Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/kp7eMFpHBX3XZQyRJlZ2mSNh2yA.roa
File:                     kp7eMFpHBX3XZQyRJlZ2mSNh2yA.roa (raw, json)
Hash identifier:          As6PHzVeoc0HudauH4zqHfRwxLOpFXbpG6da6RaTelM=
Subject key identifier:   92:9E:DE:30:5A:47:05:7D:D7:65:0C:91:26:56:76:99:23:61:DB:20
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       018D7DD435951E37597CE8F117C8191BA473
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/kp7eMFpHBX3XZQyRJlZ2mSNh2yA.roa
Signing time:             Tue 06 Feb 2024 09:51:15 +0000
ROA not before:           Tue 06 Feb 2024 09:51:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47376
IP address blocks:        185.129.190.0/23 maxlen: 23
                          185.129.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:d4:35:95:1e:37:59:7c:e8:f1:17:c8:19:1b:a4:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Feb  6 09:51:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=929ede305a47057dd7650c91265676992361db20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:da:5a:96:ef:7b:30:35:0a:81:6d:65:e9:5f:
                    0d:cd:e4:66:b9:ea:0c:ac:90:80:90:d4:d9:02:db:
                    18:f4:c5:80:8f:18:29:e5:8d:32:cd:3c:7b:ce:b3:
                    39:5a:4b:91:6c:d3:a1:d1:2c:0e:70:fe:da:49:31:
                    f6:d8:bf:2a:40:94:d3:0f:79:50:5e:75:da:22:5f:
                    a3:39:bb:97:45:c5:c9:77:d8:d0:28:3c:d8:d1:12:
                    cc:b2:4f:0c:15:32:44:7f:c4:60:01:39:e9:00:f2:
                    c5:e6:67:ae:5e:1b:f5:dd:81:a9:43:e8:c2:3c:58:
                    f9:54:cf:f0:0d:ec:bf:75:e5:70:28:c7:3c:41:90:
                    ea:9b:d2:ab:58:75:89:4f:11:39:92:74:26:38:03:
                    c1:9e:7a:9b:a8:5f:5f:7c:60:fe:d6:a9:82:42:34:
                    dc:cc:1a:25:10:5c:f3:ce:36:d0:aa:4c:f3:c6:a6:
                    d9:0c:df:8f:31:0d:df:3d:eb:21:92:87:21:d1:3d:
                    f2:c8:7f:45:83:5f:c6:a5:7d:73:cc:c3:6a:2b:79:
                    93:c6:2d:8a:7e:c0:6d:fe:bd:b2:eb:ca:2b:c2:05:
                    ea:f0:e2:7b:f5:55:b8:c9:45:12:eb:3c:68:95:bb:
                    b4:53:42:d8:54:a0:9c:dc:0d:e6:0f:a2:d6:67:11:
                    a4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:9E:DE:30:5A:47:05:7D:D7:65:0C:91:26:56:76:99:23:61:DB:20
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/kp7eMFpHBX3XZQyRJlZ2mSNh2yA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.190.0/23
                  185.129.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:02:60:61:ed:e6:09:41:c8:2e:b5:6e:6f:c2:de:d9:05:19:
         72:75:b2:e0:95:e7:02:1e:e7:87:b9:c4:73:e3:9b:6a:e0:f2:
         f2:83:41:a6:3d:1c:12:1d:80:c4:d4:45:c7:51:26:ce:3b:a1:
         07:39:c8:f7:24:4c:93:74:60:99:36:14:bb:04:0f:74:d8:87:
         dc:10:af:2b:7f:e2:93:df:a5:3f:0f:d2:67:87:f2:cd:e8:52:
         91:1f:98:fa:b6:88:17:e7:1e:47:68:f2:7f:48:7c:81:f1:df:
         fb:3c:db:42:94:62:04:d4:07:ae:a9:e2:36:b6:56:90:aa:ad:
         11:43:56:7a:84:94:fd:7c:b4:33:ec:70:8b:3f:35:1e:e5:ab:
         b3:38:3b:72:f8:b4:40:bc:6d:72:42:12:63:7b:4e:4d:58:07:
         46:b9:6b:e2:b4:ba:40:77:69:dc:2e:33:bf:c9:d7:52:c0:27:
         a1:d1:5c:c4:82:14:5d:44:cb:bd:48:7b:c8:84:b2:42:d4:c3:
         73:5e:40:5a:15:7a:f4:b1:4c:75:1f:17:43:3f:99:1c:b6:5d:
         38:04:9a:2a:56:4c:19:30:8a:49:78:8c:7c:5e:69:ee:20:d4:
         66:94:bf:17:33:95:f5:51:98:75:cb:93:5a:5f:ed:68:56:10:
         ae:13:de:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY191DWVHjdZfOjxF8gZG6RzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjQwMjA2MDk1MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjllZGUzMDVhNDcwNTdkZDc2NTBjOTEyNjU2NzY5OTIzNjFkYjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltpalu97MDUKgW1l6V8NzeRmueoM
rJCAkNTZAtsY9MWAjxgp5Y0yzTx7zrM5WkuRbNOh0SwOcP7aSTH22L8qQJTTD3lQ
XnXaIl+jObuXRcXJd9jQKDzY0RLMsk8MFTJEf8RgATnpAPLF5meuXhv13YGpQ+jC
PFj5VM/wDey/deVwKMc8QZDqm9KrWHWJTxE5knQmOAPBnnqbqF9ffGD+1qmCQjTc
zBolEFzzzjbQqkzzxqbZDN+PMQ3fPeshkoch0T3yyH9Fg1/GpX1zzMNqK3mTxi2K
fsBt/r2y68orwgXq8OJ79VW4yUUS6zxolbu0U0LYVKCc3A3mD6LWZxGkTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJKe3jBaRwV912UMkSZWdpkjYdsgMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEva3A3ZU1GcEhCWDNYWlF5UkpsWjJtU05oMnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuYG+AwQA
uYHmMA0GCSqGSIb3DQEBCwUAA4IBAQBXAmBh7eYJQcgutW5vwt7ZBRlydbLglecC
HueHucRz45tq4PLyg0GmPRwSHYDE1EXHUSbOO6EHOcj3JEyTdGCZNhS7BA902Ifc
EK8rf+KT36U/D9Jnh/LN6FKRH5j6togX5x5HaPJ/SHyB8d/7PNtClGIE1AeuqeI2
tlaQqq0RQ1Z6hJT9fLQz7HCLPzUe5auzODty+LRAvG1yQhJje05NWAdGuWvitLpA
d2ncLjO/yddSwCeh0VzEghRdRMu9SHvIhLJC1MNzXkBaFXr0sUx1HxdDP5kctl04
BJoqVkwZMIpJeIx8XmnuINRmlL8XM5X1UZh1y5NaX+1oVhCuE94B
-----END CERTIFICATE-----