Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/q0cr2p6mI_eTabPKson025fAt1U.roa
File:                     q0cr2p6mI_eTabPKson025fAt1U.roa (raw, json)
Hash identifier:          KHgvqXJM2YA/eDs60PiZcpqbW4ugfjfKHzyPxjcApqY=
Subject key identifier:   AB:47:2B:DA:9E:A6:23:F7:93:69:B3:CA:B2:89:F4:DB:97:C0:B7:55
Certificate issuer:       /CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
Certificate serial:       01931B647ACBC7F0655FF317A25A19DD0A6C
Authority key identifier: 62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/q0cr2p6mI_eTabPKson025fAt1U.roa
Signing time:             Mon 11 Nov 2024 13:23:10 +0000
ROA not before:           Mon 11 Nov 2024 13:23:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203394
IP address blocks:        141.105.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1b:64:7a:cb:c7:f0:65:5f:f3:17:a2:5a:19:dd:0a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62a15cc88659f578cc159c52b3a7e9ec5819fb20
        Validity
            Not Before: Nov 11 13:23:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab472bda9ea623f79369b3cab289f4db97c0b755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:70:c8:3b:56:3f:e4:8a:c1:0c:05:1b:1b:0b:
                    1c:52:e2:c1:98:9a:3b:e3:e3:7f:61:b6:5b:39:75:
                    8c:85:7d:d2:40:ac:0c:0b:37:8e:66:0c:64:81:4d:
                    4c:db:d0:12:63:27:db:2a:de:1e:5a:b3:fa:6f:b2:
                    73:c0:3f:e4:89:4a:d1:2a:5b:d6:bd:dd:2c:0f:6e:
                    7b:28:08:17:ec:e3:7e:76:61:3e:9b:6c:0f:bb:c7:
                    92:6b:1d:2d:cd:30:d4:ad:f7:3e:ab:16:73:3a:20:
                    e2:24:96:24:21:c6:d8:ef:26:ec:c8:1c:e2:be:62:
                    33:66:66:69:2b:43:eb:a5:7b:1e:91:98:e4:4d:10:
                    11:1c:15:06:1a:dd:4d:e5:31:5e:e7:97:f9:7b:d4:
                    1c:06:60:0a:2c:c0:23:07:7e:e0:b3:84:dc:e4:35:
                    0e:6d:c2:c8:56:78:97:53:9c:67:fd:da:23:1b:d8:
                    fd:68:b8:10:1a:9a:2f:b4:c3:a7:10:b6:e4:9f:f2:
                    35:22:d7:a7:96:a9:f6:57:e3:d1:f8:53:af:92:c8:
                    99:30:a6:96:7c:37:0c:2c:02:2e:e7:df:21:49:41:
                    e9:e2:6e:ab:cd:56:8f:6a:42:4b:4c:a1:79:d9:19:
                    f6:a6:53:32:eb:f9:b3:21:f8:85:c2:6e:d8:9e:bf:
                    2d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:47:2B:DA:9E:A6:23:F7:93:69:B3:CA:B2:89:F4:DB:97:C0:B7:55
            X509v3 Authority Key Identifier:
                keyid:62:A1:5C:C8:86:59:F5:78:CC:15:9C:52:B3:A7:E9:EC:58:19:FB:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/q0cr2p6mI_eTabPKson025fAt1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2117bc-1f9e-4590-a550-4269b56bf7d4/1/YqFcyIZZ9XjMFZxSs6fp7FgZ-yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:07:9b:97:5a:2d:be:34:20:a7:d6:38:5d:47:be:49:2a:5d:
         d8:29:f7:53:d8:25:15:64:9e:cf:6a:01:6c:1d:70:69:fb:f8:
         0e:ee:be:36:ac:59:69:24:8d:cb:bf:f9:81:e2:6c:12:88:4b:
         66:12:d0:21:33:c2:15:95:2d:27:c5:68:6d:47:11:d4:a8:5e:
         2f:b6:23:bd:04:c8:a9:e8:14:95:6d:21:4f:0d:92:67:0d:b2:
         87:4f:8c:e6:20:e8:9c:71:5e:57:ec:ec:53:89:6a:1a:50:d8:
         c9:9b:6d:85:50:58:46:c0:85:51:df:93:cb:1e:dc:c0:e0:25:
         d1:3c:88:e1:df:d7:cc:f1:3e:42:eb:c8:82:43:30:b2:ed:6e:
         b0:73:4f:36:98:c6:c7:0e:0d:dd:06:df:da:b1:f7:eb:10:e3:
         ed:2a:1d:a2:c2:a6:f0:f7:98:9d:e8:30:f9:a7:9d:35:c9:dd:
         b3:d0:fe:33:be:f8:01:3b:fe:b0:70:bb:83:7c:5f:f9:43:38:
         f0:97:74:4f:c4:80:4c:e3:88:ea:6f:43:d8:99:f8:f2:0c:69:
         99:e9:6b:31:0e:9a:4a:e2:f7:60:14:07:15:23:20:24:b9:0d:
         55:b4:cd:87:fa:05:64:ed:79:a0:14:f1:f0:83:af:6d:87:d7:
         71:03:9a:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMbZHrLx/BlX/MXoloZ3QpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYTE1Y2M4ODY1OWY1NzhjYzE1OWM1MmIzYTdlOWVjNTgx
OWZiMjAwHhcNMjQxMTExMTMyMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ3MmJkYTllYTYyM2Y3OTM2OWIzY2FiMjg5ZjRkYjk3YzBiNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHDIO1Y/5IrBDAUbGwscUuLBmJo7
4+N/YbZbOXWMhX3SQKwMCzeOZgxkgU1M29ASYyfbKt4eWrP6b7JzwD/kiUrRKlvW
vd0sD257KAgX7ON+dmE+m2wPu8eSax0tzTDUrfc+qxZzOiDiJJYkIcbY7ybsyBzi
vmIzZmZpK0PrpXsekZjkTRARHBUGGt1N5TFe55f5e9QcBmAKLMAjB37gs4Tc5DUO
bcLIVniXU5xn/dojG9j9aLgQGpovtMOnELbkn/I1Itenlqn2V+PR+FOvksiZMKaW
fDcMLAIu598hSUHp4m6rzVaPakJLTKF52Rn2plMy6/mzIfiFwm7Ynr8tNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtHK9qepiP3k2mzyrKJ9NuXwLdVMB8GA1UdIwQY
MBaAFGKhXMiGWfV4zBWcUrOn6exYGfsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAt
NDI2OWI1NmJmN2Q0LzEvcTBjcjJwNm1JX2VUYWJQS3NvbjAyNWZBdDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yMTE3YmMtMWY5ZS00NTkwLWE1NTAtNDI2OWI1NmJmN2Q0
LzEvWXFGY3lJWlo5WGpNRlp4U3M2ZnA3RmdaLXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWmCMA0G
CSqGSIb3DQEBCwUAA4IBAQCKB5uXWi2+NCCn1jhdR75JKl3YKfdT2CUVZJ7PagFs
HXBp+/gO7r42rFlpJI3Lv/mB4mwSiEtmEtAhM8IVlS0nxWhtRxHUqF4vtiO9BMip
6BSVbSFPDZJnDbKHT4zmIOiccV5X7OxTiWoaUNjJm22FUFhGwIVR35PLHtzA4CXR
PIjh39fM8T5C68iCQzCy7W6wc082mMbHDg3dBt/asffrEOPtKh2iwqbw95id6DD5
p501yd2z0P4zvvgBO/6wcLuDfF/5Qzjwl3RPxIBM44jqb0PYmfjyDGmZ6WsxDppK
4vdgFAcVIyAkuQ1VtM2H+gVk7XmgFPHwg69th9dxA5pM
-----END CERTIFICATE-----