Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/5pbhDWvXzmdxNrgkmY2rRlxxsHM.roa
File:                     5pbhDWvXzmdxNrgkmY2rRlxxsHM.roa (raw, json)
Hash identifier:          VT3QDkPFuDPAA7R9+pQL1f8dc/R9NHmOcpAp6TGcyeE=
Subject key identifier:   E6:96:E1:0D:6B:D7:CE:67:71:36:B8:24:99:8D:AB:46:5C:71:B0:73
Certificate issuer:       /CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
Certificate serial:       0190B1BEDE0AB7531BD553D6C717761481F2
Authority key identifier: 2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/5pbhDWvXzmdxNrgkmY2rRlxxsHM.roa
Signing time:             Sun 14 Jul 2024 14:56:34 +0000
ROA not before:           Sun 14 Jul 2024 14:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201150
IP address blocks:        193.24.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b1:be:de:0a:b7:53:1b:d5:53:d6:c7:17:76:14:81:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fb8280c6cb7db3e073950d535d6d8c705d90b87
        Validity
            Not Before: Jul 14 14:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e696e10d6bd7ce677136b824998dab465c71b073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1d:94:06:a6:84:94:5c:b1:8f:12:79:77:c1:
                    79:63:9b:30:0b:55:13:e0:84:b1:4b:05:bb:d2:8e:
                    5e:3d:02:90:73:2e:39:dc:66:a9:10:40:53:4d:bd:
                    c7:80:45:c3:3c:0e:2b:c3:18:67:67:db:6d:0e:2d:
                    e6:23:5a:b7:eb:c8:fd:df:c5:cb:cd:dc:d4:91:f0:
                    d9:f1:ab:62:af:21:89:0d:51:dc:f6:db:d7:75:bb:
                    88:dc:00:51:e0:ac:ef:ee:33:9d:a5:31:40:f5:88:
                    90:70:8d:f1:42:8f:3e:d0:75:1c:d5:75:82:f8:6d:
                    07:4c:15:43:be:fc:71:fd:9c:23:00:98:13:5b:e6:
                    52:b7:4c:47:6d:d8:ff:d0:47:7d:5e:94:18:a8:2c:
                    df:15:bc:f5:de:d2:8f:2e:3f:54:35:63:a0:5a:41:
                    b3:cb:40:3c:d0:14:9d:3a:fe:7c:f6:05:b3:67:e3:
                    7a:f8:30:c2:b5:94:d7:c2:39:b4:80:92:19:46:03:
                    c1:1e:b4:31:19:af:f4:07:78:83:09:87:9e:04:42:
                    eb:9b:e2:d2:f1:47:0a:d6:5f:3b:78:2e:6f:a1:ae:
                    52:76:0f:9a:f2:15:ac:01:3d:af:a9:cb:e6:03:a1:
                    45:00:51:dd:e0:c1:99:1c:03:a6:a5:05:fa:40:02:
                    41:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:96:E1:0D:6B:D7:CE:67:71:36:B8:24:99:8D:AB:46:5C:71:B0:73
            X509v3 Authority Key Identifier:
                keyid:2F:B8:28:0C:6C:B7:DB:3E:07:39:50:D5:35:D6:D8:C7:05:D9:0B:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L7goDGy32z4HOVDVNdbYxwXZC4c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/5pbhDWvXzmdxNrgkmY2rRlxxsHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/aa764d-f5ac-4acf-b2bd-9fdb5c55ae50/1/L7goDGy32z4HOVDVNdbYxwXZC4c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:10:9c:8e:77:8a:52:b8:ad:5a:2d:39:39:ef:f5:94:3f:5f:
         ef:bc:6e:a3:b1:f5:0f:7e:8b:f8:f5:1a:cc:63:1f:f2:cd:2a:
         4a:f7:75:23:2e:78:4f:53:e2:b9:e6:f1:b4:63:d6:49:b6:96:
         bb:58:7b:7d:25:ac:b5:6c:23:47:77:77:f4:26:f2:94:2e:fa:
         75:db:17:7f:33:dd:67:5c:0b:ea:89:b3:a0:86:7c:41:1a:70:
         92:9a:6f:8d:8d:ed:f5:0d:73:04:4c:90:0d:10:7e:89:e9:6f:
         a2:f4:7e:c3:7b:4c:08:48:d7:05:99:6a:66:b0:41:9b:fe:48:
         3d:c6:9a:cd:fb:5e:79:80:b3:17:bf:80:f9:b1:72:ac:12:d2:
         a3:c5:85:3d:59:b7:6d:25:ba:f4:9c:a2:2b:e7:c6:13:7a:f0:
         81:c6:cd:8d:80:d8:7e:1f:99:7e:b7:9a:e5:82:c1:3e:12:49:
         08:6e:d3:43:df:4c:2b:b7:f6:29:41:b0:e2:69:01:b3:f8:02:
         e3:d7:02:40:50:ea:65:5b:b2:54:23:ca:49:7d:b9:a3:49:54:
         ff:c2:f3:ba:11:d0:cc:de:f7:b1:ff:5b:b9:29:bd:f0:c6:de:
         aa:ea:b2:54:65:fc:09:01:92:3d:b8:35:33:33:da:60:73:39:
         62:74:84:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCxvt4Kt1Mb1VPWxxd2FIHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYjgyODBjNmNiN2RiM2UwNzM5NTBkNTM1ZDZkOGM3MDVk
OTBiODcwHhcNMjQwNzE0MTQ1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjk2ZTEwZDZiZDdjZTY3NzEzNmI4MjQ5OThkYWI0NjVjNzFiMDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxh2UBqaElFyxjxJ5d8F5Y5swC1UT
4ISxSwW70o5ePQKQcy453GapEEBTTb3HgEXDPA4rwxhnZ9ttDi3mI1q368j938XL
zdzUkfDZ8atiryGJDVHc9tvXdbuI3ABR4Kzv7jOdpTFA9YiQcI3xQo8+0HUc1XWC
+G0HTBVDvvxx/ZwjAJgTW+ZSt0xHbdj/0Ed9XpQYqCzfFbz13tKPLj9UNWOgWkGz
y0A80BSdOv589gWzZ+N6+DDCtZTXwjm0gJIZRgPBHrQxGa/0B3iDCYeeBELrm+LS
8UcK1l87eC5voa5Sdg+a8hWsAT2vqcvmA6FFAFHd4MGZHAOmpQX6QAJB+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaW4Q1r185ncTa4JJmNq0ZccbBzMB8GA1UdIwQY
MBaAFC+4KAxst9s+BzlQ1TXW2McF2QuHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQt
OWZkYjVjNTVhZTUwLzEvNXBiaERXdlh6bWR4TnJna21ZMnJSbHh4c0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hYTc2NGQtZjVhYy00YWNmLWIyYmQtOWZkYjVjNTVhZTUw
LzEvTDdnb0RHeTMyejRIT1ZEVk5kYll4d1haQzRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRh5MA0G
CSqGSIb3DQEBCwUAA4IBAQAJEJyOd4pSuK1aLTk57/WUP1/vvG6jsfUPfov49RrM
Yx/yzSpK93UjLnhPU+K55vG0Y9ZJtpa7WHt9Jay1bCNHd3f0JvKULvp12xd/M91n
XAvqibOghnxBGnCSmm+Nje31DXMETJANEH6J6W+i9H7De0wISNcFmWpmsEGb/kg9
xprN+155gLMXv4D5sXKsEtKjxYU9WbdtJbr0nKIr58YTevCBxs2NgNh+H5l+t5rl
gsE+EkkIbtND30wrt/YpQbDiaQGz+ALj1wJAUOplW7JUI8pJfbmjSVT/wvO6EdDM
3vex/1u5Kb3wxt6q6rJUZfwJAZI9uDUzM9pgczlidIQS
-----END CERTIFICATE-----