Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Se7VjjFOgqAbfnU9Rpi6bk0ri6U.roa
File:                     Se7VjjFOgqAbfnU9Rpi6bk0ri6U.roa (raw, json)
Hash identifier:          NaXP20uHns5b9gnddHNt7sVIgu44BQ5ybHeb7SHBK3I=
Subject key identifier:   49:EE:D5:8E:31:4E:82:A0:1B:7E:75:3D:46:98:BA:6E:4D:2B:8B:A5
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       01915A41FC61C67195A4091868D0B44B827A
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Se7VjjFOgqAbfnU9Rpi6bk0ri6U.roa
Signing time:             Fri 16 Aug 2024 08:15:59 +0000
ROA not before:           Fri 16 Aug 2024 08:15:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     393942
IP address blocks:        194.187.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5a:41:fc:61:c6:71:95:a4:09:18:68:d0:b4:4b:82:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Aug 16 08:15:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49eed58e314e82a01b7e753d4698ba6e4d2b8ba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b6:b8:ac:dd:d8:b8:dc:dc:95:8a:8f:c0:5e:
                    65:a4:d1:9f:f7:f4:03:b0:25:52:4e:5d:2e:8b:03:
                    3f:99:9f:49:8d:ed:cd:1e:d0:4b:3d:d2:20:05:89:
                    99:eb:be:cb:f4:83:8c:ef:8b:66:d6:95:b3:57:5e:
                    5e:9b:34:4b:d0:63:7f:bb:e0:19:e1:53:be:5b:6a:
                    e1:e1:ce:64:ef:26:60:c2:29:ff:33:e9:6a:26:75:
                    a1:b1:b0:f6:64:32:94:8a:c0:3a:c1:aa:af:64:83:
                    51:22:25:bb:92:0b:14:c9:57:99:d4:9c:00:1c:f8:
                    bf:24:79:d8:c9:49:e8:75:1d:e8:34:a7:2d:70:f9:
                    87:ae:f3:f8:88:cd:92:16:11:26:ff:22:01:c9:39:
                    a0:18:93:56:e4:4a:70:80:06:cc:bf:87:e9:79:47:
                    0c:1f:fb:79:87:95:4f:ad:45:2f:8e:ed:30:01:e4:
                    1a:5d:87:de:1a:68:74:4b:ca:ba:cc:d4:ea:39:8e:
                    b1:aa:39:df:ea:6f:53:e2:ce:dd:80:2b:d2:d2:92:
                    88:7b:23:08:91:d4:8f:1f:18:05:db:7e:74:dd:c6:
                    dd:d2:1a:41:5e:98:48:13:41:b8:c7:fa:63:b0:dc:
                    40:8e:a3:0e:78:ff:61:f8:a6:e3:41:d0:52:1f:46:
                    6b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:EE:D5:8E:31:4E:82:A0:1B:7E:75:3D:46:98:BA:6E:4D:2B:8B:A5
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/Se7VjjFOgqAbfnU9Rpi6bk0ri6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:c0:3e:5a:d5:98:74:5a:d7:95:a7:5d:ab:69:14:4a:44:4c:
         e0:71:fb:b1:67:11:0f:6b:d4:0b:3d:7f:cd:88:c4:56:7a:64:
         19:41:7d:04:ce:0b:7a:3e:6d:24:d6:5b:65:37:12:c1:29:48:
         12:53:32:96:4c:97:7a:d0:7a:89:6e:ab:41:84:30:41:0b:51:
         13:cc:b7:0e:da:db:31:e2:e5:53:b3:8f:0e:cb:d9:d9:e3:ca:
         13:39:f2:6c:dd:3c:f2:ba:9d:18:33:68:cc:c9:92:58:b9:8d:
         a6:ca:cc:98:c2:97:0f:e8:7c:46:0b:68:da:cb:e1:d7:9f:de:
         a9:76:a3:5b:e2:74:ec:a1:a6:dd:7e:2d:55:07:da:c0:b8:fd:
         ec:44:25:37:a4:8c:46:22:2c:fd:89:32:b5:66:c7:6a:d5:ba:
         f0:90:f2:be:c0:2f:a8:cf:f6:6c:16:fa:ed:ad:79:b6:35:33:
         d4:61:a8:be:00:14:ca:24:0e:88:df:da:e9:47:d9:7c:8c:16:
         f7:33:13:7a:25:81:14:bb:db:1a:93:f5:3e:b0:b0:0c:aa:9f:
         48:90:8f:08:c2:fc:1a:ca:09:75:6f:e5:bd:d1:16:12:50:6b:
         e2:27:1e:7e:ac:2e:a5:c3:98:fc:c6:4b:8e:21:eb:af:82:ee:
         c9:8d:1a:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFaQfxhxnGVpAkYaNC0S4J6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjQwODE2MDgxNTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWVlZDU4ZTMxNGU4MmEwMWI3ZTc1M2Q0Njk4YmE2ZTRkMmI4YmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7a4rN3YuNzclYqPwF5lpNGf9/QD
sCVSTl0uiwM/mZ9Jje3NHtBLPdIgBYmZ677L9IOM74tm1pWzV15emzRL0GN/u+AZ
4VO+W2rh4c5k7yZgwin/M+lqJnWhsbD2ZDKUisA6waqvZINRIiW7kgsUyVeZ1JwA
HPi/JHnYyUnodR3oNKctcPmHrvP4iM2SFhEm/yIByTmgGJNW5EpwgAbMv4fpeUcM
H/t5h5VPrUUvju0wAeQaXYfeGmh0S8q6zNTqOY6xqjnf6m9T4s7dgCvS0pKIeyMI
kdSPHxgF23503cbd0hpBXphIE0G4x/pjsNxAjqMOeP9h+KbjQdBSH0ZrbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnu1Y4xToKgG351PUaYum5NK4ulMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvU2U3VmpqRk9ncUFiZm5VOVJwaTZiazByaTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrt1MA0G
CSqGSIb3DQEBCwUAA4IBAQA9wD5a1Zh0WteVp12raRRKREzgcfuxZxEPa9QLPX/N
iMRWemQZQX0Ezgt6Pm0k1ltlNxLBKUgSUzKWTJd60HqJbqtBhDBBC1ETzLcO2tsx
4uVTs48Oy9nZ48oTOfJs3Tzyup0YM2jMyZJYuY2mysyYwpcP6HxGC2jay+HXn96p
dqNb4nTsoabdfi1VB9rAuP3sRCU3pIxGIiz9iTK1Zsdq1brwkPK+wC+oz/ZsFvrt
rXm2NTPUYai+ABTKJA6I39rpR9l8jBb3MxN6JYEUu9sak/U+sLAMqp9IkI8Iwvwa
ygl1b+W90RYSUGviJx5+rC6lw5j8xkuOIeuvgu7JjRpy
-----END CERTIFICATE-----