Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Sh7JlMJhv-6RtBisv-L0kfbZJks.roa
File:                     Sh7JlMJhv-6RtBisv-L0kfbZJks.roa (raw, json)
Hash identifier:          F+4kBoxCrAhOhNOKd39I4JEpehCkgRYyGrELsXTNP9s=
Subject key identifier:   4A:1E:C9:94:C2:61:BF:EE:91:B4:18:AC:BF:E2:F4:91:F6:D9:26:4B
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       019426D9F752400D18893926BF75FE3ACCA3
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Sh7JlMJhv-6RtBisv-L0kfbZJks.roa
Signing time:             Thu 02 Jan 2025 11:50:06 +0000
ROA not before:           Thu 02 Jan 2025 11:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207967
IP address blocks:        193.109.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f7:52:40:0d:18:89:39:26:bf:75:fe:3a:cc:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Jan  2 11:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a1ec994c261bfee91b418acbfe2f491f6d9264b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:07:50:60:7e:44:e6:7b:7c:16:c8:bf:3e:04:
                    9f:74:2d:ee:06:8f:73:ff:ab:75:5f:0f:40:e1:26:
                    00:04:ef:dd:de:05:9a:cf:53:ed:9e:8d:d7:94:fe:
                    0c:10:bc:c2:8a:1e:36:7f:b1:3c:c1:d9:61:75:ea:
                    d8:bd:c4:95:e0:78:c8:6b:89:93:22:79:a0:8c:bd:
                    7b:ab:b1:92:bf:ce:69:f9:f4:e3:88:6d:d5:b6:4a:
                    16:c6:94:59:a9:6a:a9:6b:96:cc:fc:24:68:48:d7:
                    1a:70:5d:8f:3e:d4:40:9a:38:ae:96:0e:7c:19:31:
                    2d:ab:88:4f:26:5a:f7:4e:09:3b:65:09:f3:82:a7:
                    f8:06:48:fb:d7:37:3e:af:36:65:f0:2f:00:9d:80:
                    04:d4:98:91:fb:03:3e:c3:c3:9f:0f:f9:0c:66:21:
                    29:9d:75:0d:16:15:7a:f8:4b:ad:f0:6a:d7:9c:ad:
                    d7:cf:a5:c8:7c:28:be:2d:37:b8:08:23:94:a9:72:
                    e2:33:61:b7:dd:45:75:a7:1b:0b:cf:d7:ee:51:70:
                    24:67:a3:f6:c3:58:7b:2d:22:3b:32:d2:cc:ec:af:
                    04:5c:46:c3:54:e1:bb:b4:c2:25:d1:e3:c5:af:3d:
                    f9:e3:3a:ad:86:68:04:3f:1b:82:76:23:26:30:b0:
                    66:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:1E:C9:94:C2:61:BF:EE:91:B4:18:AC:BF:E2:F4:91:F6:D9:26:4B
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/Sh7JlMJhv-6RtBisv-L0kfbZJks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:27:fe:f3:df:af:fd:c6:49:b5:7b:50:88:98:23:04:32:f9:
         db:b7:7e:68:e7:64:9c:fe:4d:14:a8:6d:bd:69:ba:a3:04:d0:
         a4:a1:d9:ae:32:3d:62:83:a4:33:6d:cc:fb:09:bd:67:ca:48:
         00:ce:f2:d3:81:e0:f8:6c:cb:00:f0:d0:b6:47:93:3d:50:78:
         cf:a5:d2:21:29:95:e4:1e:fe:2a:c1:98:ed:c3:eb:3b:a6:52:
         bd:62:14:1a:5a:97:62:f4:e8:07:06:b7:22:cb:67:16:56:8e:
         3b:04:8d:bc:10:04:68:30:0a:40:ca:9c:f3:83:aa:40:79:a2:
         85:5f:f6:2c:81:06:f4:08:7e:39:0d:8f:2e:33:8d:c9:bd:b2:
         8f:f4:04:f2:a9:51:90:28:c2:b3:1f:4b:ce:5d:96:39:40:de:
         8b:75:7e:ef:e7:3c:e2:a4:66:e9:00:b1:37:7a:0d:2d:a0:8a:
         6f:4f:49:da:a0:a6:9c:2b:b5:55:13:44:51:ba:84:b6:66:cb:
         41:ed:14:f7:7f:b0:22:60:4e:03:b4:54:e8:40:31:a9:92:f5:
         d2:d0:95:e3:47:36:23:ba:f1:99:f6:01:22:f3:7e:2c:8b:8d:
         2a:8d:ca:5c:40:34:a9:33:54:9b:69:5c:80:28:1e:ca:03:8a:
         5c:30:84:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2fdSQA0YiTkmv3X+OsyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjUwMTAyMTE1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTFlYzk5NGMyNjFiZmVlOTFiNDE4YWNiZmUyZjQ5MWY2ZDkyNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QdQYH5E5nt8Fsi/PgSfdC3uBo9z
/6t1Xw9A4SYABO/d3gWaz1Ptno3XlP4MELzCih42f7E8wdlhderYvcSV4HjIa4mT
InmgjL17q7GSv85p+fTjiG3VtkoWxpRZqWqpa5bM/CRoSNcacF2PPtRAmjiulg58
GTEtq4hPJlr3Tgk7ZQnzgqf4Bkj71zc+rzZl8C8AnYAE1JiR+wM+w8OfD/kMZiEp
nXUNFhV6+Eut8GrXnK3Xz6XIfCi+LTe4CCOUqXLiM2G33UV1pxsLz9fuUXAkZ6P2
w1h7LSI7MtLM7K8EXEbDVOG7tMIl0ePFrz354zqthmgEPxuCdiMmMLBmewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEoeyZTCYb/ukbQYrL/i9JH22SZLMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvU2g3SmxNSmh2LTZSdEJpc3YtTDBrZmJaSmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW2gMA0G
CSqGSIb3DQEBCwUAA4IBAQCkJ/7z36/9xkm1e1CImCMEMvnbt35o52Sc/k0UqG29
abqjBNCkodmuMj1ig6Qzbcz7Cb1nykgAzvLTgeD4bMsA8NC2R5M9UHjPpdIhKZXk
Hv4qwZjtw+s7plK9YhQaWpdi9OgHBrciy2cWVo47BI28EARoMApAypzzg6pAeaKF
X/YsgQb0CH45DY8uM43JvbKP9ATyqVGQKMKzH0vOXZY5QN6LdX7v5zzipGbpALE3
eg0toIpvT0naoKacK7VVE0RRuoS2ZstB7RT3f7AiYE4DtFToQDGpkvXS0JXjRzYj
uvGZ9gEi834si40qjcpcQDSpM1SbaVyAKB7KA4pcMIRe
-----END CERTIFICATE-----