Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/q4TQ6PzIE9ivKNa4vcsyOyJZQf0.roa
File:                     q4TQ6PzIE9ivKNa4vcsyOyJZQf0.roa (raw, json)
Hash identifier:          cmpZWu1Zyk3SgLjY5boiHmKS+tzTEnuWHVF7jrqycg0=
Subject key identifier:   AB:84:D0:E8:FC:C8:13:D8:AF:28:D6:B8:BD:CB:32:3B:22:59:41:FD
Certificate issuer:       /CN=7d149f62447853689c12fb288afeb6b681cfebc1
Certificate serial:       018CC56E3B29BAE65E2F7D4CCC7B1552C912
Authority key identifier: 7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/q4TQ6PzIE9ivKNa4vcsyOyJZQf0.roa
Signing time:             Mon 01 Jan 2024 14:29:44 +0000
ROA not before:           Mon 01 Jan 2024 14:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50345
IP address blocks:        93.125.108.0/24 maxlen: 24
                          2a04:2e80:14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3b:29:ba:e6:5e:2f:7d:4c:cc:7b:15:52:c9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d149f62447853689c12fb288afeb6b681cfebc1
        Validity
            Not Before: Jan  1 14:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab84d0e8fcc813d8af28d6b8bdcb323b225941fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bb:c9:f7:1c:1f:44:6e:3f:8c:dc:43:0f:db:
                    56:1d:b7:dc:de:27:43:de:bb:57:88:9c:33:47:f3:
                    61:6f:5f:2e:69:5c:d1:4b:8a:c5:db:4d:46:a2:06:
                    f3:0e:ac:66:c1:ad:54:64:12:cc:ba:e0:f3:f1:eb:
                    e6:a2:88:ca:78:53:42:8d:62:fd:52:f4:04:06:1f:
                    5c:4c:9e:ab:d7:59:19:cd:7a:83:b5:1f:74:31:42:
                    92:00:a9:bc:1c:d3:b1:77:6f:18:7b:02:bd:db:2e:
                    07:a5:7d:94:c6:46:73:49:42:62:e8:eb:cb:a6:ce:
                    8b:c0:5b:1f:91:11:2b:51:01:92:0b:8d:e3:60:70:
                    10:9c:37:58:c1:f9:70:79:81:a1:b3:ea:22:26:53:
                    73:e6:da:3f:47:47:1d:7c:54:5b:90:87:10:73:9b:
                    8e:06:09:5e:7a:f4:d4:8f:d6:9a:4b:8b:26:14:00:
                    2e:01:72:e5:fb:13:0b:df:d8:a0:d3:c2:c5:05:98:
                    4f:f5:ca:39:47:df:ec:da:24:ee:74:26:92:b3:5c:
                    40:3a:5d:2b:ae:30:63:38:03:4d:5f:b8:31:c1:ff:
                    03:f7:68:62:de:e1:d3:df:79:dd:3e:cd:8c:63:c0:
                    f8:3f:68:1d:c3:18:e4:25:f1:79:ac:23:f6:09:9b:
                    e4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:84:D0:E8:FC:C8:13:D8:AF:28:D6:B8:BD:CB:32:3B:22:59:41:FD
            X509v3 Authority Key Identifier:
                keyid:7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/q4TQ6PzIE9ivKNa4vcsyOyJZQf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.125.108.0/24
                IPv6:
                  2a04:2e80:14::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:31:fe:24:ba:80:60:ff:48:69:a8:bd:0f:78:5a:1a:be:80:
         d3:79:ee:99:83:97:a1:b5:28:c8:34:9c:45:2d:c4:60:9c:49:
         30:50:e0:fd:0c:02:98:54:a0:37:a0:c1:b6:c8:54:78:42:68:
         38:00:b9:b2:cb:aa:bc:08:d1:13:9d:68:a5:24:df:c9:08:6f:
         7c:1f:49:66:b6:f6:2e:1e:6a:63:ae:40:e3:93:a7:6d:80:06:
         d4:23:80:44:b8:db:29:13:5b:b2:21:cb:33:7d:35:7b:d6:19:
         4c:6e:83:2b:f9:a7:a4:07:23:bd:1b:56:db:13:19:23:14:ed:
         4a:eb:39:df:94:fe:6c:f6:d6:b6:d0:aa:cb:1c:51:56:10:f7:
         35:df:ae:aa:75:86:be:1d:b0:8f:61:bc:cc:90:9d:80:c3:14:
         7f:6c:64:8f:0f:5f:e9:ca:f3:6d:a1:9a:0e:e0:fd:2a:57:40:
         32:de:c6:b0:89:36:f3:79:d3:1b:ba:ee:3d:35:12:54:50:7b:
         fc:0c:40:e7:9f:43:bb:9b:1a:ca:6a:c7:fe:13:16:a4:56:d7:
         60:d9:fa:ec:0f:99:07:4a:86:5b:ac:d0:3b:bc:42:02:74:72:
         d2:5b:ff:02:a4:a4:53:1f:e7:56:3d:04:89:81:bc:5b:aa:60:
         d4:f5:89:7f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFbjspuuZeL31MzHsVUskSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMTQ5ZjYyNDQ3ODUzNjg5YzEyZmIyODhhZmViNmI2ODFj
ZmViYzEwHhcNMjQwMTAxMTQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjg0ZDBlOGZjYzgxM2Q4YWYyOGQ2YjhiZGNiMzIzYjIyNTk0MWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLvJ9xwfRG4/jNxDD9tWHbfc3idD
3rtXiJwzR/Nhb18uaVzRS4rF201GogbzDqxmwa1UZBLMuuDz8evmoojKeFNCjWL9
UvQEBh9cTJ6r11kZzXqDtR90MUKSAKm8HNOxd28YewK92y4HpX2UxkZzSUJi6OvL
ps6LwFsfkRErUQGSC43jYHAQnDdYwflweYGhs+oiJlNz5to/R0cdfFRbkIcQc5uO
BgleevTUj9aaS4smFAAuAXLl+xML39ig08LFBZhP9co5R9/s2iTudCaSs1xAOl0r
rjBjOANNX7gxwf8D92hi3uHT33ndPs2MY8D4P2gdwxjkJfF5rCP2CZvkMwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKuE0Oj8yBPYryjWuL3LMjsiWUH9MB8GA1UdIwQY
MBaAFH0Un2JEeFNonBL7KIr+traBz+vBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTct
YWFiMGU0MTRjYzYzLzEvcTRUUTZQeklFOWl2S05hNHZjc3lPeUpaUWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTctYWFiMGU0MTRjYzYz
LzEvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXX1sMA8E
AgACMAkDBwAqBC6AABQwDQYJKoZIhvcNAQELBQADggEBACIx/iS6gGD/SGmovQ94
Whq+gNN57pmDl6G1KMg0nEUtxGCcSTBQ4P0MAphUoDegwbbIVHhCaDgAubLLqrwI
0ROdaKUk38kIb3wfSWa29i4eamOuQOOTp22ABtQjgES42ykTW7IhyzN9NXvWGUxu
gyv5p6QHI70bVtsTGSMU7UrrOd+U/mz21rbQqsscUVYQ9zXfrqp1hr4dsI9hvMyQ
nYDDFH9sZI8PX+nK822hmg7g/SpXQDLexrCJNvN50xu67j01ElRQe/wMQOefQ7ub
Gspqx/4TFqRW12DZ+uwPmQdKhlus0Du8QgJ0ctJb/wKkpFMf51Y9BImBvFuqYNT1
iX8=
-----END CERTIFICATE-----