Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/O7lEAqmJ6RVW6ZUznCOtA8Wqr_U.roa
File:                     O7lEAqmJ6RVW6ZUznCOtA8Wqr_U.roa (raw, json)
Hash identifier:          1bSxYn5Oc7EjOQaFfznp7ul3zLl0SKUWaiYKT6AxWVI=
Subject key identifier:   3B:B9:44:02:A9:89:E9:15:56:E9:95:33:9C:23:AD:03:C5:AA:AF:F5
Certificate issuer:       /CN=10543a5197eb2544447e9d36b3ebf14452c777eb
Certificate serial:       0194258FC2FC175111A97312CD069868254B
Authority key identifier: 10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/O7lEAqmJ6RVW6ZUznCOtA8Wqr_U.roa
Signing time:             Thu 02 Jan 2025 05:49:26 +0000
ROA not before:           Thu 02 Jan 2025 05:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24622
IP address blocks:        193.120.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c2:fc:17:51:11:a9:73:12:cd:06:98:68:25:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10543a5197eb2544447e9d36b3ebf14452c777eb
        Validity
            Not Before: Jan  2 05:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bb94402a989e91556e995339c23ad03c5aaaff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:23:57:f3:d3:4f:0d:a7:17:cd:b7:91:c1:81:
                    e4:4f:de:61:6c:72:03:fb:16:8f:f0:94:d6:64:a4:
                    2a:52:2c:e7:ee:42:08:57:b0:ec:91:ae:bc:d7:51:
                    69:9b:bc:4d:78:df:56:d9:8a:7e:13:06:5f:9f:e0:
                    c7:71:1a:6b:8e:72:52:7e:e2:44:21:ab:97:e2:ff:
                    ae:dc:f1:8c:18:4e:e1:3c:0d:eb:69:13:b0:c9:0b:
                    54:db:25:27:0c:99:13:5b:5e:8a:41:3a:ef:a8:65:
                    b3:7d:dc:90:7a:44:a8:e2:88:38:8f:12:46:95:85:
                    74:da:75:70:2f:ae:30:aa:37:5d:9d:17:f4:c7:cb:
                    19:2a:ee:ae:ae:1a:ca:c0:52:9e:8f:90:17:cf:7f:
                    8d:03:45:41:ba:01:03:dc:9d:4b:45:26:e9:f8:3a:
                    f4:62:8c:a9:2d:dc:da:62:7e:39:98:ec:39:d8:e7:
                    b1:82:4d:68:63:b5:ee:f4:8a:5b:19:07:66:e6:24:
                    80:e9:fd:18:7c:47:2c:b0:d3:61:44:8d:6b:e6:e8:
                    52:5f:1b:09:1a:c1:df:d9:1e:fa:b4:9f:d7:4b:16:
                    2f:3d:1a:58:78:d4:51:98:c8:71:df:f0:46:8f:ae:
                    b4:f8:aa:f7:5e:6f:4e:85:e9:80:b5:9d:cf:1c:50:
                    cd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B9:44:02:A9:89:E9:15:56:E9:95:33:9C:23:AD:03:C5:AA:AF:F5
            X509v3 Authority Key Identifier:
                keyid:10:54:3A:51:97:EB:25:44:44:7E:9D:36:B3:EB:F1:44:52:C7:77:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFQ6UZfrJUREfp02s-vxRFLHd-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/O7lEAqmJ6RVW6ZUznCOtA8Wqr_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/1be7bc-b642-4a0d-8e6b-f7e0c5e2702e/1/EFQ6UZfrJUREfp02s-vxRFLHd-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.120.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:2b:96:41:ba:27:8e:ac:c3:26:fb:06:80:a9:a2:52:bc:6d:
         8e:a3:55:1f:44:63:41:f8:b1:a4:34:0c:88:ab:eb:7e:9a:fa:
         08:7d:00:f3:a7:54:39:bb:b9:85:c4:41:2a:ba:5c:fa:b9:63:
         be:62:19:d3:15:f0:4f:c6:8c:bf:6b:3b:5d:37:69:75:36:b3:
         30:f5:5a:b3:00:09:b9:5b:ee:b5:fc:20:59:0d:3d:d6:11:1f:
         36:8e:f4:6a:31:90:e4:48:d9:f9:ba:cd:92:70:51:b5:2a:aa:
         79:b4:1e:3a:b9:13:c8:86:06:5f:86:57:6b:0c:0e:a1:2d:0f:
         bf:ef:f6:e3:8b:5d:af:27:5d:7e:07:c4:fc:04:4d:a9:f9:fb:
         d5:2d:77:b7:cd:a2:d1:b4:d8:01:54:dd:57:43:15:4e:cb:66:
         5d:d4:82:0e:68:5e:55:8e:e6:58:13:eb:85:18:71:27:8b:8b:
         70:f2:f7:39:33:b9:64:d1:46:ae:89:43:a5:17:66:c8:c4:91:
         85:56:93:9c:9b:cd:51:21:7f:d8:ce:47:1c:05:03:12:02:4d:
         fa:0b:43:16:bf:28:00:a4:cd:44:b4:9d:d7:b6:93:c7:8d:37:
         7b:8f:0a:7a:ce:91:69:c3:5e:56:6a:5d:f3:2e:e5:43:86:c9:
         ae:82:f2:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8L8F1ERqXMSzQaYaCVLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTQzYTUxOTdlYjI1NDQ0NDdlOWQzNmIzZWJmMTQ0NTJj
Nzc3ZWIwHhcNMjUwMTAyMDU0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmI5NDQwMmE5ODllOTE1NTZlOTk1MzM5YzIzYWQwM2M1YWFhZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyNX89NPDacXzbeRwYHkT95hbHID
+xaP8JTWZKQqUizn7kIIV7Dska6811Fpm7xNeN9W2Yp+EwZfn+DHcRprjnJSfuJE
IauX4v+u3PGMGE7hPA3raROwyQtU2yUnDJkTW16KQTrvqGWzfdyQekSo4og4jxJG
lYV02nVwL64wqjddnRf0x8sZKu6urhrKwFKej5AXz3+NA0VBugED3J1LRSbp+Dr0
YoypLdzaYn45mOw52Oexgk1oY7Xu9IpbGQdm5iSA6f0YfEcssNNhRI1r5uhSXxsJ
GsHf2R76tJ/XSxYvPRpYeNRRmMhx3/BGj660+Kr3Xm9OhemAtZ3PHFDNGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDu5RAKpiekVVumVM5wjrQPFqq/1MB8GA1UdIwQY
MBaAFBBUOlGX6yVERH6dNrPr8URSx3frMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmIt
ZjdlMGM1ZTI3MDJlLzEvTzdsRUFxbUo2UlZXNlpVem5DT3RBOFdxcl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8xYmU3YmMtYjY0Mi00YTBkLThlNmItZjdlMGM1ZTI3MDJl
LzEvRUZRNlVaZnJKVVJFZnAwMnMtdnhSRkxIZC1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXihMA0G
CSqGSIb3DQEBCwUAA4IBAQA0K5ZBuieOrMMm+waAqaJSvG2Oo1UfRGNB+LGkNAyI
q+t+mvoIfQDzp1Q5u7mFxEEqulz6uWO+YhnTFfBPxoy/aztdN2l1NrMw9VqzAAm5
W+61/CBZDT3WER82jvRqMZDkSNn5us2ScFG1Kqp5tB46uRPIhgZfhldrDA6hLQ+/
7/bji12vJ11+B8T8BE2p+fvVLXe3zaLRtNgBVN1XQxVOy2Zd1IIOaF5VjuZYE+uF
GHEni4tw8vc5M7lk0UauiUOlF2bIxJGFVpOcm81RIX/YzkccBQMSAk36C0MWvygA
pM1EtJ3XtpPHjTd7jwp6zpFpw15Wal3zLuVDhsmugvJl
-----END CERTIFICATE-----