Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/4d0b1f-ac85-4a2a-a1b4-08b07e89b42a/1/l7-4YZkvgEhO-NOsVR2mLfj4tZI.roa
File:                     l7-4YZkvgEhO-NOsVR2mLfj4tZI.roa (raw, json)
Hash identifier:          d1YZfkFV0Q9ysLUKLudvBLcwQ+KepZQanzy63C5kRo4=
Subject key identifier:   97:BF:B8:61:99:2F:80:48:4E:F8:D3:AC:55:1D:A6:2D:F8:F8:B5:92
Certificate issuer:       /CN=ac9fce0b8b637c15f231aecffb5c80a74ffccb1d
Certificate serial:       018CC2DB173536B4804400C93DA1285DF181
Authority key identifier: AC:9F:CE:0B:8B:63:7C:15:F2:31:AE:CF:FB:5C:80:A7:4F:FC:CB:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJ_OC4tjfBXyMa7P-1yAp0_8yx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/4d0b1f-ac85-4a2a-a1b4-08b07e89b42a/1/l7-4YZkvgEhO-NOsVR2mLfj4tZI.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48613
IP address blocks:        194.126.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/4d0b1f-ac85-4a2a-a1b4-08b07e89b42a/1/rJ_OC4tjfBXyMa7P-1yAp0_8yx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/4d0b1f-ac85-4a2a-a1b4-08b07e89b42a/1/rJ_OC4tjfBXyMa7P-1yAp0_8yx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJ_OC4tjfBXyMa7P-1yAp0_8yx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:17:35:36:b4:80:44:00:c9:3d:a1:28:5d:f1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9fce0b8b637c15f231aecffb5c80a74ffccb1d
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97bfb861992f80484ef8d3ac551da62df8f8b592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c6:93:a7:72:9c:5c:6c:03:bc:a0:f5:98:39:
                    be:91:25:bc:93:bc:b8:7a:3c:f1:8c:b3:a8:4e:18:
                    b0:87:1d:88:b6:4c:44:10:ea:c5:2a:ca:eb:3c:9c:
                    17:2f:d3:64:e6:55:36:84:50:32:b4:91:60:2f:3d:
                    a3:6c:c2:3a:91:66:b1:a3:17:e1:fd:42:54:92:fc:
                    bd:6c:28:4a:4e:28:fe:96:13:b7:4d:94:4a:80:65:
                    9a:ca:61:67:82:23:cd:14:6d:dd:ac:bb:72:4d:98:
                    96:05:71:5c:37:54:05:ce:fb:0b:57:e4:b2:f1:c3:
                    38:66:f2:30:fd:3b:15:bb:36:6d:4b:21:c3:f2:43:
                    bc:d0:a0:25:78:0b:43:13:33:74:64:cd:0c:95:74:
                    54:6f:44:32:fe:60:2b:50:f2:df:ff:b3:3f:ab:e2:
                    f9:7e:7a:62:90:8c:3f:e6:af:b7:f1:f1:37:10:88:
                    4f:51:03:a8:b5:49:09:98:ed:58:97:de:98:47:31:
                    a7:0b:05:b0:64:3c:24:19:8e:d6:9a:fe:9f:04:7f:
                    94:cd:3e:62:f4:57:c6:3d:b9:d9:7c:af:01:35:a2:
                    f3:59:b9:47:38:62:78:89:16:c5:bd:0e:a6:5e:74:
                    27:69:1a:04:29:29:70:08:0d:54:98:33:c3:85:86:
                    bf:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:BF:B8:61:99:2F:80:48:4E:F8:D3:AC:55:1D:A6:2D:F8:F8:B5:92
            X509v3 Authority Key Identifier:
                keyid:AC:9F:CE:0B:8B:63:7C:15:F2:31:AE:CF:FB:5C:80:A7:4F:FC:CB:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJ_OC4tjfBXyMa7P-1yAp0_8yx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/4d0b1f-ac85-4a2a-a1b4-08b07e89b42a/1/l7-4YZkvgEhO-NOsVR2mLfj4tZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/4d0b1f-ac85-4a2a-a1b4-08b07e89b42a/1/rJ_OC4tjfBXyMa7P-1yAp0_8yx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:95:61:bf:a1:94:c7:ba:96:83:5b:77:23:8f:c3:56:2b:69:
         b4:92:3f:51:16:5b:33:33:61:82:d8:0d:93:ff:e1:b5:e0:c7:
         89:5d:e4:18:17:fe:7f:e7:18:86:ff:d6:70:71:e1:c0:f0:15:
         7e:61:02:a4:e1:89:63:3c:3d:5a:5f:65:6b:11:d7:22:5c:8b:
         8b:ad:50:e9:d9:c7:f0:45:0e:e7:ec:0c:37:15:59:17:33:17:
         cf:66:75:db:86:99:8b:e3:c1:5f:31:53:af:0b:ce:85:32:08:
         ed:9e:b0:79:eb:41:e7:64:65:9e:62:51:d1:6f:2e:4f:2d:4d:
         c4:d9:6a:b6:53:d3:ae:39:36:0c:46:97:89:7c:5d:16:7e:c2:
         b5:52:2c:fb:ed:97:33:f3:fb:fc:4c:a5:a1:5c:d4:16:04:7d:
         f4:ad:54:85:90:87:d3:f7:b2:03:42:8c:35:e4:a1:e7:91:65:
         76:eb:25:a4:5d:fd:5d:04:14:6e:bf:81:87:8f:58:e6:b6:06:
         de:b4:ff:cf:fe:ea:5a:d8:39:c1:e4:ef:37:75:12:50:25:2a:
         a8:01:7f:a2:f2:f0:7d:d6:27:b4:78:a2:cc:f0:ac:e6:de:8b:
         df:18:fe:00:8c:79:b5:09:0a:a4:2e:e4:56:97:3e:db:70:2f:
         b4:4b:63:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xc1NrSARADJPaEoXfGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOWZjZTBiOGI2MzdjMTVmMjMxYWVjZmZiNWM4MGE3NGZm
Y2NiMWQwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2JmYjg2MTk5MmY4MDQ4NGVmOGQzYWM1NTFkYTYyZGY4ZjhiNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18aTp3KcXGwDvKD1mDm+kSW8k7y4
ejzxjLOoThiwhx2ItkxEEOrFKsrrPJwXL9Nk5lU2hFAytJFgLz2jbMI6kWaxoxfh
/UJUkvy9bChKTij+lhO3TZRKgGWaymFngiPNFG3drLtyTZiWBXFcN1QFzvsLV+Sy
8cM4ZvIw/TsVuzZtSyHD8kO80KAleAtDEzN0ZM0MlXRUb0Qy/mArUPLf/7M/q+L5
fnpikIw/5q+38fE3EIhPUQOotUkJmO1Yl96YRzGnCwWwZDwkGY7Wmv6fBH+UzT5i
9FfGPbnZfK8BNaLzWblHOGJ4iRbFvQ6mXnQnaRoEKSlwCA1UmDPDhYa/FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJe/uGGZL4BITvjTrFUdpi34+LWSMB8GA1UdIwQY
MBaAFKyfzguLY3wV8jGuz/tcgKdP/MsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpfT0M0dGpmQlh5TWE3UC0xeUFwMF84eXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC80ZDBiMWYtYWM4NS00YTJhLWExYjQt
MDhiMDdlODliNDJhLzEvbDctNFlaa3ZnRWhPLU5Pc1ZSMm1MZmo0dFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC80ZDBiMWYtYWM4NS00YTJhLWExYjQtMDhiMDdlODliNDJh
LzEvckpfT0M0dGpmQlh5TWE3UC0xeUFwMF84eXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn6AMA0G
CSqGSIb3DQEBCwUAA4IBAQALlWG/oZTHupaDW3cjj8NWK2m0kj9RFlszM2GC2A2T
/+G14MeJXeQYF/5/5xiG/9ZwceHA8BV+YQKk4YljPD1aX2VrEdciXIuLrVDp2cfw
RQ7n7Aw3FVkXMxfPZnXbhpmL48FfMVOvC86FMgjtnrB560HnZGWeYlHRby5PLU3E
2Wq2U9OuOTYMRpeJfF0WfsK1Uiz77Zcz8/v8TKWhXNQWBH30rVSFkIfT97IDQow1
5KHnkWV26yWkXf1dBBRuv4GHj1jmtgbetP/P/upa2DnB5O83dRJQJSqoAX+i8vB9
1ie0eKLM8Kzm3ovfGP4AjHm1CQqkLuRWlz7bcC+0S2Oi
-----END CERTIFICATE-----