Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/OvDN6EAFuwFovZQl3awSbWlgoGU.roa
File:                     OvDN6EAFuwFovZQl3awSbWlgoGU.roa (raw, json)
Hash identifier:          Lwu2BvIh2Xh0EPdVA44S8rfZnSR9rtt5pX81mBWr9xk=
Subject key identifier:   3A:F0:CD:E8:40:05:BB:01:68:BD:94:25:DD:AC:12:6D:69:60:A0:65
Certificate issuer:       /CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
Certificate serial:       01932A6F304F7A13258FF1FC8063FE8A7E37
Authority key identifier: EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/OvDN6EAFuwFovZQl3awSbWlgoGU.roa
Signing time:             Thu 14 Nov 2024 11:29:10 +0000
ROA not before:           Thu 14 Nov 2024 11:29:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.39.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:6f:30:4f:7a:13:25:8f:f1:fc:80:63:fe:8a:7e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
        Validity
            Not Before: Nov 14 11:29:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3af0cde84005bb0168bd9425ddac126d6960a065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:0c:76:e0:b5:3e:04:66:d9:4d:6e:05:32:87:
                    62:74:21:52:68:1b:5f:66:cb:7d:f7:60:d8:5f:fa:
                    22:b0:6d:5f:55:c4:96:6b:16:b8:50:fd:42:44:9c:
                    12:b9:a6:d4:b8:4a:ac:c4:bc:9e:01:a8:97:79:0f:
                    c3:bb:12:3a:57:51:6e:e2:af:f7:d3:ff:46:21:6d:
                    20:ed:5e:fe:57:c5:2d:fa:82:d3:05:71:90:ca:51:
                    fa:6e:59:1e:2c:98:d7:8e:bd:c8:7d:f5:7d:3e:87:
                    f5:1a:d5:0d:fa:4f:77:99:28:e6:6f:10:c3:39:7b:
                    f9:d7:f8:50:c9:00:c6:bf:e4:de:6b:03:91:d1:9b:
                    b2:f3:02:4f:44:6f:82:98:03:15:f9:aa:ee:d9:06:
                    f8:4f:57:0a:58:17:d0:34:5c:d7:ff:dc:d3:a5:4d:
                    ae:69:e5:57:5d:99:83:83:0b:b2:40:fa:ce:7a:f7:
                    c4:48:f7:fe:88:b2:0c:9d:32:20:fe:80:52:ca:a4:
                    10:2f:b2:7a:37:60:02:63:10:88:20:55:96:fc:a9:
                    4f:a4:6f:51:15:26:ff:1c:11:e7:2f:0b:21:d1:04:
                    ec:4f:13:ad:06:07:21:7f:ba:23:b3:02:af:08:00:
                    5b:a5:c0:6b:df:de:2e:a4:9c:d3:e4:9e:dd:82:95:
                    69:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F0:CD:E8:40:05:BB:01:68:BD:94:25:DD:AC:12:6D:69:60:A0:65
            X509v3 Authority Key Identifier:
                keyid:EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/OvDN6EAFuwFovZQl3awSbWlgoGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:01:90:41:d4:0d:5e:ad:d6:21:fe:2b:1b:3d:06:33:0e:cc:
         1e:24:46:c9:e5:65:45:9c:da:94:11:e3:9d:c2:d3:bb:cc:63:
         34:e6:da:4f:37:80:22:76:f3:1f:90:e7:eb:4c:a7:a9:1f:93:
         da:b6:3b:28:b4:67:c4:80:be:be:8f:09:7a:d5:40:cb:d2:ae:
         be:86:90:f4:44:8b:b9:a4:fc:32:55:79:09:2b:4e:4e:ff:15:
         40:c6:31:73:de:fe:17:5a:a6:f2:8c:ee:0c:d7:bb:bc:f5:2b:
         8a:48:d4:6b:a1:6c:6c:4c:ae:4c:46:4c:72:27:ab:9e:d4:2a:
         47:96:19:6a:af:fe:df:38:98:ad:16:6c:82:da:83:a4:81:c4:
         9c:59:80:7d:82:42:0a:60:32:ff:bd:e9:b2:3d:94:fd:cc:81:
         49:41:fc:36:06:a0:c1:5d:3e:47:6c:f8:6d:4c:e3:36:6b:ff:
         14:a0:61:d6:4c:7c:2b:80:4f:7e:5b:2a:c6:44:80:3c:b3:7e:
         74:a7:a0:f6:11:22:f3:9a:b3:49:9a:19:a7:fa:ca:f9:33:35:
         58:f4:a9:2d:3a:0c:c9:b0:fb:71:9f:16:65:90:10:b6:e0:12:
         cb:3b:a8:7f:40:53:2f:59:96:c1:db:b4:45:22:40:a5:4e:0a:
         4e:ae:85:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMqbzBPehMlj/H8gGP+in43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNDY5NjNjYzQ3OWRhZGJlM2M1MjIzNGFiOWZhYmFhODEy
MmQyNWIwHhcNMjQxMTE0MTEyOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWYwY2RlODQwMDViYjAxNjhiZDk0MjVkZGFjMTI2ZDY5NjBhMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wx24LU+BGbZTW4FModidCFSaBtf
Zst992DYX/oisG1fVcSWaxa4UP1CRJwSuabUuEqsxLyeAaiXeQ/DuxI6V1Fu4q/3
0/9GIW0g7V7+V8Ut+oLTBXGQylH6blkeLJjXjr3IffV9Pof1GtUN+k93mSjmbxDD
OXv51/hQyQDGv+TeawOR0Zuy8wJPRG+CmAMV+aru2Qb4T1cKWBfQNFzX/9zTpU2u
aeVXXZmDgwuyQPrOevfESPf+iLIMnTIg/oBSyqQQL7J6N2ACYxCIIFWW/KlPpG9R
FSb/HBHnLwsh0QTsTxOtBgchf7ojswKvCABbpcBr394upJzT5J7dgpVpfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrwzehABbsBaL2UJd2sEm1pYKBlMB8GA1UdIwQY
MBaAFOpGljzEedrb48UiNKufq6qBItJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUt
ZWI1YmM3ZDk3YWEwLzEvT3ZETjZFQUZ1d0ZvdlpRbDNhd1NiV2xnb0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUtZWI1YmM3ZDk3YWEw
LzEvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwieEMA0G
CSqGSIb3DQEBCwUAA4IBAQCKAZBB1A1erdYh/isbPQYzDsweJEbJ5WVFnNqUEeOd
wtO7zGM05tpPN4AidvMfkOfrTKepH5PatjsotGfEgL6+jwl61UDL0q6+hpD0RIu5
pPwyVXkJK05O/xVAxjFz3v4XWqbyjO4M17u89SuKSNRroWxsTK5MRkxyJ6ue1CpH
lhlqr/7fOJitFmyC2oOkgcScWYB9gkIKYDL/vemyPZT9zIFJQfw2BqDBXT5HbPht
TOM2a/8UoGHWTHwrgE9+WyrGRIA8s350p6D2ESLzmrNJmhmn+sr5MzVY9KktOgzJ
sPtxnxZlkBC24BLLO6h/QFMvWZbB27RFIkClTgpOroXz
-----END CERTIFICATE-----