Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/7H7Q-FOocYgdd8gjwkqS9TIXyuE.roa
File:                     7H7Q-FOocYgdd8gjwkqS9TIXyuE.roa (raw, json)
Hash identifier:          hB4ehFIw3sQcFQewTsTafsaL/HkQ04QQvxp4gJCaKHI=
Subject key identifier:   EC:7E:D0:F8:53:A8:71:88:1D:77:C8:23:C2:4A:92:F5:32:17:CA:E1
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0194266BA367118F409DB737BCE09642636E
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/7H7Q-FOocYgdd8gjwkqS9TIXyuE.roa
Signing time:             Thu 02 Jan 2025 09:49:35 +0000
ROA not before:           Thu 02 Jan 2025 09:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23422
IP address blocks:        193.56.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 10:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a3:67:11:8f:40:9d:b7:37:bc:e0:96:42:63:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 09:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec7ed0f853a871881d77c823c24a92f53217cae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c6:63:ce:39:87:05:99:f1:f3:57:2f:6a:82:
                    1e:cb:ef:a1:50:c3:9c:2a:ed:a7:47:1c:5b:7b:41:
                    25:fc:02:6d:6e:e2:df:39:86:11:d2:67:43:ed:c4:
                    ef:b6:a6:54:b2:0a:ed:07:ea:20:f0:a4:94:e0:83:
                    0b:56:32:52:82:dd:c8:d8:36:a2:0b:08:50:2d:e4:
                    e3:fa:0f:c5:74:ed:c0:2e:00:9d:67:67:4f:2e:40:
                    10:26:3a:dd:b5:11:69:f4:e3:b5:ad:35:a1:8e:83:
                    29:4d:3e:99:49:28:e2:d0:b2:32:e5:f1:ba:bf:5a:
                    4e:52:2e:14:c8:f6:7e:53:0f:80:3f:6a:70:93:9b:
                    38:1f:41:1b:79:d7:16:c1:31:f2:8b:36:ee:28:99:
                    e3:e3:9c:2c:a3:95:a7:75:77:fd:e6:9e:cb:39:e0:
                    41:2e:c8:9a:45:0c:f3:49:7c:3c:de:03:af:c7:cc:
                    f8:c6:f0:93:9d:e1:57:51:71:b5:8f:99:b5:70:d1:
                    0d:fd:61:41:af:c0:46:cb:90:62:7c:d3:e9:a4:fd:
                    da:f3:fa:58:68:1d:f8:1b:2b:d2:10:1b:97:4e:5a:
                    cc:0f:9b:8e:d7:6b:20:9d:66:6b:e7:33:ee:21:ba:
                    23:5b:ce:c5:5f:c1:a1:86:8c:02:1d:93:2c:f2:80:
                    01:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:7E:D0:F8:53:A8:71:88:1D:77:C8:23:C2:4A:92:F5:32:17:CA:E1
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/7H7Q-FOocYgdd8gjwkqS9TIXyuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:31:df:eb:10:86:24:15:a5:20:d0:ca:6c:81:81:90:72:88:
         29:5f:7a:8f:d4:22:c7:e2:94:bd:87:4d:75:d7:c5:ce:bc:80:
         67:89:cb:1b:d6:ba:d2:66:87:8d:6e:8e:e9:32:35:7f:8f:bf:
         fd:6b:19:bd:d2:54:76:51:77:5e:8b:27:76:53:4e:27:30:31:
         e5:07:a9:bb:35:b9:cf:99:e7:e1:19:f4:a4:a8:cb:fc:ca:9d:
         50:8f:2e:ac:f1:ae:58:54:81:4c:0e:24:09:86:b0:3e:8e:12:
         da:cf:0c:0e:af:fe:40:5b:69:ab:18:9c:dd:9a:71:ba:8c:65:
         6b:ca:6e:37:35:c4:44:ea:56:74:c2:e6:d5:a5:b0:fa:45:3f:
         2c:c0:6a:3e:c0:9c:cd:78:6a:da:21:e8:f3:49:80:b2:10:34:
         b2:2f:75:a7:1c:57:c5:a2:f5:ec:c8:70:e4:79:6e:a3:30:c3:
         77:76:b2:44:bb:e2:f7:fd:40:af:34:f4:35:3e:cb:58:89:27:
         da:8e:3b:30:ce:41:7d:5d:13:74:8c:e2:b4:bf:4e:74:4e:89:
         7d:ff:fe:7b:ff:6a:6d:a4:27:09:1b:76:e0:e0:41:c2:44:2c:
         87:54:62:bb:a4:96:d6:59:f1:89:ee:dc:e0:00:44:8f:97:16:
         81:ee:d6:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma6NnEY9Anbc3vOCWQmNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzdlZDBmODUzYTg3MTg4MWQ3N2M4MjNjMjRhOTJmNTMyMTdjYWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcZjzjmHBZnx81cvaoIey++hUMOc
Ku2nRxxbe0El/AJtbuLfOYYR0mdD7cTvtqZUsgrtB+og8KSU4IMLVjJSgt3I2Dai
CwhQLeTj+g/FdO3ALgCdZ2dPLkAQJjrdtRFp9OO1rTWhjoMpTT6ZSSji0LIy5fG6
v1pOUi4UyPZ+Uw+AP2pwk5s4H0EbedcWwTHyizbuKJnj45wso5WndXf95p7LOeBB
LsiaRQzzSXw83gOvx8z4xvCTneFXUXG1j5m1cNEN/WFBr8BGy5BifNPppP3a8/pY
aB34GyvSEBuXTlrMD5uO12sgnWZr5zPuIbojW87FX8GhhowCHZMs8oABLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOx+0PhTqHGIHXfII8JKkvUyF8rhMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvN0g3US1GT29jWWdkZDhnandrcVM5VElYeXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTgXMA0G
CSqGSIb3DQEBCwUAA4IBAQBQMd/rEIYkFaUg0MpsgYGQcogpX3qP1CLH4pS9h011
18XOvIBnicsb1rrSZoeNbo7pMjV/j7/9axm90lR2UXdeiyd2U04nMDHlB6m7NbnP
mefhGfSkqMv8yp1Qjy6s8a5YVIFMDiQJhrA+jhLazwwOr/5AW2mrGJzdmnG6jGVr
ym43NcRE6lZ0wubVpbD6RT8swGo+wJzNeGraIejzSYCyEDSyL3WnHFfFovXsyHDk
eW6jMMN3drJEu+L3/UCvNPQ1PstYiSfajjswzkF9XRN0jOK0v050Tol9//57/2pt
pCcJG3bg4EHCRCyHVGK7pJbWWfGJ7tzgAESPlxaB7tbf
-----END CERTIFICATE-----