Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/cmgfH2wI0UJnhqDcgAz3zUbYZHI.roa
File:                     cmgfH2wI0UJnhqDcgAz3zUbYZHI.roa (raw, json)
Hash identifier:          Amk49id7tOLGoYbN6paNUz7WsMHgKPP1/t7duzWEP2c=
Subject key identifier:   72:68:1F:1F:6C:08:D1:42:67:86:A0:DC:80:0C:F7:CD:46:D8:64:72
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018CF8A486302324B579F0DAE9BAF0EC1A07
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/cmgfH2wI0UJnhqDcgAz3zUbYZHI.roa
Signing time:             Thu 11 Jan 2024 13:09:40 +0000
ROA not before:           Thu 11 Jan 2024 13:09:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        193.53.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f8:a4:86:30:23:24:b5:79:f0:da:e9:ba:f0:ec:1a:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan 11 13:09:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72681f1f6c08d1426786a0dc800cf7cd46d86472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:da:3e:a1:5b:8b:f5:0e:a3:62:4f:2c:6f:a1:
                    92:c3:24:e5:da:29:45:91:97:d1:ac:49:34:37:13:
                    06:e0:92:3f:f6:88:f8:fd:b3:35:87:0f:fe:d6:4f:
                    38:72:ab:1a:92:00:77:83:09:42:eb:8b:12:ce:c8:
                    69:06:35:3f:11:b5:f5:51:ea:eb:55:ab:2c:c1:53:
                    b5:10:4e:0c:91:58:71:cf:c7:22:a9:71:31:87:48:
                    0a:bf:86:e9:e8:ee:be:d9:f8:03:38:57:27:1f:3e:
                    76:87:44:8d:86:32:c5:83:1f:96:aa:83:2b:bf:bd:
                    4e:0e:66:71:cd:d3:d1:d6:5b:fe:e5:a0:05:59:e8:
                    a5:28:e8:de:c7:78:3c:53:65:b7:43:e7:83:cc:a8:
                    e9:86:a9:58:c3:47:dd:34:ec:1c:4d:22:db:a1:2e:
                    6a:55:f9:ed:7f:05:b8:05:36:38:85:7c:c2:b1:91:
                    24:fe:e9:5f:b5:ad:ea:f6:73:2f:7c:29:53:8a:43:
                    dd:67:8c:c1:08:7c:d2:5f:8c:56:fc:2a:95:d4:88:
                    6c:74:36:4d:2c:df:cc:66:41:75:4f:bb:c3:94:98:
                    4b:b9:26:cf:67:7b:23:88:0d:31:8e:5f:de:11:99:
                    1d:98:4c:f6:2b:95:df:7c:fa:e7:65:cd:1e:e9:d5:
                    ed:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:68:1F:1F:6C:08:D1:42:67:86:A0:DC:80:0C:F7:CD:46:D8:64:72
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/cmgfH2wI0UJnhqDcgAz3zUbYZHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:da:23:7f:0c:06:26:b3:d7:dd:c1:d2:ed:40:ff:42:bf:2e:
         f3:88:e3:6a:bb:ed:af:c0:7b:70:ae:c5:f0:d4:75:a6:40:ba:
         3d:4e:8b:ac:4b:93:82:59:30:ac:db:0e:89:8d:78:90:e3:29:
         24:2f:75:e1:02:1b:ce:c4:be:11:1d:00:b3:5c:a1:eb:4f:4a:
         f9:94:e6:94:ae:7f:d2:55:76:e2:e9:29:6b:36:d2:44:18:cb:
         15:3c:ab:01:37:e1:d6:8b:d9:d2:47:ce:28:50:5a:3a:b2:f7:
         28:b7:28:eb:15:18:fa:30:17:28:01:bd:ef:76:56:b8:9e:be:
         7a:72:84:df:02:7e:2f:c6:c1:15:dc:d6:13:80:51:b2:de:39:
         91:db:e1:11:c1:10:6b:10:39:1c:78:06:cb:e5:cd:45:5a:4c:
         b4:f2:b0:d6:74:af:ff:a7:0e:d9:99:94:98:68:d7:2a:2f:91:
         b5:2a:cf:2d:b5:e5:58:96:1f:dc:c1:08:a2:05:b3:47:58:6a:
         54:95:f3:92:6e:94:20:b5:66:61:0e:6e:c4:0e:91:44:2d:a1:
         1d:26:73:14:2a:4a:9b:4d:97:a3:6c:49:0f:b0:48:56:35:51:
         77:9f:96:53:37:d6:f8:9b:17:5d:4b:b9:74:a0:c4:3d:c6:6c:
         24:59:bd:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz4pIYwIyS1efDa6brw7BoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTExMTMwOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjY4MWYxZjZjMDhkMTQyNjc4NmEwZGM4MDBjZjdjZDQ2ZDg2NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldo+oVuL9Q6jYk8sb6GSwyTl2ilF
kZfRrEk0NxMG4JI/9oj4/bM1hw/+1k84cqsakgB3gwlC64sSzshpBjU/EbX1Uerr
VasswVO1EE4MkVhxz8ciqXExh0gKv4bp6O6+2fgDOFcnHz52h0SNhjLFgx+WqoMr
v71ODmZxzdPR1lv+5aAFWeilKOjex3g8U2W3Q+eDzKjphqlYw0fdNOwcTSLboS5q
VfntfwW4BTY4hXzCsZEk/ulfta3q9nMvfClTikPdZ4zBCHzSX4xW/CqV1IhsdDZN
LN/MZkF1T7vDlJhLuSbPZ3sjiA0xjl/eEZkdmEz2K5XffPrnZc0e6dXtVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJoHx9sCNFCZ4ag3IAM981G2GRyMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvY21nZkgyd0kwVUpuaHFEY2dBejN6VWJZWkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTUjMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ2iN/DAYms9fdwdLtQP9Cvy7ziONqu+2vwHtwrsXw
1HWmQLo9TousS5OCWTCs2w6JjXiQ4ykkL3XhAhvOxL4RHQCzXKHrT0r5lOaUrn/S
VXbi6SlrNtJEGMsVPKsBN+HWi9nSR84oUFo6svcotyjrFRj6MBcoAb3vdla4nr56
coTfAn4vxsEV3NYTgFGy3jmR2+ERwRBrEDkceAbL5c1FWky08rDWdK//pw7ZmZSY
aNcqL5G1Ks8tteVYlh/cwQiiBbNHWGpUlfOSbpQgtWZhDm7EDpFELaEdJnMUKkqb
TZejbEkPsEhWNVF3n5ZTN9b4mxddS7l0oMQ9xmwkWb3I
-----END CERTIFICATE-----