Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/Jb09PQl1ogXdZmpHG33rZFY89xw.roa
File:                     Jb09PQl1ogXdZmpHG33rZFY89xw.roa (raw, json)
Hash identifier:          Nkg5WjTHVPz575+lFUrOY/sD73z5e5yLipLyJi0pFwM=
Subject key identifier:   25:BD:3D:3D:09:75:A2:05:DD:66:6A:47:1B:7D:EB:64:56:3C:F7:1C
Certificate issuer:       /CN=7713f3582f63901305530b4b1936cd6e6611a30a
Certificate serial:       01909251386AB65A9AC7125FE3E0FE3CA1B6
Authority key identifier: 77:13:F3:58:2F:63:90:13:05:53:0B:4B:19:36:CD:6E:66:11:A3:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dxPzWC9jkBMFUwtLGTbNbmYRowo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/Jb09PQl1ogXdZmpHG33rZFY89xw.roa
Signing time:             Mon 08 Jul 2024 12:28:34 +0000
ROA not before:           Mon 08 Jul 2024 12:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61329
IP address blocks:        194.13.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/dxPzWC9jkBMFUwtLGTbNbmYRowo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/dxPzWC9jkBMFUwtLGTbNbmYRowo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dxPzWC9jkBMFUwtLGTbNbmYRowo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:51:38:6a:b6:5a:9a:c7:12:5f:e3:e0:fe:3c:a1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7713f3582f63901305530b4b1936cd6e6611a30a
        Validity
            Not Before: Jul  8 12:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25bd3d3d0975a205dd666a471b7deb64563cf71c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b4:a7:92:6a:36:fd:36:24:db:08:e3:4f:ad:
                    46:e6:57:23:04:c3:c7:16:18:d6:8c:99:36:d0:87:
                    ec:6a:b8:89:40:6a:44:9c:d3:f8:ec:d4:59:a5:ee:
                    15:b0:63:e2:d0:ba:92:fb:3e:f6:b4:c7:76:02:54:
                    f0:63:cb:27:8a:8c:08:91:c6:2b:2d:a7:bd:92:e7:
                    81:80:d8:b0:91:42:75:09:89:20:d5:d4:a0:dd:78:
                    91:05:f4:66:0b:a0:a7:8f:9a:71:43:03:e4:0e:7d:
                    35:2d:01:f6:ed:5e:5b:55:4c:e8:22:5a:39:22:96:
                    bb:c6:4d:18:cf:6c:8e:fb:66:18:a2:a9:02:a9:ee:
                    ac:cc:f1:e5:d2:04:c5:a9:4a:6d:e0:8d:6a:82:c6:
                    30:ff:c4:91:aa:6b:be:1a:0e:51:83:f2:c9:9e:d2:
                    c3:1f:0c:da:cd:27:45:74:f6:fa:d7:31:a0:49:09:
                    7e:d0:07:49:a3:d6:09:df:9b:1e:db:ec:fe:29:f2:
                    a9:f1:73:2e:b8:9e:a7:a1:35:3a:fe:d7:63:6b:fd:
                    24:82:4d:d6:e9:86:35:9b:5b:cf:15:1d:91:ea:81:
                    2b:ed:0a:9b:59:43:ae:75:d3:1a:d8:e5:e4:0b:9d:
                    fb:8e:1d:42:f4:b9:ec:8e:59:93:c3:08:dd:2f:6c:
                    e4:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BD:3D:3D:09:75:A2:05:DD:66:6A:47:1B:7D:EB:64:56:3C:F7:1C
            X509v3 Authority Key Identifier:
                keyid:77:13:F3:58:2F:63:90:13:05:53:0B:4B:19:36:CD:6E:66:11:A3:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dxPzWC9jkBMFUwtLGTbNbmYRowo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/Jb09PQl1ogXdZmpHG33rZFY89xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/f4d76e-34a1-4d0a-b9bd-189d53ae4e3e/1/dxPzWC9jkBMFUwtLGTbNbmYRowo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:82:ab:8f:d1:b2:4e:59:3a:55:f8:79:73:33:f2:5d:26:32:
         6e:c0:11:55:52:42:c3:cd:ce:67:b8:f6:68:78:c8:ab:80:45:
         37:fe:a6:d1:6e:26:85:b0:c7:24:d3:8e:90:21:0d:e7:22:6f:
         00:2b:84:46:f7:99:eb:6f:f1:1b:ae:e9:5e:28:fb:30:c1:bc:
         2e:93:39:60:42:f1:37:04:ab:fd:e6:f0:c0:a3:b7:70:8b:80:
         68:bf:56:d2:5c:38:aa:50:ce:3b:08:b2:8a:0a:b2:12:ac:e1:
         ca:75:eb:a5:d2:aa:4d:5c:7b:7c:4a:a1:b1:d7:b0:2d:f4:e4:
         f4:6b:81:94:34:ab:46:b4:1f:62:95:7f:20:1c:3b:75:e6:28:
         2c:70:ec:36:a4:b5:d2:5b:ce:24:49:6a:c6:14:c0:c1:7c:10:
         ea:d8:eb:ca:b2:2a:76:0b:e0:b2:09:0f:8c:2a:40:f1:6f:f9:
         e2:a6:aa:e0:e8:f2:81:67:ce:02:27:15:a8:d3:62:3d:51:51:
         2a:69:48:39:3c:96:a2:4a:6d:97:44:7e:ab:b8:44:fa:20:9a:
         1a:d8:89:a0:2a:c9:48:28:ee:b4:42:7a:d2:89:5b:64:b1:23:
         72:d5:fd:08:9b:f7:f4:3c:02:47:73:ea:98:75:6a:19:4f:5e:
         95:84:d8:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCSUThqtlqaxxJf4+D+PKG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MTNmMzU4MmY2MzkwMTMwNTUzMGI0YjE5MzZjZDZlNjYx
MWEzMGEwHhcNMjQwNzA4MTIyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWJkM2QzZDA5NzVhMjA1ZGQ2NjZhNDcxYjdkZWI2NDU2M2NmNzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLSnkmo2/TYk2wjjT61G5lcjBMPH
FhjWjJk20IfsariJQGpEnNP47NRZpe4VsGPi0LqS+z72tMd2AlTwY8sniowIkcYr
Lae9kueBgNiwkUJ1CYkg1dSg3XiRBfRmC6Cnj5pxQwPkDn01LQH27V5bVUzoIlo5
Ipa7xk0Yz2yO+2YYoqkCqe6szPHl0gTFqUpt4I1qgsYw/8SRqmu+Gg5Rg/LJntLD
HwzazSdFdPb61zGgSQl+0AdJo9YJ35se2+z+KfKp8XMuuJ6noTU6/tdja/0kgk3W
6YY1m1vPFR2R6oEr7QqbWUOuddMa2OXkC537jh1C9LnsjlmTwwjdL2zkwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCW9PT0JdaIF3WZqRxt962RWPPccMB8GA1UdIwQY
MBaAFHcT81gvY5ATBVMLSxk2zW5mEaMKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHhQeldDOWprQk1GVXd0TEdUYk5ibVlSb3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9mNGQ3NmUtMzRhMS00ZDBhLWI5YmQt
MTg5ZDUzYWU0ZTNlLzEvSmIwOVBRbDFvZ1hkWm1wSEczM3JaRlk4OXh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9mNGQ3NmUtMzRhMS00ZDBhLWI5YmQtMTg5ZDUzYWU0ZTNl
LzEvZHhQeldDOWprQk1GVXd0TEdUYk5ibVlSb3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwg14MA0G
CSqGSIb3DQEBCwUAA4IBAQCWgquP0bJOWTpV+HlzM/JdJjJuwBFVUkLDzc5nuPZo
eMirgEU3/qbRbiaFsMck046QIQ3nIm8AK4RG95nrb/EbruleKPswwbwukzlgQvE3
BKv95vDAo7dwi4Bov1bSXDiqUM47CLKKCrISrOHKdeul0qpNXHt8SqGx17At9OT0
a4GUNKtGtB9ilX8gHDt15igscOw2pLXSW84kSWrGFMDBfBDq2OvKsip2C+CyCQ+M
KkDxb/nipqrg6PKBZ84CJxWo02I9UVEqaUg5PJaiSm2XRH6ruET6IJoa2ImgKslI
KO60QnrSiVtksSNy1f0Im/f0PAJHc+qYdWoZT16VhNj4
-----END CERTIFICATE-----