Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7zRQf1E4LFWNhPL33qboOuHTSiM.roa
File:                     7zRQf1E4LFWNhPL33qboOuHTSiM.roa (raw, json)
Hash identifier:          AYjryhpazljnKXjPULGYMBkdYTbhi25fmsQWyTAsV5Y=
Subject key identifier:   EF:34:50:7F:51:38:2C:55:8D:84:F2:F7:DE:A6:E8:3A:E1:D3:4A:23
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369A946191640E6801F3CD02F2EBE93
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7zRQf1E4LFWNhPL33qboOuHTSiM.roa
Signing time:             Wed 01 Jan 2025 19:48:34 +0000
ROA not before:           Wed 01 Jan 2025 19:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59765
IP address blocks:        188.214.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:a9:46:19:16:40:e6:80:1f:3c:d0:2f:2e:be:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef34507f51382c558d84f2f7dea6e83ae1d34a23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:81:1c:35:3d:34:d0:a6:37:e9:b8:23:56:cb:
                    e4:9e:ad:c2:6e:a9:ad:eb:fe:de:91:8e:e2:e0:34:
                    9b:9c:dd:51:d9:ad:5c:5d:3e:2f:2a:0c:68:16:35:
                    83:1f:0b:1c:17:da:0e:9a:0e:50:7e:32:a2:6c:a8:
                    d2:56:54:37:7d:62:af:b4:b9:41:7b:9c:af:a5:3d:
                    34:7e:67:34:51:e0:56:1a:8b:7c:a0:05:e3:aa:1a:
                    71:32:c1:3d:4f:09:b9:af:b3:f2:da:fb:1b:61:9e:
                    62:be:64:51:16:e0:1f:63:cc:4c:d5:3a:52:fc:82:
                    d1:96:a9:81:e3:5c:90:d1:8c:39:35:1c:32:83:03:
                    a1:f3:9a:d3:66:02:60:b1:d8:b4:f6:ea:e2:a2:ed:
                    8d:5e:c3:be:73:aa:e2:47:74:74:5e:89:e6:12:07:
                    aa:b5:b8:69:7c:28:4e:70:f0:5a:cc:04:f5:22:df:
                    ad:44:cf:63:50:16:09:2c:01:46:d4:a8:b8:7a:fd:
                    13:b3:5e:d9:89:b0:e9:49:98:73:4e:79:89:8d:5f:
                    10:4b:8a:ab:f1:fb:db:ad:22:f9:1f:21:61:0c:57:
                    09:6a:bb:18:ef:f3:ff:88:b2:1e:06:d4:b8:47:9e:
                    5f:7a:fb:ea:82:fc:d2:29:0f:da:ad:8a:44:cd:34:
                    03:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:34:50:7F:51:38:2C:55:8D:84:F2:F7:DE:A6:E8:3A:E1:D3:4A:23
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/7zRQf1E4LFWNhPL33qboOuHTSiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:76:32:b4:04:6d:87:69:b3:83:b0:41:cf:67:29:fe:f5:a1:
         ab:ac:7c:72:a9:5e:b8:c8:b2:67:b2:3b:3c:18:cb:bf:33:39:
         0c:a4:db:19:e3:a8:ae:05:5b:4d:a7:77:9a:6f:79:8a:29:4d:
         f8:23:e4:99:e9:c6:8e:b9:94:5e:af:d5:00:5e:f3:dc:c2:62:
         29:a9:e6:9c:e5:e3:12:fe:93:7f:bf:a4:c6:6d:71:3f:fe:44:
         98:8a:58:cf:c9:75:90:df:2f:74:aa:3f:f3:98:f5:5d:f6:28:
         75:03:f6:11:5a:de:52:8f:14:88:0f:e8:70:cc:c0:17:48:87:
         28:b1:a4:93:9f:7f:6f:3c:3b:c7:62:8f:2d:5d:20:c5:31:91:
         d2:df:c6:0f:9b:2a:01:49:4b:92:ed:ca:aa:6a:4c:62:84:ec:
         3c:57:c3:70:10:d5:c9:3d:4c:aa:38:8e:5e:86:13:1a:24:79:
         ca:0b:26:80:61:80:70:f7:36:0d:22:17:85:c4:80:34:6a:52:
         16:17:c5:e6:e8:57:c0:a9:26:eb:ab:61:2d:c2:2e:80:f8:bc:
         3f:a1:dd:66:2c:a9:44:da:f6:31:86:27:2d:5d:dc:e7:6b:5a:
         3f:40:74:6d:21:9d:32:14:7f:51:a3:00:75:b6:7b:4c:33:a8:
         fd:e7:ac:18
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaalGGRZA5oAfPNAvLr6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjM0NTA3ZjUxMzgyYzU1OGQ4NGYyZjdkZWE2ZTgzYWUxZDM0YTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIEcNT000KY36bgjVsvknq3Cbqmt
6/7ekY7i4DSbnN1R2a1cXT4vKgxoFjWDHwscF9oOmg5QfjKibKjSVlQ3fWKvtLlB
e5yvpT00fmc0UeBWGot8oAXjqhpxMsE9Twm5r7Py2vsbYZ5ivmRRFuAfY8xM1TpS
/ILRlqmB41yQ0Yw5NRwygwOh85rTZgJgsdi09uriou2NXsO+c6riR3R0XonmEgeq
tbhpfChOcPBazAT1It+tRM9jUBYJLAFG1Ki4ev0Ts17ZibDpSZhzTnmJjV8QS4qr
8fvbrSL5HyFhDFcJarsY7/P/iLIeBtS4R55fevvqgvzSKQ/arYpEzTQDZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFO80UH9ROCxVjYTy996m6Drh00ojMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzd6UlFmMUU0TEZXTmhQTDMzcWJvT3VIVFNpTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC81m8w
DQYJKoZIhvcNAQELBQADggEBABB2MrQEbYdps4OwQc9nKf71oausfHKpXrjIsmey
OzwYy78zOQyk2xnjqK4FW02nd5pveYopTfgj5Jnpxo65lF6v1QBe89zCYimp5pzl
4xL+k3+/pMZtcT/+RJiKWM/JdZDfL3SqP/OY9V32KHUD9hFa3lKPFIgP6HDMwBdI
hyixpJOff288O8dijy1dIMUxkdLfxg+bKgFJS5LtyqpqTGKE7DxXw3AQ1ck9TKo4
jl6GExokecoLJoBhgHD3Ng0iF4XEgDRqUhYXxeboV8CpJuurYS3CLoD4vD+h3WYs
qUTa9jGGJy1d3OdrWj9AdG0hnTIUf1GjAHW2e0wzqP3nrBg=
-----END CERTIFICATE-----