Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/k7GcqXDcQjFazZREhROts0K22sc.roa
File:                     k7GcqXDcQjFazZREhROts0K22sc.roa (raw, json)
Hash identifier:          bROZ8FmNPNV3Yq/P0u6E0rG9JqJwgfEu4paFKf1Kd/E=
Subject key identifier:   93:B1:9C:A9:70:DC:42:31:5A:CD:94:44:85:13:AD:B3:42:B6:DA:C7
Certificate issuer:       /CN=393d2f0a96199a060856cf67e2105fda2cb93d37
Certificate serial:       018DA8982D4A71C26922B7D81D9A2772FFD4
Authority key identifier: 39:3D:2F:0A:96:19:9A:06:08:56:CF:67:E2:10:5F:DA:2C:B9:3D:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OT0vCpYZmgYIVs9n4hBf2iy5PTc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/k7GcqXDcQjFazZREhROts0K22sc.roa
Signing time:             Wed 14 Feb 2024 17:09:21 +0000
ROA not before:           Wed 14 Feb 2024 17:09:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.133.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/OT0vCpYZmgYIVs9n4hBf2iy5PTc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/OT0vCpYZmgYIVs9n4hBf2iy5PTc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OT0vCpYZmgYIVs9n4hBf2iy5PTc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:98:2d:4a:71:c2:69:22:b7:d8:1d:9a:27:72:ff:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=393d2f0a96199a060856cf67e2105fda2cb93d37
        Validity
            Not Before: Feb 14 17:09:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93b19ca970dc42315acd94448513adb342b6dac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5e:95:f8:00:15:91:1b:07:48:ab:99:53:a6:
                    09:ac:7a:9a:1c:2b:e2:e6:c4:a7:9a:62:4a:63:35:
                    a8:62:66:70:d1:9c:fc:d1:21:ab:e1:53:27:9a:27:
                    79:d5:3b:af:d0:84:f2:19:ed:2e:47:fb:ac:95:a0:
                    51:b6:9e:f3:f5:61:25:d7:ee:6c:b9:51:9b:f5:9f:
                    ec:7c:4b:3a:b3:bc:89:3a:c0:78:72:75:00:99:7a:
                    d1:59:66:77:7b:e1:3a:fe:34:c3:13:4b:40:95:4e:
                    ab:30:5d:5b:94:07:45:25:c3:d2:7a:51:68:62:a4:
                    7e:2b:15:25:90:83:70:9d:ff:35:12:45:35:94:5f:
                    35:7a:23:04:33:c0:6a:2f:49:9a:59:d3:bd:89:ea:
                    89:ed:d8:39:0c:68:c6:91:b7:34:25:e0:44:5c:1f:
                    f3:58:80:aa:74:83:3d:41:c1:e6:33:50:d5:57:70:
                    37:38:96:aa:70:b6:e5:a1:19:d4:b1:4e:c9:f1:49:
                    ac:91:93:65:a5:9a:72:98:4b:c0:ef:0d:a2:3a:80:
                    90:be:0d:5a:ff:55:e2:95:54:f7:d3:78:10:e3:c6:
                    22:da:6c:a2:bb:5d:d0:83:0b:0d:ba:7c:da:af:a3:
                    78:ad:7e:a9:d3:6d:fc:02:51:44:99:3a:cf:1a:9b:
                    3b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B1:9C:A9:70:DC:42:31:5A:CD:94:44:85:13:AD:B3:42:B6:DA:C7
            X509v3 Authority Key Identifier:
                keyid:39:3D:2F:0A:96:19:9A:06:08:56:CF:67:E2:10:5F:DA:2C:B9:3D:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OT0vCpYZmgYIVs9n4hBf2iy5PTc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/k7GcqXDcQjFazZREhROts0K22sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0365de-8008-4713-ab99-619fa80b8d74/1/OT0vCpYZmgYIVs9n4hBf2iy5PTc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:49:bf:21:64:75:5e:af:8d:81:60:22:9c:4f:07:96:5b:28:
         7c:d7:46:22:51:fb:d1:70:cf:c8:ea:21:13:fd:4a:d5:2b:5b:
         b0:03:67:b1:3e:80:aa:c7:de:71:53:44:5e:cc:fd:06:11:66:
         51:fb:6f:d2:c4:85:aa:a8:78:9a:99:0d:5a:1b:3e:46:40:ba:
         87:81:a3:c0:82:f9:fb:56:72:cd:7f:d5:f2:63:85:fe:04:1e:
         22:5f:cd:67:d5:ce:d6:7c:dc:66:09:b3:54:fc:fd:bc:20:c2:
         40:53:fd:7b:9d:de:9b:72:67:0b:e8:7b:1b:ec:aa:08:7b:43:
         70:b1:25:26:1c:e7:64:d8:8c:83:56:04:87:c3:31:94:fb:6d:
         ef:83:68:54:e2:ac:63:ee:c8:04:c0:03:f0:15:46:de:8f:ba:
         e4:bf:a9:1d:93:e7:d0:55:43:ad:e8:be:77:e2:31:86:24:f5:
         f8:9e:d2:27:20:35:4e:34:bb:22:67:41:59:7c:91:25:ff:36:
         3b:d4:83:e4:c2:b6:6f:e3:49:74:00:01:42:a5:0b:01:d7:44:
         0f:c9:7e:a3:4b:c0:6e:7a:c7:5e:d5:9f:33:da:fa:47:bc:62:
         e9:3a:e5:3f:8a:93:a0:be:89:b0:cb:51:74:45:69:4f:83:8f:
         35:e5:66:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2omC1KccJpIrfYHZoncv/UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5M2QyZjBhOTYxOTlhMDYwODU2Y2Y2N2UyMTA1ZmRhMmNi
OTNkMzcwHhcNMjQwMjE0MTcwOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2IxOWNhOTcwZGM0MjMxNWFjZDk0NDQ4NTEzYWRiMzQyYjZkYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkl6V+AAVkRsHSKuZU6YJrHqaHCvi
5sSnmmJKYzWoYmZw0Zz80SGr4VMnmid51Tuv0ITyGe0uR/uslaBRtp7z9WEl1+5s
uVGb9Z/sfEs6s7yJOsB4cnUAmXrRWWZ3e+E6/jTDE0tAlU6rMF1blAdFJcPSelFo
YqR+KxUlkINwnf81EkU1lF81eiMEM8BqL0maWdO9ieqJ7dg5DGjGkbc0JeBEXB/z
WICqdIM9QcHmM1DVV3A3OJaqcLbloRnUsU7J8UmskZNlpZpymEvA7w2iOoCQvg1a
/1XilVT303gQ48Yi2myiu13QgwsNunzar6N4rX6p0238AlFEmTrPGps7VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOxnKlw3EIxWs2URIUTrbNCttrHMB8GA1UdIwQY
MBaAFDk9LwqWGZoGCFbPZ+IQX9osuT03MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1QwdkNwWVptZ1lJVnM5bjRoQmYyaXk1UFRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8wMzY1ZGUtODAwOC00NzEzLWFiOTkt
NjE5ZmE4MGI4ZDc0LzEvazdHY3FYRGNRakZhelpSRWhST3RzMEsyMnNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8wMzY1ZGUtODAwOC00NzEzLWFiOTktNjE5ZmE4MGI4ZDc0
LzEvT1QwdkNwWVptZ1lJVnM5bjRoQmYyaXk1UFRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYWKMA0G
CSqGSIb3DQEBCwUAA4IBAQCHSb8hZHVer42BYCKcTweWWyh810YiUfvRcM/I6iET
/UrVK1uwA2exPoCqx95xU0RezP0GEWZR+2/SxIWqqHiamQ1aGz5GQLqHgaPAgvn7
VnLNf9XyY4X+BB4iX81n1c7WfNxmCbNU/P28IMJAU/17nd6bcmcL6Hsb7KoIe0Nw
sSUmHOdk2IyDVgSHwzGU+23vg2hU4qxj7sgEwAPwFUbej7rkv6kdk+fQVUOt6L53
4jGGJPX4ntInIDVONLsiZ0FZfJEl/zY71IPkwrZv40l0AAFCpQsB10QPyX6jS8Bu
esde1Z8z2vpHvGLpOuU/ipOgvomwy1F0RWlPg4815WY1
-----END CERTIFICATE-----