Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/Cy7HbD_0jIzdd3GKzqHuvqrn3pc.roa
File:                     Cy7HbD_0jIzdd3GKzqHuvqrn3pc.roa (raw, json)
Hash identifier:          JL/Dyk0LnMTXMaq5+KqjMyUDko2cuK45h3SvadAnvQU=
Subject key identifier:   0B:2E:C7:6C:3F:F4:8C:8C:DD:77:71:8A:CE:A1:EE:BE:AA:E7:DE:97
Certificate issuer:       /CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
Certificate serial:       0190538EA0679D9412A388F9290C4FE369BF
Authority key identifier: BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/Cy7HbD_0jIzdd3GKzqHuvqrn3pc.roa
Signing time:             Wed 26 Jun 2024 07:59:34 +0000
ROA not before:           Wed 26 Jun 2024 07:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142146
IP address blocks:        194.247.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:8e:a0:67:9d:94:12:a3:88:f9:29:0c:4f:e3:69:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
        Validity
            Not Before: Jun 26 07:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b2ec76c3ff48c8cdd77718acea1eebeaae7de97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b0:8f:ab:8c:f7:c6:41:17:78:e0:77:0a:78:
                    27:f9:b4:7f:e2:ed:7b:34:5e:4b:21:05:78:c7:6e:
                    7b:f6:78:79:c8:5e:4c:7d:bd:bc:c8:b1:dd:f6:66:
                    35:1f:99:92:99:90:32:52:e1:53:0c:b7:4d:93:0b:
                    b5:47:6c:74:28:90:a8:b3:11:38:68:a3:df:27:36:
                    ea:57:4d:34:ee:35:3f:f1:1f:f4:3e:05:b3:70:5c:
                    c1:79:ea:65:37:8b:0f:1f:77:f0:59:74:57:0e:f2:
                    ac:7d:b6:cc:23:0b:3a:dc:12:9e:c8:e5:32:17:13:
                    fc:60:f8:42:f8:d2:4b:c3:e6:1c:51:22:78:c8:b1:
                    c5:20:36:ff:24:55:df:28:35:ee:8f:d7:b8:30:1d:
                    24:2c:f6:49:aa:87:ca:1f:59:a6:ea:a1:66:4e:3f:
                    6d:b5:e5:5e:66:53:97:f4:46:cd:ad:2b:d9:ad:4c:
                    48:46:eb:f2:8a:0a:d1:12:d9:9f:ef:d5:aa:38:b8:
                    26:ed:32:68:ab:dc:35:ca:bb:5e:66:a6:82:26:a1:
                    c1:08:54:ac:8f:d6:a2:18:96:f6:cf:38:e2:03:22:
                    99:1a:f5:b0:58:0f:bc:8f:a6:d7:39:38:7b:55:2b:
                    ab:6e:57:40:05:b5:13:4e:12:15:b1:5e:c2:f3:f8:
                    76:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2E:C7:6C:3F:F4:8C:8C:DD:77:71:8A:CE:A1:EE:BE:AA:E7:DE:97
            X509v3 Authority Key Identifier:
                keyid:BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/Cy7HbD_0jIzdd3GKzqHuvqrn3pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.247.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:05:ca:df:f0:86:04:53:b2:19:a8:0f:36:20:ff:ba:f0:eb:
         10:cc:9c:5a:39:3a:49:c0:3f:72:90:59:cd:fb:74:86:7b:51:
         c1:a8:0f:85:f3:c3:98:63:a6:26:f8:4a:74:3a:13:46:28:19:
         17:58:cd:55:12:97:ca:5a:a3:ab:a0:47:44:83:ec:d8:e9:bc:
         26:54:8d:15:75:21:0f:15:b2:63:58:45:01:af:32:69:7c:23:
         82:f1:14:50:7e:bf:e8:b9:f6:2c:a9:2b:09:1e:0c:eb:07:65:
         25:be:4b:9e:05:ee:fd:c4:72:cd:cd:24:7f:fd:5a:d9:e4:75:
         c7:a5:c4:a7:55:09:21:71:1c:76:f7:ec:07:8e:57:4a:bd:5a:
         33:3a:ea:a8:75:3e:33:26:25:7d:ec:2a:fc:e8:86:cd:57:84:
         58:c2:a5:79:a3:74:50:cf:29:89:ef:73:59:f5:67:78:e5:77:
         e4:c2:34:95:b7:36:cc:05:1e:82:89:54:39:3d:9d:4a:f2:25:
         e7:31:44:e0:1f:18:c2:a4:98:b6:8e:76:57:f8:37:a1:f7:89:
         8c:be:cc:e1:db:a5:22:96:be:22:8e:93:7e:fb:61:fc:c9:49:
         fa:44:e1:74:74:40:0e:62:64:65:79:d5:07:c1:1d:4b:82:a7:
         98:09:2e:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBTjqBnnZQSo4j5KQxP42m/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGQwZTY5YWI3NjlmNjViYjJiMTU1YmRmYTgzYTcxODZl
ZWFjNDQwHhcNMjQwNjI2MDc1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjJlYzc2YzNmZjQ4YzhjZGQ3NzcxOGFjZWExZWViZWFhZTdkZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7CPq4z3xkEXeOB3Cngn+bR/4u17
NF5LIQV4x2579nh5yF5Mfb28yLHd9mY1H5mSmZAyUuFTDLdNkwu1R2x0KJCosxE4
aKPfJzbqV0007jU/8R/0PgWzcFzBeeplN4sPH3fwWXRXDvKsfbbMIws63BKeyOUy
FxP8YPhC+NJLw+YcUSJ4yLHFIDb/JFXfKDXuj9e4MB0kLPZJqofKH1mm6qFmTj9t
teVeZlOX9EbNrSvZrUxIRuvyigrREtmf79WqOLgm7TJoq9w1yrteZqaCJqHBCFSs
j9aiGJb2zzjiAyKZGvWwWA+8j6bXOTh7VSurbldABbUTThIVsV7C8/h2PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsux2w/9IyM3Xdxis6h7r6q596XMB8GA1UdIwQY
MBaAFLpNDmmrdp9luysVW9+oOnGG7qxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgt
OGVmZjNmZDNjNDhhLzEvQ3k3SGJEXzBqSXpkZDNHS3pxSHV2cXJuM3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgtOGVmZjNmZDNjNDhh
LzEvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvcsMA0G
CSqGSIb3DQEBCwUAA4IBAQAIBcrf8IYEU7IZqA82IP+68OsQzJxaOTpJwD9ykFnN
+3SGe1HBqA+F88OYY6Ym+Ep0OhNGKBkXWM1VEpfKWqOroEdEg+zY6bwmVI0VdSEP
FbJjWEUBrzJpfCOC8RRQfr/oufYsqSsJHgzrB2UlvkueBe79xHLNzSR//VrZ5HXH
pcSnVQkhcRx29+wHjldKvVozOuqodT4zJiV97Cr86IbNV4RYwqV5o3RQzymJ73NZ
9Wd45XfkwjSVtzbMBR6CiVQ5PZ1K8iXnMUTgHxjCpJi2jnZX+Deh94mMvszh26Ui
lr4ijpN++2H8yUn6ROF0dEAOYmRledUHwR1LgqeYCS5I
-----END CERTIFICATE-----