Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/88e8f4-74af-4b72-becc-f576738167e1/1/D7uXfXz7EVpW4BdUsBcxuYgqhII.roa
File:                     D7uXfXz7EVpW4BdUsBcxuYgqhII.roa (raw, json)
Hash identifier:          raTiW1uzEloVpm3YClKi2QAj3r8tzqSMuNqWBzqja7w=
Subject key identifier:   0F:BB:97:7D:7C:FB:11:5A:56:E0:17:54:B0:17:31:B9:88:2A:84:82
Certificate issuer:       /CN=5398ec3c15b14fd8ad913cbb95657d8ea82e7e25
Certificate serial:       0192B85E8D8CA236D416EADB2314B603D72C
Authority key identifier: 53:98:EC:3C:15:B1:4F:D8:AD:91:3C:BB:95:65:7D:8E:A8:2E:7E:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U5jsPBWxT9itkTy7lWV9jqgufiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/88e8f4-74af-4b72-becc-f576738167e1/1/D7uXfXz7EVpW4BdUsBcxuYgqhII.roa
Signing time:             Wed 23 Oct 2024 07:54:17 +0000
ROA not before:           Wed 23 Oct 2024 07:54:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        193.53.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/88e8f4-74af-4b72-becc-f576738167e1/1/U5jsPBWxT9itkTy7lWV9jqgufiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/88e8f4-74af-4b72-becc-f576738167e1/1/U5jsPBWxT9itkTy7lWV9jqgufiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U5jsPBWxT9itkTy7lWV9jqgufiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:5e:8d:8c:a2:36:d4:16:ea:db:23:14:b6:03:d7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5398ec3c15b14fd8ad913cbb95657d8ea82e7e25
        Validity
            Not Before: Oct 23 07:54:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fbb977d7cfb115a56e01754b01731b9882a8482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5e:7d:ec:fa:7a:32:38:92:d9:b1:88:9f:d4:
                    18:83:65:ec:34:47:a7:c5:d5:b1:3c:3c:f6:12:bc:
                    74:46:eb:74:10:72:50:4c:41:41:e1:19:64:98:b5:
                    9a:6e:0f:15:10:ed:66:e0:4b:f1:a5:00:53:84:13:
                    77:0c:95:f6:f0:29:bb:57:79:75:28:11:91:f0:8c:
                    be:7a:ce:a9:28:b6:57:24:02:11:ac:11:f9:8c:a7:
                    64:00:2b:09:51:a5:a2:24:70:7f:74:e0:ef:89:04:
                    6f:b8:3f:b6:18:00:89:ba:35:7d:6e:49:76:7f:86:
                    aa:ad:35:39:07:b7:db:f4:e9:ef:8c:2d:b6:3c:21:
                    3a:8f:6c:52:dd:d2:eb:69:53:fc:3e:41:97:5a:3b:
                    5d:6f:c8:33:a6:3c:43:fc:9e:34:57:83:04:5a:d4:
                    7e:c7:36:b7:6a:83:94:e7:89:26:7f:38:68:ef:bb:
                    60:41:9c:58:e5:c5:38:e5:3c:ff:1b:ef:ca:95:46:
                    f4:d9:6f:b2:e0:c9:4d:b9:e2:b9:6f:12:0a:16:6f:
                    01:15:1b:c5:85:1a:3c:2d:54:fa:32:39:b1:b8:fe:
                    b2:65:49:68:c9:f8:0a:09:8e:83:08:50:07:48:a1:
                    39:c6:e4:de:1e:da:c4:7d:9f:13:7d:be:bb:b4:c6:
                    26:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:BB:97:7D:7C:FB:11:5A:56:E0:17:54:B0:17:31:B9:88:2A:84:82
            X509v3 Authority Key Identifier:
                keyid:53:98:EC:3C:15:B1:4F:D8:AD:91:3C:BB:95:65:7D:8E:A8:2E:7E:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U5jsPBWxT9itkTy7lWV9jqgufiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/88e8f4-74af-4b72-becc-f576738167e1/1/D7uXfXz7EVpW4BdUsBcxuYgqhII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/88e8f4-74af-4b72-becc-f576738167e1/1/U5jsPBWxT9itkTy7lWV9jqgufiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:9e:f0:6a:70:66:4f:a6:11:81:e5:c7:57:3c:f2:bd:51:06:
         e0:02:0b:f8:eb:02:68:94:0e:2c:3a:8c:ba:4d:d6:dc:82:26:
         24:26:7e:c1:71:fd:5b:20:a1:0c:ad:a6:ca:54:30:b0:fd:9c:
         fc:60:84:ab:0e:f7:db:a9:97:ee:e2:c9:37:70:de:4f:9c:d5:
         94:69:90:08:9b:25:36:10:e4:56:6a:72:ec:92:17:3f:eb:11:
         96:47:45:dd:56:9f:74:d7:46:d0:a9:17:f9:49:34:18:e5:dd:
         65:bc:6c:72:ff:64:7d:99:41:5f:ff:b2:23:41:9d:da:d4:42:
         b6:44:d1:3e:d7:94:be:eb:3f:9f:30:fc:04:6f:02:f1:28:51:
         46:19:0a:02:2d:ff:52:0f:ee:a0:0f:84:1f:27:a2:bd:f2:0e:
         46:d2:43:a1:67:ed:bb:1e:c0:a6:60:fd:25:12:d3:86:3d:59:
         dc:e5:fd:65:f8:f8:ec:a0:5e:82:d1:a9:9a:76:89:53:6e:00:
         80:91:f9:6e:66:dd:40:bb:ca:1c:c8:3f:6f:da:92:66:96:d3:
         ec:cf:01:70:64:30:c2:7c:3a:df:4c:cc:b4:3c:b5:ef:2b:8f:
         f6:ea:77:9e:5f:fb:9e:37:8e:03:c6:7a:b8:19:99:66:ec:60:
         b8:5c:9d:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4Xo2MojbUFurbIxS2A9csMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzOThlYzNjMTViMTRmZDhhZDkxM2NiYjk1NjU3ZDhlYTgy
ZTdlMjUwHhcNMjQxMDIzMDc1NDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmJiOTc3ZDdjZmIxMTVhNTZlMDE3NTRiMDE3MzFiOTg4MmE4NDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmV597Pp6MjiS2bGIn9QYg2XsNEen
xdWxPDz2Erx0Rut0EHJQTEFB4RlkmLWabg8VEO1m4EvxpQBThBN3DJX28Cm7V3l1
KBGR8Iy+es6pKLZXJAIRrBH5jKdkACsJUaWiJHB/dODviQRvuD+2GACJujV9bkl2
f4aqrTU5B7fb9OnvjC22PCE6j2xS3dLraVP8PkGXWjtdb8gzpjxD/J40V4MEWtR+
xza3aoOU54kmfzho77tgQZxY5cU45Tz/G+/KlUb02W+y4MlNueK5bxIKFm8BFRvF
hRo8LVT6MjmxuP6yZUloyfgKCY6DCFAHSKE5xuTeHtrEfZ8Tfb67tMYmswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+7l318+xFaVuAXVLAXMbmIKoSCMB8GA1UdIwQY
MBaAFFOY7DwVsU/YrZE8u5VlfY6oLn4lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTVqc1BCV3hUOWl0a1R5N2xXVjlqcWd1ZmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi84OGU4ZjQtNzRhZi00YjcyLWJlY2Mt
ZjU3NjczODE2N2UxLzEvRDd1WGZYejdFVnBXNEJkVXNCY3h1WWdxaElJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi84OGU4ZjQtNzRhZi00YjcyLWJlY2MtZjU3NjczODE2N2Ux
LzEvVTVqc1BCV3hUOWl0a1R5N2xXVjlqcWd1ZmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTVYMA0G
CSqGSIb3DQEBCwUAA4IBAQCpnvBqcGZPphGB5cdXPPK9UQbgAgv46wJolA4sOoy6
TdbcgiYkJn7Bcf1bIKEMrabKVDCw/Zz8YISrDvfbqZfu4sk3cN5PnNWUaZAImyU2
EORWanLskhc/6xGWR0XdVp9010bQqRf5STQY5d1lvGxy/2R9mUFf/7IjQZ3a1EK2
RNE+15S+6z+fMPwEbwLxKFFGGQoCLf9SD+6gD4QfJ6K98g5G0kOhZ+27HsCmYP0l
EtOGPVnc5f1l+PjsoF6C0amadolTbgCAkfluZt1Au8ocyD9v2pJmltPszwFwZDDC
fDrfTMy0PLXvK4/26neeX/ueN44Dxnq4GZlm7GC4XJ2T
-----END CERTIFICATE-----