Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/f7oZVf__v40TAA7E1bB7j6bBCUY.roa
File:                     f7oZVf__v40TAA7E1bB7j6bBCUY.roa (raw, json)
Hash identifier:          zDlsskvXYmJMBvTtBlyOgI0K0MsJjoPnMRrxFsk0pwU=
Subject key identifier:   7F:BA:19:55:FF:FF:BF:8D:13:00:0E:C4:D5:B0:7B:8F:A6:C1:09:46
Certificate issuer:       /CN=ea583d61f2e57a6b16ea4b1a9ca27bb250d748ef
Certificate serial:       018CC5DC12243EC4AF326DD14F2CDC7B261F
Authority key identifier: EA:58:3D:61:F2:E5:7A:6B:16:EA:4B:1A:9C:A2:7B:B2:50:D7:48:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/f7oZVf__v40TAA7E1bB7j6bBCUY.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29551
IP address blocks:        193.25.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:12:24:3e:c4:af:32:6d:d1:4f:2c:dc:7b:26:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea583d61f2e57a6b16ea4b1a9ca27bb250d748ef
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fba1955ffffbf8d13000ec4d5b07b8fa6c10946
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:06:24:48:63:dd:de:f4:ba:21:da:f6:15:34:
                    5c:9c:80:6a:e7:fb:0e:89:07:f3:ec:a6:a7:a2:b3:
                    8c:c0:93:8f:0f:09:6d:d9:b8:79:04:e2:3d:b9:1c:
                    74:39:e0:77:eb:af:76:23:66:5a:75:8f:3b:bb:5e:
                    10:de:95:9f:09:27:8e:c5:de:39:dd:03:fd:47:36:
                    ec:fd:24:d1:0c:10:8f:db:6e:41:2b:23:9d:ff:24:
                    13:d0:42:85:dd:98:0b:27:e6:cf:0f:f7:e8:cf:44:
                    df:01:16:0b:dc:1e:80:22:b3:2c:a5:f8:5b:0d:01:
                    f2:16:7f:3a:34:1d:c6:dc:9b:55:b9:2c:f0:3a:99:
                    ab:b5:1e:ef:2e:a9:0e:9d:51:d6:f9:e9:b6:27:5f:
                    14:0f:89:d5:0a:8d:7b:e0:fb:72:89:63:40:c7:24:
                    99:44:f7:fe:13:74:c5:8e:95:c7:b1:ab:28:a4:2f:
                    78:4d:ba:77:7d:75:00:b5:72:49:a2:55:27:70:bd:
                    dd:8c:c6:82:65:fc:60:7b:bd:9e:78:4f:05:30:d3:
                    84:ff:bb:18:99:f8:c9:81:a0:30:05:ea:c6:7e:53:
                    c3:f1:f3:12:59:db:60:05:06:2b:16:6e:b1:0c:8f:
                    f5:4e:58:4b:06:46:95:42:46:0f:d3:d6:76:56:d2:
                    43:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:BA:19:55:FF:FF:BF:8D:13:00:0E:C4:D5:B0:7B:8F:A6:C1:09:46
            X509v3 Authority Key Identifier:
                keyid:EA:58:3D:61:F2:E5:7A:6B:16:EA:4B:1A:9C:A2:7B:B2:50:D7:48:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lg9YfLlemsW6ksanKJ7slDXSO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/f7oZVf__v40TAA7E1bB7j6bBCUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6f5128-7cba-49c5-9b25-99c1b0cfc3a8/1/6lg9YfLlemsW6ksanKJ7slDXSO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:5d:ed:13:0b:98:28:02:2b:90:40:d1:11:f0:34:04:fd:f9:
         c1:47:db:6a:24:e4:63:cf:c9:87:1b:77:db:64:a7:fd:a2:95:
         2a:29:94:a8:79:e9:1a:af:cf:73:68:58:68:46:f3:83:b1:c2:
         32:64:bb:1f:af:c7:7c:c3:ec:21:85:a2:76:3e:bf:b7:68:8b:
         80:09:72:9f:b6:25:12:00:a8:ec:f5:ee:e2:6a:47:ad:1a:cf:
         4b:45:6b:8a:ae:b8:05:0a:59:09:4c:28:d0:1d:5a:4a:93:d6:
         2c:e3:c3:7a:08:5f:78:74:f7:0c:fd:aa:ce:dc:e6:80:64:1e:
         97:61:41:db:87:7c:0f:42:89:a2:98:96:c6:44:06:e8:c0:3f:
         55:57:78:e5:25:33:0c:f2:df:e1:7c:69:34:b0:74:24:01:a9:
         3f:78:3c:59:e2:8b:7c:ac:e7:dd:5a:27:19:d7:4e:af:13:89:
         c4:28:b3:de:89:bd:11:a2:66:5b:37:9e:b9:d0:f9:fd:78:4a:
         18:1e:88:7b:8e:ee:ed:1d:84:70:6c:2a:b5:0e:ad:91:3f:38:
         87:25:3f:7f:ea:a7:de:94:29:bc:e5:56:fa:9f:72:d6:c3:01:
         c1:86:9f:35:cb:12:d1:04:a9:19:16:5f:88:bf:ed:88:a7:32:
         08:7a:5f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BIkPsSvMm3RTyzceyYfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTgzZDYxZjJlNTdhNmIxNmVhNGIxYTljYTI3YmIyNTBk
NzQ4ZWYwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmJhMTk1NWZmZmZiZjhkMTMwMDBlYzRkNWIwN2I4ZmE2YzEwOTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwYkSGPd3vS6Idr2FTRcnIBq5/sO
iQfz7KanorOMwJOPDwlt2bh5BOI9uRx0OeB36692I2ZadY87u14Q3pWfCSeOxd45
3QP9Rzbs/STRDBCP225BKyOd/yQT0EKF3ZgLJ+bPD/foz0TfARYL3B6AIrMspfhb
DQHyFn86NB3G3JtVuSzwOpmrtR7vLqkOnVHW+em2J18UD4nVCo174PtyiWNAxySZ
RPf+E3TFjpXHsasopC94Tbp3fXUAtXJJolUncL3djMaCZfxge72eeE8FMNOE/7sY
mfjJgaAwBerGflPD8fMSWdtgBQYrFm6xDI/1TlhLBkaVQkYP09Z2VtJD1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+6GVX//7+NEwAOxNWwe4+mwQlGMB8GA1UdIwQY
MBaAFOpYPWHy5XprFupLGpyie7JQ10jvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxnOVlmTGxlbXNXNmtzYW5LSjdzbERYU084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82ZjUxMjgtN2NiYS00OWM1LTliMjUt
OTljMWIwY2ZjM2E4LzEvZjdvWlZmX192NDBUQUE3RTFiQjdqNmJCQ1VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82ZjUxMjgtN2NiYS00OWM1LTliMjUtOTljMWIwY2ZjM2E4
LzEvNmxnOVlmTGxlbXNXNmtzYW5LSjdzbERYU084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmtMA0G
CSqGSIb3DQEBCwUAA4IBAQC9Xe0TC5goAiuQQNER8DQE/fnBR9tqJORjz8mHG3fb
ZKf9opUqKZSoeekar89zaFhoRvODscIyZLsfr8d8w+whhaJ2Pr+3aIuACXKftiUS
AKjs9e7iaketGs9LRWuKrrgFClkJTCjQHVpKk9Ys48N6CF94dPcM/arO3OaAZB6X
YUHbh3wPQomimJbGRAbowD9VV3jlJTMM8t/hfGk0sHQkAak/eDxZ4ot8rOfdWicZ
106vE4nEKLPeib0RomZbN5650Pn9eEoYHoh7ju7tHYRwbCq1Dq2RPziHJT9/6qfe
lCm85Vb6n3LWwwHBhp81yxLRBKkZFl+Iv+2IpzIIel8J
-----END CERTIFICATE-----