Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/e57fb1-2d5a-4661-801d-0eb8f37a0179/1/s7KvbI4-rCVyf8KDby1jbrCWBpM.roa
File:                     s7KvbI4-rCVyf8KDby1jbrCWBpM.roa (raw, json)
Hash identifier:          94TpsG9AhT/SNCk2bQ7O2IXOOpDe3J0YrBAsaoJm8Cw=
Subject key identifier:   B3:B2:AF:6C:8E:3E:AC:25:72:7F:C2:83:6F:2D:63:6E:B0:96:06:93
Certificate issuer:       /CN=aa7a7da1e223b1830a0b91b5d61c83ad260c111b
Certificate serial:       018CC348F26057B295DE91486D3264E9EEB0
Authority key identifier: AA:7A:7D:A1:E2:23:B1:83:0A:0B:91:B5:D6:1C:83:AD:26:0C:11:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qnp9oeIjsYMKC5G11hyDrSYMERs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/e57fb1-2d5a-4661-801d-0eb8f37a0179/1/s7KvbI4-rCVyf8KDby1jbrCWBpM.roa
Signing time:             Mon 01 Jan 2024 04:29:46 +0000
ROA not before:           Mon 01 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41485
IP address blocks:        193.227.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/e57fb1-2d5a-4661-801d-0eb8f37a0179/1/qnp9oeIjsYMKC5G11hyDrSYMERs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/e57fb1-2d5a-4661-801d-0eb8f37a0179/1/qnp9oeIjsYMKC5G11hyDrSYMERs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qnp9oeIjsYMKC5G11hyDrSYMERs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 19:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f2:60:57:b2:95:de:91:48:6d:32:64:e9:ee:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa7a7da1e223b1830a0b91b5d61c83ad260c111b
        Validity
            Not Before: Jan  1 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3b2af6c8e3eac25727fc2836f2d636eb0960693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ca:5f:4e:45:9c:55:29:bc:ce:79:12:58:ec:
                    5b:9e:d8:cc:12:84:3e:e0:e6:87:e1:89:40:fb:7b:
                    96:c6:0f:e2:ff:cc:46:36:64:21:7e:25:a6:9b:df:
                    b6:a8:1c:84:dc:84:e3:32:1c:b1:b4:9f:b2:d7:ea:
                    45:b5:62:3f:4b:ab:d9:aa:3d:f2:35:69:5d:1f:56:
                    40:81:0a:bb:fb:e4:5a:c6:82:49:7a:7f:b6:8d:60:
                    46:4a:01:91:8b:0b:ae:34:8a:b7:93:f4:cb:4a:93:
                    91:e0:94:86:31:69:6b:4f:42:17:e7:13:c4:f2:f0:
                    bf:9b:4a:50:4a:28:d9:6e:7e:92:eb:e5:11:e3:ea:
                    46:bc:3c:5f:97:7a:54:ec:3a:41:30:80:a8:d8:4a:
                    6a:d5:9f:5d:ee:e9:73:f1:11:82:a2:ec:31:6a:74:
                    6a:73:d5:55:d1:6b:0b:3c:95:c4:64:48:f2:d9:23:
                    d8:1c:df:61:48:b2:64:9e:a1:5a:4b:93:bb:a2:b9:
                    e8:c8:0e:e8:3c:46:73:43:6c:0c:1c:03:e3:37:56:
                    7e:d9:fb:ef:86:fc:cf:60:db:1f:5a:a2:64:94:52:
                    2f:4d:fa:1b:7e:5c:34:57:21:0c:8f:02:1c:94:16:
                    82:cc:18:73:8f:7c:fc:1c:ba:cf:62:29:ea:90:c3:
                    2f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:B2:AF:6C:8E:3E:AC:25:72:7F:C2:83:6F:2D:63:6E:B0:96:06:93
            X509v3 Authority Key Identifier:
                keyid:AA:7A:7D:A1:E2:23:B1:83:0A:0B:91:B5:D6:1C:83:AD:26:0C:11:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnp9oeIjsYMKC5G11hyDrSYMERs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/e57fb1-2d5a-4661-801d-0eb8f37a0179/1/s7KvbI4-rCVyf8KDby1jbrCWBpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/e57fb1-2d5a-4661-801d-0eb8f37a0179/1/qnp9oeIjsYMKC5G11hyDrSYMERs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:89:db:b0:ca:cf:08:19:ab:62:b5:60:da:23:d3:20:ba:1f:
         86:0d:29:26:67:07:98:ed:ea:c3:b6:75:b9:34:34:98:7e:8a:
         ef:0a:c5:48:e4:69:13:f9:2a:9a:9b:8c:ec:56:4d:f6:94:c8:
         e5:fa:e2:f8:be:bd:9a:12:64:dc:20:55:02:de:a4:1f:e5:ff:
         47:87:7f:f0:7b:a4:65:2e:17:27:40:d9:bf:fa:99:59:58:15:
         06:41:e4:20:46:ef:3c:f2:dc:30:c7:38:8e:63:9b:4e:11:13:
         ac:9b:91:dd:7b:06:6e:dc:07:32:96:7c:32:8c:75:33:15:11:
         1b:8d:9e:62:e0:eb:20:a9:d4:b7:1f:4a:bf:23:13:b5:d0:1c:
         11:05:2f:96:bb:a0:f9:8a:90:27:78:20:4d:6c:d0:4a:db:49:
         2d:33:29:bd:fc:4f:d9:f0:73:6a:3e:9b:94:61:d6:6b:dc:7e:
         27:10:96:38:e4:8e:52:09:36:dc:e0:c7:99:0b:35:f3:04:33:
         88:51:f8:96:b3:ce:46:6a:b2:54:be:23:c4:15:f8:81:7b:e2:
         79:23:88:a2:96:25:ff:3c:bd:72:ea:14:b8:18:0d:fb:ee:35:
         68:a5:95:2e:8f:96:34:18:94:58:26:4c:4e:75:66:f0:d9:5f:
         cc:5c:4e:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPJgV7KV3pFIbTJk6e6wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhN2E3ZGExZTIyM2IxODMwYTBiOTFiNWQ2MWM4M2FkMjYw
YzExMWIwHhcNMjQwMTAxMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2IyYWY2YzhlM2VhYzI1NzI3ZmMyODM2ZjJkNjM2ZWIwOTYwNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMpfTkWcVSm8znkSWOxbntjMEoQ+
4OaH4YlA+3uWxg/i/8xGNmQhfiWmm9+2qByE3ITjMhyxtJ+y1+pFtWI/S6vZqj3y
NWldH1ZAgQq7++RaxoJJen+2jWBGSgGRiwuuNIq3k/TLSpOR4JSGMWlrT0IX5xPE
8vC/m0pQSijZbn6S6+UR4+pGvDxfl3pU7DpBMICo2Epq1Z9d7ulz8RGCouwxanRq
c9VV0WsLPJXEZEjy2SPYHN9hSLJknqFaS5O7ornoyA7oPEZzQ2wMHAPjN1Z+2fvv
hvzPYNsfWqJklFIvTfobflw0VyEMjwIclBaCzBhzj3z8HLrPYinqkMMvnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOyr2yOPqwlcn/Cg28tY26wlgaTMB8GA1UdIwQY
MBaAFKp6faHiI7GDCguRtdYcg60mDBEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW5wOW9lSWpzWU1LQzVHMTFoeURyU1lNRVJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9lNTdmYjEtMmQ1YS00NjYxLTgwMWQt
MGViOGYzN2EwMTc5LzEvczdLdmJJNC1yQ1Z5ZjhLRGJ5MWpickNXQnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9lNTdmYjEtMmQ1YS00NjYxLTgwMWQtMGViOGYzN2EwMTc5
LzEvcW5wOW9lSWpzWU1LQzVHMTFoeURyU1lNRVJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweNgMA0G
CSqGSIb3DQEBCwUAA4IBAQBKiduwys8IGatitWDaI9Mguh+GDSkmZweY7erDtnW5
NDSYforvCsVI5GkT+Sqam4zsVk32lMjl+uL4vr2aEmTcIFUC3qQf5f9Hh3/we6Rl
LhcnQNm/+plZWBUGQeQgRu888twwxziOY5tOEROsm5HdewZu3AcylnwyjHUzFREb
jZ5i4OsgqdS3H0q/IxO10BwRBS+Wu6D5ipAneCBNbNBK20ktMym9/E/Z8HNqPpuU
YdZr3H4nEJY45I5SCTbc4MeZCzXzBDOIUfiWs85GarJUviPEFfiBe+J5I4iiliX/
PL1y6hS4GA377jVopZUuj5Y0GJRYJkxOdWbw2V/MXE6Y
-----END CERTIFICATE-----