Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/fb9461-2db7-409e-abeb-f3b16ed6c061/1/7PRyd-XN3f-amSxpj7gEJe6ak9U.roa
File:                     7PRyd-XN3f-amSxpj7gEJe6ak9U.roa (raw, json)
Hash identifier:          9Zv2Uveo9jyYznf5ELe1x4qpGX7qdkAstLBVWRWNGyU=
Subject key identifier:   EC:F4:72:77:E5:CD:DD:FF:9A:99:2C:69:8F:B8:04:25:EE:9A:93:D5
Certificate issuer:       /CN=28bac185b83f6de39abadcff3dfe4873d883c488
Certificate serial:       018CC7276B4976B7D2481F19649D8B90835C
Authority key identifier: 28:BA:C1:85:B8:3F:6D:E3:9A:BA:DC:FF:3D:FE:48:73:D8:83:C4:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KLrBhbg_beOautz_Pf5Ic9iDxIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/fb9461-2db7-409e-abeb-f3b16ed6c061/1/7PRyd-XN3f-amSxpj7gEJe6ak9U.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207279
IP address blocks:        193.38.34.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/fb9461-2db7-409e-abeb-f3b16ed6c061/1/KLrBhbg_beOautz_Pf5Ic9iDxIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/fb9461-2db7-409e-abeb-f3b16ed6c061/1/KLrBhbg_beOautz_Pf5Ic9iDxIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KLrBhbg_beOautz_Pf5Ic9iDxIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6b:49:76:b7:d2:48:1f:19:64:9d:8b:90:83:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bac185b83f6de39abadcff3dfe4873d883c488
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecf47277e5cdddff9a992c698fb80425ee9a93d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:15:73:26:34:8c:b3:93:21:1c:2a:88:68:e5:
                    04:52:21:7a:38:12:fb:f9:28:33:9b:81:71:6b:e0:
                    89:0a:96:41:81:eb:18:b1:a3:56:f0:e4:e8:16:07:
                    a1:71:22:3a:9d:82:87:b8:66:5f:30:0a:7f:58:c0:
                    9e:f9:4e:ba:7f:44:56:16:e4:8d:9b:f1:28:f3:ae:
                    e1:e3:3a:40:98:3c:67:16:99:4c:32:57:4e:08:74:
                    15:a5:1c:da:f0:ba:49:9a:24:d3:94:98:bf:27:ae:
                    23:38:dc:2f:13:c2:aa:6a:96:d1:5d:92:7f:b8:71:
                    25:94:b8:d0:bd:c1:ed:3b:76:f7:22:73:6b:83:2e:
                    79:a7:45:e3:dc:94:79:d6:b4:19:f4:f0:60:4b:59:
                    6c:58:0f:c2:cf:f1:cc:8a:6d:88:0e:93:56:44:79:
                    ff:e3:1d:2c:c1:2a:60:34:29:4e:af:26:a4:88:60:
                    47:7c:12:04:07:db:10:1c:49:c8:2e:af:17:d8:1b:
                    a6:e8:7f:db:2c:82:f6:c8:ff:81:19:b1:c4:40:be:
                    14:51:a8:11:f4:4a:5c:a5:4d:44:80:1f:85:4d:40:
                    a4:34:53:b7:b1:55:62:63:86:c1:35:26:e2:73:35:
                    98:c0:7d:04:bf:ef:e3:ac:2b:87:24:ec:a8:0e:f5:
                    5e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F4:72:77:E5:CD:DD:FF:9A:99:2C:69:8F:B8:04:25:EE:9A:93:D5
            X509v3 Authority Key Identifier:
                keyid:28:BA:C1:85:B8:3F:6D:E3:9A:BA:DC:FF:3D:FE:48:73:D8:83:C4:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLrBhbg_beOautz_Pf5Ic9iDxIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/fb9461-2db7-409e-abeb-f3b16ed6c061/1/7PRyd-XN3f-amSxpj7gEJe6ak9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/fb9461-2db7-409e-abeb-f3b16ed6c061/1/KLrBhbg_beOautz_Pf5Ic9iDxIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:c0:61:2b:11:20:a3:4a:bc:64:6d:0b:26:fb:46:6e:fd:3c:
         72:7c:60:03:86:5b:2f:ee:c9:2c:b3:b8:12:51:76:a3:a8:85:
         de:cb:f0:97:a4:29:85:8c:e1:96:0d:6a:25:21:81:fe:84:d1:
         6e:d4:13:6f:1c:b2:ae:f2:ec:21:e8:01:e2:3a:2b:bc:68:fa:
         c4:72:74:31:38:0b:8f:3c:e3:aa:13:7d:b3:07:e6:c9:c4:c6:
         a9:1a:fb:db:28:d5:e2:6e:2c:2b:c7:49:c3:de:0e:b5:3d:22:
         2b:09:0b:22:41:f1:a6:78:98:55:8f:87:72:cc:3c:50:46:00:
         59:bb:aa:f1:f9:06:e8:fa:c8:ec:3f:be:58:d1:04:0b:98:3d:
         3c:30:54:f5:d3:a9:a5:1c:e2:40:24:38:54:30:c7:5e:86:5a:
         85:1d:a4:65:e7:81:d5:15:5b:7c:a7:f3:c1:eb:d6:0e:bc:79:
         0c:96:11:df:19:65:bf:2c:e4:85:ea:6b:ec:fb:3b:5d:86:b6:
         cd:14:04:c7:08:63:f9:76:74:5d:d8:a0:9b:64:d1:44:9e:d2:
         95:18:c6:71:9b:e1:87:78:03:4b:b9:cf:89:29:fc:94:68:82:
         e2:70:20:24:1f:c4:ef:db:b0:cf:02:9e:74:6d:98:b8:e8:98:
         1d:0e:67:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2tJdrfSSB8ZZJ2LkINcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmFjMTg1YjgzZjZkZTM5YWJhZGNmZjNkZmU0ODczZDg4
M2M0ODgwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Y0NzI3N2U1Y2RkZGZmOWE5OTJjNjk4ZmI4MDQyNWVlOWE5M2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRVzJjSMs5MhHCqIaOUEUiF6OBL7
+Sgzm4Fxa+CJCpZBgesYsaNW8OToFgehcSI6nYKHuGZfMAp/WMCe+U66f0RWFuSN
m/Eo867h4zpAmDxnFplMMldOCHQVpRza8LpJmiTTlJi/J64jONwvE8KqapbRXZJ/
uHEllLjQvcHtO3b3InNrgy55p0Xj3JR51rQZ9PBgS1lsWA/Cz/HMim2IDpNWRHn/
4x0swSpgNClOryakiGBHfBIEB9sQHEnILq8X2Bum6H/bLIL2yP+BGbHEQL4UUagR
9EpcpU1EgB+FTUCkNFO3sVViY4bBNSbiczWYwH0Ev+/jrCuHJOyoDvVeNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOz0cnflzd3/mpksaY+4BCXumpPVMB8GA1UdIwQY
MBaAFCi6wYW4P23jmrrc/z3+SHPYg8SIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0xyQmhiZ19iZU9hdXR6X1BmNUljOWlEeElnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mYjk0NjEtMmRiNy00MDllLWFiZWIt
ZjNiMTZlZDZjMDYxLzEvN1BSeWQtWE4zZi1hbVN4cGo3Z0VKZTZhazlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mYjk0NjEtMmRiNy00MDllLWFiZWItZjNiMTZlZDZjMDYx
LzEvS0xyQmhiZ19iZU9hdXR6X1BmNUljOWlEeElnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSYiMA0G
CSqGSIb3DQEBCwUAA4IBAQBqwGErESCjSrxkbQsm+0Zu/TxyfGADhlsv7skss7gS
UXajqIXey/CXpCmFjOGWDWolIYH+hNFu1BNvHLKu8uwh6AHiOiu8aPrEcnQxOAuP
POOqE32zB+bJxMapGvvbKNXibiwrx0nD3g61PSIrCQsiQfGmeJhVj4dyzDxQRgBZ
u6rx+Qbo+sjsP75Y0QQLmD08MFT106mlHOJAJDhUMMdehlqFHaRl54HVFVt8p/PB
69YOvHkMlhHfGWW/LOSF6mvs+ztdhrbNFATHCGP5dnRd2KCbZNFEntKVGMZxm+GH
eANLuc+JKfyUaILicCAkH8Tv27DPAp50bZi46JgdDmfF
-----END CERTIFICATE-----