Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/eVl6WdhMZy5E33DvDUpuohNKuSk.roa
File:                     eVl6WdhMZy5E33DvDUpuohNKuSk.roa (raw, json)
Hash identifier:          NPP9BsovqL4TK1DFu68hWC2s91Ca18O2DB4xSRfBb7E=
Subject key identifier:   79:59:7A:59:D8:4C:67:2E:44:DF:70:EF:0D:4A:6E:A2:13:4A:B9:29
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       018CC6B7FB4DFBF349370B2BCEB0EFC22106
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/eVl6WdhMZy5E33DvDUpuohNKuSk.roa
Signing time:             Mon 01 Jan 2024 20:29:55 +0000
ROA not before:           Mon 01 Jan 2024 20:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        193.219.7.0/24 maxlen: 24
                          2a03:ec41:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:fb:4d:fb:f3:49:37:0b:2b:ce:b0:ef:c2:21:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Jan  1 20:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79597a59d84c672e44df70ef0d4a6ea2134ab929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:85:7e:d8:71:3c:21:3b:9e:00:3b:ff:7e:0e:
                    e4:be:00:5e:b8:ac:05:18:c7:d0:bc:80:e3:9a:4f:
                    75:e2:42:b0:c4:c6:8c:3e:7b:f2:91:78:9e:a1:91:
                    dc:e6:9e:1c:a0:2b:22:95:a0:b0:82:98:5d:b4:4d:
                    ef:28:4e:b1:3b:62:4a:34:70:0a:8d:90:ea:fe:21:
                    f9:6e:b0:30:16:d5:54:5f:68:7d:6c:dc:37:c6:84:
                    a4:78:3d:9e:18:4b:60:49:84:27:4c:ff:b7:12:e5:
                    7d:4f:42:d2:2a:42:f9:99:3f:87:fa:f1:ec:61:db:
                    ba:08:5c:f9:e4:e6:64:00:07:d5:da:72:3b:78:4c:
                    27:a4:58:4c:cb:2c:cb:3a:82:6a:cc:f2:8b:b3:65:
                    fb:ff:f8:1d:b9:22:b4:7a:5f:eb:c3:d2:4f:b8:1d:
                    d9:e9:59:2a:bb:ab:ca:7d:9d:ae:a6:d5:3d:cb:6f:
                    c7:f1:74:0d:37:9f:44:e2:8d:b2:89:c4:8d:7f:c3:
                    99:e2:c7:26:e4:ce:33:ec:0a:1b:d8:55:72:24:9c:
                    48:27:27:9b:c7:40:9a:eb:f1:54:64:08:28:6d:db:
                    01:cf:fb:9f:3d:7b:da:47:bf:0e:32:8a:f5:51:e5:
                    7f:03:1f:79:86:ac:93:74:18:0a:8a:0d:d4:a5:db:
                    f3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:59:7A:59:D8:4C:67:2E:44:DF:70:EF:0D:4A:6E:A2:13:4A:B9:29
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/eVl6WdhMZy5E33DvDUpuohNKuSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.219.7.0/24
                IPv6:
                  2a03:ec41:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:c9:6e:77:c2:eb:a6:cf:86:c6:b1:f3:b0:3d:91:ff:11:9c:
         77:f2:d1:4b:89:30:57:66:e7:3e:7d:d0:09:9f:af:ec:e9:3c:
         e6:5a:05:a0:08:82:8b:d3:5d:87:cd:7c:67:9c:e3:ec:49:db:
         11:54:42:f9:1a:95:e4:3d:be:db:86:74:14:7c:d4:5f:ce:49:
         9d:3c:bb:12:51:cd:d8:23:f0:21:42:e6:61:39:1f:40:b8:28:
         7e:41:b1:b0:cd:66:ec:92:a9:dd:24:42:b3:e5:48:35:3a:6d:
         f1:cf:3c:86:91:3f:6b:cb:e9:88:c6:24:f9:27:28:03:15:d4:
         27:b5:00:3c:1d:4c:d1:d5:af:46:1d:e0:10:be:05:a9:28:15:
         a3:71:aa:22:92:37:8a:ed:3e:43:64:8c:ef:51:cd:8c:94:cb:
         5f:33:96:88:c3:c4:1a:84:1e:21:ea:be:e3:9f:ac:69:e2:95:
         96:a5:35:45:9b:3a:c4:12:01:10:78:de:db:ff:75:c8:a1:68:
         ab:d3:63:d6:69:a5:25:29:be:28:68:62:2b:f8:57:81:a0:5b:
         1a:3e:8d:64:bd:7c:ff:f4:b0:fa:52:35:d4:ca:64:9a:a5:95:
         b6:bf:cc:44:1f:90:11:89:27:90:46:78:2a:be:bb:4a:67:56:
         9f:d5:e2:29
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGt/tN+/NJNwsrzrDvwiEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjQwMTAxMjAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTU5N2E1OWQ4NGM2NzJlNDRkZjcwZWYwZDRhNmVhMjEzNGFiOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYV+2HE8ITueADv/fg7kvgBeuKwF
GMfQvIDjmk914kKwxMaMPnvykXieoZHc5p4coCsilaCwgphdtE3vKE6xO2JKNHAK
jZDq/iH5brAwFtVUX2h9bNw3xoSkeD2eGEtgSYQnTP+3EuV9T0LSKkL5mT+H+vHs
Ydu6CFz55OZkAAfV2nI7eEwnpFhMyyzLOoJqzPKLs2X7//gduSK0el/rw9JPuB3Z
6Vkqu6vKfZ2uptU9y2/H8XQNN59E4o2yicSNf8OZ4scm5M4z7Aob2FVyJJxIJyeb
x0Ca6/FUZAgobdsBz/ufPXvaR78OMor1UeV/Ax95hqyTdBgKig3UpdvzQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHlZelnYTGcuRN9w7w1KbqITSrkpMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvZVZsNldkaE1aeTVFMzNEdkRVcHVvaE5LdVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwdsHMA8E
AgACMAkDBwAqA+xBAAQwDQYJKoZIhvcNAQELBQADggEBAGrJbnfC66bPhsax87A9
kf8RnHfy0UuJMFdm5z590Amfr+zpPOZaBaAIgovTXYfNfGec4+xJ2xFUQvkaleQ9
vtuGdBR81F/OSZ08uxJRzdgj8CFC5mE5H0C4KH5BsbDNZuySqd0kQrPlSDU6bfHP
PIaRP2vL6YjGJPknKAMV1Ce1ADwdTNHVr0Yd4BC+BakoFaNxqiKSN4rtPkNkjO9R
zYyUy18zlojDxBqEHiHqvuOfrGnilZalNUWbOsQSARB43tv/dcihaKvTY9ZppSUp
vihoYiv4V4GgWxo+jWS9fP/0sPpSNdTKZJqllba/zEQfkBGJJ5BGeCq+u0pnVp/V
4ik=
-----END CERTIFICATE-----