Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/p2XGtgwv8y6mtPOQPp9yH4OdGzQ.roa
File:                     p2XGtgwv8y6mtPOQPp9yH4OdGzQ.roa (raw, json)
Hash identifier:          V8IHMBy012Ehag3C29n/YMdCWfJ3NLs4Jd5adcdE/IQ=
Subject key identifier:   A7:65:C6:B6:0C:2F:F3:2E:A6:B4:F3:90:3E:9F:72:1F:83:9D:1B:34
Certificate issuer:       /CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
Certificate serial:       0191D6421091C3FD570FFB60728728F96031
Authority key identifier: 7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/p2XGtgwv8y6mtPOQPp9yH4OdGzQ.roa
Signing time:             Mon 09 Sep 2024 10:08:59 +0000
ROA not before:           Mon 09 Sep 2024 10:08:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        194.150.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d6:42:10:91:c3:fd:57:0f:fb:60:72:87:28:f9:60:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3b8877e1a130fe50386c610d6ead5641b97ba6
        Validity
            Not Before: Sep  9 10:08:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a765c6b60c2ff32ea6b4f3903e9f721f839d1b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a8:84:23:ca:ca:1f:48:10:05:45:18:17:9d:
                    2a:05:70:a8:ac:34:66:25:37:53:74:7b:31:69:0c:
                    11:9f:4a:cc:ed:a7:61:09:90:ad:5b:db:c1:3b:3a:
                    b1:b4:82:cd:7f:c7:97:17:8a:8b:ed:64:f3:c8:1b:
                    63:e5:55:cf:b2:c5:81:c0:76:61:a3:f6:ac:32:24:
                    12:b8:79:76:f6:be:62:60:66:32:eb:7f:5d:24:00:
                    af:88:11:9a:dc:a8:65:31:a7:09:62:82:fd:64:42:
                    78:0b:12:7c:d6:e6:e7:09:86:2d:ba:e1:33:e2:e4:
                    fc:be:01:d3:6a:4f:14:77:ef:b1:5a:8d:c7:c3:c1:
                    82:0c:c5:12:96:04:65:68:37:c8:4a:da:8a:83:da:
                    45:3a:b1:1d:eb:c9:48:4e:6f:e1:8f:3d:cd:63:84:
                    df:45:fa:67:8d:94:9c:5b:f0:3f:16:8f:9a:ce:07:
                    fd:31:c4:4e:fa:2c:cb:86:9b:28:16:c6:6b:81:2e:
                    da:bd:42:ce:bc:34:43:f0:2d:81:88:65:86:1b:41:
                    32:3f:23:34:0d:48:0c:39:00:17:7b:31:5a:e8:b0:
                    bc:1b:a4:29:de:9e:c8:fd:95:35:55:aa:af:2a:24:
                    d4:88:f9:ec:9c:5b:de:a2:96:29:70:c2:1c:c2:15:
                    9b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:65:C6:B6:0C:2F:F3:2E:A6:B4:F3:90:3E:9F:72:1F:83:9D:1B:34
            X509v3 Authority Key Identifier:
                keyid:7C:3B:88:77:E1:A1:30:FE:50:38:6C:61:0D:6E:AD:56:41:B9:7B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDuId-GhMP5QOGxhDW6tVkG5e6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/p2XGtgwv8y6mtPOQPp9yH4OdGzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/17a712-4e5a-40c5-a3a2-12025c54f484/1/fDuId-GhMP5QOGxhDW6tVkG5e6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:b2:8a:e1:45:56:6a:55:88:64:ba:f8:40:8f:49:1a:7e:08:
         7b:e1:f0:13:23:94:f6:3a:0f:11:90:01:57:6f:a5:48:68:3d:
         c9:7f:9a:14:f5:3d:07:b4:cf:0d:20:ab:ca:18:cf:9f:d7:ce:
         04:55:27:ee:e5:1c:5f:a5:4a:18:cd:d3:75:75:d7:58:cd:0f:
         3c:d4:23:3c:06:be:e9:10:4d:50:08:48:69:49:56:d0:7c:01:
         e8:d3:6d:3c:0d:a6:a7:fe:a1:c0:bb:bb:a1:31:fb:f0:91:90:
         21:fa:d4:f1:66:8d:ad:d8:f8:74:0f:de:3e:77:ea:ad:88:9d:
         9a:d7:90:9e:8a:fd:f9:70:d7:03:74:c5:03:74:44:a1:49:36:
         2f:00:70:81:3f:b2:06:0e:43:38:14:4e:13:c0:b4:24:8b:0f:
         55:33:54:90:16:72:93:1a:5b:49:dd:6a:77:81:49:bd:40:bf:
         f1:bd:93:7e:b0:81:42:e2:a0:f2:f4:14:7e:29:1b:86:52:85:
         86:fd:86:cd:d8:2e:a9:63:50:cc:7b:72:1d:b3:47:ca:62:83:
         65:b3:40:42:c6:45:63:ba:1f:bd:c5:e0:87:16:64:76:52:eb:
         12:d1:68:66:9b:a8:74:a0:06:46:49:e8:cb:a9:af:87:f9:d5:
         7e:b5:33:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHWQhCRw/1XD/tgcoco+WAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2I4ODc3ZTFhMTMwZmU1MDM4NmM2MTBkNmVhZDU2NDFi
OTdiYTYwHhcNMjQwOTA5MTAwODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzY1YzZiNjBjMmZmMzJlYTZiNGYzOTAzZTlmNzIxZjgzOWQxYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16iEI8rKH0gQBUUYF50qBXCorDRm
JTdTdHsxaQwRn0rM7adhCZCtW9vBOzqxtILNf8eXF4qL7WTzyBtj5VXPssWBwHZh
o/asMiQSuHl29r5iYGYy639dJACviBGa3KhlMacJYoL9ZEJ4CxJ81ubnCYYtuuEz
4uT8vgHTak8Ud++xWo3Hw8GCDMUSlgRlaDfIStqKg9pFOrEd68lITm/hjz3NY4Tf
RfpnjZScW/A/Fo+azgf9McRO+izLhpsoFsZrgS7avULOvDRD8C2BiGWGG0EyPyM0
DUgMOQAXezFa6LC8G6Qp3p7I/ZU1VaqvKiTUiPnsnFveopYpcMIcwhWbOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdlxrYML/MuprTzkD6fch+DnRs0MB8GA1UdIwQY
MBaAFHw7iHfhoTD+UDhsYQ1urVZBuXumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTIt
MTIwMjVjNTRmNDg0LzEvcDJYR3Rnd3Y4eTZtdFBPUVBwOXlINE9kR3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8xN2E3MTItNGU1YS00MGM1LWEzYTItMTIwMjVjNTRmNDg0
LzEvZkR1SWQtR2hNUDVRT0d4aERXNnRWa0c1ZTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZ3MA0G
CSqGSIb3DQEBCwUAA4IBAQBasorhRVZqVYhkuvhAj0kafgh74fATI5T2Og8RkAFX
b6VIaD3Jf5oU9T0HtM8NIKvKGM+f184EVSfu5RxfpUoYzdN1dddYzQ881CM8Br7p
EE1QCEhpSVbQfAHo0208Daan/qHAu7uhMfvwkZAh+tTxZo2t2Ph0D94+d+qtiJ2a
15Ceiv35cNcDdMUDdEShSTYvAHCBP7IGDkM4FE4TwLQkiw9VM1SQFnKTGltJ3Wp3
gUm9QL/xvZN+sIFC4qDy9BR+KRuGUoWG/YbN2C6pY1DMe3Ids0fKYoNls0BCxkVj
uh+9xeCHFmR2UusS0Whmm6h0oAZGSejLqa+H+dV+tTNW
-----END CERTIFICATE-----