Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/7pWVtFmCQ2PTszNoLN851c45cKQ.roa
File:                     7pWVtFmCQ2PTszNoLN851c45cKQ.roa (raw, json)
Hash identifier:          Dcw9mBzq2kuKDVh4XbSA1++dDUQuXC0bJhWrSAYpjJ4=
Subject key identifier:   EE:95:95:B4:59:82:43:63:D3:B3:33:68:2C:DF:39:D5:CE:39:70:A4
Certificate issuer:       /CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
Certificate serial:       018CC8012A0634853D292A5C6D1B27FA8EA1
Authority key identifier: 4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/7pWVtFmCQ2PTszNoLN851c45cKQ.roa
Signing time:             Tue 02 Jan 2024 02:29:28 +0000
ROA not before:           Tue 02 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48422
IP address blocks:        185.93.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:2a:06:34:85:3d:29:2a:5c:6d:1b:27:fa:8e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
        Validity
            Not Before: Jan  2 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee9595b459824363d3b333682cdf39d5ce3970a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ae:81:8b:62:56:79:52:d7:dc:a4:c9:7d:d1:
                    da:6a:59:1f:f3:de:ac:84:af:ce:e7:71:1b:06:de:
                    20:50:36:b3:5e:89:c4:30:92:19:f1:02:0d:98:94:
                    70:e3:77:5a:c1:79:61:95:0d:10:6a:c6:cd:6e:be:
                    f9:03:fb:9b:ce:8e:42:db:b9:e8:c5:33:f8:10:de:
                    09:52:d5:96:dc:77:ec:ef:5e:99:56:3c:c6:e6:1b:
                    20:eb:07:db:d2:35:c6:f7:6a:08:bf:ab:6b:88:0b:
                    7a:e0:eb:75:ac:63:25:3e:be:f0:98:3d:53:25:fa:
                    42:3c:96:ac:35:10:30:95:bf:9c:a7:67:a9:c0:05:
                    41:3d:63:1e:de:ef:49:4c:31:e1:52:20:33:40:2f:
                    b2:ca:8d:3d:db:09:80:13:fc:76:17:c8:b3:fe:6d:
                    d4:8b:3e:1c:fa:1b:57:f4:1f:2c:e4:f0:fd:12:2b:
                    bb:20:d8:2d:e3:1e:d9:67:56:0a:b7:0a:52:bf:29:
                    5b:16:e9:72:c5:2a:9c:90:0d:2b:e2:5d:c7:a0:77:
                    2f:bc:40:db:fa:46:b9:39:fe:dd:ed:91:5e:a4:3d:
                    17:6c:ad:6b:c3:69:0c:d7:37:77:34:5c:4f:90:9e:
                    d7:01:fb:04:44:0e:d9:02:ec:43:d0:cb:2a:13:e4:
                    78:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:95:95:B4:59:82:43:63:D3:B3:33:68:2C:DF:39:D5:CE:39:70:A4
            X509v3 Authority Key Identifier:
                keyid:4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/7pWVtFmCQ2PTszNoLN851c45cKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:60:3c:5a:62:ca:2c:7b:de:95:04:40:b8:2c:db:ee:e5:4f:
         10:ce:d9:04:62:b6:98:37:d5:b7:55:cb:fd:6f:60:f5:d8:e9:
         21:3f:45:f5:20:86:c0:ba:fa:d7:08:11:29:c3:d1:02:86:36:
         86:85:1b:65:c7:e2:ae:41:e6:87:f2:f8:35:88:17:ed:1c:01:
         7c:3b:68:bc:cd:bb:d1:7d:c2:f2:a1:c7:fe:5f:74:0e:9d:b4:
         d3:2b:18:52:f9:c9:eb:cd:d1:c0:d6:5b:a4:ef:97:56:98:9e:
         62:17:f5:e1:59:16:4d:3f:f5:f8:c4:a8:1e:f5:1c:f7:a7:85:
         d6:aa:55:d8:43:80:52:b7:9f:ec:b4:a3:4a:33:22:6f:8c:b5:
         d8:0d:b1:44:b2:6f:cd:39:83:4e:9a:9b:12:78:21:6c:79:09:
         16:ed:dc:2f:b5:6d:17:0b:67:45:44:bd:8e:8b:6d:03:37:a3:
         4c:76:b9:b4:0d:d4:8e:aa:80:5f:f6:84:ed:38:a1:60:63:0a:
         e7:b4:d1:10:a8:06:4e:f6:ab:e1:c6:9f:2b:b3:70:1a:de:05:
         25:65:ed:41:b3:d3:92:71:5e:d2:a9:e8:72:bc:13:3c:ac:5e:
         ed:32:00:4f:e2:87:69:96:1d:b7:5f:e3:8e:d2:c8:ab:9b:a5:
         35:e0:bf:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASoGNIU9KSpcbRsn+o6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWFjNmZlMjAzMWFkZGUwMzY2ODI0MGUzYzVkOTFlYzY3
MTFlMWUwHhcNMjQwMTAyMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTk1OTViNDU5ODI0MzYzZDNiMzMzNjgyY2RmMzlkNWNlMzk3MGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2a6Bi2JWeVLX3KTJfdHaalkf896s
hK/O53EbBt4gUDazXonEMJIZ8QINmJRw43dawXlhlQ0QasbNbr75A/ubzo5C27no
xTP4EN4JUtWW3Hfs716ZVjzG5hsg6wfb0jXG92oIv6triAt64Ot1rGMlPr7wmD1T
JfpCPJasNRAwlb+cp2epwAVBPWMe3u9JTDHhUiAzQC+yyo092wmAE/x2F8iz/m3U
iz4c+htX9B8s5PD9Eiu7INgt4x7ZZ1YKtwpSvylbFulyxSqckA0r4l3HoHcvvEDb
+ka5Of7d7ZFepD0XbK1rw2kM1zd3NFxPkJ7XAfsERA7ZAuxD0MsqE+R4twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6VlbRZgkNj07MzaCzfOdXOOXCkMB8GA1UdIwQY
MBaAFE+axv4gMa3eA2aCQOPF2R7GcR4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTct
NTI4YTYzYmU0Yzg3LzEvN3BXVnRGbUNRMlBUc3pOb0xOODUxYzQ1Y0tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTctNTI4YTYzYmU0Yzg3
LzEvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV24MA0G
CSqGSIb3DQEBCwUAA4IBAQAyYDxaYsose96VBEC4LNvu5U8QztkEYraYN9W3Vcv9
b2D12OkhP0X1IIbAuvrXCBEpw9EChjaGhRtlx+KuQeaH8vg1iBftHAF8O2i8zbvR
fcLyocf+X3QOnbTTKxhS+cnrzdHA1luk75dWmJ5iF/XhWRZNP/X4xKge9Rz3p4XW
qlXYQ4BSt5/stKNKMyJvjLXYDbFEsm/NOYNOmpsSeCFseQkW7dwvtW0XC2dFRL2O
i20DN6NMdrm0DdSOqoBf9oTtOKFgYwrntNEQqAZO9qvhxp8rs3Aa3gUlZe1Bs9OS
cV7SqehyvBM8rF7tMgBP4odplh23X+OO0sirm6U14L9N
-----END CERTIFICATE-----