Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/xNtuqdBTqlQvjZSw32EB8GQW0eY.roa
File:                     xNtuqdBTqlQvjZSw32EB8GQW0eY.roa (raw, json)
Hash identifier:          10hgnm3SDctq3+vTtMADdd+JrTjfJDugnf5i4jDT1pw=
Subject key identifier:   C4:DB:6E:A9:D0:53:AA:54:2F:8D:94:B0:DF:61:01:F0:64:16:D1:E6
Certificate issuer:       /CN=7b4d31ab18e41f8d959a09d55660dd32aa9c45f7
Certificate serial:       0192FCE690106890FAAE0D2D28F9B2461DAE
Authority key identifier: 7B:4D:31:AB:18:E4:1F:8D:95:9A:09:D5:56:60:DD:32:AA:9C:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e00xqxjkH42VmgnVVmDdMqqcRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/xNtuqdBTqlQvjZSw32EB8GQW0eY.roa
Signing time:             Tue 05 Nov 2024 15:17:01 +0000
ROA not before:           Tue 05 Nov 2024 15:17:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47474
IP address blocks:        193.110.240.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/e00xqxjkH42VmgnVVmDdMqqcRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/e00xqxjkH42VmgnVVmDdMqqcRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e00xqxjkH42VmgnVVmDdMqqcRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:e6:90:10:68:90:fa:ae:0d:2d:28:f9:b2:46:1d:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b4d31ab18e41f8d959a09d55660dd32aa9c45f7
        Validity
            Not Before: Nov  5 15:17:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4db6ea9d053aa542f8d94b0df6101f06416d1e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:23:9a:cc:0a:44:39:d1:75:15:6f:0f:8f:12:
                    02:63:55:64:fe:eb:2f:30:75:bb:55:e7:d1:55:65:
                    1c:86:45:6a:51:ea:cd:ce:c8:d8:21:f9:8a:93:26:
                    53:e1:9f:ae:70:d9:2a:f4:fd:b8:8f:d9:d0:f6:9e:
                    5b:db:72:d5:31:8b:fe:90:a9:c0:66:85:92:08:eb:
                    6d:91:31:f4:f9:e1:42:ad:df:22:ce:70:22:1a:5e:
                    34:1d:ea:32:21:ad:d9:26:f4:ef:15:fc:7f:e2:bc:
                    39:1c:09:49:51:7d:e7:93:ec:3f:0e:8b:00:26:55:
                    04:e8:f4:75:37:07:30:52:0e:b7:be:95:9f:9e:3c:
                    f7:b9:5b:fe:a4:0e:22:fc:f1:1f:8e:74:81:67:ce:
                    2b:d5:57:b9:af:da:81:f9:53:87:cf:fb:84:aa:87:
                    7b:a5:02:2f:ad:a2:43:e8:6c:19:92:01:33:df:eb:
                    43:b9:1a:30:f9:0d:6c:c6:18:f4:f8:29:38:2d:7a:
                    aa:89:ac:fe:67:fe:1e:a1:ec:8a:65:b3:ab:1c:2a:
                    2c:c6:61:ee:e8:a7:cb:2a:c7:da:51:18:31:8a:62:
                    b8:b6:c1:40:91:d3:10:f6:c0:05:24:29:ad:e1:0e:
                    5b:1d:97:59:be:db:77:89:bf:c6:73:ff:18:51:eb:
                    e3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:DB:6E:A9:D0:53:AA:54:2F:8D:94:B0:DF:61:01:F0:64:16:D1:E6
            X509v3 Authority Key Identifier:
                keyid:7B:4D:31:AB:18:E4:1F:8D:95:9A:09:D5:56:60:DD:32:AA:9C:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e00xqxjkH42VmgnVVmDdMqqcRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/xNtuqdBTqlQvjZSw32EB8GQW0eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/9c2508-11f1-4ae7-8720-bff023b344f7/1/e00xqxjkH42VmgnVVmDdMqqcRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a3:6f:28:05:12:96:4f:3c:64:57:e3:8a:d7:b6:11:ab:d4:95:
         2e:b7:83:16:8e:ad:5d:cd:f3:54:d0:31:cf:57:e7:ec:2e:df:
         0d:d1:ee:67:e4:6b:cf:18:45:90:0d:01:f0:90:aa:10:96:43:
         e6:1b:1f:4c:09:67:30:36:25:e5:7d:f0:d7:d5:dc:44:49:50:
         b3:fc:03:c8:6c:35:40:cd:fc:13:31:5c:18:4f:86:c5:79:19:
         d6:fc:3a:07:ac:9f:db:f6:59:26:4d:48:b3:57:31:72:f7:ce:
         3a:8e:8c:c9:c6:10:eb:09:7a:5c:ab:3e:1e:8b:57:88:e5:7d:
         3f:93:bd:ed:0e:bf:13:e1:4a:e1:bf:39:13:8e:78:5b:52:93:
         e6:15:d0:83:04:65:47:01:d7:32:a8:2c:24:9f:61:5e:8a:ad:
         48:8e:4d:ce:fd:d5:73:0c:14:1f:cf:de:2c:80:4f:a1:1c:58:
         5c:cd:c7:19:27:4a:27:10:d2:a4:22:99:63:37:c8:fb:3c:54:
         46:26:84:df:0b:4b:70:71:e3:4d:da:54:fe:6e:a7:02:a1:54:
         cb:13:7f:da:20:a8:cf:b0:f2:ff:99:58:a7:11:8e:be:a8:f7:
         78:fc:68:39:1e:fd:ac:03:05:da:6e:87:3e:54:c9:2e:ef:b9:
         83:1b:2d:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL85pAQaJD6rg0tKPmyRh2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNGQzMWFiMThlNDFmOGQ5NTlhMDlkNTU2NjBkZDMyYWE5
YzQ1ZjcwHhcNMjQxMTA1MTUxNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGRiNmVhOWQwNTNhYTU0MmY4ZDk0YjBkZjYxMDFmMDY0MTZkMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviOazApEOdF1FW8PjxICY1Vk/usv
MHW7VefRVWUchkVqUerNzsjYIfmKkyZT4Z+ucNkq9P24j9nQ9p5b23LVMYv+kKnA
ZoWSCOttkTH0+eFCrd8iznAiGl40HeoyIa3ZJvTvFfx/4rw5HAlJUX3nk+w/DosA
JlUE6PR1NwcwUg63vpWfnjz3uVv+pA4i/PEfjnSBZ84r1Ve5r9qB+VOHz/uEqod7
pQIvraJD6GwZkgEz3+tDuRow+Q1sxhj0+Ck4LXqqiaz+Z/4eoeyKZbOrHCosxmHu
6KfLKsfaURgximK4tsFAkdMQ9sAFJCmt4Q5bHZdZvtt3ib/Gc/8YUevjWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTbbqnQU6pUL42UsN9hAfBkFtHmMB8GA1UdIwQY
MBaAFHtNMasY5B+NlZoJ1VZg3TKqnEX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTAweHF4amtINDJWbWduVlZtRGRNcXFjUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy85YzI1MDgtMTFmMS00YWU3LTg3MjAt
YmZmMDIzYjM0NGY3LzEveE50dXFkQlRxbFF2alpTdzMyRUI4R1FXMGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy85YzI1MDgtMTFmMS00YWU3LTg3MjAtYmZmMDIzYjM0NGY3
LzEvZTAweHF4amtINDJWbWduVlZtRGRNcXFjUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwW7wMA0G
CSqGSIb3DQEBCwUAA4IBAQCjbygFEpZPPGRX44rXthGr1JUut4MWjq1dzfNU0DHP
V+fsLt8N0e5n5GvPGEWQDQHwkKoQlkPmGx9MCWcwNiXlffDX1dxESVCz/APIbDVA
zfwTMVwYT4bFeRnW/DoHrJ/b9lkmTUizVzFy9846jozJxhDrCXpcqz4ei1eI5X0/
k73tDr8T4UrhvzkTjnhbUpPmFdCDBGVHAdcyqCwkn2Feiq1Ijk3O/dVzDBQfz94s
gE+hHFhczccZJ0onENKkIpljN8j7PFRGJoTfC0twceNN2lT+bqcCoVTLE3/aIKjP
sPL/mVinEY6+qPd4/Gg5Hv2sAwXaboc+VMku77mDGy1E
-----END CERTIFICATE-----