Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/p7ajTPk_6vD-ShnSycWTRtspNak.roa
File:                     p7ajTPk_6vD-ShnSycWTRtspNak.roa (raw, json)
Hash identifier:          +mZjYHCWteW5dSrOV0OMmXRjM3/5lFLRmio3rfiCbHQ=
Subject key identifier:   A7:B6:A3:4C:F9:3F:EA:F0:FE:4A:19:D2:C9:C5:93:46:DB:29:35:A9
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F3E60D53B7791F33E97DE787BBAE
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/p7ajTPk_6vD-ShnSycWTRtspNak.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133944
IP address blocks:        160.19.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f3:e6:0d:53:b7:79:1f:33:e9:7d:e7:87:bb:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7b6a34cf93feaf0fe4a19d2c9c59346db2935a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:f4:76:a0:73:06:aa:b7:72:71:b5:90:c2:26:
                    0f:18:87:15:a0:f8:c4:ff:50:04:93:cb:94:e0:66:
                    d0:ee:69:94:f0:c0:9e:4c:4a:75:93:78:a5:38:02:
                    54:5b:46:de:ad:d0:e6:39:af:16:54:55:28:65:be:
                    1e:bc:32:cd:58:75:bf:b9:40:fc:56:0e:c0:59:d2:
                    a4:2f:80:ef:4c:64:f8:42:ac:57:b2:6a:3e:83:8e:
                    63:cf:0e:fc:80:b2:1c:de:a7:1f:1f:d3:68:71:96:
                    96:3f:84:b5:45:f0:1b:66:51:55:df:44:01:65:48:
                    7f:e7:c4:c6:e8:34:da:f3:61:66:a1:c1:70:78:18:
                    03:5c:99:ca:8f:ac:d4:11:47:15:25:6b:e6:9f:14:
                    19:be:5f:11:44:4f:a5:b0:fe:04:11:26:ad:09:46:
                    c6:a2:d8:d0:76:18:ba:55:22:b9:df:ed:9b:d1:2a:
                    bb:85:83:9f:09:8e:f4:d0:87:99:ba:d6:79:1a:83:
                    fe:3b:b4:7d:b1:d5:26:b4:0f:75:cd:f7:33:01:06:
                    3a:2b:f2:11:1f:a6:f6:bd:6f:76:32:f0:20:1f:11:
                    9b:5d:ab:26:11:ad:43:71:a8:5e:ee:bf:b8:b4:f0:
                    74:6f:e2:c7:09:86:20:2a:7e:31:a7:a4:27:36:32:
                    f4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B6:A3:4C:F9:3F:EA:F0:FE:4A:19:D2:C9:C5:93:46:DB:29:35:A9
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/p7ajTPk_6vD-ShnSycWTRtspNak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:73:fd:03:de:35:17:d2:ed:43:d4:89:b2:f1:3f:c0:f6:9e:
         fc:ac:a2:f5:95:04:62:48:10:37:c1:00:e7:77:49:91:9b:8e:
         80:85:9d:0e:01:fc:03:31:cc:5c:7b:d1:63:85:cc:a9:b6:9a:
         36:29:dc:af:20:6b:68:95:8e:25:83:5b:d2:51:50:ef:5a:f3:
         95:de:0d:fd:95:6e:88:06:74:d7:2b:39:03:ce:db:76:dd:e8:
         6f:63:9b:62:27:a8:58:4a:07:5d:c8:f1:62:3e:5f:17:f3:27:
         e4:78:50:76:17:d8:27:c5:71:42:61:f8:9f:eb:87:5c:b1:d2:
         44:23:33:38:4c:6b:df:58:de:44:64:e2:16:e5:54:c4:0f:51:
         99:de:1f:b2:f9:c9:5d:aa:a1:07:c3:3a:64:71:2e:ce:34:1e:
         20:77:21:bb:55:8e:d8:37:62:35:ef:ed:52:ef:0e:47:85:04:
         eb:83:07:72:43:6b:4f:ef:e3:94:73:35:9e:bc:33:ff:9c:67:
         29:bd:ec:5a:68:4b:92:88:0d:cf:e3:c4:ec:df:e9:4b:23:60:
         94:dd:94:e8:76:65:78:9b:c0:67:31:30:ec:df:27:02:7f:df:
         5a:ac:59:39:30:83:5e:98:87:42:02:56:a4:a4:d7:e9:31:af:
         07:4e:84:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafPmDVO3eR8z6X3nh7uuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2I2YTM0Y2Y5M2ZlYWYwZmU0YTE5ZDJjOWM1OTM0NmRiMjkzNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PR2oHMGqrdycbWQwiYPGIcVoPjE
/1AEk8uU4GbQ7mmU8MCeTEp1k3ilOAJUW0berdDmOa8WVFUoZb4evDLNWHW/uUD8
Vg7AWdKkL4DvTGT4QqxXsmo+g45jzw78gLIc3qcfH9NocZaWP4S1RfAbZlFV30QB
ZUh/58TG6DTa82FmocFweBgDXJnKj6zUEUcVJWvmnxQZvl8RRE+lsP4EESatCUbG
otjQdhi6VSK53+2b0Sq7hYOfCY700IeZutZ5GoP+O7R9sdUmtA91zfczAQY6K/IR
H6b2vW92MvAgHxGbXasmEa1Dcahe7r+4tPB0b+LHCYYgKn4xp6QnNjL0lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKe2o0z5P+rw/koZ0snFk0bbKTWpMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvcDdhalRQa182dkQtU2huU3ljV1RSdHNwTmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBoBNcMA0G
CSqGSIb3DQEBCwUAA4IBAQBEc/0D3jUX0u1D1Imy8T/A9p78rKL1lQRiSBA3wQDn
d0mRm46AhZ0OAfwDMcxce9Fjhcyptpo2KdyvIGtolY4lg1vSUVDvWvOV3g39lW6I
BnTXKzkDztt23ehvY5tiJ6hYSgddyPFiPl8X8yfkeFB2F9gnxXFCYfif64dcsdJE
IzM4TGvfWN5EZOIW5VTED1GZ3h+y+cldqqEHwzpkcS7ONB4gdyG7VY7YN2I17+1S
7w5HhQTrgwdyQ2tP7+OUczWevDP/nGcpvexaaEuSiA3P48Ts3+lLI2CU3ZTodmV4
m8BnMTDs3ycCf99arFk5MINemIdCAlakpNfpMa8HToQL
-----END CERTIFICATE-----