Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/N7XiCQIa7Pl98LF2adYPhTGJLUA.roa
File:                     N7XiCQIa7Pl98LF2adYPhTGJLUA.roa (raw, json)
Hash identifier:          CHT6Xa8e0L6/MiHUcIupWBIgjBfs8Y33nslWb0B761U=
Subject key identifier:   37:B5:E2:09:02:1A:EC:F9:7D:F0:B1:76:69:D6:0F:85:31:89:2D:40
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC79354D195A3961B770AB45B57F1AA6E
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/N7XiCQIa7Pl98LF2adYPhTGJLUA.roa
Signing time:             Tue 02 Jan 2024 00:29:30 +0000
ROA not before:           Tue 02 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34549
IP address blocks:        195.179.44.0/22 maxlen: 22
                          195.179.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:54:d1:95:a3:96:1b:77:0a:b4:5b:57:f1:aa:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37b5e209021aecf97df0b17669d60f8531892d40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:af:b5:df:3c:a6:a6:49:18:1f:95:2e:f3:a4:
                    f3:ea:50:af:92:12:54:6f:8d:0c:f8:4c:ff:21:d5:
                    0a:75:22:3d:22:54:fb:ec:9a:03:ab:db:09:88:56:
                    5c:ce:8b:d7:ba:a8:a2:fb:c1:ef:eb:0d:11:1f:68:
                    0d:d0:ba:dd:64:e6:1b:a3:3a:d7:70:72:e7:42:c7:
                    8d:3b:26:a2:5d:ed:98:79:23:6e:b2:96:98:15:4e:
                    13:59:d9:be:61:ec:20:44:ee:f5:bf:64:81:58:7d:
                    3d:b5:e4:39:82:55:a0:ad:df:44:60:ca:2a:7b:63:
                    81:58:9c:37:ad:05:21:dd:bd:2d:3a:4c:4a:65:10:
                    f4:06:c7:a6:0e:e4:8e:75:9d:56:00:da:4d:6c:71:
                    0c:5d:be:4b:ac:46:2b:25:44:4c:41:3c:ac:66:d3:
                    b5:77:50:3f:c1:84:f6:65:10:2a:c9:9d:05:10:c5:
                    70:c3:ca:09:61:12:cf:20:5b:ec:94:9d:0f:b3:be:
                    8a:59:9f:fd:6d:8a:71:40:52:d2:8f:f5:c4:aa:98:
                    4d:9b:ca:e3:02:b8:3a:26:a7:f8:8f:47:9c:2f:6c:
                    49:6a:8f:73:30:58:ef:0b:de:3d:df:23:a8:11:15:
                    bd:2f:b2:09:7e:19:79:33:6e:f6:7b:0e:0a:9b:d1:
                    68:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B5:E2:09:02:1A:EC:F9:7D:F0:B1:76:69:D6:0F:85:31:89:2D:40
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/N7XiCQIa7Pl98LF2adYPhTGJLUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.179.44.0/22
                  195.179.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:eb:dd:72:2f:66:aa:3f:8f:2a:e5:6e:76:2e:3b:67:5f:32:
         dd:7d:e4:68:8f:60:5a:2b:54:13:16:bc:cd:6a:8b:1d:a7:48:
         9d:6e:a8:65:e0:3c:68:ce:9e:4d:38:0e:44:e3:1f:a3:c8:78:
         a9:0a:0d:31:7e:1d:04:c2:c0:35:80:62:be:85:ec:51:8b:fd:
         39:3d:66:6b:fb:2a:0a:f7:13:5e:cd:98:10:b5:86:04:50:65:
         b1:a9:bf:9e:0a:b0:0a:b1:fb:87:95:72:12:76:b3:cb:1e:50:
         fc:c7:18:7c:27:18:10:a4:e2:3c:b1:8c:50:de:50:d5:88:a4:
         ea:fc:e7:89:5b:4b:b1:31:d8:57:92:4e:81:d7:d7:ef:bd:ed:
         0f:26:d3:0d:1a:29:61:78:56:c3:ec:3b:e8:a6:b1:fc:ad:43:
         70:63:16:c9:56:d1:df:ac:da:56:1d:de:37:b0:7d:2d:bb:c4:
         2a:70:5c:5b:a9:bb:14:7b:d1:ed:20:b3:9f:16:57:3e:7e:c2:
         95:43:4d:48:1c:de:b7:dd:97:e4:0e:e1:c2:d5:df:26:5e:cb:
         43:f6:dc:61:88:bb:1e:2e:08:a5:38:8b:80:c1:ba:50:cb:fe:
         98:9d:04:4e:73:19:a5:2c:8b:ab:fc:d3:f4:80:a5:03:f0:f9:
         89:df:fe:70
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1TRlaOWG3cKtFtX8apuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2I1ZTIwOTAyMWFlY2Y5N2RmMGIxNzY2OWQ2MGY4NTMxODkyZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK+13zympkkYH5Uu86Tz6lCvkhJU
b40M+Ez/IdUKdSI9IlT77JoDq9sJiFZczovXuqii+8Hv6w0RH2gN0LrdZOYbozrX
cHLnQseNOyaiXe2YeSNuspaYFU4TWdm+YewgRO71v2SBWH09teQ5glWgrd9EYMoq
e2OBWJw3rQUh3b0tOkxKZRD0BsemDuSOdZ1WANpNbHEMXb5LrEYrJURMQTysZtO1
d1A/wYT2ZRAqyZ0FEMVww8oJYRLPIFvslJ0Ps76KWZ/9bYpxQFLSj/XEqphNm8rj
Arg6Jqf4j0ecL2xJao9zMFjvC9493yOoERW9L7IJfhl5M272ew4Km9FoiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDe14gkCGuz5ffCxdmnWD4UxiS1AMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvTjdYaUNRSWE3UGw5OExGMmFkWVBoVEdKTFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCw7MsAwQC
w7NQMA0GCSqGSIb3DQEBCwUAA4IBAQCv691yL2aqP48q5W52LjtnXzLdfeRoj2Ba
K1QTFrzNaosdp0idbqhl4Dxozp5NOA5E4x+jyHipCg0xfh0EwsA1gGK+hexRi/05
PWZr+yoK9xNezZgQtYYEUGWxqb+eCrAKsfuHlXISdrPLHlD8xxh8JxgQpOI8sYxQ
3lDViKTq/OeJW0uxMdhXkk6B19fvve0PJtMNGilheFbD7DvoprH8rUNwYxbJVtHf
rNpWHd43sH0tu8QqcFxbqbsUe9HtILOfFlc+fsKVQ01IHN633ZfkDuHC1d8mXstD
9txhiLseLgilOIuAwbpQy/6YnQROcxmlLIur/NP0gKUD8PmJ3/5w
-----END CERTIFICATE-----