Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ewQYZYQ2K6YQNxqr03bJz4AxoSE.roa
File:                     ewQYZYQ2K6YQNxqr03bJz4AxoSE.roa (raw, json)
Hash identifier:          lgmPphVYcWgU7v7s+82age9rZuhfn3BHXGXtRwVMqJY=
Subject key identifier:   7B:04:18:65:84:36:2B:A6:10:37:1A:AB:D3:76:C9:CF:80:31:A1:21
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01934EEB65ED35DD2B9DF0740B35320FD3B0
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ewQYZYQ2K6YQNxqr03bJz4AxoSE.roa
Signing time:             Thu 21 Nov 2024 13:31:10 +0000
ROA not before:           Thu 21 Nov 2024 13:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        194.102.104.0/23 maxlen: 24
                          217.156.64.0/24 maxlen: 24
                          217.156.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:eb:65:ed:35:dd:2b:9d:f0:74:0b:35:32:0f:d3:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Nov 21 13:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b04186584362ba610371aabd376c9cf8031a121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:12:e2:58:f4:0a:96:f1:da:af:5d:d2:4d:c7:
                    c5:ad:0e:fc:45:21:79:f2:27:28:7b:dd:98:a1:e4:
                    56:c2:74:aa:da:9a:65:64:13:eb:84:4c:35:6a:73:
                    fd:01:b6:23:3e:d9:dd:e0:89:ed:3e:1f:9f:13:88:
                    3c:45:bb:fd:c2:f8:f9:37:0e:8d:74:1d:cf:67:de:
                    2c:99:ce:b5:9b:7d:5b:a3:f3:af:0d:78:ac:40:cd:
                    80:3d:de:d1:8e:76:b0:61:ac:df:64:04:ad:8b:4a:
                    2e:09:3a:b6:97:14:5c:af:6d:3c:7f:74:a8:7e:c7:
                    a8:32:5c:e4:72:bf:08:bc:0f:fe:e3:2b:82:3b:36:
                    b5:c1:02:2f:61:a1:ba:bb:f7:47:68:b2:0c:b1:b3:
                    b7:aa:9b:0b:90:ef:96:4f:63:60:26:c9:14:92:b5:
                    09:f1:de:8f:b0:5e:c1:50:18:9b:4b:91:5d:eb:bd:
                    6c:61:21:f0:8d:76:79:c8:b7:47:ce:c2:dd:9f:b0:
                    fe:0a:a9:67:be:b0:6d:38:b4:17:84:cc:22:cc:5f:
                    c5:2b:b3:0d:0c:89:45:92:db:37:b7:2e:ff:6d:7b:
                    f8:2b:58:4e:aa:c2:51:1b:eb:ba:e0:c3:2b:e0:ed:
                    ea:2b:23:8c:5c:0f:5e:0d:7f:78:6c:39:28:a2:2f:
                    a6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:04:18:65:84:36:2B:A6:10:37:1A:AB:D3:76:C9:CF:80:31:A1:21
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ewQYZYQ2K6YQNxqr03bJz4AxoSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.104.0/23
                  217.156.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:f1:37:70:1c:f7:d0:3c:1f:f5:d9:88:3a:5e:47:95:1a:7f:
         f2:9f:78:4e:51:f0:e4:d2:4f:12:9d:3e:a4:d6:b4:28:38:b8:
         3e:c6:44:89:d2:dd:df:db:b7:40:7a:59:66:62:a9:bd:4b:f5:
         fe:53:7e:a5:64:f7:cf:19:bb:cd:d2:26:2b:95:25:d6:23:03:
         94:43:96:a8:5f:9f:82:c6:cf:b0:1a:2f:94:a0:a0:a6:b8:cb:
         d7:e5:72:1c:16:ea:79:87:8d:a7:78:13:80:db:55:4c:52:03:
         a7:c6:67:b9:26:cb:4d:95:08:28:25:83:f3:d8:0f:71:72:15:
         44:7e:5f:d4:88:6a:a0:c5:df:a8:7b:40:2f:92:de:f0:c3:9f:
         eb:8b:b9:32:71:bf:c9:ce:73:8e:83:57:df:38:bf:77:b0:07:
         d2:16:35:ba:8e:33:59:a3:a4:d6:ea:9e:84:63:98:53:88:e3:
         7d:24:ba:c1:d8:ef:07:0a:29:05:44:d7:c9:aa:9e:11:00:74:
         9b:e3:6c:5a:d3:40:5e:06:86:3d:62:36:36:0c:2c:9a:10:10:
         93:8d:13:aa:72:1b:3d:49:5d:c6:b9:b1:8c:d5:b1:d3:ea:af:
         14:aa:84:b6:39:4d:ca:fa:dc:b1:dc:84:00:53:e9:55:6e:d7:
         3e:49:85:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNO62XtNd0rnfB0CzUyD9OwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQxMTIxMTMzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjA0MTg2NTg0MzYyYmE2MTAzNzFhYWJkMzc2YzljZjgwMzFhMTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhLiWPQKlvHar13STcfFrQ78RSF5
8icoe92YoeRWwnSq2pplZBPrhEw1anP9AbYjPtnd4IntPh+fE4g8Rbv9wvj5Nw6N
dB3PZ94smc61m31bo/OvDXisQM2APd7RjnawYazfZASti0ouCTq2lxRcr208f3So
fseoMlzkcr8IvA/+4yuCOza1wQIvYaG6u/dHaLIMsbO3qpsLkO+WT2NgJskUkrUJ
8d6PsF7BUBibS5Fd671sYSHwjXZ5yLdHzsLdn7D+CqlnvrBtOLQXhMwizF/FK7MN
DIlFkts3ty7/bXv4K1hOqsJRG+u64MMr4O3qKyOMXA9eDX94bDkooi+mMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHsEGGWENiumEDcaq9N2yc+AMaEhMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvZXdRWVpZUTJLNllRTnhxcjAzYkp6NEF4b1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwmZoAwQB
2ZxAMA0GCSqGSIb3DQEBCwUAA4IBAQBB8TdwHPfQPB/12Yg6XkeVGn/yn3hOUfDk
0k8SnT6k1rQoOLg+xkSJ0t3f27dAellmYqm9S/X+U36lZPfPGbvN0iYrlSXWIwOU
Q5aoX5+Cxs+wGi+UoKCmuMvX5XIcFup5h42neBOA21VMUgOnxme5JstNlQgoJYPz
2A9xchVEfl/UiGqgxd+oe0Avkt7ww5/ri7kycb/JznOOg1ffOL93sAfSFjW6jjNZ
o6TW6p6EY5hTiON9JLrB2O8HCikFRNfJqp4RAHSb42xa00BeBoY9YjY2DCyaEBCT
jROqchs9SV3GubGM1bHT6q8UqoS2OU3K+tyx3IQAU+lVbtc+SYVl
-----END CERTIFICATE-----