Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/7oQLFindjFNNwT1EI5HtopJVATk.roa
File:                     7oQLFindjFNNwT1EI5HtopJVATk.roa (raw, json)
Hash identifier:          QW4atGbHZ6zg8XYnhlFNaNdtw1KZFCjwMGSD43vyWYs=
Subject key identifier:   EE:84:0B:16:29:DD:8C:53:4D:C1:3D:44:23:91:ED:A2:92:55:01:39
Certificate issuer:       /CN=1e65ede3b6aae7475c354b1e9b84d6a7832b077b
Certificate serial:       019424448A4A59721175FA233DCE2369574A
Authority key identifier: 1E:65:ED:E3:B6:AA:E7:47:5C:35:4B:1E:9B:84:D6:A7:83:2B:07:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HmXt47aq50dcNUsem4TWp4MrB3s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/7oQLFindjFNNwT1EI5HtopJVATk.roa
Signing time:             Wed 01 Jan 2025 23:47:38 +0000
ROA not before:           Wed 01 Jan 2025 23:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207176
IP address blocks:        193.56.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/HmXt47aq50dcNUsem4TWp4MrB3s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/HmXt47aq50dcNUsem4TWp4MrB3s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HmXt47aq50dcNUsem4TWp4MrB3s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:8a:4a:59:72:11:75:fa:23:3d:ce:23:69:57:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e65ede3b6aae7475c354b1e9b84d6a7832b077b
        Validity
            Not Before: Jan  1 23:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee840b1629dd8c534dc13d442391eda292550139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f7:77:fb:83:8b:b2:61:f6:05:0e:33:81:2c:
                    d5:1d:23:95:0e:e0:16:6b:8f:f9:11:7a:23:24:4d:
                    a7:66:3d:15:22:b4:e6:18:b2:26:12:f3:fd:d8:94:
                    db:9a:68:6f:f5:0e:88:d1:06:91:be:6f:dd:1c:76:
                    4c:a7:19:0a:ff:10:66:f0:04:e7:f8:42:e0:fb:e8:
                    ef:c1:ca:32:47:30:3f:09:77:03:27:64:4f:4d:2b:
                    b8:2c:d9:7a:66:09:e9:36:a0:cb:39:d5:a4:5b:15:
                    6b:56:65:18:99:7b:3c:49:82:6e:49:ef:0a:8f:70:
                    6d:d4:f1:46:fe:ac:02:cc:8e:67:b2:4c:59:9d:fc:
                    10:18:10:68:a4:7f:50:8b:64:33:b1:5b:95:a6:08:
                    e4:59:d1:37:23:01:39:ba:12:b8:81:ca:33:60:db:
                    3d:ab:30:67:1d:ad:75:46:4f:90:ae:cb:45:9f:8d:
                    ba:98:aa:28:2e:c6:a1:71:fd:09:85:47:44:0f:b7:
                    63:f3:90:55:cb:cd:b7:78:92:40:6e:b8:f2:ce:b5:
                    85:cf:d8:f7:b4:ba:34:7c:61:16:f1:d1:fd:ca:27:
                    22:6a:85:09:51:28:40:49:24:85:02:ad:ff:0e:4e:
                    9b:78:a7:5f:b4:cd:e4:ba:8e:7d:76:55:a2:f8:e8:
                    c9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:84:0B:16:29:DD:8C:53:4D:C1:3D:44:23:91:ED:A2:92:55:01:39
            X509v3 Authority Key Identifier:
                keyid:1E:65:ED:E3:B6:AA:E7:47:5C:35:4B:1E:9B:84:D6:A7:83:2B:07:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HmXt47aq50dcNUsem4TWp4MrB3s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/7oQLFindjFNNwT1EI5HtopJVATk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c991ef-84b4-496f-a856-5ce4d8dbd159/1/HmXt47aq50dcNUsem4TWp4MrB3s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:57:09:6b:56:ed:f0:38:e0:90:9b:6c:1d:76:d9:f1:06:65:
         47:f0:16:80:b8:26:24:6c:24:b3:11:3a:77:33:8a:2a:30:ba:
         1f:fb:f0:b6:c2:d5:3d:4d:15:36:46:97:2b:4f:25:ee:db:cf:
         e2:1a:36:bf:97:ee:76:23:fa:7b:af:5a:35:01:96:48:5e:b2:
         75:14:54:b9:d9:0e:80:b4:b6:b1:0e:5e:6a:cb:53:94:c9:cc:
         2f:8a:a9:e8:79:95:d8:89:22:29:1f:01:11:4a:de:ef:85:aa:
         c0:d2:eb:6b:f7:06:5a:69:7f:e5:c0:e4:71:ed:cf:b5:ab:b7:
         75:9c:80:76:06:3b:73:1c:1f:e6:37:30:69:ba:f8:62:32:e2:
         cc:7a:8f:18:ff:35:97:24:74:b9:a5:31:85:a7:a5:5e:5e:6c:
         a4:75:a2:a5:24:a8:4f:e9:eb:6a:15:80:9d:01:98:60:50:87:
         89:a7:c4:be:3e:57:4b:0e:3a:38:b7:8c:ff:cf:c2:dd:49:cb:
         c6:f8:18:d8:ec:41:6b:06:e2:1d:3c:9a:94:6f:8d:0a:2d:11:
         9b:d6:27:2d:80:f0:a6:39:9d:c2:63:f0:04:49:29:68:a5:d5:
         60:68:21:7e:5b:de:a3:2e:2f:95:75:7c:b6:e8:24:80:a7:89:
         c3:f6:3c:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRIpKWXIRdfojPc4jaVdKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNjVlZGUzYjZhYWU3NDc1YzM1NGIxZTliODRkNmE3ODMy
YjA3N2IwHhcNMjUwMTAxMjM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTg0MGIxNjI5ZGQ4YzUzNGRjMTNkNDQyMzkxZWRhMjkyNTUwMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPd3+4OLsmH2BQ4zgSzVHSOVDuAW
a4/5EXojJE2nZj0VIrTmGLImEvP92JTbmmhv9Q6I0QaRvm/dHHZMpxkK/xBm8ATn
+ELg++jvwcoyRzA/CXcDJ2RPTSu4LNl6ZgnpNqDLOdWkWxVrVmUYmXs8SYJuSe8K
j3Bt1PFG/qwCzI5nskxZnfwQGBBopH9Qi2QzsVuVpgjkWdE3IwE5uhK4gcozYNs9
qzBnHa11Rk+QrstFn426mKooLsahcf0JhUdED7dj85BVy823eJJAbrjyzrWFz9j3
tLo0fGEW8dH9yiciaoUJUShASSSFAq3/Dk6beKdftM3kuo59dlWi+OjJVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6ECxYp3YxTTcE9RCOR7aKSVQE5MB8GA1UdIwQY
MBaAFB5l7eO2qudHXDVLHpuE1qeDKwd7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG1YdDQ3YXE1MGRjTlVzZW00VFdwNE1yQjNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9jOTkxZWYtODRiNC00OTZmLWE4NTYt
NWNlNGQ4ZGJkMTU5LzEvN29RTEZpbmRqRk5Od1QxRUk1SHRvcEpWQVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9jOTkxZWYtODRiNC00OTZmLWE4NTYtNWNlNGQ4ZGJkMTU5
LzEvSG1YdDQ3YXE1MGRjTlVzZW00VFdwNE1yQjNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTgOMA0G
CSqGSIb3DQEBCwUAA4IBAQCZVwlrVu3wOOCQm2wddtnxBmVH8BaAuCYkbCSzETp3
M4oqMLof+/C2wtU9TRU2RpcrTyXu28/iGja/l+52I/p7r1o1AZZIXrJ1FFS52Q6A
tLaxDl5qy1OUycwviqnoeZXYiSIpHwERSt7vharA0utr9wZaaX/lwORx7c+1q7d1
nIB2BjtzHB/mNzBpuvhiMuLMeo8Y/zWXJHS5pTGFp6VeXmykdaKlJKhP6etqFYCd
AZhgUIeJp8S+PldLDjo4t4z/z8LdScvG+BjY7EFrBuIdPJqUb40KLRGb1ictgPCm
OZ3CY/AESSlopdVgaCF+W96jLi+VdXy26CSAp4nD9jyr
-----END CERTIFICATE-----