc
Certificate serial:       018CC2DADA47977A27F27B424BDF7CFF142D
Authority key identifier: 91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/7gH_SvDbI1yZlOsPvBHhN34RP14.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34416
IP address blocks:        188.214.26.0/24 maxlen: 24
                          188.215.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:da:47:97:7a:27:f2:7b:42:4b:df:7c:ff:14:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9145ead8d3f1284402b6f75614a87257503ce1bc
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee01ff4af0db235c9994eb0fbc11e1377e113f5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:cd:08:b4:dd:c3:3f:f4:7f:97:9c:27:95:b2:
                    f1:a1:44:f2:b5:c5:5f:83:c8:be:7e:b9:e3:62:2a:
                    6a:10:72:52:dd:70:b9:93:c8:e0:34:f5:d9:8c:5e:
                    d5:b9:3b:aa:72:fb:7a:f8:15:c7:3a:b8:6e:23:31:
                    71:64:68:41:da:a5:ac:20:79:37:ea:82:9e:94:19:
                    ff:06:93:00:4c:e0:b0:5b:6c:67:21:e0:9d:dc:55:
                    33:c1:40:25:2e:cd:c6:59:73:ff:9e:3e:a9:de:64:
                    9e:5c:41:99:e0:93:3a:88:48:24:85:f7:10:e7:dc:
                    2e:74:4e:8a:d8:a2:4f:95:ce:52:0e:13:26:79:99:
                    4a:60:e7:2c:99:91:12:60:ed:e9:9e:3d:06:b0:6b:
                    00:4e:b0:fe:d2:70:c1:74:1d:c2:4f:02:66:66:a0:
                    ae:e1:b4:45:e3:52:13:08:e7:20:75:8c:3b:5a:9f:
                    6e:59:88:74:35:35:4b:44:3b:04:dc:5f:db:ca:83:
                    4c:48:cf:e0:9d:f5:eb:c6:19:77:bc:8c:f7:12:6e:
                    c1:d8:79:58:c1:e0:6d:2e:9e:28:da:44:09:03:b8:
                    f7:72:87:fb:f0:49:c2:34:cb:de:09:eb:d4:03:9f:
                    24:05:4f:05:d5:1e:be:e0:93:c0:9d:39:9e:fb:bb:
                    83:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:01:FF:4A:F0:DB:23:5C:99:94:EB:0F:BC:11:E1:37:7E:11:3F:5E
            X509v3 Authority Key Identifier:
                keyid:91:45:EA:D8:D3:F1:28:44:02:B6:F7:56:14:A8:72:57:50:3C:E1:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUXq2NPxKEQCtvdWFKhyV1A84bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/7gH_SvDbI1yZlOsPvBHhN34RP14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a5235f-62fb-4abb-8037-2ad195264c72/1/kUXq2NPxKEQCtvdWFKhyV1A84bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.26.0/24
                  188.215.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:18:5c:e2:ca:8d:d3:a8:f2:1c:55:58:26:5b:34:8f:30:a0:
         53:f5:19:7d:08:8f:99:9f:c8:52:ed:c3:c1:47:4c:1f:5e:0e:
         cf:8e:15:bd:bd:89:2b:94:28:35:eb:9b:8a:b5:63:f0:c5:6f:
         cb:89:03:0f:b2:8a:87:ca:d0:45:d4:3d:15:d5:30:b2:66:db:
         07:b5:89:af:a6:da:36:1d:79:90:44:10:d4:7e:2e:ef:56:73:
         4f:a1:73:64:27:3b:97:24:29:1e:87:3f:25:44:2a:4b:6a:c2:
         69:6c:63:22:9f:22:37:ef:b0:e2:97:80:3f:d9:04:63:fe:68:
         48:29:21:63:31:d6:96:55:a0:b7:c0:12:01:00:9b:77:08:6f:
         e2:37:10:a4:fe:68:a5:16:33:6c:1e:11:dd:e1:08:ba:f1:0c:
         ce:6a:04:6a:0d:c6:69:98:84:f9:79:32:f4:16:82:f0:5f:34:
         7e:54:40:55:df:46:31:25:0c:f5:b6:08:c1:49:17:a8:d8:f1:
         d9:fe:c6:61:3b:d1:f9:55:5b:65:4b:b1:0b:d4:f4:a5:61:12:
         19:49:08:4f:65:52:9a:dc:3e:66:ae:01:39:dd:d9:f2:9b:0e:
         f6:60:e4:d4:7f:3c:39:87:4d:96:7d:1e:e2:a0:48:bf:8e:ef:
         45:e4:11:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tpHl3on8ntCS998/xQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNDVlYWQ4ZDNmMTI4NDQwMmI2Zjc1NjE0YTg3MjU3NTAz
Y2UxYmMwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTAxZmY0YWYwZGIyMzVjOTk5NGViMGZiYzExZTEzNzdlMTEzZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkM0ItN3DP/R/l5wnlbLxoUTytcVf
g8i+frnjYipqEHJS3XC5k8jgNPXZjF7VuTuqcvt6+BXHOrhuIzFxZGhB2qWsIHk3
6oKelBn/BpMATOCwW2xnIeCd3FUzwUAlLs3GWXP/nj6p3mSeXEGZ4JM6iEgkhfcQ
59wudE6K2KJPlc5SDhMmeZlKYOcsmZESYO3pnj0GsGsATrD+0nDBdB3CTwJmZqCu
4bRF41ITCOcgdYw7Wp9uWYh0NTVLRDsE3F/byoNMSM/gnfXrxhl3vIz3Em7B2HlY
weBtLp4o2kQJA7j3cof78EnCNMveCevUA58kBU8F1R6+4JPAnTme+7uD+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO4B/0rw2yNcmZTrD7wR4Td+ET9eMB8GA1UdIwQY
MBaAFJFF6tjT8ShEArb3VhSocldQPOG8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1VYcTJOUHhLRVFDdHZkV0ZLaHlWMUE4NGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9hNTIzNWYtNjJmYi00YWJiLTgwMzct
MmFkMTk1MjY0YzcyLzEvN2dIX1N2RGJJMXlabE9zUHZCSGhOMzRSUDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9hNTIzNWYtNjJmYi00YWJiLTgwMzctMmFkMTk1MjY0Yzcy
LzEva1VYcTJOUHhLRVFDdHZkV0ZLaHlWMUE4NGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvNYaAwQA
vNfqMA0GCSqGSIb3DQEBCwUAA4IBAQC+GFziyo3TqPIcVVgmWzSPMKBT9Rl9CI+Z
n8hS7cPBR0wfXg7PjhW9vYkrlCg165uKtWPwxW/LiQMPsoqHytBF1D0V1TCyZtsH
tYmvpto2HXmQRBDUfi7vVnNPoXNkJzuXJCkehz8lRCpLasJpbGMinyI377Dil4A/
2QRj/mhIKSFjMdaWVaC3wBIBAJt3CG/iNxCk/milFjNsHhHd4Qi68QzOagRqDcZp
mIT5eTL0FoLwXzR+VEBV30YxJQz1tgjBSReo2PHZ/sZhO9H5VVtlS7EL1PSlYRIZ
SQhPZVKa3D5mrgE53dnymw72YOTUfzw5h02WfR7ioEi/ju9F5BEv
-----END CERTIFICATE-----