Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/5353ba-e520-4fb9-bd0b-a9c5eed85ba7/1/7VNNhfkWJDMIg_E3ignLg92m2NI.roa
File:                     7VNNhfkWJDMIg_E3ignLg92m2NI.roa (raw, json)
Hash identifier:          vCJxXEZ67S56pwEmvkyCS2mjOOFsHWuL0DgbWwcHXmE=
Subject key identifier:   ED:53:4D:85:F9:16:24:33:08:83:F1:37:8A:09:CB:83:DD:A6:D8:D2
Certificate issuer:       /CN=41cc4f2b3621498b2b12bc93e56e6980c2c6dc88
Certificate serial:       0190020A505B2E32D0087C8D96A9F99627C9
Authority key identifier: 41:CC:4F:2B:36:21:49:8B:2B:12:BC:93:E5:6E:69:80:C2:C6:DC:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QcxPKzYhSYsrEryT5W5pgMLG3Ig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/5353ba-e520-4fb9-bd0b-a9c5eed85ba7/1/7VNNhfkWJDMIg_E3ignLg92m2NI.roa
Signing time:             Mon 10 Jun 2024 12:05:48 +0000
ROA not before:           Mon 10 Jun 2024 12:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        178.211.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/5353ba-e520-4fb9-bd0b-a9c5eed85ba7/1/QcxPKzYhSYsrEryT5W5pgMLG3Ig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/5353ba-e520-4fb9-bd0b-a9c5eed85ba7/1/QcxPKzYhSYsrEryT5W5pgMLG3Ig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QcxPKzYhSYsrEryT5W5pgMLG3Ig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:02:0a:50:5b:2e:32:d0:08:7c:8d:96:a9:f9:96:27:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41cc4f2b3621498b2b12bc93e56e6980c2c6dc88
        Validity
            Not Before: Jun 10 12:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed534d85f91624330883f1378a09cb83dda6d8d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a0:16:b2:af:5a:30:dc:b2:f4:5d:50:dd:7a:
                    eb:e8:26:7b:c5:a4:e4:4b:30:73:fd:da:fc:fa:87:
                    fe:4e:ee:31:71:ca:c7:e9:fc:f9:fe:8b:ce:d4:c1:
                    f3:13:e7:b8:2d:0d:d7:fd:5a:89:07:cd:8a:66:9e:
                    81:47:14:27:b5:4c:63:a5:6a:8c:51:1d:bc:1f:38:
                    95:12:3d:41:0c:33:7a:d1:39:79:5f:fd:91:c6:97:
                    43:c0:e7:00:05:a9:ee:21:8c:d2:96:c4:16:d1:87:
                    b1:0d:27:e8:38:9d:1a:88:51:42:5d:d6:fb:a0:a1:
                    a3:fd:db:1a:6c:91:75:12:50:90:1f:b6:e9:26:1a:
                    63:cf:7a:8a:5d:47:74:8f:41:33:5c:81:ab:1a:f6:
                    44:d1:91:ca:25:a8:c3:3d:f7:3e:82:7a:c2:56:ec:
                    e2:cc:28:6d:65:e1:02:e9:42:d0:6e:0a:93:d2:e8:
                    a6:c1:06:1e:ff:a8:75:f1:73:78:53:1b:b7:45:ed:
                    1a:dd:bf:c3:c6:ef:fd:eb:2f:23:23:1e:50:b1:67:
                    e9:f7:ac:49:db:68:dd:6a:c0:13:b3:c2:d6:7d:00:
                    1c:f6:02:05:6c:eb:59:32:ea:08:80:fe:e3:24:94:
                    92:78:0c:96:11:0a:45:e0:e4:7b:41:26:4e:cf:b3:
                    55:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:53:4D:85:F9:16:24:33:08:83:F1:37:8A:09:CB:83:DD:A6:D8:D2
            X509v3 Authority Key Identifier:
                keyid:41:CC:4F:2B:36:21:49:8B:2B:12:BC:93:E5:6E:69:80:C2:C6:DC:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QcxPKzYhSYsrEryT5W5pgMLG3Ig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5353ba-e520-4fb9-bd0b-a9c5eed85ba7/1/7VNNhfkWJDMIg_E3ignLg92m2NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/5353ba-e520-4fb9-bd0b-a9c5eed85ba7/1/QcxPKzYhSYsrEryT5W5pgMLG3Ig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c1:de:fd:d4:7b:33:02:38:e9:7f:b4:01:2e:8a:e1:3b:3f:
         ab:de:a0:ae:cb:12:eb:a6:b3:15:3c:5a:4e:f4:ed:66:f5:54:
         fb:04:f4:6b:c3:cf:7c:b3:10:90:4f:e2:b0:b4:8c:12:a8:0d:
         81:55:f3:ba:1b:1a:5f:6b:09:f8:72:34:d6:1b:ff:39:84:a4:
         13:d6:ec:f2:b6:1b:75:d0:df:ba:7d:b9:46:20:13:79:a1:36:
         c9:6b:f1:32:1e:b5:97:b1:7b:aa:a2:7f:f8:e8:a1:8d:6e:f1:
         fb:82:31:23:62:2c:ce:80:ad:ad:75:b7:5e:30:96:58:ab:dd:
         3f:76:d4:ea:c0:95:b0:83:07:27:ea:aa:5a:f2:2a:69:72:65:
         5b:92:00:db:9d:62:6d:27:1e:57:53:d8:13:40:fd:5f:84:49:
         7f:58:51:e9:b0:4a:2a:91:9e:c5:0e:fc:39:09:69:28:48:fb:
         09:e9:27:69:4c:ec:35:85:df:99:d0:b9:cb:61:82:1b:06:cf:
         66:75:1e:cd:11:21:20:81:4b:cf:12:32:fe:09:06:71:db:2b:
         0d:25:2f:88:df:e4:4a:26:39:0d:38:19:1c:bf:db:90:b9:1c:
         b1:6c:90:22:04:c2:52:7a:45:55:b6:49:33:e7:7e:e4:07:fe:
         e1:58:e2:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZACClBbLjLQCHyNlqn5lifJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxY2M0ZjJiMzYyMTQ5OGIyYjEyYmM5M2U1NmU2OTgwYzJj
NmRjODgwHhcNMjQwNjEwMTIwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDUzNGQ4NWY5MTYyNDMzMDg4M2YxMzc4YTA5Y2I4M2RkYTZkOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKAWsq9aMNyy9F1Q3Xrr6CZ7xaTk
SzBz/dr8+of+Tu4xccrH6fz5/ovO1MHzE+e4LQ3X/VqJB82KZp6BRxQntUxjpWqM
UR28HziVEj1BDDN60Tl5X/2RxpdDwOcABanuIYzSlsQW0YexDSfoOJ0aiFFCXdb7
oKGj/dsabJF1ElCQH7bpJhpjz3qKXUd0j0EzXIGrGvZE0ZHKJajDPfc+gnrCVuzi
zChtZeEC6ULQbgqT0uimwQYe/6h18XN4Uxu3Re0a3b/Dxu/96y8jIx5QsWfp96xJ
22jdasATs8LWfQAc9gIFbOtZMuoIgP7jJJSSeAyWEQpF4OR7QSZOz7NV5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1TTYX5FiQzCIPxN4oJy4PdptjSMB8GA1UdIwQY
MBaAFEHMTys2IUmLKxK8k+VuaYDCxtyIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWN4UEt6WWhTWXNyRXJ5VDVXNXBnTUxHM0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi81MzUzYmEtZTUyMC00ZmI5LWJkMGIt
YTljNWVlZDg1YmE3LzEvN1ZOTmhma1dKRE1JZ19FM2lnbkxnOTJtMk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi81MzUzYmEtZTUyMC00ZmI5LWJkMGItYTljNWVlZDg1YmE3
LzEvUWN4UEt6WWhTWXNyRXJ5VDVXNXBnTUxHM0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOKMA0G
CSqGSIb3DQEBCwUAA4IBAQCRwd791HszAjjpf7QBLorhOz+r3qCuyxLrprMVPFpO
9O1m9VT7BPRrw898sxCQT+KwtIwSqA2BVfO6Gxpfawn4cjTWG/85hKQT1uzytht1
0N+6fblGIBN5oTbJa/EyHrWXsXuqon/46KGNbvH7gjEjYizOgK2tdbdeMJZYq90/
dtTqwJWwgwcn6qpa8ippcmVbkgDbnWJtJx5XU9gTQP1fhEl/WFHpsEoqkZ7FDvw5
CWkoSPsJ6SdpTOw1hd+Z0LnLYYIbBs9mdR7NESEggUvPEjL+CQZx2ysNJS+I3+RK
JjkNOBkcv9uQuRyxbJAiBMJSekVVtkkz537kB/7hWOIi
-----END CERTIFICATE-----