Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/7XH-I-N6NFG2qOiNmc1O_A14YDQ.roa
File:                     7XH-I-N6NFG2qOiNmc1O_A14YDQ.roa (raw, json)
Hash identifier:          oHVTnYyg6iF+cGIY77gcTYZvVE4lsoTkAZ7hTd87Z28=
Subject key identifier:   ED:71:FE:23:E3:7A:34:51:B6:A8:E8:8D:99:CD:4E:FC:0D:78:60:34
Certificate issuer:       /CN=432ffd36796e90f812a1612ec1f464de3d5e2f38
Certificate serial:       0190E466FC2FE855F3BC2F9683DD940CE4C5
Authority key identifier: 43:2F:FD:36:79:6E:90:F8:12:A1:61:2E:C1:F4:64:DE:3D:5E:2F:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qy_9NnlukPgSoWEuwfRk3j1eLzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/7XH-I-N6NFG2qOiNmc1O_A14YDQ.roa
Signing time:             Wed 24 Jul 2024 11:01:12 +0000
ROA not before:           Wed 24 Jul 2024 11:01:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62442
IP address blocks:        185.136.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/Qy_9NnlukPgSoWEuwfRk3j1eLzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/Qy_9NnlukPgSoWEuwfRk3j1eLzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qy_9NnlukPgSoWEuwfRk3j1eLzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e4:66:fc:2f:e8:55:f3:bc:2f:96:83:dd:94:0c:e4:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=432ffd36796e90f812a1612ec1f464de3d5e2f38
        Validity
            Not Before: Jul 24 11:01:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed71fe23e37a3451b6a8e88d99cd4efc0d786034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3c:4c:17:cb:e4:22:72:be:ee:b3:19:5f:c9:
                    c7:98:cf:42:05:3b:45:34:de:1f:00:ac:54:54:54:
                    d5:db:ba:33:39:2a:7e:51:a9:f9:2e:7f:48:4d:44:
                    ea:f0:0d:b5:7c:f5:71:ac:39:54:52:6b:a8:38:e7:
                    e4:0d:5e:17:da:eb:e2:40:f0:19:39:09:a0:5e:82:
                    74:ed:c6:f0:1d:76:fd:e4:cb:00:d7:31:29:d2:ab:
                    37:25:4b:b9:74:5d:81:f7:ff:51:4f:2e:53:7e:b3:
                    52:05:d4:61:7e:a4:38:c1:3e:dd:7c:f4:73:49:23:
                    de:1e:20:ee:70:7f:31:a1:b3:9f:f6:9f:eb:4c:03:
                    3a:67:8b:fa:5e:eb:b8:83:9a:76:a9:89:0f:0e:5e:
                    51:4a:f2:c8:a2:4f:c6:58:b3:6c:7c:75:78:65:67:
                    77:36:0d:a2:ba:e5:0e:7a:d2:b7:ed:9d:ea:ab:7f:
                    21:9b:aa:df:28:9e:20:96:fe:27:44:ee:91:0c:53:
                    b0:89:cf:2e:1a:2a:16:d6:93:8a:45:26:86:0e:d6:
                    a5:3a:0e:59:ea:e2:50:36:25:77:e9:06:ee:c4:3b:
                    7b:5e:d2:b0:61:a5:15:b2:d8:38:52:49:30:b2:17:
                    22:c1:9e:07:96:f4:70:ff:a6:24:7b:c6:42:8d:e0:
                    ae:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:71:FE:23:E3:7A:34:51:B6:A8:E8:8D:99:CD:4E:FC:0D:78:60:34
            X509v3 Authority Key Identifier:
                keyid:43:2F:FD:36:79:6E:90:F8:12:A1:61:2E:C1:F4:64:DE:3D:5E:2F:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qy_9NnlukPgSoWEuwfRk3j1eLzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/7XH-I-N6NFG2qOiNmc1O_A14YDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/196f89-2421-4bc1-b305-8c6a5e0ea06e/1/Qy_9NnlukPgSoWEuwfRk3j1eLzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:38:eb:03:d0:24:4d:1b:13:2b:ab:86:78:ed:be:ef:63:5d:
         70:0c:aa:72:64:98:11:71:1b:13:1f:12:34:bf:0d:98:57:79:
         c3:6b:8b:b6:65:90:88:6d:c4:86:51:57:3b:9a:f4:d2:21:0e:
         c0:67:e0:2b:c9:cd:7f:1f:3f:2e:ea:63:ba:2a:ee:44:2d:e5:
         a3:8f:f3:17:34:ba:91:41:bc:b2:16:6c:1a:28:71:ed:19:20:
         e4:ad:a3:cc:0b:82:ff:e3:2c:52:26:88:7f:8a:76:dd:12:c7:
         e1:60:38:32:cb:eb:04:9e:55:6b:03:e1:f8:31:c7:16:df:f8:
         60:2c:de:3a:26:f1:95:fd:d6:0b:1d:91:74:36:61:d5:6f:a2:
         b7:75:15:3d:4f:05:aa:38:95:d1:bb:82:d5:02:e8:77:38:e6:
         d9:51:73:d1:bd:4c:48:17:79:3e:c1:18:1d:05:1d:b7:44:37:
         ad:d4:6a:10:78:9f:37:02:84:7a:05:ae:03:fd:fa:30:95:f0:
         1d:2e:7e:cd:0d:38:97:af:56:6c:ed:99:68:c2:fe:b5:42:24:
         61:96:71:b6:80:48:1c:bd:54:9e:0a:50:dd:90:7a:b3:bf:26:
         c7:a7:b7:a1:07:c1:76:9f:1a:73:93:41:df:6a:2f:be:5c:05:
         7f:4b:67:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDkZvwv6FXzvC+Wg92UDOTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMmZmZDM2Nzk2ZTkwZjgxMmExNjEyZWMxZjQ2NGRlM2Q1
ZTJmMzgwHhcNMjQwNzI0MTEwMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDcxZmUyM2UzN2EzNDUxYjZhOGU4OGQ5OWNkNGVmYzBkNzg2MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DxMF8vkInK+7rMZX8nHmM9CBTtF
NN4fAKxUVFTV27ozOSp+Uan5Ln9ITUTq8A21fPVxrDlUUmuoOOfkDV4X2uviQPAZ
OQmgXoJ07cbwHXb95MsA1zEp0qs3JUu5dF2B9/9RTy5TfrNSBdRhfqQ4wT7dfPRz
SSPeHiDucH8xobOf9p/rTAM6Z4v6Xuu4g5p2qYkPDl5RSvLIok/GWLNsfHV4ZWd3
Ng2iuuUOetK37Z3qq38hm6rfKJ4glv4nRO6RDFOwic8uGioW1pOKRSaGDtalOg5Z
6uJQNiV36QbuxDt7XtKwYaUVstg4UkkwshciwZ4HlvRw/6Yke8ZCjeCuLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1x/iPjejRRtqjojZnNTvwNeGA0MB8GA1UdIwQY
MBaAFEMv/TZ5bpD4EqFhLsH0ZN49Xi84MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXlfOU5ubHVrUGdTb1dFdXdmUmszajFlTHpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8xOTZmODktMjQyMS00YmMxLWIzMDUt
OGM2YTVlMGVhMDZlLzEvN1hILUktTjZORkcycU9pTm1jMU9fQTE0WURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8xOTZmODktMjQyMS00YmMxLWIzMDUtOGM2YTVlMGVhMDZl
LzEvUXlfOU5ubHVrUGdTb1dFdXdmUmszajFlTHpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYiFMA0G
CSqGSIb3DQEBCwUAA4IBAQCeOOsD0CRNGxMrq4Z47b7vY11wDKpyZJgRcRsTHxI0
vw2YV3nDa4u2ZZCIbcSGUVc7mvTSIQ7AZ+Aryc1/Hz8u6mO6Ku5ELeWjj/MXNLqR
QbyyFmwaKHHtGSDkraPMC4L/4yxSJoh/inbdEsfhYDgyy+sEnlVrA+H4MccW3/hg
LN46JvGV/dYLHZF0NmHVb6K3dRU9TwWqOJXRu4LVAuh3OObZUXPRvUxIF3k+wRgd
BR23RDet1GoQeJ83AoR6Ba4D/fowlfAdLn7NDTiXr1Zs7Zlowv61QiRhlnG2gEgc
vVSeClDdkHqzvybHp7ehB8F2nxpzk0Hfai++XAV/S2cs
-----END CERTIFICATE-----