Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/tXzdlnQZhv4AjsHG_nCb36HBMms.roa
File:                     tXzdlnQZhv4AjsHG_nCb36HBMms.roa (raw, json)
Hash identifier:          itYSwDp7ZPD0fN/KEVCPKo4GgzbG9dVoYyzdmZa2CLE=
Subject key identifier:   B5:7C:DD:96:74:19:86:FE:00:8E:C1:C6:FE:70:9B:DF:A1:C1:32:6B
Certificate issuer:       /CN=9907c7b89656dd339cb98fb7c2b0371c5926a641
Certificate serial:       018CC42528CF68D35F70F4D30043AD6E9C34
Authority key identifier: 99:07:C7:B8:96:56:DD:33:9C:B9:8F:B7:C2:B0:37:1C:59:26:A6:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mQfHuJZW3TOcuY-3wrA3HFkmpkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/tXzdlnQZhv4AjsHG_nCb36HBMms.roa
Signing time:             Mon 01 Jan 2024 08:30:18 +0000
ROA not before:           Mon 01 Jan 2024 08:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29092
IP address blocks:        195.47.241.0/24 maxlen: 24
                          195.66.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/mQfHuJZW3TOcuY-3wrA3HFkmpkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/mQfHuJZW3TOcuY-3wrA3HFkmpkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mQfHuJZW3TOcuY-3wrA3HFkmpkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:28:cf:68:d3:5f:70:f4:d3:00:43:ad:6e:9c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9907c7b89656dd339cb98fb7c2b0371c5926a641
        Validity
            Not Before: Jan  1 08:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b57cdd96741986fe008ec1c6fe709bdfa1c1326b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a8:15:b2:f6:07:72:09:b8:d0:d3:17:65:92:
                    21:67:6d:78:36:43:e1:95:78:90:ba:66:2e:ab:ec:
                    5e:03:d3:8d:5f:33:d2:43:9f:d4:fc:73:d0:0e:3d:
                    f9:cb:dc:9f:53:d5:80:28:15:f0:61:db:2a:fc:2e:
                    76:eb:3d:c8:ce:19:ad:2f:45:45:19:ef:27:72:fb:
                    89:8f:99:39:ba:8b:98:f1:c8:b4:5c:d7:5b:1c:a2:
                    92:ce:dd:9b:97:e2:6f:5d:40:bb:01:4e:95:69:33:
                    94:25:f5:98:90:c7:37:88:02:85:34:5c:a5:b1:63:
                    ef:aa:6d:49:9e:e4:d4:a0:ff:b2:80:d0:53:44:66:
                    92:8d:da:14:f3:a7:a9:51:f0:b5:9f:63:a9:f1:cc:
                    bf:80:fb:d3:d7:58:18:09:ae:02:90:a0:79:53:34:
                    77:d7:04:51:e4:95:09:d1:ef:de:f3:b0:6d:3c:9b:
                    1f:c4:2f:77:14:18:22:cb:6a:5d:7b:04:92:36:c2:
                    29:b3:6f:6c:0e:c0:bc:d6:b0:f9:61:1e:82:95:d7:
                    10:58:64:81:48:38:27:48:dc:c5:84:f1:44:c5:34:
                    98:ff:47:bd:91:25:be:c3:87:fb:c0:c3:55:cd:3a:
                    13:5b:88:01:cf:50:c8:1e:dd:90:13:df:3c:6e:87:
                    d2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:7C:DD:96:74:19:86:FE:00:8E:C1:C6:FE:70:9B:DF:A1:C1:32:6B
            X509v3 Authority Key Identifier:
                keyid:99:07:C7:B8:96:56:DD:33:9C:B9:8F:B7:C2:B0:37:1C:59:26:A6:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mQfHuJZW3TOcuY-3wrA3HFkmpkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/tXzdlnQZhv4AjsHG_nCb36HBMms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7dd289-6cb5-4371-846c-93dec735f717/1/mQfHuJZW3TOcuY-3wrA3HFkmpkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.241.0/24
                  195.66.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:33:49:cc:09:50:16:c8:43:ca:40:c3:49:16:20:34:8a:31:
         d6:94:5a:8e:96:12:3c:5a:87:89:42:ad:98:df:04:7f:e6:1c:
         2c:cc:17:68:0c:d5:14:8a:36:7f:5c:a7:a3:d9:85:2d:ee:0b:
         31:bd:0b:0b:3f:88:3b:44:91:ab:b4:39:f2:c5:8b:06:0b:34:
         cb:63:29:c6:3d:a9:4c:72:ac:fc:c5:11:8f:95:65:8c:da:68:
         ca:4c:56:22:3c:9c:4b:b0:4a:63:08:35:55:6a:5b:87:78:b1:
         e2:07:5a:af:51:97:03:6a:45:4a:14:ce:aa:42:db:9e:2f:bd:
         b4:2d:bf:ea:0e:6b:59:17:fb:1d:f5:1b:12:f2:3d:45:d0:e0:
         d7:98:a8:98:c6:f0:e1:95:b3:79:00:63:89:3f:db:02:1d:04:
         62:f6:3d:83:58:8e:2e:71:e6:5a:c5:6e:c9:eb:ea:2d:a1:95:
         e7:06:ee:f5:de:15:1c:5d:44:ee:52:b2:70:72:33:37:3b:02:
         75:7a:0a:c6:3f:75:f6:c1:27:dd:a5:50:a6:08:9f:ea:a0:5e:
         a0:fb:e0:6a:b2:3f:cc:5d:c1:eb:aa:b6:3c:6d:95:f0:bc:db:
         1b:e1:75:d2:a1:2d:8f:d7:c8:74:62:ba:ba:b6:ed:04:33:03:
         d9:ea:31:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJSjPaNNfcPTTAEOtbpw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MDdjN2I4OTY1NmRkMzM5Y2I5OGZiN2MyYjAzNzFjNTky
NmE2NDEwHhcNMjQwMTAxMDgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTdjZGQ5Njc0MTk4NmZlMDA4ZWMxYzZmZTcwOWJkZmExYzEzMjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsagVsvYHcgm40NMXZZIhZ214NkPh
lXiQumYuq+xeA9ONXzPSQ5/U/HPQDj35y9yfU9WAKBXwYdsq/C526z3IzhmtL0VF
Ge8ncvuJj5k5uouY8ci0XNdbHKKSzt2bl+JvXUC7AU6VaTOUJfWYkMc3iAKFNFyl
sWPvqm1JnuTUoP+ygNBTRGaSjdoU86epUfC1n2Op8cy/gPvT11gYCa4CkKB5UzR3
1wRR5JUJ0e/e87BtPJsfxC93FBgiy2pdewSSNsIps29sDsC81rD5YR6CldcQWGSB
SDgnSNzFhPFExTSY/0e9kSW+w4f7wMNVzToTW4gBz1DIHt2QE988bofS+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLV83ZZ0GYb+AI7Bxv5wm9+hwTJrMB8GA1UdIwQY
MBaAFJkHx7iWVt0znLmPt8KwNxxZJqZBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVFmSHVKWlczVE9jdVktM3dyQTNIRmttcGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83ZGQyODktNmNiNS00MzcxLTg0NmMt
OTNkZWM3MzVmNzE3LzEvdFh6ZGxuUVpodjRBanNIR19uQ2IzNkhCTW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83ZGQyODktNmNiNS00MzcxLTg0NmMtOTNkZWM3MzVmNzE3
LzEvbVFmSHVKWlczVE9jdVktM3dyQTNIRmttcGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwy/xAwQA
w0J3MA0GCSqGSIb3DQEBCwUAA4IBAQAjM0nMCVAWyEPKQMNJFiA0ijHWlFqOlhI8
WoeJQq2Y3wR/5hwszBdoDNUUijZ/XKej2YUt7gsxvQsLP4g7RJGrtDnyxYsGCzTL
YynGPalMcqz8xRGPlWWM2mjKTFYiPJxLsEpjCDVValuHeLHiB1qvUZcDakVKFM6q
QtueL720Lb/qDmtZF/sd9RsS8j1F0ODXmKiYxvDhlbN5AGOJP9sCHQRi9j2DWI4u
ceZaxW7J6+otoZXnBu713hUcXUTuUrJwcjM3OwJ1egrGP3X2wSfdpVCmCJ/qoF6g
++Bqsj/MXcHrqrY8bZXwvNsb4XXSoS2P18h0Yrq6tu0EMwPZ6jHH
-----END CERTIFICATE-----