Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/7THxRMflaAOcQQ0HR0mu79DifJU.roa
File:                     7THxRMflaAOcQQ0HR0mu79DifJU.roa (raw, json)
Hash identifier:          N3wNNmm+M6eCbCfMXJCElHe9Y3fSbqyh4Oj1agKUEwc=
Subject key identifier:   ED:31:F1:44:C7:E5:68:03:9C:41:0D:07:47:49:AE:EF:D0:E2:7C:95
Certificate issuer:       /CN=e52d8b5cba7c2d2b8af046eb7f310105ac0c09ac
Certificate serial:       0190A6C348B5ADDB042DA8C7FDA9E2ED9F7C
Authority key identifier: E5:2D:8B:5C:BA:7C:2D:2B:8A:F0:46:EB:7F:31:01:05:AC:0C:09:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/7THxRMflaAOcQQ0HR0mu79DifJU.roa
Signing time:             Fri 12 Jul 2024 11:45:34 +0000
ROA not before:           Fri 12 Jul 2024 11:45:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42442
IP address blocks:        185.19.172.0/22 maxlen: 24
                          2a00:4720::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a6:c3:48:b5:ad:db:04:2d:a8:c7:fd:a9:e2:ed:9f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e52d8b5cba7c2d2b8af046eb7f310105ac0c09ac
        Validity
            Not Before: Jul 12 11:45:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed31f144c7e568039c410d074749aeefd0e27c95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:72:53:10:eb:ff:b5:6a:44:70:2a:22:94:c4:
                    6d:29:4d:08:b2:6f:07:41:55:f8:27:c3:46:ac:e2:
                    74:ee:21:b5:38:99:9c:f3:f2:6b:c1:34:e3:39:e2:
                    7c:c4:9e:31:41:4e:69:68:7f:09:67:ad:8c:96:43:
                    17:a1:de:9d:54:91:d4:9f:79:50:b7:a9:c7:3e:55:
                    39:63:8b:49:30:66:7e:ec:9a:b4:13:1f:d7:4b:fe:
                    66:86:67:2d:a0:4b:8b:d0:cd:5b:d9:a3:31:71:1c:
                    0f:8c:f7:a8:2b:45:5d:39:87:92:d6:8b:8e:4e:28:
                    ff:97:3d:49:3e:c3:f3:83:4e:11:6d:2e:9e:0d:97:
                    11:3b:2c:c2:d8:d6:8d:39:99:30:f3:d0:7f:8f:ff:
                    08:38:4f:d3:95:2d:59:60:12:29:c9:ee:28:8f:72:
                    ca:b5:fd:58:98:7e:9b:5f:70:a5:48:68:61:8c:6f:
                    bb:fb:40:e6:de:ef:2b:73:c6:76:67:4f:63:e0:d8:
                    a4:a7:14:74:a2:ab:af:db:8c:54:bf:30:61:56:53:
                    b7:3c:10:20:8e:b6:5c:75:06:88:03:e1:9e:26:e4:
                    42:55:53:ff:e0:9f:d3:b0:b6:34:67:a9:eb:85:80:
                    0b:4a:7a:e8:41:a9:ae:0c:ea:36:12:60:ae:56:94:
                    6a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:31:F1:44:C7:E5:68:03:9C:41:0D:07:47:49:AE:EF:D0:E2:7C:95
            X509v3 Authority Key Identifier:
                keyid:E5:2D:8B:5C:BA:7C:2D:2B:8A:F0:46:EB:7F:31:01:05:AC:0C:09:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5S2LXLp8LSuK8EbrfzEBBawMCaw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/7THxRMflaAOcQQ0HR0mu79DifJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d4f83d-fb53-424f-851d-c0d062a75354/1/5S2LXLp8LSuK8EbrfzEBBawMCaw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.172.0/22
                IPv6:
                  2a00:4720::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:78:4b:da:0b:2b:e6:96:22:7b:58:5b:d2:d4:97:8f:eb:bb:
         8b:04:d4:0a:4d:eb:9a:94:f6:13:73:9e:84:33:ce:bc:99:26:
         6a:24:f1:e1:dd:ea:2d:17:b6:d9:d1:f1:24:b8:2a:2a:23:a0:
         a7:1c:49:e4:56:51:ca:26:7b:36:63:8f:59:a6:05:a4:e0:f1:
         4c:a1:fa:e6:19:4a:64:a9:64:e7:c8:7e:eb:04:d3:b0:17:7b:
         9a:e4:8d:c7:b2:f1:c4:b3:45:23:ac:18:0c:0e:98:54:29:5b:
         3e:1a:02:ca:18:05:9d:04:a8:5e:98:51:b2:b5:0b:51:66:20:
         a0:36:73:4f:02:36:1c:dc:79:e0:f2:35:fd:1e:65:2c:2f:b9:
         78:57:cc:9a:60:3f:cd:69:ef:88:26:6a:6b:64:8a:fc:f9:a6:
         19:8e:18:1b:bc:0b:22:38:6c:f3:73:d0:35:f8:3e:c4:f7:87:
         96:93:3c:d7:96:e4:cf:6d:6f:82:f1:56:61:2e:46:07:8b:c4:
         99:0a:af:f8:0e:51:49:34:43:ac:a0:44:5d:e1:3a:a1:6f:d6:
         a4:2b:ba:56:41:3c:20:83:58:5c:5d:76:fb:8c:5a:63:31:5d:
         f0:47:6f:2d:3e:60:fc:7e:34:d9:15:0e:b8:87:a7:01:e1:48:
         5a:59:ef:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZCmw0i1rdsELajH/ani7Z98MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MmQ4YjVjYmE3YzJkMmI4YWYwNDZlYjdmMzEwMTA1YWMw
YzA5YWMwHhcNMjQwNzEyMTE0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDMxZjE0NGM3ZTU2ODAzOWM0MTBkMDc0NzQ5YWVlZmQwZTI3Yzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3JTEOv/tWpEcCoilMRtKU0Ism8H
QVX4J8NGrOJ07iG1OJmc8/JrwTTjOeJ8xJ4xQU5paH8JZ62MlkMXod6dVJHUn3lQ
t6nHPlU5Y4tJMGZ+7Jq0Ex/XS/5mhmctoEuL0M1b2aMxcRwPjPeoK0VdOYeS1ouO
Tij/lz1JPsPzg04RbS6eDZcROyzC2NaNOZkw89B/j/8IOE/TlS1ZYBIpye4oj3LK
tf1YmH6bX3ClSGhhjG+7+0Dm3u8rc8Z2Z09j4NikpxR0oquv24xUvzBhVlO3PBAg
jrZcdQaIA+GeJuRCVVP/4J/TsLY0Z6nrhYALSnroQamuDOo2EmCuVpRqrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO0x8UTH5WgDnEENB0dJru/Q4nyVMB8GA1UdIwQY
MBaAFOUti1y6fC0rivBG638xAQWsDAmsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVMyTFhMcDhMU3VLOEVicmZ6RUJCYXdNQ2F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kNGY4M2QtZmI1My00MjRmLTg1MWQt
YzBkMDYyYTc1MzU0LzEvN1RIeFJNZmxhQU9jUVEwSFIwbXU3OURpZkpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kNGY4M2QtZmI1My00MjRmLTg1MWQtYzBkMDYyYTc1MzU0
LzEvNVMyTFhMcDhMU3VLOEVicmZ6RUJCYXdNQ2F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuROsMA0E
AgACMAcDBQAqAEcgMA0GCSqGSIb3DQEBCwUAA4IBAQAzeEvaCyvmliJ7WFvS1JeP
67uLBNQKTeualPYTc56EM868mSZqJPHh3eotF7bZ0fEkuCoqI6CnHEnkVlHKJns2
Y49ZpgWk4PFMofrmGUpkqWTnyH7rBNOwF3ua5I3HsvHEs0UjrBgMDphUKVs+GgLK
GAWdBKhemFGytQtRZiCgNnNPAjYc3Hng8jX9HmUsL7l4V8yaYD/Nae+IJmprZIr8
+aYZjhgbvAsiOGzzc9A1+D7E94eWkzzXluTPbW+C8VZhLkYHi8SZCq/4DlFJNEOs
oERd4Tqhb9akK7pWQTwgg1hcXXb7jFpjMV3wR28tPmD8fjTZFQ64h6cB4UhaWe9+
-----END CERTIFICATE-----