Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/f4bbff-4ea0-45eb-99a1-17a8f6bd24df/1/c8FnaKUgvzIWc2MSAQ_mLw4nkfs.roa
File:                     c8FnaKUgvzIWc2MSAQ_mLw4nkfs.roa (raw, json)
Hash identifier:          bxWhnWA5zgg7f50F9/gPZbmWH/Ve89ex8j0t7iOm0S4=
Subject key identifier:   73:C1:67:68:A5:20:BF:32:16:73:63:12:01:0F:E6:2F:0E:27:91:FB
Certificate issuer:       /CN=d3bbb6f8071947bd5c161bb8b451b7df66069641
Certificate serial:       01912D337E7B271C3FF6500920860E98A39D
Authority key identifier: D3:BB:B6:F8:07:19:47:BD:5C:16:1B:B8:B4:51:B7:DF:66:06:96:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/07u2-AcZR71cFhu4tFG332YGlkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/f4bbff-4ea0-45eb-99a1-17a8f6bd24df/1/c8FnaKUgvzIWc2MSAQ_mLw4nkfs.roa
Signing time:             Wed 07 Aug 2024 14:17:15 +0000
ROA not before:           Wed 07 Aug 2024 14:17:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215278
IP address blocks:        194.147.72.0/24 maxlen: 24
                          2001:67c:2d8c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/f4bbff-4ea0-45eb-99a1-17a8f6bd24df/1/07u2-AcZR71cFhu4tFG332YGlkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/f4bbff-4ea0-45eb-99a1-17a8f6bd24df/1/07u2-AcZR71cFhu4tFG332YGlkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/07u2-AcZR71cFhu4tFG332YGlkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2d:33:7e:7b:27:1c:3f:f6:50:09:20:86:0e:98:a3:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3bbb6f8071947bd5c161bb8b451b7df66069641
        Validity
            Not Before: Aug  7 14:17:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73c16768a520bf3216736312010fe62f0e2791fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a3:15:8c:69:b0:4e:a6:1b:43:3f:90:65:75:
                    4e:2b:cb:59:fb:05:2c:a3:23:47:0a:ed:71:f9:27:
                    84:8d:f3:ef:72:14:1d:7b:e1:29:08:aa:6a:6a:9a:
                    e4:c3:2e:b8:61:a9:b0:97:9b:c5:ce:4d:fd:07:c0:
                    74:50:b5:31:6a:db:5f:aa:22:d7:8c:1a:57:0f:d1:
                    95:24:bb:17:3e:2d:2f:ca:38:e5:4a:7c:31:0e:b6:
                    bb:24:66:58:cc:2b:51:6e:54:e9:f3:f6:91:bd:a9:
                    30:30:36:01:aa:b6:b7:5a:39:ac:76:45:21:81:db:
                    a3:e2:5f:a9:68:11:3a:00:bf:ec:5e:d8:0e:86:3d:
                    c5:f5:bf:99:0d:e0:51:e7:f1:86:bf:5a:0b:f8:c8:
                    35:ec:4a:ec:49:18:a1:b7:fc:34:32:26:8e:ee:65:
                    a0:2f:c9:fd:e3:b1:70:dd:2a:a8:ed:af:bf:24:4f:
                    16:60:a3:d3:b0:48:00:0c:15:d8:5d:8d:d0:59:a6:
                    8b:db:9e:d5:38:53:33:66:c6:9d:4e:fb:e7:5a:6a:
                    b3:04:b8:c9:08:52:68:46:68:73:0f:fd:f4:d8:dc:
                    96:0f:8a:37:3b:46:a7:87:a9:99:5b:04:41:b2:81:
                    89:d6:25:47:fa:df:4c:dd:7f:4a:69:fa:a4:87:0c:
                    9a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:C1:67:68:A5:20:BF:32:16:73:63:12:01:0F:E6:2F:0E:27:91:FB
            X509v3 Authority Key Identifier:
                keyid:D3:BB:B6:F8:07:19:47:BD:5C:16:1B:B8:B4:51:B7:DF:66:06:96:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07u2-AcZR71cFhu4tFG332YGlkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/f4bbff-4ea0-45eb-99a1-17a8f6bd24df/1/c8FnaKUgvzIWc2MSAQ_mLw4nkfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/f4bbff-4ea0-45eb-99a1-17a8f6bd24df/1/07u2-AcZR71cFhu4tFG332YGlkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.72.0/24
                IPv6:
                  2001:67c:2d8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:5e:fd:21:83:de:8d:73:17:75:ac:86:5d:86:dc:2a:7b:e2:
         19:d0:80:cd:1d:4a:c1:e7:60:4c:4e:71:1b:0e:25:1c:4d:f8:
         80:70:87:ec:32:c0:cd:28:2b:47:2d:0e:f5:0d:6f:fa:92:10:
         0b:9a:03:75:d3:fe:e9:ec:ca:8a:ea:c4:d6:35:18:10:53:dc:
         0b:92:73:89:46:a6:a9:da:ce:9e:82:b0:91:a5:7d:ce:fa:97:
         50:40:46:4f:bd:07:e9:fa:47:f1:a6:1f:e7:c6:ea:e3:14:40:
         7f:80:b8:6a:9d:1c:3c:f9:cc:58:68:06:89:28:73:09:95:46:
         fa:52:4c:17:a7:52:6e:3f:31:ba:97:fb:6f:ad:db:8c:32:55:
         4c:84:74:3e:42:c4:8b:66:f8:95:55:1f:ac:fc:17:98:47:67:
         0a:a8:a0:8f:e2:0c:b2:2e:ff:74:e2:fe:91:37:64:df:67:2e:
         a0:a5:fb:ed:c3:79:b3:0b:c9:9c:a3:e7:22:cb:00:1c:85:92:
         b6:c8:f6:64:10:30:1e:4e:09:32:40:a8:85:5f:28:ad:c6:a9:
         62:4c:95:86:82:d0:4f:c5:83:59:06:a0:12:2d:b1:19:83:ac:
         af:90:6d:c9:9c:d5:88:fa:4f:94:f7:24:d4:00:d1:76:2b:09:
         f2:95:4b:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZEtM357Jxw/9lAJIIYOmKOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYmJiNmY4MDcxOTQ3YmQ1YzE2MWJiOGI0NTFiN2RmNjYw
Njk2NDEwHhcNMjQwODA3MTQxNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2MxNjc2OGE1MjBiZjMyMTY3MzYzMTIwMTBmZTYyZjBlMjc5MWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaMVjGmwTqYbQz+QZXVOK8tZ+wUs
oyNHCu1x+SeEjfPvchQde+EpCKpqaprkwy64Yamwl5vFzk39B8B0ULUxattfqiLX
jBpXD9GVJLsXPi0vyjjlSnwxDra7JGZYzCtRblTp8/aRvakwMDYBqra3WjmsdkUh
gduj4l+paBE6AL/sXtgOhj3F9b+ZDeBR5/GGv1oL+Mg17ErsSRiht/w0MiaO7mWg
L8n947Fw3Sqo7a+/JE8WYKPTsEgADBXYXY3QWaaL257VOFMzZsadTvvnWmqzBLjJ
CFJoRmhzD/302NyWD4o3O0anh6mZWwRBsoGJ1iVH+t9M3X9KafqkhwyauwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHPBZ2ilIL8yFnNjEgEP5i8OJ5H7MB8GA1UdIwQY
MBaAFNO7tvgHGUe9XBYbuLRRt99mBpZBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDd1Mi1BY1pSNzFjRmh1NHRGRzMzMllHbGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9mNGJiZmYtNGVhMC00NWViLTk5YTEt
MTdhOGY2YmQyNGRmLzEvYzhGbmFLVWd2eklXYzJNU0FRX21MdzRua2ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9mNGJiZmYtNGVhMC00NWViLTk5YTEtMTdhOGY2YmQyNGRm
LzEvMDd1Mi1BY1pSNzFjRmh1NHRGRzMzMllHbGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpNIMA8E
AgACMAkDBwAgAQZ8LYwwDQYJKoZIhvcNAQELBQADggEBAC1e/SGD3o1zF3Wshl2G
3Cp74hnQgM0dSsHnYExOcRsOJRxN+IBwh+wywM0oK0ctDvUNb/qSEAuaA3XT/uns
yorqxNY1GBBT3AuSc4lGpqnazp6CsJGlfc76l1BARk+9B+n6R/GmH+fG6uMUQH+A
uGqdHDz5zFhoBokocwmVRvpSTBenUm4/MbqX+2+t24wyVUyEdD5CxItm+JVVH6z8
F5hHZwqooI/iDLIu/3Ti/pE3ZN9nLqCl++3DebMLyZyj5yLLAByFkrbI9mQQMB5O
CTJAqIVfKK3GqWJMlYaC0E/Fg1kGoBItsRmDrK+Qbcmc1Yj6T5T3JNQA0XYrCfKV
S6Q=
-----END CERTIFICATE-----