Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/m7I-ZnXELMIf_J5IYvW4hdYJthk.roa
File:                     m7I-ZnXELMIf_J5IYvW4hdYJthk.roa (raw, json)
Hash identifier:          pXFwmbhkdPFP2VhlmTw0VSakEiElp9iAudIsXK96fIo=
Subject key identifier:   9B:B2:3E:66:75:C4:2C:C2:1F:FC:9E:48:62:F5:B8:85:D6:09:B6:19
Certificate issuer:       /CN=19fb56adc9071d5e9fda2b669438b92bf863e58f
Certificate serial:       018CC56EF8C700A52F9407F32184608501E1
Authority key identifier: 19:FB:56:AD:C9:07:1D:5E:9F:DA:2B:66:94:38:B9:2B:F8:63:E5:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/m7I-ZnXELMIf_J5IYvW4hdYJthk.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62313
IP address blocks:        194.150.190.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f8:c7:00:a5:2f:94:07:f3:21:84:60:85:01:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19fb56adc9071d5e9fda2b669438b92bf863e58f
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bb23e6675c42cc21ffc9e4862f5b885d609b619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:cf:22:bc:c6:af:04:49:d9:d4:b6:75:07:bc:
                    76:a3:a0:d2:9d:ec:2d:13:36:56:c3:b5:0b:c6:b2:
                    e5:d6:43:1a:fe:84:3b:f6:59:23:98:8e:20:6b:54:
                    24:fb:63:4b:f0:ae:82:66:cd:20:5e:94:00:80:6e:
                    82:55:39:5c:55:af:25:96:00:1e:52:fd:87:26:3b:
                    12:dc:96:49:32:0a:bd:d5:fe:2e:84:1c:c5:a0:15:
                    67:c4:76:32:16:43:80:13:2a:c8:4a:b4:6a:28:23:
                    c9:6d:12:b0:f6:c1:35:5a:ec:82:92:1a:cd:b0:77:
                    10:9f:ea:58:40:67:de:5e:19:0f:87:4e:c9:e3:97:
                    57:c4:50:dd:9b:07:e9:7e:a4:6e:c6:28:86:88:a3:
                    48:9a:9e:4f:69:7c:84:b2:5e:3b:8c:ec:bc:b7:66:
                    ca:e2:0e:c4:ff:4a:b4:d4:49:74:a9:f6:a3:34:2e:
                    50:8d:fd:32:08:28:82:60:aa:ac:98:21:5a:82:42:
                    e4:47:7b:2d:b6:15:8a:c0:71:3e:73:36:a5:99:ce:
                    9d:d0:ba:cd:51:03:e4:b1:16:f9:05:5d:1e:2e:02:
                    4c:8f:ae:8a:02:01:8b:e7:f2:2d:b9:fa:18:8e:f4:
                    88:1d:d7:94:ee:69:04:f6:19:cd:73:a5:50:84:c8:
                    6a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B2:3E:66:75:C4:2C:C2:1F:FC:9E:48:62:F5:B8:85:D6:09:B6:19
            X509v3 Authority Key Identifier:
                keyid:19:FB:56:AD:C9:07:1D:5E:9F:DA:2B:66:94:38:B9:2B:F8:63:E5:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/m7I-ZnXELMIf_J5IYvW4hdYJthk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:53:cc:ac:d9:2a:e7:2d:a3:05:7b:25:10:da:a9:ba:63:b6:
         a8:23:35:aa:0a:5c:f4:2e:fa:6d:03:7b:ae:08:03:ca:ab:f3:
         aa:c0:55:1f:ee:6c:ae:8c:ac:b7:8d:cc:3d:f8:69:1f:9e:52:
         ef:a8:0d:54:78:c2:d6:9f:7a:10:5c:65:b2:bc:c3:bf:16:bf:
         14:ef:db:bb:14:86:be:d3:dc:b7:a3:19:2b:ea:ce:c0:65:4b:
         86:29:f0:06:3c:cf:e8:d6:e1:26:7f:c1:96:bb:1d:c3:a9:69:
         75:a9:a0:b7:fa:08:8d:b7:d6:42:57:9d:2b:59:15:1f:06:f1:
         ae:0e:b3:7e:08:76:67:5b:5b:f2:f1:d8:62:65:36:8a:c9:30:
         6e:e4:70:30:8b:10:71:a5:b5:c9:c7:7b:bb:6e:7d:91:9f:4e:
         ba:c5:ed:6b:e0:57:7f:98:f0:e8:e9:50:88:92:4b:b1:79:ba:
         4c:1b:2e:b7:0d:c6:2b:e6:45:f3:fd:36:4e:58:28:61:32:b5:
         fb:89:09:d0:97:67:d0:34:7c:83:f2:6f:f4:b3:3e:3c:67:09:
         4a:93:c8:78:14:16:dd:2b:52:29:a5:66:c8:ea:26:f8:44:af:
         48:47:d7:17:cb:53:05:a4:a4:87:a0:aa:28:bb:68:9a:4e:d4:
         68:ef:dd:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvjHAKUvlAfzIYRghQHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmI1NmFkYzkwNzFkNWU5ZmRhMmI2Njk0MzhiOTJiZjg2
M2U1OGYwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmIyM2U2Njc1YzQyY2MyMWZmYzllNDg2MmY1Yjg4NWQ2MDliNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl88ivMavBEnZ1LZ1B7x2o6DSnewt
EzZWw7ULxrLl1kMa/oQ79lkjmI4ga1Qk+2NL8K6CZs0gXpQAgG6CVTlcVa8llgAe
Uv2HJjsS3JZJMgq91f4uhBzFoBVnxHYyFkOAEyrISrRqKCPJbRKw9sE1WuyCkhrN
sHcQn+pYQGfeXhkPh07J45dXxFDdmwfpfqRuxiiGiKNImp5PaXyEsl47jOy8t2bK
4g7E/0q01El0qfajNC5Qjf0yCCiCYKqsmCFagkLkR3stthWKwHE+czalmc6d0LrN
UQPksRb5BV0eLgJMj66KAgGL5/ItufoYjvSIHdeU7mkE9hnNc6VQhMhq0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuyPmZ1xCzCH/yeSGL1uIXWCbYZMB8GA1UdIwQY
MBaAFBn7Vq3JBx1en9orZpQ4uSv4Y+WPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2Z0V3Jja0hIVjZmMml0bWxEaTVLX2hqNVk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82MTgzOTktYzUzYi00Y2YyLTkzMGUt
NjNlZWJlMDMyNWVjLzEvbTdJLVpuWEVMTUlmX0o1SVl2VzRoZFlKdGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82MTgzOTktYzUzYi00Y2YyLTkzMGUtNjNlZWJlMDMyNWVj
LzEvR2Z0V3Jja0hIVjZmMml0bWxEaTVLX2hqNVk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpa+MA0G
CSqGSIb3DQEBCwUAA4IBAQATU8ys2SrnLaMFeyUQ2qm6Y7aoIzWqClz0LvptA3uu
CAPKq/OqwFUf7myujKy3jcw9+GkfnlLvqA1UeMLWn3oQXGWyvMO/Fr8U79u7FIa+
09y3oxkr6s7AZUuGKfAGPM/o1uEmf8GWux3DqWl1qaC3+giNt9ZCV50rWRUfBvGu
DrN+CHZnW1vy8dhiZTaKyTBu5HAwixBxpbXJx3u7bn2Rn066xe1r4Fd/mPDo6VCI
kkuxebpMGy63DcYr5kXz/TZOWChhMrX7iQnQl2fQNHyD8m/0sz48ZwlKk8h4FBbd
K1IppWbI6ib4RK9IR9cXy1MFpKSHoKoou2iaTtRo792U
-----END CERTIFICATE-----