Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/TpxWTrL4j0lnk0YQG0c0SdQ3bQQ.roa
File:                     TpxWTrL4j0lnk0YQG0c0SdQ3bQQ.roa (raw, json)
Hash identifier:          pVa5YDGKk7UmFpA7LpXMSAYb90cIeMwOf1V16gdhcro=
Subject key identifier:   4E:9C:56:4E:B2:F8:8F:49:67:93:46:10:1B:47:34:49:D4:37:6D:04
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       0191FC28A922A7B274FB6F08785BBC38229E
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/TpxWTrL4j0lnk0YQG0c0SdQ3bQQ.roa
Signing time:             Mon 16 Sep 2024 18:46:48 +0000
ROA not before:           Mon 16 Sep 2024 18:46:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400992
IP address blocks:        185.219.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fc:28:a9:22:a7:b2:74:fb:6f:08:78:5b:bc:38:22:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Sep 16 18:46:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e9c564eb2f88f49679346101b473449d4376d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:39:b4:9f:84:22:d1:82:a1:f2:00:15:c2:02:
                    2b:da:76:ce:21:3c:d9:6f:91:8e:8c:f3:95:43:b4:
                    6e:63:97:21:10:9b:1c:84:4a:64:c6:a3:62:11:1b:
                    44:27:80:c7:44:fa:02:81:14:f2:9a:2f:7b:dd:cf:
                    44:42:cc:db:d4:70:51:e3:60:c3:b7:fd:f5:28:b8:
                    cb:82:69:78:9d:f8:eb:74:ab:77:c3:6e:35:3c:93:
                    2f:81:f3:a2:e3:b9:e6:29:04:26:ce:6d:7f:29:6d:
                    d6:56:c1:32:f2:eb:50:90:03:51:93:84:f0:6d:e9:
                    3b:c6:d4:4f:e2:c9:b9:f0:b4:1f:82:e5:ab:02:02:
                    2a:ff:16:ac:89:00:87:7f:a7:65:a9:09:33:cd:53:
                    2f:57:a3:50:7f:84:03:16:2c:3e:b1:9d:04:74:3a:
                    dd:8f:b8:f0:41:54:48:75:c4:d8:14:ea:c4:d0:cb:
                    fd:2e:af:4e:e2:89:15:b7:d4:5c:27:45:84:96:5a:
                    a0:c7:1e:05:91:76:1f:01:09:32:e1:e2:7f:fb:59:
                    97:58:6d:41:64:49:6b:a3:b3:c7:e4:eb:ae:57:51:
                    f1:ed:17:02:d3:7e:4c:70:dc:11:1e:e9:55:67:b7:
                    6c:ed:fe:3d:c7:ff:32:d1:ef:30:bd:4e:8a:82:1f:
                    8b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:9C:56:4E:B2:F8:8F:49:67:93:46:10:1B:47:34:49:D4:37:6D:04
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/TpxWTrL4j0lnk0YQG0c0SdQ3bQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:52:a5:25:67:9e:1a:1d:85:df:93:bc:c6:0c:53:a9:c4:0e:
         8f:84:bc:0e:a2:a8:58:45:62:2e:52:95:6b:41:ab:77:60:11:
         90:e9:77:b3:81:7c:a5:a2:ae:da:66:0f:b5:7e:fb:36:c0:16:
         81:cb:b6:0c:0a:63:ef:66:a3:37:be:59:4d:d4:9c:f8:b5:1a:
         65:f8:6b:00:63:02:62:43:8d:c7:b9:4a:ef:6c:05:0d:c3:f7:
         99:84:ca:28:c7:6c:d0:a5:41:74:ea:d5:67:8e:14:d6:e9:34:
         b8:7e:50:a0:d5:ca:e1:06:ea:3c:aa:ad:a6:da:e6:aa:c5:77:
         9b:a8:96:73:a1:58:66:81:e2:0d:67:dc:de:cf:60:6d:7b:f8:
         25:89:34:48:0a:62:55:2b:4b:cd:c1:12:3f:48:a5:a7:4b:98:
         f1:6c:9c:27:ef:f2:b6:cf:1f:67:db:bf:b1:a1:fc:f1:22:a5:
         ed:a2:a7:4d:b0:63:ba:5e:d7:fe:15:f7:0a:5b:b3:62:ed:8c:
         ba:9c:6d:bf:4e:0c:ea:ec:24:8d:6b:cf:55:3d:65:8a:03:bf:
         15:b3:75:4f:f0:e3:f7:06:28:b5:54:33:f9:93:5d:b6:9d:ff:
         39:f9:e8:dc:37:ae:75:36:72:3c:75:3d:72:b2:4f:70:a6:68:
         eb:8b:48:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH8KKkip7J0+28IeFu8OCKeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwOTE2MTg0NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTljNTY0ZWIyZjg4ZjQ5Njc5MzQ2MTAxYjQ3MzQ0OWQ0Mzc2ZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzm0n4Qi0YKh8gAVwgIr2nbOITzZ
b5GOjPOVQ7RuY5chEJschEpkxqNiERtEJ4DHRPoCgRTymi973c9EQszb1HBR42DD
t/31KLjLgml4nfjrdKt3w241PJMvgfOi47nmKQQmzm1/KW3WVsEy8utQkANRk4Tw
bek7xtRP4sm58LQfguWrAgIq/xasiQCHf6dlqQkzzVMvV6NQf4QDFiw+sZ0EdDrd
j7jwQVRIdcTYFOrE0Mv9Lq9O4okVt9RcJ0WEllqgxx4FkXYfAQky4eJ/+1mXWG1B
ZElro7PH5OuuV1Hx7RcC035McNwRHulVZ7ds7f49x/8y0e8wvU6Kgh+LyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6cVk6y+I9JZ5NGEBtHNEnUN20EMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvVHB4V1RyTDRqMGxuazBZUUcwYzBTZFEzYlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudsHMA0G
CSqGSIb3DQEBCwUAA4IBAQByUqUlZ54aHYXfk7zGDFOpxA6PhLwOoqhYRWIuUpVr
Qat3YBGQ6XezgXyloq7aZg+1fvs2wBaBy7YMCmPvZqM3vllN1Jz4tRpl+GsAYwJi
Q43HuUrvbAUNw/eZhMoox2zQpUF06tVnjhTW6TS4flCg1crhBuo8qq2m2uaqxXeb
qJZzoVhmgeINZ9zez2Bte/gliTRICmJVK0vNwRI/SKWnS5jxbJwn7/K2zx9n27+x
ofzxIqXtoqdNsGO6Xtf+FfcKW7Ni7Yy6nG2/Tgzq7CSNa89VPWWKA78Vs3VP8OP3
Bii1VDP5k122nf85+ejcN651NnI8dT1ysk9wpmjri0ib
-----END CERTIFICATE-----