Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/T7hhLaTqcfw8xoH5jN9JSVspziE.roa
File:                     T7hhLaTqcfw8xoH5jN9JSVspziE.roa (raw, json)
Hash identifier:          XnsOBu9anDFbkYclUiP7MP69WoJ1zUHkxDGlWWa6B3A=
Subject key identifier:   4F:B8:61:2D:A4:EA:71:FC:3C:C6:81:F9:8C:DF:49:49:5B:29:CE:21
Certificate issuer:       /CN=eb153da3c24ce1236e20c46861635dc8efb56a92
Certificate serial:       018CC801B4D6DF978893F712D579ADF0B71A
Authority key identifier: EB:15:3D:A3:C2:4C:E1:23:6E:20:C4:68:61:63:5D:C8:EF:B5:6A:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6xU9o8JM4SNuIMRoYWNdyO-1apI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/T7hhLaTqcfw8xoH5jN9JSVspziE.roa
Signing time:             Tue 02 Jan 2024 02:30:04 +0000
ROA not before:           Tue 02 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        193.201.20.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6xU9o8JM4SNuIMRoYWNdyO-1apI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b4:d6:df:97:88:93:f7:12:d5:79:ad:f0:b7:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb153da3c24ce1236e20c46861635dc8efb56a92
        Validity
            Not Before: Jan  2 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fb8612da4ea71fc3cc681f98cdf49495b29ce21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6f:f6:7e:55:ad:b6:ea:11:ac:9b:d8:b9:c9:
                    35:c9:72:77:0a:22:16:d9:50:4d:10:a8:17:ea:ba:
                    aa:ea:3f:cd:59:5b:6f:48:1c:e6:8e:87:15:8e:12:
                    6b:9e:34:92:ae:6d:24:c0:d9:fd:4b:c1:1b:03:18:
                    19:d7:2c:96:0f:f2:0c:48:87:98:b3:5e:1a:07:1a:
                    b7:8f:2d:a5:58:01:93:51:e0:a9:b4:b8:ec:e5:97:
                    7d:be:01:5c:fe:3b:23:a5:7a:b7:4c:72:2e:d3:a7:
                    bf:ba:16:f4:6f:40:2f:a0:34:96:c3:96:23:12:0f:
                    49:62:f3:a7:22:3d:be:63:88:09:bd:65:d3:44:1e:
                    5d:60:bc:c0:8c:62:3e:6e:5f:2c:9b:4b:67:f7:90:
                    0d:da:bb:28:34:d9:41:d0:19:8d:5c:75:10:be:11:
                    ca:94:26:6e:d8:5b:7d:4d:dc:ac:8b:97:bc:c8:6f:
                    30:b7:af:dc:e2:d7:b0:ce:19:3c:cb:f1:cd:e5:c7:
                    60:b4:68:8d:29:ed:80:84:5d:e5:aa:46:d1:c3:a7:
                    52:1b:0c:02:21:ad:24:e3:ee:86:f3:61:d4:f9:4d:
                    fc:43:09:d4:bf:26:84:07:22:60:e2:86:ad:4d:5c:
                    35:03:05:a7:69:37:b8:a8:ff:e2:a8:16:a0:75:41:
                    d2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B8:61:2D:A4:EA:71:FC:3C:C6:81:F9:8C:DF:49:49:5B:29:CE:21
            X509v3 Authority Key Identifier:
                keyid:EB:15:3D:A3:C2:4C:E1:23:6E:20:C4:68:61:63:5D:C8:EF:B5:6A:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6xU9o8JM4SNuIMRoYWNdyO-1apI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/T7hhLaTqcfw8xoH5jN9JSVspziE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4bb067-c365-452e-a93e-39da1ae8b731/1/6xU9o8JM4SNuIMRoYWNdyO-1apI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:5e:f8:ae:44:2c:ae:36:a0:43:66:39:e9:f2:dc:78:36:e2:
         1a:8f:fb:b9:1e:02:a4:57:99:f8:75:bf:80:e7:e3:64:17:75:
         f9:e4:06:2a:6a:33:f5:47:fe:e0:b0:4d:93:13:53:a6:33:4e:
         76:84:8f:fe:6b:7d:a4:51:b6:cf:7e:fb:13:ed:c2:e9:ea:a7:
         b3:cd:10:44:f3:99:da:74:ab:63:4f:82:11:cf:67:d4:40:79:
         a3:ea:56:09:5f:a5:44:71:e0:67:7f:f0:81:cb:38:16:b6:b6:
         e8:49:cd:a2:bc:97:fe:ce:ae:0b:89:7b:6e:fe:0b:c8:55:95:
         6a:cf:5d:3c:5d:92:93:ca:0f:ce:f1:ae:bb:35:d6:5c:21:ad:
         2c:f0:08:60:9c:ef:a4:c5:d3:6d:05:87:37:bd:52:1f:18:e7:
         f7:54:99:29:29:77:01:b1:2e:86:69:f3:ad:18:d2:5e:54:98:
         75:ca:ec:24:57:09:7a:c1:ab:c5:db:8c:93:c3:b4:eb:ef:ef:
         46:cc:df:98:d9:81:c9:04:c8:3c:a7:fa:39:04:b1:c5:80:60:
         91:3e:0e:c2:4a:00:d9:fd:f9:10:7d:4e:ca:6a:94:db:0c:10:
         3b:8b:e2:25:cf:a9:83:bd:3e:09:09:6a:d0:da:66:db:a9:10:
         1b:13:cb:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAbTW35eIk/cS1Xmt8LcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMTUzZGEzYzI0Y2UxMjM2ZTIwYzQ2ODYxNjM1ZGM4ZWZi
NTZhOTIwHhcNMjQwMTAyMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmI4NjEyZGE0ZWE3MWZjM2NjNjgxZjk4Y2RmNDk0OTViMjljZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiW/2flWttuoRrJvYuck1yXJ3CiIW
2VBNEKgX6rqq6j/NWVtvSBzmjocVjhJrnjSSrm0kwNn9S8EbAxgZ1yyWD/IMSIeY
s14aBxq3jy2lWAGTUeCptLjs5Zd9vgFc/jsjpXq3THIu06e/uhb0b0AvoDSWw5Yj
Eg9JYvOnIj2+Y4gJvWXTRB5dYLzAjGI+bl8sm0tn95AN2rsoNNlB0BmNXHUQvhHK
lCZu2Ft9Tdysi5e8yG8wt6/c4tewzhk8y/HN5cdgtGiNKe2AhF3lqkbRw6dSGwwC
Ia0k4+6G82HU+U38QwnUvyaEByJg4oatTVw1AwWnaTe4qP/iqBagdUHSmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+4YS2k6nH8PMaB+YzfSUlbKc4hMB8GA1UdIwQY
MBaAFOsVPaPCTOEjbiDEaGFjXcjvtWqSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnhVOW84Sk00U051SU1Sb1lXTmR5Ty0xYXBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80YmIwNjctYzM2NS00NTJlLWE5M2Ut
MzlkYTFhZThiNzMxLzEvVDdoaExhVHFjZnc4eG9INWpOOUpTVnNwemlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80YmIwNjctYzM2NS00NTJlLWE5M2UtMzlkYTFhZThiNzMx
LzEvNnhVOW84Sk00U051SU1Sb1lXTmR5Ty0xYXBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwckUMA0G
CSqGSIb3DQEBCwUAA4IBAQBrXviuRCyuNqBDZjnp8tx4NuIaj/u5HgKkV5n4db+A
5+NkF3X55AYqajP1R/7gsE2TE1OmM052hI/+a32kUbbPfvsT7cLp6qezzRBE85na
dKtjT4IRz2fUQHmj6lYJX6VEceBnf/CByzgWtrboSc2ivJf+zq4LiXtu/gvIVZVq
z108XZKTyg/O8a67NdZcIa0s8AhgnO+kxdNtBYc3vVIfGOf3VJkpKXcBsS6GafOt
GNJeVJh1yuwkVwl6wavF24yTw7Tr7+9GzN+Y2YHJBMg8p/o5BLHFgGCRPg7CSgDZ
/fkQfU7KapTbDBA7i+Ilz6mDvT4JCWrQ2mbbqRAbE8su
-----END CERTIFICATE-----