Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/c7xP-MwGxuglosXTBWROxJFYC1M.roa
File:                     c7xP-MwGxuglosXTBWROxJFYC1M.roa (raw, json)
Hash identifier:          0tnrUeOROUSpDx3ud5d6bB4SQKqLpQnwpqFTnCbPfq0=
Subject key identifier:   73:BC:4F:F8:CC:06:C6:E8:25:A2:C5:D3:05:64:4E:C4:91:58:0B:53
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BD74A0291576D08599BF36A14B2C2
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/c7xP-MwGxuglosXTBWROxJFYC1M.roa
Signing time:             Thu 02 Jan 2025 09:49:49 +0000
ROA not before:           Thu 02 Jan 2025 09:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41097
IP address blocks:        193.192.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d7:4a:02:91:57:6d:08:59:9b:f3:6a:14:b2:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73bc4ff8cc06c6e825a2c5d305644ec491580b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:48:ca:2b:b9:7c:a8:cd:7e:0f:9e:f1:d9:f8:
                    29:6f:66:ee:df:bc:8e:1b:e3:c7:36:82:7d:c3:4f:
                    91:6b:17:0c:e0:9b:d9:71:67:54:21:fa:54:87:10:
                    54:e7:f8:c3:5a:60:03:e8:ad:4c:42:c1:03:7f:1b:
                    d1:c2:d7:e8:24:fd:97:78:ff:95:d3:61:85:84:95:
                    b5:b4:a9:30:32:7b:09:16:9c:3f:87:3f:7b:80:82:
                    f2:f7:fc:26:ea:e1:a4:e5:3e:3c:21:9d:d9:9a:b7:
                    c7:2e:aa:0b:16:c8:fc:7f:a9:4b:ed:5c:58:5d:15:
                    3a:a2:aa:80:ef:bf:b9:40:bb:15:2b:8e:bb:d0:3f:
                    95:c6:d6:91:27:4f:dd:53:d6:3d:4b:ce:9f:70:1f:
                    a5:e2:b7:86:13:e7:17:97:24:3a:60:ff:a5:11:bd:
                    6b:39:63:e9:ee:af:bf:c3:ee:46:89:54:7c:c7:03:
                    95:8d:4b:e7:d3:aa:ed:51:ba:c3:07:5d:22:c5:e8:
                    43:5e:d2:f4:12:a0:ca:f0:f7:34:bf:62:8d:01:1a:
                    7b:25:f4:f0:5f:55:5c:c0:35:1e:e0:99:4c:5e:ea:
                    dc:74:e4:20:2b:03:82:67:75:e4:37:b1:4e:75:e4:
                    7b:d6:0a:64:ad:5c:29:88:74:46:33:39:c7:73:41:
                    62:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BC:4F:F8:CC:06:C6:E8:25:A2:C5:D3:05:64:4E:C4:91:58:0B:53
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/c7xP-MwGxuglosXTBWROxJFYC1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:65:ae:d5:14:b8:34:25:c5:a7:16:88:99:31:8f:01:11:02:
         95:72:9a:7a:bd:c2:08:0d:77:fc:25:bd:0b:33:00:5b:15:4b:
         16:2a:81:2a:0e:56:8e:5c:4c:b6:37:f6:db:b3:17:6f:6a:62:
         3e:dd:25:29:ed:4b:b8:6c:c5:d5:b5:d7:aa:04:97:1a:26:4d:
         86:da:1d:f4:16:13:79:df:93:f5:25:d4:c6:99:b3:24:b3:8f:
         36:eb:30:eb:24:92:36:5c:95:62:1a:31:27:7e:15:27:f7:6a:
         eb:8c:b6:50:d9:27:1c:cc:e4:8c:f7:37:09:f5:bc:0d:c0:70:
         a8:14:42:54:3c:3a:cb:23:f0:67:ae:19:02:ce:a1:e7:8a:53:
         03:b6:4d:80:b8:f7:d4:dd:ef:c6:a4:d0:b2:28:eb:2b:61:7b:
         9b:22:1f:e3:26:1a:32:a2:5c:a6:f6:df:25:81:db:db:f7:c8:
         06:9e:d4:6d:e8:6b:6a:0b:63:11:a2:33:43:f7:cf:7d:0d:29:
         64:46:7c:62:4f:a2:c7:67:1f:23:a1:b0:ce:65:a8:fd:c2:87:
         8e:a9:70:d5:48:e3:52:4a:60:44:c6:f5:50:5f:bc:ae:0f:79:
         11:28:ac:de:a8:2e:56:1f:5b:c4:c8:e0:2a:cd:a2:ce:89:9e:
         5e:a7:b9:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9dKApFXbQhZm/NqFLLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JjNGZmOGNjMDZjNmU4MjVhMmM1ZDMwNTY0NGVjNDkxNTgwYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0jKK7l8qM1+D57x2fgpb2bu37yO
G+PHNoJ9w0+RaxcM4JvZcWdUIfpUhxBU5/jDWmAD6K1MQsEDfxvRwtfoJP2XeP+V
02GFhJW1tKkwMnsJFpw/hz97gILy9/wm6uGk5T48IZ3ZmrfHLqoLFsj8f6lL7VxY
XRU6oqqA77+5QLsVK4670D+VxtaRJ0/dU9Y9S86fcB+l4reGE+cXlyQ6YP+lEb1r
OWPp7q+/w+5GiVR8xwOVjUvn06rtUbrDB10ixehDXtL0EqDK8Pc0v2KNARp7JfTw
X1VcwDUe4JlMXurcdOQgKwOCZ3XkN7FOdeR71gpkrVwpiHRGMznHc0Fi+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHO8T/jMBsboJaLF0wVkTsSRWAtTMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvYzd4UC1Nd0d4dWdsb3NYVEJXUk94SkZZQzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcC/MA0G
CSqGSIb3DQEBCwUAA4IBAQBqZa7VFLg0JcWnFoiZMY8BEQKVcpp6vcIIDXf8Jb0L
MwBbFUsWKoEqDlaOXEy2N/bbsxdvamI+3SUp7Uu4bMXVtdeqBJcaJk2G2h30FhN5
35P1JdTGmbMks4826zDrJJI2XJViGjEnfhUn92rrjLZQ2ScczOSM9zcJ9bwNwHCo
FEJUPDrLI/BnrhkCzqHnilMDtk2AuPfU3e/GpNCyKOsrYXubIh/jJhoyolym9t8l
gdvb98gGntRt6GtqC2MRojND9899DSlkRnxiT6LHZx8jobDOZaj9woeOqXDVSONS
SmBExvVQX7yuD3kRKKzeqC5WH1vEyOAqzaLOiZ5ep7ma
-----END CERTIFICATE-----