Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/deo_7Q0ZdHf29iEmlt-bW0HVgAQ.roa
File:                     deo_7Q0ZdHf29iEmlt-bW0HVgAQ.roa (raw, json)
Hash identifier:          NncfswgXYv42I5hNAfH13K4oE7VRz0N5rRXgaxySKHs=
Subject key identifier:   75:EA:3F:ED:0D:19:74:77:F6:F6:21:26:96:DF:9B:5B:41:D5:80:04
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01932644997AFAA3D407207DD48F06CA0704
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/deo_7Q0ZdHf29iEmlt-bW0HVgAQ.roa
Signing time:             Wed 13 Nov 2024 16:04:10 +0000
ROA not before:           Wed 13 Nov 2024 16:04:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2856
IP address blocks:        147.78.68.0/22 maxlen: 22
                          193.187.132.0/22 maxlen: 22
                          193.187.140.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:26:44:99:7a:fa:a3:d4:07:20:7d:d4:8f:06:ca:07:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Nov 13 16:04:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75ea3fed0d197477f6f6212696df9b5b41d58004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:6a:58:82:24:73:5d:df:e4:a7:ac:3f:f0:d4:
                    a6:19:87:01:d9:d8:de:00:02:eb:2e:30:21:31:dd:
                    a1:7e:8e:84:c1:17:70:ba:40:89:f0:15:f7:14:cf:
                    b9:37:17:b8:e0:e2:33:c2:1b:36:ba:61:df:9c:75:
                    9d:8c:ce:8a:ac:23:9f:ce:5e:8b:35:92:af:90:d5:
                    f5:12:e7:6e:38:61:b0:a1:92:0c:58:6a:89:52:ae:
                    93:36:fb:a3:d9:a2:63:f4:9a:db:46:48:6d:93:0c:
                    79:79:c9:ed:e1:5c:01:56:13:8e:0f:cf:a7:9f:0b:
                    2b:58:f2:86:98:04:cd:75:cb:b3:5b:a1:6e:42:1b:
                    5c:82:48:79:09:70:f1:47:f2:46:a2:88:3d:e4:25:
                    f4:4a:d4:20:c1:07:97:ce:a0:7b:1f:7f:0d:2e:88:
                    6f:73:e4:01:c3:a6:60:3c:ad:5e:69:cb:09:37:b1:
                    e7:ec:44:cd:12:47:fe:dc:5d:3f:5c:94:5d:76:f0:
                    cf:a2:7a:d7:48:3b:3d:64:9b:f4:f9:80:08:20:d6:
                    bb:6c:9c:ed:da:ad:c1:d8:a5:85:34:1c:6f:d0:9e:
                    92:b8:19:5c:a3:bd:a1:56:81:23:6c:dc:af:24:12:
                    a4:ac:30:70:f7:e8:80:63:bb:36:b4:b1:23:21:75:
                    29:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:EA:3F:ED:0D:19:74:77:F6:F6:21:26:96:DF:9B:5B:41:D5:80:04
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/deo_7Q0ZdHf29iEmlt-bW0HVgAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.68.0/22
                  193.187.132.0/22
                  193.187.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:44:f8:47:b4:c4:1c:aa:67:e6:ca:d0:bf:7c:1d:51:12:dc:
         ac:42:94:65:72:e0:a0:5e:50:d9:cb:1f:55:1f:b5:c8:f0:a4:
         3e:49:e6:3d:68:a6:4d:60:a7:e9:cc:78:cb:c5:97:29:bb:ab:
         6d:a5:ac:a2:a3:dc:f5:05:fa:ad:ac:a0:79:93:9b:af:52:dc:
         07:b0:0b:f2:21:fe:2e:4d:3c:74:d6:b5:22:1c:08:cc:2e:00:
         1d:41:0a:50:11:65:45:f6:21:fb:42:56:63:36:f4:9a:42:23:
         45:7b:a9:18:ef:fd:78:a9:03:3e:af:20:52:7a:52:42:23:d8:
         45:01:48:45:c0:18:bb:fc:e2:dd:f0:ef:da:d9:23:0a:32:b0:
         4a:97:88:0d:45:79:de:d3:7a:a6:3a:10:46:52:98:5b:fa:60:
         df:77:69:66:05:7f:29:09:c5:e2:4c:f3:d1:56:89:91:d7:25:
         bf:35:11:f1:ab:9e:b4:0e:d5:41:2f:f5:e1:e8:c8:66:8a:de:
         eb:46:1e:02:ff:a3:3f:f2:1c:bf:63:0c:7e:ab:a0:c0:a6:11:
         64:65:f2:e4:d2:2c:7d:5c:bb:e5:18:9b:98:9b:35:a8:62:c9:
         cd:dd:01:90:7e:1a:e4:1d:c5:f4:1d:0a:d6:78:73:5e:0e:dd:
         6d:a8:1f:43
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMmRJl6+qPUByB91I8GygcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQxMTEzMTYwNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWVhM2ZlZDBkMTk3NDc3ZjZmNjIxMjY5NmRmOWI1YjQxZDU4MDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GpYgiRzXd/kp6w/8NSmGYcB2dje
AALrLjAhMd2hfo6EwRdwukCJ8BX3FM+5Nxe44OIzwhs2umHfnHWdjM6KrCOfzl6L
NZKvkNX1EuduOGGwoZIMWGqJUq6TNvuj2aJj9JrbRkhtkwx5ecnt4VwBVhOOD8+n
nwsrWPKGmATNdcuzW6FuQhtcgkh5CXDxR/JGoog95CX0StQgwQeXzqB7H38NLohv
c+QBw6ZgPK1eacsJN7Hn7ETNEkf+3F0/XJRddvDPonrXSDs9ZJv0+YAIINa7bJzt
2q3B2KWFNBxv0J6SuBlco72hVoEjbNyvJBKkrDBw9+iAY7s2tLEjIXUpHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHXqP+0NGXR39vYhJpbfm1tB1YAEMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvZGVvXzdRMFpkSGYyOWlFbWx0LWJXMEhWZ0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCk05EAwQC
wbuEAwQCwbuMMA0GCSqGSIb3DQEBCwUAA4IBAQCkRPhHtMQcqmfmytC/fB1REtys
QpRlcuCgXlDZyx9VH7XI8KQ+SeY9aKZNYKfpzHjLxZcpu6ttpayio9z1BfqtrKB5
k5uvUtwHsAvyIf4uTTx01rUiHAjMLgAdQQpQEWVF9iH7QlZjNvSaQiNFe6kY7/14
qQM+ryBSelJCI9hFAUhFwBi7/OLd8O/a2SMKMrBKl4gNRXne03qmOhBGUphb+mDf
d2lmBX8pCcXiTPPRVomR1yW/NRHxq560DtVBL/Xh6Mhmit7rRh4C/6M/8hy/Ywx+
q6DAphFkZfLk0ix9XLvlGJuYmzWoYsnN3QGQfhrkHcX0HQrWeHNeDt1tqB9D
-----END CERTIFICATE-----