Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/4765e8-61b8-40c7-847f-dcce0c9f4d94/1/7_CL4Gsrxp4qqYPyvK66LRtWPaY.roa
File:                     7_CL4Gsrxp4qqYPyvK66LRtWPaY.roa (raw, json)
Hash identifier:          5eXG7PEPaSgEGRIYmUVtl2wnP/TI5VQDxiI2fSyhea8=
Subject key identifier:   EF:F0:8B:E0:6B:2B:C6:9E:2A:A9:83:F2:BC:AE:BA:2D:1B:56:3D:A6
Certificate issuer:       /CN=1980bbbacfa9e3cdccf6c0e935361a7ab27da14d
Certificate serial:       018CC3B686131791FDB9E64EB74AA23BD236
Authority key identifier: 19:80:BB:BA:CF:A9:E3:CD:CC:F6:C0:E9:35:36:1A:7A:B2:7D:A1:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYC7us-p483M9sDpNTYaerJ9oU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/4765e8-61b8-40c7-847f-dcce0c9f4d94/1/7_CL4Gsrxp4qqYPyvK66LRtWPaY.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12439
IP address blocks:        193.41.245.0/24 maxlen: 24
                          193.41.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/4765e8-61b8-40c7-847f-dcce0c9f4d94/1/GYC7us-p483M9sDpNTYaerJ9oU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/4765e8-61b8-40c7-847f-dcce0c9f4d94/1/GYC7us-p483M9sDpNTYaerJ9oU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYC7us-p483M9sDpNTYaerJ9oU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:86:13:17:91:fd:b9:e6:4e:b7:4a:a2:3b:d2:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1980bbbacfa9e3cdccf6c0e935361a7ab27da14d
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eff08be06b2bc69e2aa983f2bcaeba2d1b563da6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:42:3f:47:79:03:20:a6:92:89:2e:af:0a:53:
                    28:53:43:2f:13:c8:94:bc:6c:5c:15:ef:cd:bf:79:
                    b4:a6:fa:c3:01:4a:e2:3e:3b:ad:ff:b9:5f:fd:d8:
                    7e:5e:1d:94:dd:dc:da:d9:f1:de:dd:aa:7c:18:ee:
                    b4:55:40:ea:4d:c4:cf:96:27:68:d0:c8:26:dd:2e:
                    d0:cf:e2:de:6a:82:64:ed:b2:c3:94:e0:c8:30:49:
                    43:78:1c:c9:ca:0e:5c:85:bb:d4:56:68:d2:89:2f:
                    a9:54:c0:ec:b6:05:20:68:ab:38:51:c0:5c:95:fe:
                    79:f6:06:a0:fc:08:8c:93:2c:2b:02:03:56:33:43:
                    1f:8b:e9:ff:11:7d:2c:9e:d5:73:b0:35:1c:7f:b1:
                    b3:79:c4:47:2e:22:74:da:94:8c:94:d9:1e:fd:bb:
                    51:ac:df:80:af:dc:5f:e6:c5:dc:b7:f9:e6:39:24:
                    9c:95:c0:21:8f:b2:ad:e8:5f:14:53:21:8d:d6:f4:
                    e8:e9:66:43:e1:92:23:b4:cf:08:c8:4d:36:9d:3b:
                    9e:90:90:6b:16:62:3c:94:e3:27:c8:ad:5b:50:26:
                    18:69:23:5b:87:6d:6c:6a:71:a3:60:11:d8:86:1f:
                    48:8b:a0:21:08:5d:65:31:91:1a:cb:ce:ed:64:74:
                    77:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F0:8B:E0:6B:2B:C6:9E:2A:A9:83:F2:BC:AE:BA:2D:1B:56:3D:A6
            X509v3 Authority Key Identifier:
                keyid:19:80:BB:BA:CF:A9:E3:CD:CC:F6:C0:E9:35:36:1A:7A:B2:7D:A1:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYC7us-p483M9sDpNTYaerJ9oU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/4765e8-61b8-40c7-847f-dcce0c9f4d94/1/7_CL4Gsrxp4qqYPyvK66LRtWPaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/4765e8-61b8-40c7-847f-dcce0c9f4d94/1/GYC7us-p483M9sDpNTYaerJ9oU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.245.0/24
                  193.41.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:b6:57:cf:ec:36:f5:72:cd:a6:bc:52:72:0c:85:9c:79:31:
         2b:9e:aa:35:c5:bc:dd:cf:78:6d:36:ee:32:56:9e:2a:d0:21:
         98:73:a8:e3:b5:c9:9c:8c:9a:30:b7:81:94:c8:7a:61:64:ac:
         71:34:28:ee:75:bb:e0:cf:26:8f:f2:ed:f8:37:fc:c6:a5:b1:
         1a:32:ee:7f:de:40:74:6c:bd:98:25:1d:a7:82:41:9c:15:05:
         58:3a:f5:86:30:73:b4:b0:33:bd:1d:3a:99:a6:f6:61:39:d9:
         d9:33:5e:d6:9e:b6:c3:55:9a:f1:3b:89:e8:8f:ae:21:f2:34:
         23:12:b1:79:37:44:a6:4c:45:5b:3e:7e:a1:da:46:96:a0:22:
         41:56:45:28:11:cc:bd:38:78:67:46:2f:5d:d1:f2:e7:83:ec:
         26:4d:b7:d9:cc:65:01:98:09:9e:64:f6:3b:5d:ef:69:da:b7:
         1a:08:d2:3c:5a:21:fb:4c:d1:fe:d5:f4:a9:ec:d2:83:69:ff:
         3e:c3:a0:e8:03:17:ed:97:96:7d:bf:85:c2:59:44:24:25:85:
         f7:e7:14:0d:cd:94:81:1c:39:a0:e1:8c:8e:ed:bc:06:69:2c:
         42:0f:61:f4:7d:b5:71:6a:0a:02:6d:53:ad:4d:54:3c:c9:bf:
         05:37:f6:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtoYTF5H9ueZOt0qiO9I2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODBiYmJhY2ZhOWUzY2RjY2Y2YzBlOTM1MzYxYTdhYjI3
ZGExNGQwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmYwOGJlMDZiMmJjNjllMmFhOTgzZjJiY2FlYmEyZDFiNTYzZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUI/R3kDIKaSiS6vClMoU0MvE8iU
vGxcFe/Nv3m0pvrDAUriPjut/7lf/dh+Xh2U3dza2fHe3ap8GO60VUDqTcTPlido
0Mgm3S7Qz+LeaoJk7bLDlODIMElDeBzJyg5chbvUVmjSiS+pVMDstgUgaKs4UcBc
lf559gag/AiMkywrAgNWM0Mfi+n/EX0sntVzsDUcf7GzecRHLiJ02pSMlNke/btR
rN+Ar9xf5sXct/nmOSSclcAhj7Kt6F8UUyGN1vTo6WZD4ZIjtM8IyE02nTuekJBr
FmI8lOMnyK1bUCYYaSNbh21sanGjYBHYhh9Ii6AhCF1lMZEay87tZHR3xwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO/wi+BrK8aeKqmD8ryuui0bVj2mMB8GA1UdIwQY
MBaAFBmAu7rPqePNzPbA6TU2GnqyfaFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lDN3VzLXA0ODNNOXNEcE5UWWFlcko5b1UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny80NzY1ZTgtNjFiOC00MGM3LTg0N2Yt
ZGNjZTBjOWY0ZDk0LzEvN19DTDRHc3J4cDRxcVlQeXZLNjZMUnRXUGFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny80NzY1ZTgtNjFiOC00MGM3LTg0N2YtZGNjZTBjOWY0ZDk0
LzEvR1lDN3VzLXA0ODNNOXNEcE5UWWFlcko5b1UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSn1AwQA
wSn3MA0GCSqGSIb3DQEBCwUAA4IBAQAXtlfP7Db1cs2mvFJyDIWceTErnqo1xbzd
z3htNu4yVp4q0CGYc6jjtcmcjJowt4GUyHphZKxxNCjudbvgzyaP8u34N/zGpbEa
Mu5/3kB0bL2YJR2ngkGcFQVYOvWGMHO0sDO9HTqZpvZhOdnZM17WnrbDVZrxO4no
j64h8jQjErF5N0SmTEVbPn6h2kaWoCJBVkUoEcy9OHhnRi9d0fLng+wmTbfZzGUB
mAmeZPY7Xe9p2rcaCNI8WiH7TNH+1fSp7NKDaf8+w6DoAxftl5Z9v4XCWUQkJYX3
5xQNzZSBHDmg4YyO7bwGaSxCD2H0fbVxagoCbVOtTVQ8yb8FN/ZX
-----END CERTIFICATE-----