Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/3c2efb-2292-4c6a-914b-55eb820fd596/1/7JoHMeEL2n3_5qbpl2p0aInl1io.roa
File:                     7JoHMeEL2n3_5qbpl2p0aInl1io.roa (raw, json)
Hash identifier:          F0eAr1RxIu/ibci5QaLMZ5HvriwD8yd3yy9Di8eTxqw=
Subject key identifier:   EC:9A:07:31:E1:0B:DA:7D:FF:E6:A6:E9:97:6A:74:68:89:E5:D6:2A
Certificate issuer:       /CN=669f5c8b9b63ae5e28786eba10a1f6572a60e3fc
Certificate serial:       018CC6B93E316793F749F3BD27351C8D57BE
Authority key identifier: 66:9F:5C:8B:9B:63:AE:5E:28:78:6E:BA:10:A1:F6:57:2A:60:E3:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zp9ci5tjrl4oeG66EKH2Vypg4_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/3c2efb-2292-4c6a-914b-55eb820fd596/1/7JoHMeEL2n3_5qbpl2p0aInl1io.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49875
IP address blocks:        193.104.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/3c2efb-2292-4c6a-914b-55eb820fd596/1/Zp9ci5tjrl4oeG66EKH2Vypg4_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/3c2efb-2292-4c6a-914b-55eb820fd596/1/Zp9ci5tjrl4oeG66EKH2Vypg4_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zp9ci5tjrl4oeG66EKH2Vypg4_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3e:31:67:93:f7:49:f3:bd:27:35:1c:8d:57:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=669f5c8b9b63ae5e28786eba10a1f6572a60e3fc
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec9a0731e10bda7dffe6a6e9976a746889e5d62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3d:41:87:8d:30:7d:f5:1a:f2:bd:5a:ed:b9:
                    07:47:93:9a:0d:15:ee:e3:cf:7d:4e:6d:eb:0b:5e:
                    3a:c9:41:91:47:ef:b7:c4:ef:bc:df:e6:48:a8:f9:
                    75:d4:67:98:88:be:fa:a9:cc:f2:69:46:9c:ee:23:
                    e2:68:90:af:26:a5:65:3b:b3:19:30:31:5f:be:43:
                    e9:42:e2:a9:0f:ba:3b:80:d0:c3:46:90:b3:71:f9:
                    ef:6e:39:e3:ca:ca:73:70:30:68:fd:03:b8:ef:28:
                    7e:1b:44:7b:89:e6:bd:d1:cc:5d:2f:c0:c4:e6:9c:
                    9e:3e:0b:d8:2a:62:d6:ff:2d:81:36:55:27:f7:e4:
                    4d:bd:f5:ea:29:06:de:9f:76:64:b5:ec:4f:19:28:
                    71:ee:85:36:49:2e:60:ea:84:8e:16:37:f3:f8:54:
                    22:93:e8:be:8f:66:46:77:bb:40:4f:16:38:83:39:
                    b4:d8:0f:82:54:23:b3:bf:da:6b:78:22:00:ab:70:
                    4a:1b:1d:9b:49:47:68:69:85:50:53:a4:16:d3:0b:
                    a9:06:0e:ff:8f:f1:ba:0a:4f:fb:c3:dc:61:f2:f7:
                    a7:67:d0:8a:17:dd:d1:5c:cb:15:0f:41:71:70:af:
                    60:da:24:c3:71:5a:b3:f7:d8:34:7f:a5:3c:cb:b6:
                    e9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:9A:07:31:E1:0B:DA:7D:FF:E6:A6:E9:97:6A:74:68:89:E5:D6:2A
            X509v3 Authority Key Identifier:
                keyid:66:9F:5C:8B:9B:63:AE:5E:28:78:6E:BA:10:A1:F6:57:2A:60:E3:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zp9ci5tjrl4oeG66EKH2Vypg4_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/3c2efb-2292-4c6a-914b-55eb820fd596/1/7JoHMeEL2n3_5qbpl2p0aInl1io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/3c2efb-2292-4c6a-914b-55eb820fd596/1/Zp9ci5tjrl4oeG66EKH2Vypg4_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:8e:b3:69:39:51:45:ee:2e:45:c1:ef:46:44:0a:c2:3b:8a:
         dd:b2:b5:c3:a1:44:9b:16:8f:24:f1:c0:f4:22:bf:41:ba:43:
         08:58:46:9e:81:40:c6:0c:c8:e9:d2:f5:2e:83:a8:0c:94:c3:
         76:d6:a5:9a:9f:74:66:27:4d:d2:ba:95:f9:91:13:84:dc:04:
         0f:cc:85:6d:5f:df:db:e6:2b:5b:3e:29:ef:78:4e:88:51:59:
         88:a0:ad:85:04:07:54:73:fb:ed:1f:77:64:e8:aa:db:9f:a0:
         cc:e2:b8:f5:3f:74:ec:0c:2a:f2:ba:1b:7a:63:91:b1:76:c1:
         ba:e3:e2:59:00:70:04:31:2a:b9:2c:96:be:90:de:dd:13:13:
         63:cd:41:a5:5c:41:1f:1f:f4:fb:96:5f:6d:1b:23:15:33:b4:
         90:7a:d8:51:51:ee:49:c8:07:98:23:80:ad:34:ca:f7:16:94:
         7f:40:56:f3:36:b8:bc:f7:4f:a4:2a:bf:cb:55:89:dc:81:ff:
         1b:ed:4b:88:ae:c3:19:c0:27:d9:02:cd:64:dc:e0:5c:94:ff:
         0d:9f:4f:b1:03:37:42:11:32:a9:d5:45:6f:c0:4b:85:30:e9:
         cb:99:5e:8d:03:b6:6e:ed:8c:f5:48:72:17:51:1c:ec:35:4f:
         ca:cb:4d:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT4xZ5P3SfO9JzUcjVe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OWY1YzhiOWI2M2FlNWUyODc4NmViYTEwYTFmNjU3MmE2
MGUzZmMwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzlhMDczMWUxMGJkYTdkZmZlNmE2ZTk5NzZhNzQ2ODg5ZTVkNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhz1Bh40wffUa8r1a7bkHR5OaDRXu
4899Tm3rC146yUGRR++3xO+83+ZIqPl11GeYiL76qczyaUac7iPiaJCvJqVlO7MZ
MDFfvkPpQuKpD7o7gNDDRpCzcfnvbjnjyspzcDBo/QO47yh+G0R7iea90cxdL8DE
5pyePgvYKmLW/y2BNlUn9+RNvfXqKQben3ZktexPGShx7oU2SS5g6oSOFjfz+FQi
k+i+j2ZGd7tATxY4gzm02A+CVCOzv9preCIAq3BKGx2bSUdoaYVQU6QW0wupBg7/
j/G6Ck/7w9xh8venZ9CKF93RXMsVD0FxcK9g2iTDcVqz99g0f6U8y7bpawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyaBzHhC9p9/+am6ZdqdGiJ5dYqMB8GA1UdIwQY
MBaAFGafXIubY65eKHhuuhCh9lcqYOP8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnA5Y2k1dGpybDRvZUc2NkVLSDJWeXBnNF93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8zYzJlZmItMjI5Mi00YzZhLTkxNGIt
NTVlYjgyMGZkNTk2LzEvN0pvSE1lRUwybjNfNXFicGwycDBhSW5sMWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8zYzJlZmItMjI5Mi00YzZhLTkxNGItNTVlYjgyMGZkNTk2
LzEvWnA5Y2k1dGpybDRvZUc2NkVLSDJWeXBnNF93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWgNMA0G
CSqGSIb3DQEBCwUAA4IBAQA6jrNpOVFF7i5Fwe9GRArCO4rdsrXDoUSbFo8k8cD0
Ir9BukMIWEaegUDGDMjp0vUug6gMlMN21qWan3RmJ03SupX5kROE3AQPzIVtX9/b
5itbPinveE6IUVmIoK2FBAdUc/vtH3dk6Krbn6DM4rj1P3TsDCryuht6Y5GxdsG6
4+JZAHAEMSq5LJa+kN7dExNjzUGlXEEfH/T7ll9tGyMVM7SQethRUe5JyAeYI4Ct
NMr3FpR/QFbzNri890+kKr/LVYncgf8b7UuIrsMZwCfZAs1k3OBclP8Nn0+xAzdC
ETKp1UVvwEuFMOnLmV6NA7Zu7Yz1SHIXURzsNU/Ky02Q
-----END CERTIFICATE-----