Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/c7VMTH5oRiMepLX7njtvJKd1WYY.roa
File:                     c7VMTH5oRiMepLX7njtvJKd1WYY.roa (raw, json)
Hash identifier:          wXbu8Lm1V0kHlqzriGYAjdr9BMjGUoHSVwKNeLwh2Eg=
Subject key identifier:   73:B5:4C:4C:7E:68:46:23:1E:A4:B5:FB:9E:3B:6F:24:A7:75:59:86
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0191526CFFBCB7A53857BDDE8949F6B56B6F
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/c7VMTH5oRiMepLX7njtvJKd1WYY.roa
Signing time:             Wed 14 Aug 2024 19:46:00 +0000
ROA not before:           Wed 14 Aug 2024 19:46:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50969
IP address blocks:        195.211.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:52:6c:ff:bc:b7:a5:38:57:bd:de:89:49:f6:b5:6b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Aug 14 19:46:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73b54c4c7e6846231ea4b5fb9e3b6f24a7755986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:eb:2f:4f:95:b9:e6:52:94:b7:9f:ee:27:ec:
                    0f:0b:e1:c4:65:c1:0d:fc:c5:b6:04:2d:f8:05:0a:
                    25:3c:06:c9:0a:fa:88:32:95:27:77:92:10:7e:7a:
                    21:82:b3:0e:33:15:b7:92:c1:41:10:9e:37:a1:83:
                    f0:6a:de:cc:fa:d4:0f:b8:3f:28:1e:4e:6f:44:d4:
                    52:46:f0:ac:55:c0:c1:0c:ce:84:5e:14:02:21:ad:
                    5e:f1:5f:9b:e4:cc:b6:4a:7b:70:22:6e:1e:5a:db:
                    c5:97:e7:5d:6d:79:9e:8f:f3:3c:b0:0b:33:81:44:
                    d3:04:d7:e8:b2:00:e3:6e:31:c0:f2:d2:c6:30:1c:
                    f4:1f:b5:5e:e4:4d:ac:9c:9d:40:60:36:3a:67:23:
                    fc:1e:5f:35:e3:5f:de:a5:92:58:c6:6b:16:0d:24:
                    5d:36:82:7b:92:26:e0:cd:aa:1d:15:fb:40:5b:dd:
                    ed:3d:36:e9:14:62:1d:d9:e9:9a:16:5d:59:1c:81:
                    e7:fb:bc:c3:34:10:21:5b:a6:f2:e9:76:e8:0f:42:
                    44:38:bd:a5:a5:03:c6:a7:2a:0a:23:a3:dd:e8:56:
                    f5:b2:9e:d4:1b:08:b4:0f:2c:19:ed:f0:58:8a:b8:
                    8b:f3:5b:67:b1:92:58:b4:75:34:4e:29:3d:02:3c:
                    3d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B5:4C:4C:7E:68:46:23:1E:A4:B5:FB:9E:3B:6F:24:A7:75:59:86
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/c7VMTH5oRiMepLX7njtvJKd1WYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:6b:8a:bc:44:98:de:db:09:d0:99:b3:31:88:b0:fc:0c:cf:
         e6:a5:f9:2b:2b:19:59:c0:a7:03:d9:21:50:2c:2a:ea:7f:33:
         96:48:ab:b9:03:60:14:16:a9:23:d8:4a:09:ae:1d:7e:a9:a8:
         bf:71:9e:16:40:69:34:d3:9c:60:69:24:0c:61:43:2f:27:42:
         f5:8c:01:62:1c:49:86:dc:a2:c2:1b:2c:14:7f:95:3b:b3:db:
         7b:49:ff:29:0c:db:10:54:92:9a:97:20:b7:6b:4b:6d:72:c9:
         10:eb:8a:32:f7:1c:5f:0d:68:47:17:dd:e2:76:4e:96:8d:d0:
         96:77:3d:5b:73:98:04:11:eb:24:71:8d:5f:b0:88:08:a7:8c:
         fb:c8:f0:32:65:34:31:0e:fd:95:d0:12:a8:76:7f:95:23:26:
         a0:79:87:3b:c8:29:09:30:92:fa:09:76:61:dc:20:e1:9f:13:
         95:16:8e:dc:c2:a6:cc:cd:97:31:3b:12:b3:8a:14:86:93:60:
         38:ef:2a:b2:cc:2a:71:ec:92:c8:b7:57:be:e0:71:7b:4e:41:
         98:6e:a1:a6:60:95:6e:bc:43:eb:07:af:76:66:48:69:ae:7f:
         3e:16:ef:d3:66:9f:ba:c8:03:c2:e2:a3:8a:4c:61:63:b3:05:
         c1:c6:e8:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFSbP+8t6U4V73eiUn2tWtvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwODE0MTk0NjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2I1NGM0YzdlNjg0NjIzMWVhNGI1ZmI5ZTNiNmYyNGE3NzU1OTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqusvT5W55lKUt5/uJ+wPC+HEZcEN
/MW2BC34BQolPAbJCvqIMpUnd5IQfnohgrMOMxW3ksFBEJ43oYPwat7M+tQPuD8o
Hk5vRNRSRvCsVcDBDM6EXhQCIa1e8V+b5My2SntwIm4eWtvFl+ddbXmej/M8sAsz
gUTTBNfosgDjbjHA8tLGMBz0H7Ve5E2snJ1AYDY6ZyP8Hl8141/epZJYxmsWDSRd
NoJ7kibgzaodFftAW93tPTbpFGId2emaFl1ZHIHn+7zDNBAhW6by6XboD0JEOL2l
pQPGpyoKI6Pd6Fb1sp7UGwi0DywZ7fBYiriL81tnsZJYtHU0Tik9Ajw9WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHO1TEx+aEYjHqS1+547bySndVmGMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvYzdWTVRINW9SaU1lcExYN25qdHZKS2QxV1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9OmMA0G
CSqGSIb3DQEBCwUAA4IBAQAca4q8RJje2wnQmbMxiLD8DM/mpfkrKxlZwKcD2SFQ
LCrqfzOWSKu5A2AUFqkj2EoJrh1+qai/cZ4WQGk005xgaSQMYUMvJ0L1jAFiHEmG
3KLCGywUf5U7s9t7Sf8pDNsQVJKalyC3a0ttcskQ64oy9xxfDWhHF93idk6WjdCW
dz1bc5gEEeskcY1fsIgIp4z7yPAyZTQxDv2V0BKodn+VIyageYc7yCkJMJL6CXZh
3CDhnxOVFo7cwqbMzZcxOxKzihSGk2A47yqyzCpx7JLIt1e+4HF7TkGYbqGmYJVu
vEPrB692Zkhprn8+Fu/TZp+6yAPC4qOKTGFjswXBxuht
-----END CERTIFICATE-----