Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/mf0Dpbr_NmQI8K-aTTCOEFO1ZkA.roa
File:                     mf0Dpbr_NmQI8K-aTTCOEFO1ZkA.roa (raw, json)
Hash identifier:          uAWMN4z5qaxe9ibiFEW9FAOLwtjeHPfKmWEejn28gLM=
Subject key identifier:   99:FD:03:A5:BA:FF:36:64:08:F0:AF:9A:4D:30:8E:10:53:B5:66:40
Certificate issuer:       /CN=07a6a589ee848a8052238191b98035e775122725
Certificate serial:       018CC493691A750F9A975AAB315865BD7A5A
Authority key identifier: 07:A6:A5:89:EE:84:8A:80:52:23:81:91:B9:80:35:E7:75:12:27:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6alie6EioBSI4GRuYA153USJyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/mf0Dpbr_NmQI8K-aTTCOEFO1ZkA.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.207.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/B6alie6EioBSI4GRuYA153USJyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/B6alie6EioBSI4GRuYA153USJyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6alie6EioBSI4GRuYA153USJyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:69:1a:75:0f:9a:97:5a:ab:31:58:65:bd:7a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a6a589ee848a8052238191b98035e775122725
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99fd03a5baff366408f0af9a4d308e1053b56640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:20:6d:8f:ac:50:31:4f:0e:32:37:e2:43:61:
                    a7:ee:96:36:39:e6:ea:2a:30:f9:69:d2:fb:0a:43:
                    94:0c:b6:22:d6:c2:34:2e:fc:63:5b:f2:31:0e:b1:
                    cf:f3:3f:37:29:15:69:80:8f:53:bf:b8:8f:60:6a:
                    2b:74:0c:de:14:18:b7:c6:82:a8:96:6d:36:a0:c9:
                    ed:20:7b:d3:e4:63:9c:89:3f:30:e5:79:2e:66:32:
                    e3:2b:ef:e9:49:7a:6c:41:68:84:cc:3b:e6:8c:e0:
                    2a:12:b4:30:14:9b:fe:60:f1:9f:ee:80:2c:85:de:
                    fd:a9:7d:e7:b8:87:00:da:89:ef:f4:e7:d7:5c:47:
                    2f:8f:16:a5:cd:20:9f:6d:3c:ad:1b:8b:44:86:ee:
                    91:db:e3:11:11:ec:63:33:e7:d2:c2:59:c5:9e:12:
                    02:71:5f:f1:bc:f3:24:4e:3a:08:22:bc:0a:1d:cc:
                    ca:65:2d:60:6f:b6:aa:eb:c8:56:aa:ed:be:d4:e3:
                    e7:79:15:31:2d:3f:c8:b7:d0:60:e6:b5:c3:4a:d9:
                    1e:23:88:2e:1b:f0:0d:dc:63:a2:7b:e5:81:e5:b4:
                    65:07:f1:c0:83:b7:29:70:f0:ee:6c:08:fe:00:79:
                    9a:06:72:73:02:9c:b1:3f:53:cb:39:a9:10:12:c8:
                    c6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:FD:03:A5:BA:FF:36:64:08:F0:AF:9A:4D:30:8E:10:53:B5:66:40
            X509v3 Authority Key Identifier:
                keyid:07:A6:A5:89:EE:84:8A:80:52:23:81:91:B9:80:35:E7:75:12:27:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6alie6EioBSI4GRuYA153USJyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/mf0Dpbr_NmQI8K-aTTCOEFO1ZkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/7faf5e-7435-49fe-acd7-20fbc906494b/1/B6alie6EioBSI4GRuYA153USJyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.207.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:6b:0f:41:61:37:a1:6c:42:eb:95:8b:09:a3:ac:2a:62:a7:
         7e:11:bc:1e:08:7f:9c:95:e6:4f:b3:9e:92:e9:cc:b3:06:f2:
         9d:ff:bc:66:4f:ad:7c:c0:64:a9:52:62:6b:13:14:c4:bf:c7:
         17:21:84:6e:fe:05:94:bd:fe:d7:53:87:74:cb:c3:fb:44:1a:
         e4:e0:c8:f6:c5:c1:05:01:f5:75:a9:32:fb:fc:3e:df:32:87:
         23:6c:8e:87:6d:94:97:37:ec:28:9a:e2:69:dd:2f:84:1e:98:
         4f:1b:17:e5:46:9c:66:15:a3:27:cb:71:d9:c1:cd:4f:2e:a9:
         89:6d:c9:0c:bc:70:b6:c0:e0:21:3f:2c:bd:a1:2f:67:8d:93:
         fb:29:12:f1:77:03:96:30:4a:c9:d6:79:b4:35:67:27:8c:ac:
         a5:fe:7a:6c:ce:b0:1b:2c:33:0d:13:cb:3b:e0:25:df:a3:7b:
         ae:1f:e3:ae:e9:b0:14:25:88:60:56:0b:5f:95:e7:d4:03:32:
         d1:9a:b7:0f:c0:e2:9b:fb:8e:7a:26:18:89:1e:70:a1:25:5a:
         e9:ec:5a:6d:16:9d:7f:f3:16:83:a9:37:55:1d:b5:cd:6f:f0:
         66:7c:e7:84:27:ed:f3:a9:66:91:c5:c1:7b:cc:68:af:d7:3d:
         87:d7:28:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk2kadQ+al1qrMVhlvXpaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTZhNTg5ZWU4NDhhODA1MjIzODE5MWI5ODAzNWU3NzUx
MjI3MjUwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWZkMDNhNWJhZmYzNjY0MDhmMGFmOWE0ZDMwOGUxMDUzYjU2NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSBtj6xQMU8OMjfiQ2Gn7pY2Oebq
KjD5adL7CkOUDLYi1sI0LvxjW/IxDrHP8z83KRVpgI9Tv7iPYGordAzeFBi3xoKo
lm02oMntIHvT5GOciT8w5XkuZjLjK+/pSXpsQWiEzDvmjOAqErQwFJv+YPGf7oAs
hd79qX3nuIcA2onv9OfXXEcvjxalzSCfbTytG4tEhu6R2+MREexjM+fSwlnFnhIC
cV/xvPMkTjoIIrwKHczKZS1gb7aq68hWqu2+1OPneRUxLT/It9Bg5rXDStkeI4gu
G/AN3GOie+WB5bRlB/HAg7cpcPDubAj+AHmaBnJzApyxP1PLOakQEsjGIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJn9A6W6/zZkCPCvmk0wjhBTtWZAMB8GA1UdIwQY
MBaAFAempYnuhIqAUiOBkbmANed1EiclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZhbGllNkVpb0JTSTRHUnVZQTE1M1VTSnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83ZmFmNWUtNzQzNS00OWZlLWFjZDct
MjBmYmM5MDY0OTRiLzEvbWYwRHBicl9ObVFJOEstYVRUQ09FRk8xWmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83ZmFmNWUtNzQzNS00OWZlLWFjZDctMjBmYmM5MDY0OTRi
LzEvQjZhbGllNkVpb0JTSTRHUnVZQTE1M1VTSnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwc8AMA0G
CSqGSIb3DQEBCwUAA4IBAQAIaw9BYTehbELrlYsJo6wqYqd+EbweCH+cleZPs56S
6cyzBvKd/7xmT618wGSpUmJrExTEv8cXIYRu/gWUvf7XU4d0y8P7RBrk4Mj2xcEF
AfV1qTL7/D7fMocjbI6HbZSXN+womuJp3S+EHphPGxflRpxmFaMny3HZwc1PLqmJ
bckMvHC2wOAhPyy9oS9njZP7KRLxdwOWMErJ1nm0NWcnjKyl/npszrAbLDMNE8s7
4CXfo3uuH+Ou6bAUJYhgVgtflefUAzLRmrcPwOKb+456JhiJHnChJVrp7FptFp1/
8xaDqTdVHbXNb/BmfOeEJ+3zqWaRxcF7zGiv1z2H1yjT
-----END CERTIFICATE-----