Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/7eCHg_CxfIicy1asNWcFPcZwhwQ.roa
File:                     7eCHg_CxfIicy1asNWcFPcZwhwQ.roa (raw, json)
Hash identifier:          8Flba4SsFMQ9YrVfDk1W99QwUJ6IlVMAwbRAbMSrGSo=
Subject key identifier:   ED:E0:87:83:F0:B1:7C:88:9C:CB:56:AC:35:67:05:3D:C6:70:87:04
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019223EBCC72161FCC235A716C933BEEF037
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/7eCHg_CxfIicy1asNWcFPcZwhwQ.roa
Signing time:             Tue 24 Sep 2024 12:05:08 +0000
ROA not before:           Tue 24 Sep 2024 12:05:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        188.95.67.0/24 maxlen: 24
                          194.41.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:eb:cc:72:16:1f:cc:23:5a:71:6c:93:3b:ee:f0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Sep 24 12:05:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ede08783f0b17c889ccb56ac3567053dc6708704
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f4:66:6d:78:36:d3:15:c5:c5:90:ab:20:6e:
                    33:3a:73:ed:d3:60:b1:41:b4:f4:e3:5e:56:97:d4:
                    11:f7:7a:54:eb:e6:81:55:77:d4:c3:32:48:aa:ed:
                    bd:a9:6d:a0:04:75:a1:85:61:23:b4:fe:3d:a2:ea:
                    0f:d0:ca:50:e5:4a:55:94:69:fd:bd:e9:83:a0:c8:
                    a2:bd:b3:6e:34:4c:aa:ab:a3:44:53:09:e8:b6:5d:
                    28:df:73:7e:06:a0:87:8d:94:5a:a9:f7:d6:d5:21:
                    e9:5e:54:f1:bc:ac:d2:90:4a:25:e7:04:e1:fa:25:
                    11:07:c5:b7:00:92:91:59:74:e1:86:e6:07:07:16:
                    96:e1:2b:d3:51:71:82:3f:83:c4:cc:a7:60:03:90:
                    71:c3:88:92:1e:7c:09:c3:04:cf:b4:11:b7:66:fa:
                    61:98:4a:fa:25:3f:2f:79:33:10:c8:c3:8b:27:47:
                    8e:ae:1e:29:49:11:f5:55:6e:41:6e:a5:04:e5:65:
                    90:77:9b:08:cc:de:41:1e:ce:e3:6c:2b:ec:c9:85:
                    6f:2d:ff:1a:a5:41:d3:f3:67:3a:d5:c2:02:57:3c:
                    29:b6:55:2b:ef:02:68:72:82:82:92:4d:34:9c:ea:
                    44:35:c0:7f:fc:d2:cf:c1:71:2f:de:28:c1:37:d2:
                    f5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E0:87:83:F0:B1:7C:88:9C:CB:56:AC:35:67:05:3D:C6:70:87:04
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/7eCHg_CxfIicy1asNWcFPcZwhwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.67.0/24
                  194.41.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:cb:52:3b:f2:e4:09:5e:36:3e:f5:69:7c:d2:b8:40:f2:e9:
         00:c5:84:6f:bc:94:2b:6d:b6:73:a2:4f:6c:f8:64:10:fb:5f:
         d5:55:61:01:2a:dc:87:ef:04:ab:a1:ed:8e:34:26:16:53:f9:
         cd:4d:2c:9d:e6:c2:57:8b:d4:70:79:27:fd:bd:e3:6e:cc:df:
         be:a0:26:bd:bc:4a:80:4b:dd:10:bc:51:a8:09:2e:da:c3:fe:
         e9:0b:a1:7c:12:54:26:c6:8d:13:d1:3e:b7:dd:1c:20:8e:63:
         3f:26:2e:3e:b8:33:0c:e7:9a:9e:48:7b:49:6e:75:1e:a8:53:
         cc:d8:a9:88:3a:88:a9:b6:8d:65:8f:dc:ef:25:71:b8:8e:ed:
         3b:15:6d:97:0e:91:c8:6d:9f:0a:fe:be:81:fb:66:72:0f:fe:
         15:9d:fc:c2:2f:c7:c8:f9:c0:a7:7a:a4:6b:d8:b7:8c:0f:cf:
         68:6c:f4:1e:1c:b7:27:82:9d:b6:cc:6f:06:76:35:6c:79:13:
         b9:c8:3e:1a:b4:d6:92:b9:85:87:7d:a4:a1:59:42:a9:8c:64:
         25:81:2c:78:a4:24:a5:6e:92:27:91:3c:e6:c1:1e:14:c3:96:
         3d:b3:c1:f4:19:ac:52:cc:d2:5e:12:e8:6e:97:b4:a0:25:54:
         eb:e1:23:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIj68xyFh/MI1pxbJM77vA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwOTI0MTIwNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGUwODc4M2YwYjE3Yzg4OWNjYjU2YWMzNTY3MDUzZGM2NzA4NzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvRmbXg20xXFxZCrIG4zOnPt02Cx
QbT0415Wl9QR93pU6+aBVXfUwzJIqu29qW2gBHWhhWEjtP49ouoP0MpQ5UpVlGn9
vemDoMiivbNuNEyqq6NEUwnotl0o33N+BqCHjZRaqffW1SHpXlTxvKzSkEol5wTh
+iURB8W3AJKRWXThhuYHBxaW4SvTUXGCP4PEzKdgA5Bxw4iSHnwJwwTPtBG3Zvph
mEr6JT8veTMQyMOLJ0eOrh4pSRH1VW5BbqUE5WWQd5sIzN5BHs7jbCvsyYVvLf8a
pUHT82c61cICVzwptlUr7wJocoKCkk00nOpENcB//NLPwXEv3ijBN9L1HwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO3gh4PwsXyInMtWrDVnBT3GcIcEMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvN2VDSGdfQ3hmSWljeTFhc05XY0ZQY1p3aHdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvF9DAwQC
wilwMA0GCSqGSIb3DQEBCwUAA4IBAQBry1I78uQJXjY+9Wl80rhA8ukAxYRvvJQr
bbZzok9s+GQQ+1/VVWEBKtyH7wSroe2ONCYWU/nNTSyd5sJXi9RweSf9veNuzN++
oCa9vEqAS90QvFGoCS7aw/7pC6F8ElQmxo0T0T633RwgjmM/Ji4+uDMM55qeSHtJ
bnUeqFPM2KmIOoipto1lj9zvJXG4ju07FW2XDpHIbZ8K/r6B+2ZyD/4VnfzCL8fI
+cCneqRr2LeMD89obPQeHLcngp22zG8GdjVseRO5yD4atNaSuYWHfaShWUKpjGQl
gSx4pCSlbpInkTzmwR4Uw5Y9s8H0GaxSzNJeEuhul7SgJVTr4SNe
-----END CERTIFICATE-----