Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/x4sMBIZ3o_BkuMkceMycI9PX-WU.roa
File:                     x4sMBIZ3o_BkuMkceMycI9PX-WU.roa (raw, json)
Hash identifier:          6kHRLg/Y+1a7hTtCiJr182tr3blVh7GFhxEOzGJOXbc=
Subject key identifier:   C7:8B:0C:04:86:77:A3:F0:64:B8:C9:1C:78:CC:9C:23:D3:D7:F9:65
Certificate issuer:       /CN=7a05ea59805f94be185282039bbae2fa8a9253f5
Certificate serial:       018CC6B7D55698802644B252405A8E90AEC9
Authority key identifier: 7A:05:EA:59:80:5F:94:BE:18:52:82:03:9B:BA:E2:FA:8A:92:53:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/x4sMBIZ3o_BkuMkceMycI9PX-WU.roa
Signing time:             Mon 01 Jan 2024 20:29:45 +0000
ROA not before:           Mon 01 Jan 2024 20:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39479
IP address blocks:        213.187.10.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d5:56:98:80:26:44:b2:52:40:5a:8e:90:ae:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a05ea59805f94be185282039bbae2fa8a9253f5
        Validity
            Not Before: Jan  1 20:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c78b0c048677a3f064b8c91c78cc9c23d3d7f965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a1:7c:d5:fe:7c:f7:7e:48:5a:cd:5d:73:3b:
                    4b:aa:7a:2e:22:88:cd:d9:e6:1c:49:da:b0:45:8b:
                    c7:b3:88:70:e0:0f:54:9f:2e:c5:6d:fb:af:41:0c:
                    a6:82:4c:6a:a9:b7:02:f4:9c:d8:69:37:5c:e3:ac:
                    63:d7:3b:4f:a6:5e:b4:3c:a5:95:d0:d0:06:d3:9d:
                    63:21:f0:6f:5c:00:99:1e:1f:ae:86:93:25:10:7c:
                    e3:7c:74:0e:14:95:2d:7e:cb:7e:89:84:80:71:7b:
                    1f:12:fb:41:95:52:c5:91:af:c3:b1:9a:7b:4a:70:
                    10:9c:6b:53:98:fe:42:dd:e3:eb:97:46:19:b3:e5:
                    e7:97:28:91:83:01:d0:54:8b:97:ea:1b:be:05:44:
                    ba:d1:82:62:19:7b:88:09:1a:97:30:e0:b4:eb:bb:
                    4c:f3:d4:d9:9f:de:91:64:10:c8:1f:99:6e:84:08:
                    bb:d3:f4:53:d2:d2:8c:f0:f3:16:a2:a2:db:3b:b4:
                    68:bb:2b:8e:60:b8:48:65:ef:60:4e:1c:7d:cb:67:
                    ba:ad:63:a2:3c:b5:1a:a6:39:b0:95:34:95:d0:e4:
                    93:20:3f:b7:cc:1f:0d:27:ac:95:58:ad:61:07:45:
                    67:e4:89:eb:6f:82:18:e4:7a:4b:81:c7:25:59:52:
                    b6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8B:0C:04:86:77:A3:F0:64:B8:C9:1C:78:CC:9C:23:D3:D7:F9:65
            X509v3 Authority Key Identifier:
                keyid:7A:05:EA:59:80:5F:94:BE:18:52:82:03:9B:BA:E2:FA:8A:92:53:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egXqWYBflL4YUoIDm7ri-oqSU_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/x4sMBIZ3o_BkuMkceMycI9PX-WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/cf24bd-c15b-484c-9732-04b3813f3b3d/1/egXqWYBflL4YUoIDm7ri-oqSU_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.187.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:da:bc:9d:a3:e0:59:d6:93:74:51:84:85:4d:b1:c9:61:51:
         0e:57:3d:f0:14:64:90:c1:57:76:f2:c8:9b:fc:92:bd:27:90:
         9b:83:e9:6a:e4:0a:cc:92:3f:e5:db:4e:47:fb:71:aa:5f:bf:
         f7:d7:af:0d:a9:a8:13:74:62:bd:b3:ba:ce:4c:1a:54:32:f1:
         1c:d5:9d:76:c9:35:13:be:02:c1:f8:19:13:e6:c0:6d:43:94:
         3b:b4:36:4e:de:1b:4c:52:56:4e:7d:0c:d4:81:32:a9:96:ff:
         57:e8:97:c1:4f:f3:1d:eb:5b:70:db:e0:33:0b:73:b8:75:dd:
         cc:b3:f6:d0:54:4f:f6:af:00:59:ea:f8:12:17:0f:47:3a:fc:
         c9:45:27:27:98:96:85:b3:d0:40:3a:e4:87:bd:6b:44:6b:2f:
         58:20:07:b6:51:4d:2e:ea:17:99:21:d9:40:11:ce:81:e3:72:
         1f:d2:0e:b9:38:59:e1:e0:3d:82:15:07:b4:ff:4a:0e:84:4e:
         bd:c9:4e:52:dc:7a:2f:bd:96:d4:a6:01:6d:e4:da:fb:9a:e3:
         63:8c:8c:48:04:6e:22:af:7f:72:7e:9a:e5:3a:12:5f:d3:73:
         89:04:9b:89:a5:6b:40:59:00:c4:de:68:10:ff:c8:a9:c5:a6:
         08:50:b3:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt9VWmIAmRLJSQFqOkK7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMDVlYTU5ODA1Zjk0YmUxODUyODIwMzliYmFlMmZhOGE5
MjUzZjUwHhcNMjQwMTAxMjAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzhiMGMwNDg2NzdhM2YwNjRiOGM5MWM3OGNjOWMyM2QzZDdmOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6F81f58935IWs1dcztLqnouIojN
2eYcSdqwRYvHs4hw4A9Uny7FbfuvQQymgkxqqbcC9JzYaTdc46xj1ztPpl60PKWV
0NAG051jIfBvXACZHh+uhpMlEHzjfHQOFJUtfst+iYSAcXsfEvtBlVLFka/DsZp7
SnAQnGtTmP5C3ePrl0YZs+XnlyiRgwHQVIuX6hu+BUS60YJiGXuICRqXMOC067tM
89TZn96RZBDIH5luhAi70/RT0tKM8PMWoqLbO7RouyuOYLhIZe9gThx9y2e6rWOi
PLUapjmwlTSV0OSTID+3zB8NJ6yVWK1hB0Vn5Inrb4IY5HpLgcclWVK2FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeLDASGd6PwZLjJHHjMnCPT1/llMB8GA1UdIwQY
MBaAFHoF6lmAX5S+GFKCA5u64vqKklP1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWdYcVdZQmZsTDRZVW9JRG03cmktb3FTVV9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9jZjI0YmQtYzE1Yi00ODRjLTk3MzIt
MDRiMzgxM2YzYjNkLzEveDRzTUJJWjNvX0JrdU1rY2VNeWNJOVBYLVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9jZjI0YmQtYzE1Yi00ODRjLTk3MzItMDRiMzgxM2YzYjNk
LzEvZWdYcVdZQmZsTDRZVW9JRG03cmktb3FTVV9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1bsKMA0G
CSqGSIb3DQEBCwUAA4IBAQA+2rydo+BZ1pN0UYSFTbHJYVEOVz3wFGSQwVd28sib
/JK9J5Cbg+lq5ArMkj/l205H+3GqX7/3168NqagTdGK9s7rOTBpUMvEc1Z12yTUT
vgLB+BkT5sBtQ5Q7tDZO3htMUlZOfQzUgTKplv9X6JfBT/Md61tw2+AzC3O4dd3M
s/bQVE/2rwBZ6vgSFw9HOvzJRScnmJaFs9BAOuSHvWtEay9YIAe2UU0u6heZIdlA
Ec6B43If0g65OFnh4D2CFQe0/0oOhE69yU5S3HovvZbUpgFt5Nr7muNjjIxIBG4i
r39yfprlOhJf03OJBJuJpWtAWQDE3mgQ/8ipxaYIULOa
-----END CERTIFICATE-----