Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/74aa3a-473d-4fb5-9038-81d1304faf76/1/dB1InVD6nlvzQYiukDeSw4rUpH0.roa
File:                     dB1InVD6nlvzQYiukDeSw4rUpH0.roa (raw, json)
Hash identifier:          /XV0dsyjhksi3jpGkc8OSwyw8P0aAjZdoncQBDZ7jtU=
Subject key identifier:   74:1D:48:9D:50:FA:9E:5B:F3:41:88:AE:90:37:92:C3:8A:D4:A4:7D
Certificate issuer:       /CN=a2382e2e54b60f1f68f85c984da1a69631c52ca8
Certificate serial:       01931B9F57A09E701038B29C9C7E72C94623
Authority key identifier: A2:38:2E:2E:54:B6:0F:1F:68:F8:5C:98:4D:A1:A6:96:31:C5:2C:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ojguLlS2Dx9o-FyYTaGmljHFLKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/74aa3a-473d-4fb5-9038-81d1304faf76/1/dB1InVD6nlvzQYiukDeSw4rUpH0.roa
Signing time:             Mon 11 Nov 2024 14:27:27 +0000
ROA not before:           Mon 11 Nov 2024 14:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        193.192.12.0/26 maxlen: 26
                          2001:7f8:130::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/74aa3a-473d-4fb5-9038-81d1304faf76/1/ojguLlS2Dx9o-FyYTaGmljHFLKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/74aa3a-473d-4fb5-9038-81d1304faf76/1/ojguLlS2Dx9o-FyYTaGmljHFLKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ojguLlS2Dx9o-FyYTaGmljHFLKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1b:9f:57:a0:9e:70:10:38:b2:9c:9c:7e:72:c9:46:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2382e2e54b60f1f68f85c984da1a69631c52ca8
        Validity
            Not Before: Nov 11 14:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=741d489d50fa9e5bf34188ae903792c38ad4a47d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:54:f3:88:9a:90:ed:95:e4:7a:41:be:65:7f:
                    91:41:72:bf:e4:6e:02:31:19:84:6d:16:91:ad:4b:
                    3c:dd:59:bc:b9:34:92:25:6d:c5:7a:5c:c3:00:38:
                    52:8a:54:db:26:50:84:79:ab:72:54:75:0a:3f:5f:
                    b7:fc:ef:91:1b:62:ba:38:e9:b7:e8:f2:fa:a0:90:
                    e6:10:38:98:e9:19:8e:b9:63:0a:79:38:40:1b:78:
                    04:3d:85:86:38:94:58:f7:3f:a8:e5:3b:c6:cb:5a:
                    7a:f4:28:e2:eb:66:65:8a:08:58:3a:09:1e:b9:db:
                    27:76:b9:63:03:15:d1:90:c0:7b:9d:56:ef:40:51:
                    02:47:80:f5:14:a1:56:c5:ea:84:d9:37:e2:fe:1b:
                    e3:d5:16:72:8a:64:39:45:fa:20:99:b9:ad:19:7b:
                    f2:df:4b:ca:52:03:7d:6e:67:0b:ef:57:24:ac:19:
                    05:e1:80:e9:98:8c:04:98:9b:5c:98:a7:2d:41:80:
                    de:a5:50:63:b3:33:06:82:f7:16:43:32:83:b3:4b:
                    52:d0:00:2a:95:08:e0:2c:78:f7:e4:67:c0:4c:56:
                    d7:4a:ed:54:7f:4f:60:a8:2c:79:59:7a:e0:7b:9d:
                    84:09:78:8e:5a:b2:38:5b:97:ed:b1:a0:da:df:7f:
                    83:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1D:48:9D:50:FA:9E:5B:F3:41:88:AE:90:37:92:C3:8A:D4:A4:7D
            X509v3 Authority Key Identifier:
                keyid:A2:38:2E:2E:54:B6:0F:1F:68:F8:5C:98:4D:A1:A6:96:31:C5:2C:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ojguLlS2Dx9o-FyYTaGmljHFLKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/74aa3a-473d-4fb5-9038-81d1304faf76/1/dB1InVD6nlvzQYiukDeSw4rUpH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/74aa3a-473d-4fb5-9038-81d1304faf76/1/ojguLlS2Dx9o-FyYTaGmljHFLKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.12.0/26
                IPv6:
                  2001:7f8:130::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:3c:93:53:36:10:44:b0:ea:31:17:aa:63:4e:d6:4a:c0:ac:
         a8:b3:21:d7:3f:dc:d8:1d:6f:2c:2c:d8:12:fb:04:fa:28:ac:
         7a:c6:f5:d0:c3:eb:24:0c:65:48:74:21:9e:f7:5a:9c:c3:76:
         88:e8:fe:ea:8b:6f:7e:6f:e1:b5:01:22:7d:4c:f5:a7:fb:53:
         11:25:8c:ff:ef:e3:64:32:f8:72:f9:3b:ed:5c:09:34:38:93:
         91:34:fd:33:90:31:d8:a0:50:eb:58:c0:43:70:ce:c7:3f:e0:
         6e:42:d8:b6:1c:98:2a:25:8d:a5:0f:f3:31:b6:53:3f:d6:09:
         1d:0f:4c:91:bc:8d:9b:0c:1e:40:fb:b0:fc:f3:81:6f:ac:7e:
         d0:ca:4b:6d:8c:f5:83:4c:ea:99:62:45:03:02:2b:fd:7d:35:
         b2:ed:5f:f8:77:67:f4:28:53:17:f4:02:27:b0:d3:e9:db:05:
         30:a3:1f:64:95:35:a3:18:87:48:a7:22:e7:dc:da:eb:86:60:
         27:44:66:24:33:19:9d:a0:6e:d8:d5:de:b5:27:ae:8e:27:e1:
         71:e3:16:3b:61:f4:28:8a:8f:f9:5d:32:f6:9a:bc:7c:4b:b7:
         71:08:18:0b:e3:a2:de:d4:07:51:9f:04:40:2a:16:31:3b:47:
         46:ae:6c:5d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZMbn1egnnAQOLKcnH5yyUYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMzgyZTJlNTRiNjBmMWY2OGY4NWM5ODRkYTFhNjk2MzFj
NTJjYTgwHhcNMjQxMTExMTQyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDFkNDg5ZDUwZmE5ZTViZjM0MTg4YWU5MDM3OTJjMzhhZDRhNDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1TziJqQ7ZXkekG+ZX+RQXK/5G4C
MRmEbRaRrUs83Vm8uTSSJW3FelzDADhSilTbJlCEeatyVHUKP1+3/O+RG2K6OOm3
6PL6oJDmEDiY6RmOuWMKeThAG3gEPYWGOJRY9z+o5TvGy1p69Cji62ZlighYOgke
udsndrljAxXRkMB7nVbvQFECR4D1FKFWxeqE2Tfi/hvj1RZyimQ5RfogmbmtGXvy
30vKUgN9bmcL71ckrBkF4YDpmIwEmJtcmKctQYDepVBjszMGgvcWQzKDs0tS0AAq
lQjgLHj35GfATFbXSu1Uf09gqCx5WXrge52ECXiOWrI4W5ftsaDa33+DcQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHQdSJ1Q+p5b80GIrpA3ksOK1KR9MB8GA1UdIwQY
MBaAFKI4Li5Utg8faPhcmE2hppYxxSyoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2pndUxsUzJEeDlvLUZ5WVRhR21sakhGTEtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83NGFhM2EtNDczZC00ZmI1LTkwMzgt
ODFkMTMwNGZhZjc2LzEvZEIxSW5WRDZubHZ6UVlpdWtEZVN3NHJVcEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83NGFhM2EtNDczZC00ZmI1LTkwMzgtODFkMTMwNGZhZjc2
LzEvb2pndUxsUzJEeDlvLUZ5WVRhR21sakhGTEtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUGwcAMADAP
BAIAAjAJAwcAIAEH+AEwMA0GCSqGSIb3DQEBCwUAA4IBAQAJPJNTNhBEsOoxF6pj
TtZKwKyosyHXP9zYHW8sLNgS+wT6KKx6xvXQw+skDGVIdCGe91qcw3aI6P7qi29+
b+G1ASJ9TPWn+1MRJYz/7+NkMvhy+TvtXAk0OJORNP0zkDHYoFDrWMBDcM7HP+Bu
Qti2HJgqJY2lD/MxtlM/1gkdD0yRvI2bDB5A+7D884FvrH7QykttjPWDTOqZYkUD
Aiv9fTWy7V/4d2f0KFMX9AInsNPp2wUwox9klTWjGIdIpyLn3NrrhmAnRGYkMxmd
oG7Y1d61J66OJ+Fx4xY7YfQoio/5XTL2mrx8S7dxCBgL46Le1AdRnwRAKhYxO0dG
rmxd
-----END CERTIFICATE-----