Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/7BNecPxXEai1mB0LhgbsV8DbpDA.roa
File:                     7BNecPxXEai1mB0LhgbsV8DbpDA.roa (raw, json)
Hash identifier:          xZzPPaDFM5MgkvgjvnV/H6CRegjPACg8aONaYdoVE7U=
Subject key identifier:   EC:13:5E:70:FC:57:11:A8:B5:98:1D:0B:86:06:EC:57:C0:DB:A4:30
Certificate issuer:       /CN=5afdbf9883c18c4ce165d8b8503c6201745d6887
Certificate serial:       018CC42544048B6CE5A685DE9ACCEEE10072
Authority key identifier: 5A:FD:BF:98:83:C1:8C:4C:E1:65:D8:B8:50:3C:62:01:74:5D:68:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/7BNecPxXEai1mB0LhgbsV8DbpDA.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211268
IP address blocks:        193.32.59.0/24 maxlen: 24
                          193.56.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:44:04:8b:6c:e5:a6:85:de:9a:cc:ee:e1:00:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5afdbf9883c18c4ce165d8b8503c6201745d6887
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec135e70fc5711a8b5981d0b8606ec57c0dba430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ce:b9:4b:d7:ca:fd:db:7e:7d:1b:58:f9:1f:
                    5a:f4:58:dd:3c:44:00:36:5f:39:ea:55:c2:4c:ed:
                    c7:7d:61:d6:40:5e:ba:50:7c:cd:c2:07:e4:1a:fd:
                    78:fb:c0:33:c7:bb:90:e6:63:20:55:1a:88:20:ff:
                    45:99:a8:27:ea:c9:d9:88:ff:b6:9d:e5:76:7d:1d:
                    39:2d:ff:d9:a5:9e:5e:c9:52:a8:43:35:54:90:df:
                    b5:f0:5e:86:34:68:ad:16:5b:ee:34:88:6a:da:01:
                    39:98:dc:33:75:a4:e8:e2:5c:b1:5d:e7:7e:69:ca:
                    a0:1f:ef:21:fd:6d:27:a7:b4:00:ea:ab:63:78:97:
                    c7:02:6c:85:1d:b0:75:73:de:df:b0:b3:54:ae:01:
                    27:3a:45:c3:00:ce:fb:27:ce:0c:be:5f:0c:ee:8b:
                    fc:00:68:9e:d3:4a:3a:c5:b5:e8:e3:61:db:8f:0f:
                    39:bd:1f:92:d3:35:0c:e9:4c:83:ea:99:bb:e4:36:
                    47:18:98:2e:fa:49:42:ad:43:1f:01:fe:07:f9:12:
                    63:5c:c9:29:50:c5:22:e0:bb:cc:ad:e8:fa:2e:37:
                    62:f8:ce:04:e3:43:4c:fa:2c:d8:5a:ea:b1:7a:a1:
                    1f:cf:b7:90:5a:9d:3c:53:b5:0c:20:ab:68:5f:c2:
                    00:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:13:5E:70:FC:57:11:A8:B5:98:1D:0B:86:06:EC:57:C0:DB:A4:30
            X509v3 Authority Key Identifier:
                keyid:5A:FD:BF:98:83:C1:8C:4C:E1:65:D8:B8:50:3C:62:01:74:5D:68:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/7BNecPxXEai1mB0LhgbsV8DbpDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.59.0/24
                  193.56.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:de:a5:62:e0:81:2f:6d:c9:ee:db:fd:a3:a7:bf:ba:86:ac:
         2b:e6:af:d4:58:2a:77:73:4e:57:e0:6a:bd:ff:ed:53:cc:cb:
         6c:1f:14:e4:2c:7b:ee:46:0a:dd:1c:ce:ae:8c:b4:1c:d9:e4:
         0c:8d:96:30:bb:98:f4:56:44:78:75:08:b6:41:ad:dc:41:74:
         f3:76:de:8f:37:f9:a9:ab:28:19:b5:94:e5:6e:21:4a:9b:15:
         e8:8f:1c:91:b9:a4:e2:cd:0d:94:98:4c:27:7e:71:e6:7c:36:
         19:68:81:a3:0e:37:22:a1:49:3c:f8:45:ac:af:0e:f7:e2:5c:
         f5:ba:c4:22:d7:d3:2a:bd:a1:8a:e8:88:3f:db:2d:67:61:53:
         4c:7d:25:4a:b0:1a:fe:28:18:bf:f8:de:85:34:8a:4e:e1:6e:
         40:69:59:f4:80:16:a2:7b:b7:1a:aa:06:10:24:c2:a2:d1:fb:
         95:2d:d3:e2:c9:e8:c4:ae:6a:8d:3c:e3:28:f8:d1:8f:be:b4:
         06:77:fd:56:cb:74:33:bc:bd:7f:f4:40:f6:0d:14:bb:70:92:
         f2:62:1b:9d:66:1d:98:c1:5f:09:91:2a:39:11:8d:4c:bb:d9:
         f4:b7:be:b4:33:a0:dd:12:87:61:4c:a6:74:97:22:85:20:a1:
         4c:f6:b3:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJUQEi2zlpoXemszu4QByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZmRiZjk4ODNjMThjNGNlMTY1ZDhiODUwM2M2MjAxNzQ1
ZDY4ODcwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzEzNWU3MGZjNTcxMWE4YjU5ODFkMGI4NjA2ZWM1N2MwZGJhNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgc65S9fK/dt+fRtY+R9a9FjdPEQA
Nl856lXCTO3HfWHWQF66UHzNwgfkGv14+8Azx7uQ5mMgVRqIIP9Fmagn6snZiP+2
neV2fR05Lf/ZpZ5eyVKoQzVUkN+18F6GNGitFlvuNIhq2gE5mNwzdaTo4lyxXed+
acqgH+8h/W0np7QA6qtjeJfHAmyFHbB1c97fsLNUrgEnOkXDAM77J84Mvl8M7ov8
AGie00o6xbXo42Hbjw85vR+S0zUM6UyD6pm75DZHGJgu+klCrUMfAf4H+RJjXMkp
UMUi4LvMrej6Ljdi+M4E40NM+izYWuqxeqEfz7eQWp08U7UMIKtoX8IAbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOwTXnD8VxGotZgdC4YG7FfA26QwMB8GA1UdIwQY
MBaAFFr9v5iDwYxM4WXYuFA8YgF0XWiHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3YyX21JUEJqRXpoWmRpNFVEeGlBWFJkYUljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8yOTQ0MGItYzU5YS00NjA4LWJjNjMt
YTRjYTMzNjNkNzAxLzEvN0JOZWNQeFhFYWkxbUIwTGhnYnNWOERicERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8yOTQ0MGItYzU5YS00NjA4LWJjNjMtYTRjYTMzNjNkNzAx
LzEvV3YyX21JUEJqRXpoWmRpNFVEeGlBWFJkYUljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSA7AwQA
wTiEMA0GCSqGSIb3DQEBCwUAA4IBAQB33qVi4IEvbcnu2/2jp7+6hqwr5q/UWCp3
c05X4Gq9/+1TzMtsHxTkLHvuRgrdHM6ujLQc2eQMjZYwu5j0VkR4dQi2Qa3cQXTz
dt6PN/mpqygZtZTlbiFKmxXojxyRuaTizQ2UmEwnfnHmfDYZaIGjDjcioUk8+EWs
rw734lz1usQi19MqvaGK6Ig/2y1nYVNMfSVKsBr+KBi/+N6FNIpO4W5AaVn0gBai
e7caqgYQJMKi0fuVLdPiyejErmqNPOMo+NGPvrQGd/1Wy3QzvL1/9ED2DRS7cJLy
YhudZh2YwV8JkSo5EY1Mu9n0t760M6DdEodhTKZ0lyKFIKFM9rOv
-----END CERTIFICATE-----