Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/479673-9667-4eda-bbbd-b0b2eaaeed61/1/W7X76Bb3DfQmb3ivc7ZoRtPBBbc.roa
File:                     W7X76Bb3DfQmb3ivc7ZoRtPBBbc.roa (raw, json)
Hash identifier:          dRnGbBVL7esSRzvJW+ygumXMwu/1QfEo0n7f4iYA8T4=
Subject key identifier:   5B:B5:FB:E8:16:F7:0D:F4:26:6F:78:AF:73:B6:68:46:D3:C1:05:B7
Certificate issuer:       /CN=22a72f3ed23e2294f9bb6ba660246166c13f8324
Certificate serial:       018CC94E596CA245604974E613F59DEA8AA8
Authority key identifier: 22:A7:2F:3E:D2:3E:22:94:F9:BB:6B:A6:60:24:61:66:C1:3F:83:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqcvPtI-IpT5u2umYCRhZsE_gyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/479673-9667-4eda-bbbd-b0b2eaaeed61/1/W7X76Bb3DfQmb3ivc7ZoRtPBBbc.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25059
IP address blocks:        193.201.212.0/22 maxlen: 22
                          193.201.212.0/24 maxlen: 24
                          193.201.213.0/24 maxlen: 24
                          193.201.215.0/24 maxlen: 24
                          193.201.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/479673-9667-4eda-bbbd-b0b2eaaeed61/1/IqcvPtI-IpT5u2umYCRhZsE_gyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/479673-9667-4eda-bbbd-b0b2eaaeed61/1/IqcvPtI-IpT5u2umYCRhZsE_gyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqcvPtI-IpT5u2umYCRhZsE_gyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 14:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:59:6c:a2:45:60:49:74:e6:13:f5:9d:ea:8a:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a72f3ed23e2294f9bb6ba660246166c13f8324
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bb5fbe816f70df4266f78af73b66846d3c105b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c1:79:f7:bc:b5:1f:9a:14:21:9e:de:ce:a0:
                    8c:70:40:70:f8:e8:fc:3e:5a:4b:74:27:af:a6:2e:
                    82:af:4f:b1:c1:7f:da:71:e3:90:34:59:68:62:60:
                    2b:f8:ea:8f:f3:53:65:1f:ba:b7:7b:52:bd:8d:67:
                    64:b7:66:d8:56:fc:5b:c2:1a:0f:91:e6:c4:c0:c1:
                    67:41:7e:dd:6e:f9:f6:d6:0c:05:c0:53:ff:71:e2:
                    60:91:97:4e:fb:eb:f9:42:c9:7f:ad:a7:6b:59:3a:
                    59:37:d5:dd:e1:f4:cd:b4:08:d0:f4:d6:b3:70:31:
                    9d:c2:aa:23:d3:df:ed:6a:76:ee:f4:fe:fa:5d:69:
                    03:b7:1a:b7:72:78:84:9a:69:aa:18:5c:5d:6b:8d:
                    00:75:2a:8d:d4:bf:7f:97:00:e9:86:ac:3c:ab:79:
                    e7:3c:33:83:d4:80:b0:ef:78:a5:4c:40:6f:aa:89:
                    8c:c6:8a:51:7d:73:e9:e3:20:79:4a:60:69:ab:cf:
                    03:85:00:97:c3:28:60:75:cb:ad:34:a2:7e:8b:82:
                    86:98:b2:f4:ae:80:f9:69:e3:c4:75:9d:61:7c:37:
                    08:54:72:9e:a1:3b:a7:1b:1e:c1:32:9a:14:02:d1:
                    e3:d2:01:6f:5b:52:84:7e:6b:f0:77:4a:99:01:b7:
                    48:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B5:FB:E8:16:F7:0D:F4:26:6F:78:AF:73:B6:68:46:D3:C1:05:B7
            X509v3 Authority Key Identifier:
                keyid:22:A7:2F:3E:D2:3E:22:94:F9:BB:6B:A6:60:24:61:66:C1:3F:83:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqcvPtI-IpT5u2umYCRhZsE_gyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/479673-9667-4eda-bbbd-b0b2eaaeed61/1/W7X76Bb3DfQmb3ivc7ZoRtPBBbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/479673-9667-4eda-bbbd-b0b2eaaeed61/1/IqcvPtI-IpT5u2umYCRhZsE_gyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:04:ed:95:0a:ed:1c:a5:50:30:70:be:45:16:60:81:d9:13:
         6e:0a:d7:86:a4:2c:15:6e:91:1c:89:a0:52:12:6e:a1:a8:e2:
         e7:08:0b:a9:94:0a:27:1d:8d:4b:4b:aa:95:8d:bc:b5:91:32:
         2f:2d:aa:8f:75:b9:86:04:45:81:17:62:c8:f8:3e:b5:76:cf:
         18:ca:db:9e:b1:b9:a8:d7:1e:db:52:4c:76:b1:11:8c:86:10:
         57:81:1a:7a:98:f9:33:be:a3:69:57:d6:c6:e4:28:6d:02:0b:
         48:c3:22:65:9d:04:90:8a:01:d7:f9:ee:91:8a:f5:d5:cb:ac:
         e8:fc:39:f4:e2:89:ff:96:4f:f4:c6:87:a0:b5:ab:5b:70:28:
         28:02:a4:6b:06:01:52:c6:e0:f1:e0:a4:7b:53:00:c5:71:cd:
         0c:7f:6c:b3:5a:73:25:ff:52:14:81:ad:b0:18:c9:24:0b:bb:
         9e:d2:42:31:e2:29:b1:92:a3:46:a5:a1:31:3d:b6:7a:44:d1:
         c7:60:07:76:e5:15:18:f2:34:f8:26:ea:fc:60:df:0f:e0:e4:
         ed:d5:fd:c1:a6:9f:3d:fc:8d:60:0e:42:37:f8:5e:6c:25:84:
         bd:e1:eb:ac:2a:3c:5e:6e:73:f3:21:da:ee:72:ee:d9:98:0d:
         36:1f:57:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTllsokVgSXTmE/Wd6oqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTcyZjNlZDIzZTIyOTRmOWJiNmJhNjYwMjQ2MTY2YzEz
ZjgzMjQwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmI1ZmJlODE2ZjcwZGY0MjY2Zjc4YWY3M2I2Njg0NmQzYzEwNWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8F597y1H5oUIZ7ezqCMcEBw+Oj8
PlpLdCevpi6Cr0+xwX/aceOQNFloYmAr+OqP81NlH7q3e1K9jWdkt2bYVvxbwhoP
kebEwMFnQX7dbvn21gwFwFP/ceJgkZdO++v5Qsl/radrWTpZN9Xd4fTNtAjQ9Naz
cDGdwqoj09/tanbu9P76XWkDtxq3cniEmmmqGFxda40AdSqN1L9/lwDphqw8q3nn
PDOD1ICw73ilTEBvqomMxopRfXPp4yB5SmBpq88DhQCXwyhgdcutNKJ+i4KGmLL0
roD5aePEdZ1hfDcIVHKeoTunGx7BMpoUAtHj0gFvW1KEfmvwd0qZAbdIaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFu1++gW9w30Jm94r3O2aEbTwQW3MB8GA1UdIwQY
MBaAFCKnLz7SPiKU+btrpmAkYWbBP4MkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFjdlB0SS1JcFQ1dTJ1bVlDUmhac0VfZ3lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80Nzk2NzMtOTY2Ny00ZWRhLWJiYmQt
YjBiMmVhYWVlZDYxLzEvVzdYNzZCYjNEZlFtYjNpdmM3Wm9SdFBCQmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80Nzk2NzMtOTY2Ny00ZWRhLWJiYmQtYjBiMmVhYWVlZDYx
LzEvSXFjdlB0SS1JcFQ1dTJ1bVlDUmhac0VfZ3lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwcnUMA0G
CSqGSIb3DQEBCwUAA4IBAQBaBO2VCu0cpVAwcL5FFmCB2RNuCteGpCwVbpEciaBS
Em6hqOLnCAuplAonHY1LS6qVjby1kTIvLaqPdbmGBEWBF2LI+D61ds8Yytuesbmo
1x7bUkx2sRGMhhBXgRp6mPkzvqNpV9bG5ChtAgtIwyJlnQSQigHX+e6RivXVy6zo
/Dn04on/lk/0xoegtatbcCgoAqRrBgFSxuDx4KR7UwDFcc0Mf2yzWnMl/1IUga2w
GMkkC7ue0kIx4imxkqNGpaExPbZ6RNHHYAd25RUY8jT4Jur8YN8P4OTt1f3Bpp89
/I1gDkI3+F5sJYS94eusKjxebnPzIdrucu7ZmA02H1ez
-----END CERTIFICATE-----