Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/PREWB8vnkvyZ0YccL8OpGxWgAjE.roa
File:                     PREWB8vnkvyZ0YccL8OpGxWgAjE.roa (raw, json)
Hash identifier:          EkjhlQFd1qCjUD4d3Fn4oWD7q2/RetNmUG5n/1DDiD8=
Subject key identifier:   3D:11:16:07:CB:E7:92:FC:99:D1:87:1C:2F:C3:A9:1B:15:A0:02:31
Certificate issuer:       /CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
Certificate serial:       018CC5DCF4DD884573C24DF8F58D1ACF5915
Authority key identifier: 7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/PREWB8vnkvyZ0YccL8OpGxWgAjE.roa
Signing time:             Mon 01 Jan 2024 16:30:41 +0000
ROA not before:           Mon 01 Jan 2024 16:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24610
IP address blocks:        193.110.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:f4:dd:88:45:73:c2:4d:f8:f5:8d:1a:cf:59:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ec5d4828dc34199ef717cc03a48a0074c1443b8
        Validity
            Not Before: Jan  1 16:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d111607cbe792fc99d1871c2fc3a91b15a00231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8c:17:07:0e:ae:99:66:dc:0c:64:47:11:62:
                    d3:5d:1b:d8:8a:08:db:96:b5:0b:fd:f3:64:d1:46:
                    74:d1:75:d4:96:58:7b:13:f2:4a:5a:37:c7:b4:da:
                    48:8d:98:f8:2f:c0:11:92:c9:1c:e8:70:83:fb:e6:
                    e0:99:2f:71:ce:95:29:f3:a7:66:ba:7c:23:d6:78:
                    2f:fe:ce:cc:8d:a9:cd:b9:ad:67:26:db:0d:e7:07:
                    94:0c:30:45:c5:dd:50:47:9d:a2:8d:68:42:7b:2f:
                    e7:97:6a:fa:67:04:96:1b:c2:3a:da:a2:fa:b1:e2:
                    90:80:a0:25:6d:bb:a9:06:ad:42:50:76:32:a3:cc:
                    26:36:cc:86:8c:7a:84:ba:86:88:70:26:c0:b4:01:
                    11:bf:f6:59:d6:c3:fd:e4:07:7e:5c:f8:54:c1:5e:
                    a9:68:c1:30:9f:c9:e2:e0:6a:39:cf:04:71:4c:b5:
                    be:b9:3e:65:d3:4d:9c:7f:d7:c2:79:14:d0:19:a3:
                    1a:72:18:e4:20:6a:a9:73:77:8b:25:b6:a7:62:65:
                    75:7f:2d:16:98:35:a3:ec:32:14:6d:4d:b3:b5:1c:
                    1e:51:a8:54:e1:e1:e3:4d:13:76:b9:dd:71:7f:48:
                    8c:8a:d3:89:75:4c:48:2b:e4:70:5f:b8:36:69:7c:
                    9d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:11:16:07:CB:E7:92:FC:99:D1:87:1C:2F:C3:A9:1B:15:A0:02:31
            X509v3 Authority Key Identifier:
                keyid:7E:C5:D4:82:8D:C3:41:99:EF:71:7C:C0:3A:48:A0:07:4C:14:43:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsXUgo3DQZnvcXzAOkigB0wUQ7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/PREWB8vnkvyZ0YccL8OpGxWgAjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/a00b89-b398-40d9-bdb5-427b2d4f9c82/1/fsXUgo3DQZnvcXzAOkigB0wUQ7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:1a:f8:a7:cc:59:4e:3c:c6:73:7c:c6:09:6a:61:92:66:9d:
         33:fb:60:9c:b0:6e:ce:ec:f1:60:8c:fb:4d:fe:d7:0e:bc:50:
         40:cb:7c:09:b2:6d:9e:7c:eb:5d:ca:af:56:ca:1a:37:14:d1:
         e2:8e:73:74:70:89:e2:e6:44:56:16:b6:db:a8:82:9b:94:8e:
         9b:65:16:d4:8b:83:9a:77:22:9b:8f:58:b7:97:95:87:62:3a:
         b3:d8:6c:42:e5:c6:df:66:48:1e:64:94:29:aa:b4:5e:a8:f8:
         85:19:31:5c:68:49:db:2b:23:9a:4d:bb:e9:f7:87:35:18:63:
         26:95:31:34:91:5d:c3:6c:bc:b5:a8:70:0c:4f:f9:d6:4d:8b:
         f6:f6:71:93:b1:2b:5b:f5:41:ce:ab:b0:a5:b5:a1:52:67:68:
         46:17:5e:51:07:d8:60:a2:98:7e:1d:ec:4c:16:2e:fa:df:93:
         af:7d:df:75:f3:83:17:d7:17:c8:92:f0:ed:8e:b5:4b:94:0d:
         e5:ae:5d:d7:41:fe:4a:8a:0c:3c:c1:46:61:bd:82:2a:49:2c:
         4d:b0:93:a0:8c:83:d8:d6:06:3f:4e:3c:20:6e:57:58:dc:5c:
         62:5a:0e:9e:99:9d:e2:68:d9:95:9f:ae:9c:75:07:fc:9a:d7:
         53:cc:1e:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3PTdiEVzwk349Y0az1kVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzVkNDgyOGRjMzQxOTllZjcxN2NjMDNhNDhhMDA3NGMx
NDQzYjgwHhcNMjQwMTAxMTYzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDExMTYwN2NiZTc5MmZjOTlkMTg3MWMyZmMzYTkxYjE1YTAwMjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYwXBw6umWbcDGRHEWLTXRvYigjb
lrUL/fNk0UZ00XXUllh7E/JKWjfHtNpIjZj4L8ARkskc6HCD++bgmS9xzpUp86dm
unwj1ngv/s7MjanNua1nJtsN5weUDDBFxd1QR52ijWhCey/nl2r6ZwSWG8I62qL6
seKQgKAlbbupBq1CUHYyo8wmNsyGjHqEuoaIcCbAtAERv/ZZ1sP95Ad+XPhUwV6p
aMEwn8ni4Go5zwRxTLW+uT5l002cf9fCeRTQGaMachjkIGqpc3eLJbanYmV1fy0W
mDWj7DIUbU2ztRweUahU4eHjTRN2ud1xf0iMitOJdUxIK+RwX7g2aXydOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0RFgfL55L8mdGHHC/DqRsVoAIxMB8GA1UdIwQY
MBaAFH7F1IKNw0GZ73F8wDpIoAdMFEO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUt
NDI3YjJkNGY5YzgyLzEvUFJFV0I4dm5rdnlaMFljY0w4T3BHeFdnQWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hMDBiODktYjM5OC00MGQ5LWJkYjUtNDI3YjJkNGY5Yzgy
LzEvZnNYVWdvM0RRWm52Y1h6QU9raWdCMHdVUTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW58MA0G
CSqGSIb3DQEBCwUAA4IBAQCUGvinzFlOPMZzfMYJamGSZp0z+2CcsG7O7PFgjPtN
/tcOvFBAy3wJsm2efOtdyq9Wyho3FNHijnN0cIni5kRWFrbbqIKblI6bZRbUi4Oa
dyKbj1i3l5WHYjqz2GxC5cbfZkgeZJQpqrReqPiFGTFcaEnbKyOaTbvp94c1GGMm
lTE0kV3DbLy1qHAMT/nWTYv29nGTsStb9UHOq7CltaFSZ2hGF15RB9hgoph+HexM
Fi7635Ovfd9184MX1xfIkvDtjrVLlA3lrl3XQf5Kigw8wUZhvYIqSSxNsJOgjIPY
1gY/TjwgbldY3FxiWg6emZ3iaNmVn66cdQf8mtdTzB5b
-----END CERTIFICATE-----