Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/e6dF8KcXe_cJKJPN65fLx3Bb3kA.roa
File:                     e6dF8KcXe_cJKJPN65fLx3Bb3kA.roa (raw, json)
Hash identifier:          DSaWXMwSxoAcB2W7vAOqgKMFSL+jUVE4Bv2jY4ylI0I=
Subject key identifier:   7B:A7:45:F0:A7:17:7B:F7:09:28:93:CD:EB:97:CB:C7:70:5B:DE:40
Certificate issuer:       /CN=7e1167886da81524431bbf2efb0572914b686ebc
Certificate serial:       018CC2DAE9BC83AE240BF2A6F2E15E473179
Authority key identifier: 7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/e6dF8KcXe_cJKJPN65fLx3Bb3kA.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5610
IP address blocks:        193.17.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e9:bc:83:ae:24:0b:f2:a6:f2:e1:5e:47:31:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e1167886da81524431bbf2efb0572914b686ebc
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ba745f0a7177bf7092893cdeb97cbc7705bde40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:55:0d:cf:d1:22:aa:21:7c:54:fe:2f:c1:ff:
                    76:1a:7f:38:26:ca:30:fa:73:e3:0f:68:06:c7:b1:
                    51:06:c6:aa:eb:8b:ab:b2:3e:45:35:c9:c1:18:a2:
                    f1:24:e2:22:0c:86:e4:10:17:2d:9f:8b:7d:ee:cf:
                    24:41:94:43:3c:22:63:6a:4d:e0:28:1d:f4:38:32:
                    3e:3b:f7:3a:c3:3d:46:69:2f:55:c9:b4:95:e7:76:
                    28:e8:a6:12:48:93:21:ff:0e:06:83:40:da:2a:47:
                    9d:54:64:42:1b:e5:dc:f1:89:af:2c:a4:58:3f:2e:
                    3c:2c:22:93:b3:3e:f2:2c:9d:b4:6d:77:28:e9:fc:
                    5f:18:81:49:4e:2e:fe:46:90:6c:21:ce:37:64:54:
                    74:08:27:38:5c:2d:5c:84:45:b4:d0:40:ed:32:8b:
                    af:0f:2c:d0:b5:54:a6:d8:21:10:44:b9:90:62:78:
                    37:76:45:9a:73:2e:90:5b:6d:5b:39:24:db:95:a6:
                    bc:ea:92:a0:c5:a4:8c:2f:3a:d0:ed:af:42:71:56:
                    3a:13:c8:64:df:e2:fe:84:eb:68:2f:4c:56:fa:fc:
                    3b:15:9b:34:47:ef:3a:a7:c6:6e:b4:32:f1:e7:27:
                    4a:9f:40:86:1b:46:95:64:03:96:54:d0:4f:20:a2:
                    1c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A7:45:F0:A7:17:7B:F7:09:28:93:CD:EB:97:CB:C7:70:5B:DE:40
            X509v3 Authority Key Identifier:
                keyid:7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/e6dF8KcXe_cJKJPN65fLx3Bb3kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:61:34:ae:44:83:9d:65:6d:4e:78:1f:52:6c:d7:73:bc:5b:
         24:89:49:8e:2e:2b:ea:05:84:9a:ed:e0:96:3a:0e:16:94:d9:
         dd:b5:d3:83:cf:4c:fa:1e:fd:66:3a:6b:dd:f2:ea:54:60:98:
         28:3d:9c:e6:e1:0f:4b:a7:1a:a2:45:74:ce:00:ad:d8:20:b4:
         41:1c:56:a8:a3:41:5f:4b:28:71:c8:4c:01:92:73:19:4d:d9:
         4c:66:ce:18:42:86:3b:45:65:19:28:b9:6b:b7:e4:8a:3e:95:
         3a:e4:85:67:55:c4:37:ab:c9:7e:40:36:31:86:1e:a0:57:4e:
         44:c7:ff:d7:39:52:c8:36:bc:4d:76:60:d5:7b:88:30:31:07:
         62:5f:3c:ac:03:03:9d:bf:14:89:da:75:81:97:52:c6:e4:df:
         66:9e:22:40:67:0d:67:7a:35:35:8f:3b:82:ca:dd:82:54:d0:
         36:35:d0:24:90:7b:a6:fd:f8:7b:c8:8a:d2:b8:cc:dd:2f:6f:
         5e:65:80:f8:a3:83:0c:76:45:ca:9b:78:fd:1e:f8:da:2b:c9:
         27:3c:33:2d:2f:80:87:5a:a3:f6:36:bf:99:71:c1:20:36:1d:
         89:14:93:9f:36:93:23:8f:75:ef:64:59:1c:78:7b:0c:58:7e:
         91:bb:63:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2um8g64kC/Km8uFeRzF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTE2Nzg4NmRhODE1MjQ0MzFiYmYyZWZiMDU3MjkxNGI2
ODZlYmMwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmE3NDVmMGE3MTc3YmY3MDkyODkzY2RlYjk3Y2JjNzcwNWJkZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklUNz9EiqiF8VP4vwf92Gn84Jsow
+nPjD2gGx7FRBsaq64ursj5FNcnBGKLxJOIiDIbkEBctn4t97s8kQZRDPCJjak3g
KB30ODI+O/c6wz1GaS9VybSV53Yo6KYSSJMh/w4Gg0DaKkedVGRCG+Xc8YmvLKRY
Py48LCKTsz7yLJ20bXco6fxfGIFJTi7+RpBsIc43ZFR0CCc4XC1chEW00EDtMouv
DyzQtVSm2CEQRLmQYng3dkWacy6QW21bOSTblaa86pKgxaSMLzrQ7a9CcVY6E8hk
3+L+hOtoL0xW+vw7FZs0R+86p8ZutDLx5ydKn0CGG0aVZAOWVNBPIKIcUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHunRfCnF3v3CSiTzeuXy8dwW95AMB8GA1UdIwQY
MBaAFH4RZ4htqBUkQxu/LvsFcpFLaG68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYt
OWIyODJjNjQzMjU2LzEvZTZkRjhLY1hlX2NKS0pQTjY1Zkx4M0JiM2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYtOWIyODJjNjQzMjU2
LzEvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRENMA0G
CSqGSIb3DQEBCwUAA4IBAQAaYTSuRIOdZW1OeB9SbNdzvFskiUmOLivqBYSa7eCW
Og4WlNndtdODz0z6Hv1mOmvd8upUYJgoPZzm4Q9LpxqiRXTOAK3YILRBHFaoo0Ff
SyhxyEwBknMZTdlMZs4YQoY7RWUZKLlrt+SKPpU65IVnVcQ3q8l+QDYxhh6gV05E
x//XOVLINrxNdmDVe4gwMQdiXzysAwOdvxSJ2nWBl1LG5N9mniJAZw1nejU1jzuC
yt2CVNA2NdAkkHum/fh7yIrSuMzdL29eZYD4o4MMdkXKm3j9HvjaK8knPDMtL4CH
WqP2Nr+ZccEgNh2JFJOfNpMjj3XvZFkceHsMWH6Ru2Na
-----END CERTIFICATE-----