Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/g7cHjlzdGI266Uit3P73HRzSciM.roa
File:                     g7cHjlzdGI266Uit3P73HRzSciM.roa (raw, json)
Hash identifier:          bPq2hj9iBZNVhf7hXp/Ima94OZpK3e8KMgcvQL01DJM=
Subject key identifier:   83:B7:07:8E:5C:DD:18:8D:BA:E9:48:AD:DC:FE:F7:1D:1C:D2:72:23
Certificate issuer:       /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial:       018CC8DF5EF4983B4AD9B48039C0EC6A84A0
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/g7cHjlzdGI266Uit3P73HRzSciM.roa
Signing time:             Tue 02 Jan 2024 06:32:11 +0000
ROA not before:           Tue 02 Jan 2024 06:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        193.31.116.0/24 maxlen: 24
                          176.98.40.0/24 maxlen: 24
                          176.98.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:5e:f4:98:3b:4a:d9:b4:80:39:c0:ec:6a:84:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
        Validity
            Not Before: Jan  2 06:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83b7078e5cdd188dbae948addcfef71d1cd27223
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c9:2e:10:c9:a0:17:0c:dd:e6:85:45:e8:4e:
                    8a:9d:e3:03:1a:2a:d7:f4:f9:1f:00:09:db:4f:6e:
                    fe:f0:99:b4:81:05:08:40:aa:e8:ff:35:44:25:5b:
                    7d:10:24:55:e0:62:6b:63:21:33:5a:ac:d9:56:84:
                    4f:10:56:67:ec:b7:f2:59:1c:ca:ef:4a:71:1a:0e:
                    dc:18:31:51:84:23:e0:21:6f:d9:e3:4e:20:eb:ff:
                    dd:1e:61:bc:0e:9f:30:5b:a4:f6:ae:fc:40:cc:ee:
                    ee:67:8d:61:41:52:20:8c:95:39:16:3c:1d:27:99:
                    87:9a:6f:ff:cf:8f:41:72:66:a9:c8:ed:83:d0:bd:
                    b3:5b:05:e3:64:33:b7:8d:2f:57:30:60:b7:98:a9:
                    b1:1e:0f:46:ce:95:2d:b1:d3:ff:97:08:b2:1c:ef:
                    6e:31:2f:59:7c:60:e8:d9:4c:37:04:69:45:ee:e8:
                    e5:77:41:c5:05:76:41:fc:7d:02:1a:6e:55:fb:dc:
                    4c:ca:fd:68:7f:9b:5e:bc:61:23:9d:6f:ce:2b:62:
                    50:d2:f3:65:db:70:90:a6:c2:bb:b1:3d:c1:4d:ed:
                    ab:22:75:04:6d:db:28:f8:50:ef:7d:02:11:b9:fd:
                    c5:17:dd:d4:3d:1e:4b:11:c3:17:66:6b:58:02:f8:
                    fb:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B7:07:8E:5C:DD:18:8D:BA:E9:48:AD:DC:FE:F7:1D:1C:D2:72:23
            X509v3 Authority Key Identifier:
                keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/g7cHjlzdGI266Uit3P73HRzSciM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.40.0/23
                  193.31.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:56:1d:b6:44:d3:d6:03:e0:d1:16:3a:c3:df:ff:ee:f2:e2:
         b1:05:66:e9:7f:26:6a:e8:53:f1:df:a7:68:ab:69:6b:43:0d:
         6e:71:66:c9:b2:e4:8f:9d:94:54:69:dd:5a:2c:11:25:b5:a9:
         78:93:19:87:b7:27:20:54:4c:ee:0b:8a:2d:0a:57:57:e7:e9:
         c1:05:45:86:c8:f3:d3:06:f6:8f:7e:32:f0:1a:46:b5:58:20:
         b7:88:56:76:c9:35:0c:65:ef:b2:f1:d9:3c:05:ef:63:9f:4c:
         72:fc:28:2f:d4:4b:da:45:2a:60:38:cb:13:39:66:c0:82:3c:
         3d:df:65:a9:96:6c:8e:f8:e2:18:3b:48:93:4c:75:40:19:29:
         4c:09:70:1d:92:18:d4:f7:73:0b:fe:af:4b:22:a0:9e:3b:89:
         67:28:03:f5:e3:75:33:d8:36:eb:8d:4f:3b:26:0c:36:9a:79:
         f9:dd:7c:89:c6:70:8b:22:5b:99:50:74:db:e9:61:05:2a:11:
         62:d3:94:e2:ba:f5:2a:de:91:ce:fe:1d:40:f9:5e:fb:21:15:
         2e:95:3b:a8:e7:2f:89:c9:51:e5:ef:c2:76:50:32:be:4a:a8:
         f4:5b:15:25:35:d7:44:b7:3b:06:c8:f1:35:a2:46:1b:78:8b:
         ae:60:66:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3170mDtK2bSAOcDsaoSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjQwMTAyMDYzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I3MDc4ZTVjZGQxODhkYmFlOTQ4YWRkY2ZlZjcxZDFjZDI3MjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ckuEMmgFwzd5oVF6E6KneMDGirX
9PkfAAnbT27+8Jm0gQUIQKro/zVEJVt9ECRV4GJrYyEzWqzZVoRPEFZn7LfyWRzK
70pxGg7cGDFRhCPgIW/Z404g6//dHmG8Dp8wW6T2rvxAzO7uZ41hQVIgjJU5Fjwd
J5mHmm//z49BcmapyO2D0L2zWwXjZDO3jS9XMGC3mKmxHg9GzpUtsdP/lwiyHO9u
MS9ZfGDo2Uw3BGlF7ujld0HFBXZB/H0CGm5V+9xMyv1of5tevGEjnW/OK2JQ0vNl
23CQpsK7sT3BTe2rInUEbdso+FDvfQIRuf3FF93UPR5LEcMXZmtYAvj7/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIO3B45c3RiNuulIrdz+9x0c0nIjMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvZzdjSGpsemRHSTI2NlVpdDNQNzNIUnpTY2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsGIoAwQA
wR90MA0GCSqGSIb3DQEBCwUAA4IBAQB5Vh22RNPWA+DRFjrD3//u8uKxBWbpfyZq
6FPx36doq2lrQw1ucWbJsuSPnZRUad1aLBEltal4kxmHtycgVEzuC4otCldX5+nB
BUWGyPPTBvaPfjLwGka1WCC3iFZ2yTUMZe+y8dk8Be9jn0xy/Cgv1EvaRSpgOMsT
OWbAgjw932WplmyO+OIYO0iTTHVAGSlMCXAdkhjU93ML/q9LIqCeO4lnKAP143Uz
2DbrjU87Jgw2mnn53XyJxnCLIluZUHTb6WEFKhFi05TiuvUq3pHO/h1A+V77IRUu
lTuo5y+JyVHl78J2UDK+Sqj0WxUlNddEtzsGyPE1okYbeIuuYGYj
-----END CERTIFICATE-----