Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/eca01c-5232-47c5-b014-5b132f7d3b49/1/E7etnJ7PhSPtjum5y5SICdQLuKs.roa
File:                     E7etnJ7PhSPtjum5y5SICdQLuKs.roa (raw, json)
Hash identifier:          QbIgbUgEBSklsRQD/taN5eGjcuATDl8V3Yb+MmhiTIg=
Subject key identifier:   13:B7:AD:9C:9E:CF:85:23:ED:8E:E9:B9:CB:94:88:09:D4:0B:B8:AB
Certificate issuer:       /CN=d2dd4ddd536f18a872cbac15e589542aedcd0737
Certificate serial:       018CC801C7AB716660BCCC88F6FF9B32C97C
Authority key identifier: D2:DD:4D:DD:53:6F:18:A8:72:CB:AC:15:E5:89:54:2A:ED:CD:07:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0t1N3VNvGKhyy6wV5YlUKu3NBzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/eca01c-5232-47c5-b014-5b132f7d3b49/1/E7etnJ7PhSPtjum5y5SICdQLuKs.roa
Signing time:             Tue 02 Jan 2024 02:30:09 +0000
ROA not before:           Tue 02 Jan 2024 02:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58121
IP address blocks:        193.176.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/eca01c-5232-47c5-b014-5b132f7d3b49/1/0t1N3VNvGKhyy6wV5YlUKu3NBzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/eca01c-5232-47c5-b014-5b132f7d3b49/1/0t1N3VNvGKhyy6wV5YlUKu3NBzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0t1N3VNvGKhyy6wV5YlUKu3NBzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c7:ab:71:66:60:bc:cc:88:f6:ff:9b:32:c9:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2dd4ddd536f18a872cbac15e589542aedcd0737
        Validity
            Not Before: Jan  2 02:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13b7ad9c9ecf8523ed8ee9b9cb948809d40bb8ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:37:73:dc:27:7c:9c:92:11:3d:5a:ce:87:a6:
                    b1:c2:24:66:f7:31:6d:f2:40:7a:7e:4b:58:4c:91:
                    56:0f:ef:ad:73:bd:33:89:5f:08:35:39:a1:58:d9:
                    60:34:b2:1c:20:54:f7:bd:67:a3:3f:a4:40:58:3d:
                    66:d0:d0:73:5c:64:8c:52:67:b1:ac:75:2f:e7:74:
                    3c:4f:59:a5:ad:ba:fe:e0:21:02:94:48:d4:a8:63:
                    1d:61:91:c9:78:22:6e:14:eb:d3:6b:f5:df:58:32:
                    8c:49:4b:fb:a9:8d:d9:91:e5:01:32:2b:bf:ab:d3:
                    15:3e:8d:a6:00:06:58:f1:36:f6:12:f1:ac:20:0d:
                    1b:c0:5f:43:dd:8e:38:0d:08:fe:3e:73:ff:37:28:
                    09:2a:da:3b:85:8c:78:7b:fa:38:0f:97:9d:14:1b:
                    2d:6c:e5:3d:7f:a0:c2:ae:54:ff:62:75:4c:57:b5:
                    40:47:c9:4f:8d:77:f1:e3:64:73:43:45:f2:f9:1e:
                    fc:24:4a:7f:dc:ea:fc:6d:d5:62:db:4b:86:c0:37:
                    a5:30:18:d8:ac:ab:dd:35:ae:f5:be:1b:2f:c4:ae:
                    f6:ff:9d:66:92:94:f3:27:76:65:2d:fd:bc:b1:a1:
                    74:6e:f9:eb:24:7e:62:63:88:4c:14:d7:21:0f:50:
                    46:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B7:AD:9C:9E:CF:85:23:ED:8E:E9:B9:CB:94:88:09:D4:0B:B8:AB
            X509v3 Authority Key Identifier:
                keyid:D2:DD:4D:DD:53:6F:18:A8:72:CB:AC:15:E5:89:54:2A:ED:CD:07:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0t1N3VNvGKhyy6wV5YlUKu3NBzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/eca01c-5232-47c5-b014-5b132f7d3b49/1/E7etnJ7PhSPtjum5y5SICdQLuKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/eca01c-5232-47c5-b014-5b132f7d3b49/1/0t1N3VNvGKhyy6wV5YlUKu3NBzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:b3:a2:ee:af:b9:b0:af:0f:a6:e8:7f:ce:c6:cc:0f:43:e9:
         7b:b9:05:3c:d5:f9:93:5c:c2:1d:80:56:11:cf:7a:7b:bf:6e:
         9e:c2:d5:a6:dd:ca:5f:91:84:30:31:30:ce:15:40:d0:0e:27:
         02:2b:e0:7f:bf:38:af:6f:77:66:6c:18:b4:ef:15:c8:85:af:
         0a:ff:86:cb:3d:92:28:15:d1:25:fa:75:fb:3b:67:84:6a:5b:
         28:35:5d:de:9a:f4:d9:e3:8c:46:a8:a4:4e:e9:bb:5f:27:82:
         e4:a7:84:50:3d:a7:32:91:d6:69:33:b0:a0:57:97:c3:8f:30:
         f3:d5:f0:40:94:46:25:53:c9:6f:7c:48:e6:0a:d7:f9:0b:88:
         d5:e0:6a:d8:7c:05:7f:bf:98:ff:3f:a6:1d:9e:fe:b7:6b:e6:
         8d:5e:36:cc:48:ea:44:23:58:0d:23:12:63:c7:31:54:20:f2:
         c4:2c:9a:8b:22:92:e2:49:fb:90:bf:2d:72:ba:b0:cf:86:9c:
         48:bf:5a:17:b2:60:e9:ed:ef:2a:96:5c:b2:eb:a7:f1:39:23:
         2f:43:b7:67:19:7e:79:73:af:98:c1:19:65:77:d8:a8:07:1d:
         09:be:22:02:b7:fe:ac:67:93:4d:5a:72:af:72:0b:b9:f9:3b:
         74:3e:a5:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcercWZgvMyI9v+bMsl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZGQ0ZGRkNTM2ZjE4YTg3MmNiYWMxNWU1ODk1NDJhZWRj
ZDA3MzcwHhcNMjQwMTAyMDIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2I3YWQ5YzllY2Y4NTIzZWQ4ZWU5YjljYjk0ODgwOWQ0MGJiOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDdz3Cd8nJIRPVrOh6axwiRm9zFt
8kB6fktYTJFWD++tc70ziV8INTmhWNlgNLIcIFT3vWejP6RAWD1m0NBzXGSMUmex
rHUv53Q8T1mlrbr+4CEClEjUqGMdYZHJeCJuFOvTa/XfWDKMSUv7qY3ZkeUBMiu/
q9MVPo2mAAZY8Tb2EvGsIA0bwF9D3Y44DQj+PnP/NygJKto7hYx4e/o4D5edFBst
bOU9f6DCrlT/YnVMV7VAR8lPjXfx42RzQ0Xy+R78JEp/3Or8bdVi20uGwDelMBjY
rKvdNa71vhsvxK72/51mkpTzJ3ZlLf28saF0bvnrJH5iY4hMFNchD1BGmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBO3rZyez4Uj7Y7pucuUiAnUC7irMB8GA1UdIwQY
MBaAFNLdTd1TbxiocsusFeWJVCrtzQc3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHQxTjNWTnZHS2h5eTZ3VjVZbFVLdTNOQnpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9lY2EwMWMtNTIzMi00N2M1LWIwMTQt
NWIxMzJmN2QzYjQ5LzEvRTdldG5KN1BoU1B0anVtNXk1U0lDZFFMdUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9lY2EwMWMtNTIzMi00N2M1LWIwMTQtNWIxMzJmN2QzYjQ5
LzEvMHQxTjNWTnZHS2h5eTZ3VjVZbFVLdTNOQnpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbBhMA0G
CSqGSIb3DQEBCwUAA4IBAQCjs6Lur7mwrw+m6H/OxswPQ+l7uQU81fmTXMIdgFYR
z3p7v26ewtWm3cpfkYQwMTDOFUDQDicCK+B/vzivb3dmbBi07xXIha8K/4bLPZIo
FdEl+nX7O2eEalsoNV3emvTZ44xGqKRO6btfJ4Lkp4RQPacykdZpM7CgV5fDjzDz
1fBAlEYlU8lvfEjmCtf5C4jV4GrYfAV/v5j/P6Ydnv63a+aNXjbMSOpEI1gNIxJj
xzFUIPLELJqLIpLiSfuQvy1yurDPhpxIv1oXsmDp7e8qllyy66fxOSMvQ7dnGX55
c6+YwRlld9ioBx0JviICt/6sZ5NNWnKvcgu5+Tt0PqUn
-----END CERTIFICATE-----