Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/f7g_UGVFc2KbHWoFWXVbIm_FVo0.roa
File:                     f7g_UGVFc2KbHWoFWXVbIm_FVo0.roa (raw, json)
Hash identifier:          7Co5TrLNw/XKcjYXDo+y41OtI5BYKmtU8kE6NYryYzA=
Subject key identifier:   7F:B8:3F:50:65:45:73:62:9B:1D:6A:05:59:75:5B:22:6F:C5:56:8D
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019067A3FC0131F765B5645EBE7FC98BA5F2
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/f7g_UGVFc2KbHWoFWXVbIm_FVo0.roa
Signing time:             Sun 30 Jun 2024 05:35:18 +0000
ROA not before:           Sun 30 Jun 2024 05:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48434
IP address blocks:        94.184.136.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:67:a3:fc:01:31:f7:65:b5:64:5e:be:7f:c9:8b:a5:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jun 30 05:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fb83f50654573629b1d6a0559755b226fc5568d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bd:86:f6:96:4e:79:ed:b7:7f:58:03:82:c9:
                    0a:5f:b6:1a:13:0f:6e:b9:2c:03:9d:4b:e3:25:95:
                    5c:c1:1b:e2:57:28:ff:d9:d4:94:d8:24:7b:02:51:
                    55:0a:d0:ea:e3:68:64:1d:1b:94:93:c9:1e:0e:6f:
                    91:c9:30:e2:98:65:9a:29:e7:01:bb:a8:39:46:d2:
                    1b:e4:db:74:6d:9b:1d:2d:2a:66:b7:47:e0:96:c2:
                    77:c5:be:bb:d8:6e:f4:e5:31:3a:2c:e1:10:99:3e:
                    55:74:b0:fb:ba:56:ee:01:f6:e0:c1:90:3b:d0:83:
                    87:2c:ce:c3:d0:05:fc:fc:a8:1c:8b:8a:1e:fd:36:
                    22:83:cc:9a:95:a5:ed:f3:e8:99:ee:dc:42:b4:8b:
                    c7:31:96:d9:49:22:42:b1:c3:b1:63:fe:66:d6:78:
                    d8:80:56:90:35:ab:52:5b:a9:11:69:61:8e:98:af:
                    1c:0f:c1:51:e0:7f:63:d7:37:30:b9:d0:a6:b0:db:
                    7d:96:ef:5d:59:70:50:01:d5:67:08:60:92:3d:8d:
                    43:89:25:a4:fc:27:1b:75:5d:0a:f6:32:b4:ce:a6:
                    a7:35:93:6a:f9:10:e8:e8:7f:67:77:1e:de:d2:47:
                    6a:e1:cf:32:86:80:e9:69:62:64:1c:43:11:38:8e:
                    2f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:B8:3F:50:65:45:73:62:9B:1D:6A:05:59:75:5B:22:6F:C5:56:8D
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/f7g_UGVFc2KbHWoFWXVbIm_FVo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:d0:12:43:0a:6e:38:87:93:f5:28:fd:0b:bc:23:9a:0a:04:
         0f:89:90:07:97:c0:88:ca:e8:96:7e:46:d1:f4:24:69:c8:8b:
         df:9c:13:d0:7b:4e:90:9e:d2:a0:e0:fc:0a:97:1d:ea:fc:28:
         62:e3:b1:2e:96:19:95:82:8a:22:ca:e3:de:b3:9e:0d:a2:85:
         2f:e9:7e:fe:a3:90:55:eb:6f:27:73:ec:74:3a:27:7e:8c:2e:
         1c:0f:39:1c:44:94:e1:90:9a:72:c6:6a:56:5b:16:15:a6:a0:
         aa:f3:c1:c7:88:73:a3:55:08:04:d1:62:66:fc:09:19:22:21:
         62:13:95:ec:5e:42:5e:a5:3d:89:fb:cc:bc:eb:1b:ef:4a:33:
         0a:c9:d3:0c:af:16:92:c6:d2:42:63:5f:37:02:8d:94:19:ef:
         e3:ea:c5:e3:c4:ad:e7:35:f0:ce:98:9e:36:fc:97:0e:0f:71:
         a9:94:cb:56:9e:84:7e:bb:87:19:88:aa:ea:81:9f:13:8c:84:
         34:84:31:1a:e6:df:a4:0e:8f:2d:3d:9f:33:5d:20:e8:61:48:
         2c:78:92:83:6b:f4:5d:af:32:f6:b2:a0:61:3e:29:8b:26:3c:
         4b:e9:d8:12:4b:22:ca:4e:90:59:0e:b6:b6:8d:bb:49:34:8a:
         ac:f0:3b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBno/wBMfdltWRevn/Ji6XyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwNjMwMDUzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmI4M2Y1MDY1NDU3MzYyOWIxZDZhMDU1OTc1NWIyMjZmYzU1NjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsb2G9pZOee23f1gDgskKX7YaEw9u
uSwDnUvjJZVcwRviVyj/2dSU2CR7AlFVCtDq42hkHRuUk8keDm+RyTDimGWaKecB
u6g5RtIb5Nt0bZsdLSpmt0fglsJ3xb672G705TE6LOEQmT5VdLD7ulbuAfbgwZA7
0IOHLM7D0AX8/Kgci4oe/TYig8yalaXt8+iZ7txCtIvHMZbZSSJCscOxY/5m1njY
gFaQNatSW6kRaWGOmK8cD8FR4H9j1zcwudCmsNt9lu9dWXBQAdVnCGCSPY1DiSWk
/CcbdV0K9jK0zqanNZNq+RDo6H9ndx7e0kdq4c8yhoDpaWJkHEMROI4vQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+4P1BlRXNimx1qBVl1WyJvxVaNMB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvZjdnX1VHVkZjMktiSFdvRldYVmJJbV9GVm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXriIMA0G
CSqGSIb3DQEBCwUAA4IBAQA90BJDCm44h5P1KP0LvCOaCgQPiZAHl8CIyuiWfkbR
9CRpyIvfnBPQe06QntKg4PwKlx3q/Chi47EulhmVgooiyuPes54NooUv6X7+o5BV
628nc+x0Oid+jC4cDzkcRJThkJpyxmpWWxYVpqCq88HHiHOjVQgE0WJm/AkZIiFi
E5XsXkJepT2J+8y86xvvSjMKydMMrxaSxtJCY183Ao2UGe/j6sXjxK3nNfDOmJ42
/JcOD3GplMtWnoR+u4cZiKrqgZ8TjIQ0hDEa5t+kDo8tPZ8zXSDoYUgseJKDa/Rd
rzL2sqBhPimLJjxL6dgSSyLKTpBZDra2jbtJNIqs8Du8
-----END CERTIFICATE-----